Altpass LLC v. Apple Inc
Filing
1
COMPLAINT ( Filing fee $ 402 receipt number 0542-15080913), filed by Altpass LLC. (Attachments: #1 Exhibit Exhibit A, #2 Exhibit Exhibit A-1, #3 Exhibit Exhibit B, #4 Exhibit Exhibit B-1, #5 Exhibit Exhibit C, #6 Exhibit Exhibit C-1, #7 Civil Cover Sheet Civil Cover Sheet)(Massand, Neal)
<![CDATA[
EXHIBIT B
US007725725B1
O
(12) United States Patent
(10) Patent N0.2
Odom
(54)
US 7,725,725 B1
(45) Date of Patent:
10/2002 Bromba et a1. ............ .. 455/411
11/2002
Sharma et a1. ............ .. 704/270
(
N
)
_
Gary Odom, 123 NW- 121114919, #1545,
_
6,618,806 B1 *
POIT1and,OR(U$)97209
*
Inventorr
6,466,781 B1*
6,480,825 B1*
(76)
USER-SELECTABLE SIGNATURES
*May 25, 2010
6,636,975 B1 *
10/2003
Khidekel et a1. ............ .. 726/10
6,647,400 B1 *
11/2003
Moran ...................... .. 707/205
S b_
Once"
d_
1 _
h
f hi
u JeCUO any 15° almerat etermo t 5
9/2003 Brown et a1. .............. .. 713/186
6,647,498 B1* 11/2003 C110 .......................... .. 726/17
Patent 15 extended or adlusted under 35
6,651,168 B1 *
USC‘ 1546’) by 733 days‘
6,657,614 B1 * 12/2003 110 etal. ................... .. 345/168
patent is Subject to a tenninal dis_
11/2003 K30 et a1. ................. .. 713/185
6,671,813 132* 12/2003
Clainmr~
....................... .. 726/3
6,732,278 B2*
6,751,734 B1*
(21)
(22)
Filed:
6/2004
6,766,456 B1 *
APPL NO; 11515966
5/2004 Balrd et a1. .................. .. 726/7
7/2004 McKeeth ..................... .. 726/2
Uchida ..................... .. 713/186
6,895,514 B1*
5/2005
6,948,154 B1 *
Dec. 23, 2006
9/2005 Rothermel et a1. ........ .. 717/128
6,957,337 B1*
Related U-s-Applicatioll Data
.
.
Chainer et a1. ............ .. 713/186
7,065,786 B2*
7,200,804 B1*
*
On
.
(60)
52031350111211apphcanonNO'60/286’457’?1edmApr'
(51)
Int-ClH04L 9/32
(52)
4/2007
Khavari et a1. ............. .. 715/230
Martinez et
.........
6/2008
Sanaiet a1.
B2*
Field of Classi?cation Search ............... .. 713/176,
’
7,409,705 B2*
............... .. 713/183
U.S.Cl. ..................................... .. 713/176; 713/183
(58)
6/2006 Taguchi ..................... .. 726/18
7,386,731
Man 4’ 2002, of application7,350,078
Continuation HOW PaLNQ NO_
.
10/2005
Kermani .................... .. 726/19
'
7,444,517 B2*
7,506,174 B2*
2001/0047488 A1*
(200601)
713/183
See app11cat1on ?le for complete search h1story.
(56)
8/2008 Ueda et a1. ................... .. 726/5
10/2008
Dayan et a1. .............. .. 713/184
3/2009 Davis et a1. ............... .. 713/186
11/2001 Verplaetse et a1. ........ .. 713/202
(Continued)
Primary ExamineriDaVid Garcia Cervetti
References Cited
(57)
ABSTRACT
U.S. PATENT DOCUMENTS
5,226,172 A
7/1993
5,229,764 A
5,442,342 A
5,491,752 A
7/ 1993 Matchett
8/1995 Kung
2/1996 Kaufman et a1,
Computer 1og1n may compnse any user-determmed submls
sion. A user may select among different devices for input,
selectthe signal content, andas Well selectthetypes of signals
5,638,513 A *
6/1997 Ananda ....................... .. 726/5
used for a login signature. Account identi?cation may be
5,664,099 A *
9/ 1997 Ozzie et a1.
A
5,896,497 A
$1
Seymour et a1.
*
et a1.
.
.
.
.
inferred by signature rather than explicitly stated. A plurality
. . . . . . . . . . . ..
of discontiguous data blocks in a
4/1999 Hfllstead
51318;?
6,205,204 B1
3/2001 Jalili
6,442,692 B1
?ilgllfti?lzlgigill‘llOus, regardless of the prospects for success
3/2001 Morganstein et a1.
6,209,104 B1
of ?les may be
employed for Validation. The paths to data used in Validation
'
8/2002 Zilberman
20 Claims, 10 Drawing Sheets
801 KEY FILE
62 KEY
INDEX
61 KEY INDEX
(611 INITIAL Kev INDEX)
--
210KEYCODE
211 KeYsTRoKe TIMING
Z12 Mouse CLICKS
213 MOUSE VECTOR
Z14 Mouse LOCATION
215 Mouse SHAPE
216 Mouse Sveen
217 KEY KL MOUSE CLICK
§J
ENTRY
US 7,725,725 B1
Page 2
US. PATENT DOCUMENTS
2002/0002678
2002/0002685
2002/0083339
2002/0087894
A1*
A1*
A1*
A1*
1/2002
Chowetal. ............... .. 713/169
1/2002
Shim ........................ .. 713/200
6/2002 Blumenau et a1. .
7/2002
713/201
Foley et a1. ............... .. 713/202
2002/0091937
2002/0141586
2003/0056120
2004/0128508
2006/0036547
A1* 7/2002
A1* 10/2002
A1* 3/2003
A1* 7/2004
A1* 2/2006
* cited by examiner
Wheeler et a1.
Yasuhara
........... .. 713/170
................... . .
70 5/44
US. Patent
May 25, 2010
100 COMPUTER
101 DISPLAY DEVICE
Sheet 1 0f 10
US 7,725,725 B1
9 SUBMISSION
3 IDENTlb‘lCATlON
1I TRANSMISSION(S)
102 CPU
21 SIGNAL(S)
103 STORAGE
104 MEMORY
4A SIGNATURE
105 RETENTION
1A TRANSMISSION(S)
DEVICES(S)
2A SIGNAL(S)
106 INPUT DEVICE(S)
107 POINTING DEVICE
(E.G. MOUSE)
FIGURE 3
108 KEYBOARD
9 SUBMISSION
109 BIOMETRIC DEVICE
4s SIGNATURE
1S TRANSMISSION(S)
FIGURE 1
2S SIGNALS
FIGURE 4
97 ACCESS
AUTHENTICATION
9 SUBMISSION
11 TRANSMISSION TYPE
2 SIGNAL
21 SIGNAL TYPE
18 VALIDATION
22 SIGNAL DATA
27 AUTHORIZATION
FIGURE 2
FIGURE 5
US. Patent
May 25, 2010
US 7,725,725 B1
Sheet 2 0f 10
108 KEYBOARD
2 SIGNAL
DCICIDCICIDCICIC] DUDE]
DUUCICICIUUUC] UCICIU
CICICICICICICICICIC] :10
CJCICIU
DC] :1 DC]
1 TRANSMISSION
DUUCICICIUUC] DOC]
—> 2S SIMPLE SIGNAL
107MOUSE
OR
1 TRANSMISSION
—> 2S SIMPLE SIGNAL
IOSKEYEOARI)
DDUUUDDDUC] DUDE)
CICICIUCICICIDUC] UCIOU lMTRANSMISSION
UUUUUUUDC] DUE]
OOOOOOODOC] C10 j
CJCJCJU
DC] :1 DC]
—> 20 COMPOSITE SIGNAL
[[1
AND
FIGURE 6
107 MOUSE
US. Patent
May 25, 2010
US 7,725,725 B1
Sheet 3 0f 10
7 8 ACTIVE TERMINATION
77 PASSIVE TERMINATION
9
SUBMISSION
9
SUBMISSION
2 INPUT
2 INPUT
SIGNALS
SIGNALS
1 TRANSMISSION
1 TRANSMISSION
25
OVERT
TERMINATION
26
TERMINATION
()
CONDITION
‘?
23 SUBMISSION TERMINATION
23 SUBMISSION TERMINATION
FIGURE 7
61NO
FIGURE 8
63 NO
US. Patent
May 25, 2010
Sheet 4 0f 10
US 7,725,725 B1
( 41 TEXT INPUT DIALOG
( 40 SCREEN
\
\
42 TEXT INPUT CONTROL
TEXT INPUT \\/
43 ACKNOWLEDGE BUTTON
OK \/
I TRANSMISSION
<25
TERMINATE
FIGURE 9
_
2 SIGNAL
|Z| LOCATION
\
21 SIGNAL TYPE
III SPEED
|X| VECTOR
_|:| SHAPE
TEXT INPUT
OK
FIGURE 10
US. Patent
May 25, 2010
Sheet 5 0f 10
US 7,725,725 B1
99
ACCOUNT INPUT
2 INPUT
SIGNALS
10 ACCOUNT CREATION
13 PACKAGING
14 ENCRYPTION
15 SEQUENCING
-
16 KEY
CREATION / EMPLOYMENT
FIGURE 11
6KEY
7 NEXT KEY TRAJECTORY
PACKAGING
FIGURE 12
16 KEY UNIT
6 KEY
8 KEY FILE
109 ACCOUNT
FIGURE 13
US. Patent
May 25, 2010
Sheet 6 0f 10
US 7,725,725 B1
801 KEY FILE
62 KEY
61 KEY INDEX
/ INDEX
(61 1 INITIAL KEY INDEX)
ENTRY
r----- 210 KEY CODE
21 1 KEYSTROKE TIMING
- _ _ ____ _. _ __,
212 MOUSE CLICKS
213 MOUSE VECTOR
214 MOUSE LOCATION
i
215 MOUSE SHAPE
217 KEY & SPEED
216 MOUSE MOUSE CLICK6215
6210
FIGURE 14
5
US. Patent
May 25, 2010
Sheet 7 0f 10
US 7,725,725 B1
180 POST-SUBMISSION VALIDATION
9
SUBMISSION
2 INPUT
L SIGNALS
V
47 ACCUMULATB
SIGNAL DATA
i
45 NO
44
SUBMISSION
COMPLETED
18 VALIDATION
i
27 AUTHORIZATION
181 INCREMBNTAL VALIDATION
FIGURE 15
9
SUBMISSION
2 INPUT
L SIGNALS
V
18 VALIDATION
CONTINUING INPUT
l
27 AUTHORIZATION
FIGURE 16
US. Patent
May 25, 2010
18 VALIDATION
Sheet 8 0f 10
US 7,725,725 B1
@ 808 i
l
818 (9
50 ACCUMULATE
INITIAL SIGNAL KEYS
51 DISCARD
UNMATCHED KEYS
52 FOR EACH POSSIBLE
INITIAL SIGNAL KEY
56 FOR EACH SIGNAL
FOR EACH REMAINING KEY
¢
61
¢
6
SIGNAL
MATCH?
55 ACCUMULATE
POSSIBLE KEYS
59 DISCARD KEY
70
808
73 NO
KEY
REMAINING
K)
33 MATCH RESULTS
71
NEXT KEY
TO: 27 AUTHORIZATION
v
75 NO
FIGURE 17
TRAJEETORY
74 YES
US. Patent
May 25, 2010
Sheet 9 0f 10
US 7,725,725 B1
_
I.
m
l
I
I
I
> UUB M m
V S DA U w
I
l
l
l
9N
00
A
I
I
I
I
R
Y
I
l
l
l
I
I
I
I
Wm
w
n
00
S
l
l
l
/_
T
ST
I
I
I
I
l
l
l
l
mm mF
73 T2
I
I
I
I
mm
IC
2
J
YY
%
m
H
NYT
7
m
MY
s
l
Um YM
Tm TAR
Yw
m1 1
l
l
l
I
I
I
l
Uw
vY
@O
mm
7
"MTNJ
MEIS
a
n
l
l
l
I
I
A
Q
M
w,
w
Um
EAm
WPW
LM
M
E
I
I
I
L
l
m
Y
T
HE
M
T
l
l
l
WE
0a
w
_I
I
I
I
l
l
l
l
I
I
I
I
l
l
l
l
I
I
I
I
l
l
l
I
I
I
38
RETRY
A
AUTHORIZATION
F B U RE 1 8
72 YEs — AUTHORIZATION
37 ACCESS
DENIED
SUCCESS
US. Patent
May 25, 2010
Sheet 10 0f 10
9
—’ SUBMISSION
US 7,725,725 B1
2INPUT
L
18 VALIDATION
SIGNALS
71 FIRST KEY TRAJECTORY
81 INITIAL
KEY FILE
7W WRONG KEY TRAJECTORY
8W WRONG
KEY FILE
72
SECOND KEY
TRAJECTORY
TERMINAL
KEY FILE
7N LAST KEY
TRAJECTORY
@
33 MATCH RESULTS
63 YES
FIGURE 19
38
RETRY
?
: 65 NO
37 ACCESS
DENIED
86 NO
<
AUTHORIZATION
FAILURE
US 7,725 ,725 B1
1
2
USER-SELECTABLE SIGNATURES
These aspects are independent: one does not rely upon the
other. Any one or all may be employed to enhance computer
login security.
CROSS-REFERENCE TO RELATED
APPLICATIONS
Access privileges for accounts are not germane. Determin
ing or setting account access privileges are separate opera
tions that occur after submission validation and authorization.
This application is a continuation of US. patent applica
tion Ser. No. 10/090,520 ?led Mar. 4, 2002 now US. Pat. No.
BRIEF DESCRIPTION OF THE SEVERAL
VIEWS OF THE DRAWINGS
7,350,078, Which is a non-provisional ?ling of provisional
application 60/286,457, ?led on Apr. 26, 200l.As such, this
application claims priority to Apr. 26, 2001.
FIG. 1 is a block diagram of a computer suitable for prac
ticing the invention.
STATEMENT REGARDING FEDERALLY
SPONSORED RESEARCH OR DEVELOPMENT
FIG. 2 depicts the access authentication process.
FIG. 3 depicts an embodiment of identi?cation and signa
ture comprising submission.
FIG. 4 depicts an embodiment of signature solely compris
Not Applicable
ing submission.
FIG. 5 depicts classifying signals by their transmission and
THE NAMES OF THE PARTIES TO A JOINT
RESEARCH AGREEMENT
Not Applicable
signal types.
20
FIG. 7 depicts active submission termination.
FIG. 8 depicts passive submission termination.
INCORPORATION-BY-REFERENCE OF
MATERIAL SUBMITTED ON A COMPACT DISC
Not Applicable
25
FIGS. 9 & 10 depict example submission screens.
FIG. 11 depicts account creation.
FIG. 12 depicts a key.
FIG. 13 depicts a key unit.
FIG. 14 depicts an example of key indexing.
BACKGROUND OF THE INVENTION
1. Field of the Invention
FIG. 6 depicts simple and composite signals.
30
FIG. 15 depicts validation after submission termination.
FIG. 16 depicts incremental validation.
FIG. 17 depicts the validation process.
The relevant technical ?eld is computer login security.
2. Description of the Related Art
resulting in access.
Including Information Disclosed Under 37 CFR 1.97 and
FIG. 19 depicts an example of validation key trajectory
resulting in authorization failure.
FIG. 18 depicts an example of validation key trajectory
1.98
Computer login traditionally consists of a user typing in an
35
DETAILED DESCRIPTION OF THE INVENTION
account name and a passWord. Historically, access validation
(authenticating a passWord one an account name is known)
FIG. 1 is a block diagram of a desktop computer 100 Which
has been through reading data from a single passWord ?le
comprising account name and encrypted passWord. Once a
single account and a typed passWord is known, system secu
rity can be compromised. Once encryption for a single pass
Word is broken, all other passWords are potentially com
prised, as all passWords and account names are conveniently
located in the single passWord ?le and use the same encryp
tion.
comprises a CPU 102; storage 103, Which comprises memory
40
104 and optionally one or more devices With retention medi
um(s) 105 such as hard disks, diskettes, compact disks, or
tape; an optional display device 101; and one or more input
devices 106, examples of Which include but are not exclusive
to: a keyboard 108; one or more pointing devices 107, such as
45
a mouse; or a biometric device 109, such as a ?ngerprint
reader. The mouse is the most popular pointing device 107 for
desktop computers 100. In the description beloW, mention of
BRIEF SUMMARY OF THE INVENTION
a mouse is meant to include pointing devices 107 of any type,
including, for example, a pen or stylus used in computing
Computer login may comprise any user-determined sub
mission, including a plurality of transmissions for Which
50 devices Where a user may “Write” upon a screen. The
submission may be passively terminated. Preferably a user
determines the input devices and signal types as Well as the
content of signals. This makes submission theft more dif?cult
100. As Well, the softWare described may ?nd application in
other computer-like devices requiring secured access, includ
and less likely.
Account identi?cation may be inferred by signature rather
than explicitly stated. Overt account identi?cation provides
described softWare may be employed on such a computer
ing hand-held or embedded devices.
55
an entry point for hacking; With inferred account identi?ca
for example, fuzzy logic or neural netWork pattern matching;
tion, this entry point is eliminated.
A plurality of discontiguous data blocks (keys) in a one or
more ?les may be employed for validation. This ameliorates
or, random or pseudo-random determinations. A random or
60
pseudo-random technique that results in seemingly arbitrary
selection, the equivalent of softWare rolling dice, is referred to
having a single authentication key that, once accessed, may
as non-deterministic.
be deciphered and security compromised.
Multiple trajectories to keys, hence multiple paths to
authorization as Well as ersatz trajectories and paths When
submission Will not garner authorized access, obfuscate vali
dation protocol to spy softWare and devices.
In the folloWing description, softWare-determined protocol
includes exemplary methods or techniques such as algo
rithms; or non-algorithmic methods or techniques, including,
In the folloWing description, protocols, algorithm types,
65
data types, and types of data, such as transmission 11, signal
21, packaging 13, sequencing 15, or encryption 14 types or
protocols, are identi?able using binary identi?cation codes
(type identi?ers), by data length, or other data signature, such
US 7,725 ,725 B1
3
4
as a uniquely identi?able bit pattern, or by convention, such as
known location (offset) Within a data structure.
FIG. 2 depicts the access authentication process 97, com
may be employed if identi?cation 3 or signature 4s does not
represent the actual account identi?er 109.
prising submission 9, validation 18, and authoriZation 27.
security precaution to preclude unauthorized access 39. His
torically, a single signal 2 of a single transmission 1 has
typically been used for a signature 4, namely a passWord,
Which is a signature 4 of a single Word of text. A pass-phrase
A signature 4 is at least one transmission 1 intended as a
Naturally, an account 109 must be created 10 before any
access authentication process 97 may occur.
Submission 9 comprises one or more transmissions 1
intended for authenticating access to a computer 100 or net
is a signature 4 of a plurality of Words of text.
A plurality of transmissions 1 or signals 2 may be used for
Work of computers 100. As depicted in FIG. 3, in one embodi
ment, a submission 9 comprises identi?cation 3 and signature
identi?cation 3 or signature 4. In some embodiments, a user
4. Historically, an account name Would be an identi?cation 3,
may determine the transmission(s) 1, signal(s) 2, transmis
and a passWord a signature 4. If surety of uniqueness may be
sion type(s) 11, or signal type(s) 21 that comprise a submis
sion 9. Altemately, transmission 1 or signal 2 determination
assured, in an alternate embodiment, a submission 9 com
prises a single signature 4s, as depicted in FIG. 4, supplanting
separate identi?cation 3 & signature 411 While providing for
accords With a software-determined protocol.
the dual components of identi?cation 3 and signature 4. With
submission 9 solely comprising signature 4s, an account 109
may be identi?ed by the signature 4s data itself, or by having
match 5 to input 22: for example, no deviance from a char
Historically, validation 18 has required an absolute signal
acter-based passWord has been permitted. With mouse 107
movements, or other dif?cult-to-exactly-replicate signals 2,
hoWever, some tolerance may be permitted. Signal 22 toler
an account identi?er 109 embedded Within a key 6 that has
been accessed during validation 18 of the signature 4s.
A transmission 1 is user input into the computer 100 via
one or more input devices 106, Whereupon termination of
transmission 1 is recognizable, and resulting in at least one
signal 2. There may be different types 11 of transmissions 1,
examples of Which include mouse 107 movements or clicks,
keyboard 108 entry, or combinations thereof. Other types 11
of transmissions 1 are possible With different input devices
106, such as, for example, voice transmission 1 if the com
puter 100 is equipped With a microphone and speakers.
Multiple-device 106 transmission 1m is conceivable. An
20
ance should be alloWed When appropriate, and may be set by
softWare-determined protocol or user selection. For example,
deviance up to 10% from recorded signal match 5 for key
stroke timing 211 may be acceptable. Similarly, as another
25
pixels and still be tolerated. As multiple signals 2 may com
prise a submission 9, the need for exactness for any single
signal 2 to properly authenticate access 97 is lessened.
example, mouse click location may vary Within a radius of 10
Termination of submission 9 may be active or passive.
FIGS. 7 & 8 illustrate. Inputting a passWord or pass-phrase,
30
example of a multiple-device 106 transmission 1 is a combi
the mouse 107. As another example, inputting mouse 107
movement may be actively terminated by a mouse 107 click.
nation of mouse 107 movement While one or more keys 108
are pressed, as depicted in FIG. 6.
A signal 2 is a set of related softWare-recogniZable data
from a single transmission 1. A plurality of signals 2 of
With active termination 78, a user terminates submission 9
35
different types 21 may emanate from a single transmission 1.
example: mouse 107 movement of the cursor may yield sig
107 movement or sound for a limited time, or until a certain
40
previous transmission 1 termination. For example, changing
45
from cursor/mouse movement to mouse button clicking may
50
be considered a change in signal type 21, and hence a possible
basis for passive termination. Biometric transmission 1 is
typically passively terminated 77: softWare terminates sub
mission 9 When su?icient biometric signals 2 have been
recorded.
types 21 from a single-device transmission 1.
Signal data 22 may be categoriZed by its transmission type
11 and/or signal type 21, as depicted in FIG. 5. For easy
identi?cation, each possible transmission type 11 or signal
type 21 may be assigned a unique ordinal. Hypothetically, if
elapsed time absent further input; until su?icient signal 2 has
been input to alloW a signal match 5; or until a succeeding
transmission 1 of another transmission type 11 or signal type
21 commences, the change of type 11 itself indicative of
215.
A transmission 1 of composite signals 2C comprising a
plurality of simple signals 2S is conceivable. For example, a
multiple-device 106 transmission 1m produces a composite
signal 2C if matching to signals 2 of both devices 106 is
required, as does requiring signal match 5 of multiple signal
through a prescribed indication 25. With passive termination
77, softWare terminates submission 9 Without overt user
action, but instead When a predetermined condition is met 26.
Examples of pas sive termination 77 include: recording mouse
For example, typing a Word may yield the signals 2 of entered
keys 210 and the timing betWeen keystrokes 211. Another
nals 2 of locations 214, velocities, duration, and shape pattern
(s) (such as script signatures, draWn characters, and so on)
for example, is typically terminated by pressing the ‘Enter’
key or clicking an equivalent acknoWledge button 43 using
Termination 23 of identi?cation 3 or signature 4 may occur
using any number of protocols: passively 77 by a predeter
a multiple-device 106 transmission 1 is identi?ed as a unique
mined or user-selected number of transmissions 1; ?nal trans
transmission type 11, the range of transmission types 11 may
extend to the factorial of all possible input devices 106,
depending upon the embodiment employed. To avoid unnec
essary complication, consider signal type 21 as potentially
mission 1 by a particular type of action; active termination 78
by a ?nal gesture, such a key or button press; passive termi
55
nation 77 by time out of a predetermined duration or su?i
ciency of data collection. Another example: incremental vali
dation 181 permits passive termination 77 via absence of next
additive (rather than combinatorial): for example, a key
mouse transmission 1 could be considered as comprising key
108 plus mouse 107 signals 2, rather than some uniquely
key trajectory 7, or, alternately, completed signal matching 5
60
identi?able key-mouse signal type 21.
account 109 creation submission 9 screen 40, employed to
input at least a signature 4. (In one embodiment, account
identi?ers 3 may be assigned.) Text transmission(s) 1 can be
Identi?cation 3 is at least one transmission 1 of an account
identi?er 109. Historically, identi?cation 3 has been a keyed
in account name 109. Employing the invention, identi?cation
3 comprises at least one signal 2 from at least one transmis
sion 1. A translation table, algorithmic method, or other soft
Ware-determined protocol, With or Without encryption 14,
of all relevant keys 6.
FIGS. 9 & 10 depict an example account input 99 or post
65
input in the text input dialog 41 comprising a text input
control 42 and acknoWledge button 43. Signature 4 transmis
sion(s) 1 can be input, and input signals 2 recorded. FIG. 9
US 7,725 ,725 B1
5
6
depicts dragging the text input dialog 41 doWn the screen 40
2 basis. If a plurality of protocols are used for encryption 14,
the protocol 14 employed must be identi?able.
as a transmission 1 (by pressing the proper mouse 107 button
When the cursor is over an appropriate section of dialog 41,
As a suggestion for encryption 14, initial input signals 2 in
thus selecting the dialog 41, then moving the mouse 107
While keeping the button pressed). The dragging action in this
example is terminated by a mouse-up (releasing the mouse
the ?rst transmission 1 may comprise a parametric seed for
encrypting one or more keys 6. Caution is advised if non
exact signal matching 5 is tolerated, as close may not good be
enough for decryption using such a seed technique, but it is
possible to incorporate tolerance into an encryption 14 algo
107 button).
In one embodiment, a user may determine as part of
rithm, so that an acceptable margin of error for signal match
ing 5 may also suf?ce for decryption as Well. Mathematical
account creation 99 Which signal types 21 are to be consid
ered for validation 18 of subsequent submissions 9. This is an
editing process that may be construed as part of account input
rounding is a suggested technique alloWing such tolerance; as
99. For example, after submission termination 23, having
recorded signals 2 for account input 99, as depicted in the
Well employing a subset of possible signals 2, such as a high
example of FIG. 10, the user may select, via checkbox con
trols as shoWn, Which signal types 21 of the transmission 1
depicted in FIG. 9 are to be considered for the transmission 1
such as median or mean.
being recorded. The checkboxes are speci?c to types of sig
nals 21 appropriate to the type of transmission 11 employed.
In the described example, the checkboxes (for signal type 21
selection) appear only for account input 99, not When a user is
and loW, or using one or more algorithmically-derived values,
Signal sequencing 15 is codi?cation of the order of signals
2. Signal sequencing 15 may be predetermined (softWare
determined), such as, for example, input order, or, alternately,
a predetermined prioritization. In alternative embodiments,
signal sequencing 15 may vary by software-determined pro
20
tocol or by user selection. If a plurality of protocols are used
making an submission 9 after an account 109 has been cre
for signal sequencing 15, the protocol employed must be
ated, as the prerequisite signals 2 for signature 4 or identi?
cation 3 have already been stored.
identi?able.
FIG. 9 depicts a button 25 for submission termination 78.A
termination button 25 or its equivalent is necessary only With
active termination 78. Initial input for account creation 10
may use active termination 78 Which is later edited out during
a subsequent signal 2 and transmission 1 selection process,
ing further opportunity for obscuring decipherment of pack
aging 13 protocols.
Sequencing 15 and encryption 14 may be combined, offer
25
During account creation 10, each selected signal 2 is
optionally encrypted 14, encoded for subsequent signal
matching 5, and stored in keys 6, Which are stored in key ?les
resulting in passive termination 77.
There is an embodiment Whereby a user may determine
some or all of the transmissions 1 or transmission types 11
30
comprising account input 99. There is an embodiment
Whereby a user may determine Which signal types 21 of select
transmissions 1 comprise account input 99. Otherwise, soft
Ware-determined protocol may determine all or some trans
missions 1 or signals 2 comprising account input 99.
In one embodiment, account input 99 captures all trans
mission 1 signals 2 until actively terminated 78. In an alter
nate embodiment, account input 99 may be passively termi
nated 77. In one embodiment, transmissions 1 and signals 2
from account input 99 may be edited, the user selecting sig
35
40
function as a plurality of keys 5 in alternate embodiments, a
key 6 may comprise a key unit 16. A key ?le 8 as an actual or
45
50
13, and key 6 creation or employment 16.
Packaging 13 tells hoW to interpret keys 6, including stored
potential collection of keys 6 a key unit 8. An established
account 109 may be considered a virtual aggregation of the
keys 6 used to validate 18 submission 9 for that account 109,
hence also represents a key unit 16.
A key ?le 8 comprises at least one key 6. A key ?le 8 may
Which account input 99 provides one or more signals 2 from
one or more transmissions 1 for packaging into one or more
As depicted in FIG. 11, a key unit 16 is a virtual or actual
collection of signal matches 5. As in one embodiment a single
key 6 may have a plurality of signal matches 5, and thereby
type user-determined.
FIG. 11 depicts account creation 10, in the beginning of
keys 6. Each user account 109 has at least one key 6 for access
authentication 97.
There are tWo aspects to account creation 10: packaging
10, this can be veri?ed by attempting to validate 18 the appro
prior to establishing the account 10.
A key 6 may contain account 109 identi?cation 3.
and termination types are employed as account submission 9.
signals 2 may not be edited or user-selected, or termination 23
accounts Where submission 9 comprises signature 4s, the
signature 4s itself must be unique. During account creation
priate component of a submission 9 for a neW account 109
nals 2 and termination, such that only select, edited signals 2
In alternate embodiments, as aspects of account input 99,
8, for subsequent access authentications 97.
As in the prior art, each account 109 must be unique. For
accounts 109 Where submission 9 comprises identi?cation 3
and signature 4A, identi?cation 3 must be unique. For
55
comprise a plurality of keys 6, or What deceptively may be
keys 6: a key ?le 8 may have pseudo-keys as key ?le 8 ?ller.
In one embodiment, key ?les 8 may be a uniform number of
bytes, regardless of the number of keys 6 stored in a key ?le
8. Keys 6 may be in ?les 8 not exclusively comprising keys 6
(or pseudo-keys); in other Words, a key ?le 8 may as Well be
match signals 5. Overt packaging 13 is optional, and may vary
employed for other purposes, including ?les 8 comprising
by embodiment. Packaging 13 may be implicit by softWare
determined protocol, obviating the need for overt, data-based
unrelated data or even executable code.
packaging 13. There may be tWo optional aspects to packag
13, at least one signal match 5 facility, and at least one next
ing 13: encryption 14 and signal sequencing 15.
As depicted in FIG. 12, a key 6 may comprise packaging
60
of key 6 data. Encryption 14 is optional, but recommended.
Encryption 14 employment may vary by embodiment. In one
embodiment, the same encryption 14 protocol or algorithm is
used throughout (thus, predetermined). In alternative
embodiments, encryption 14 may vary by softWare-deter
mined protocol or by user selection on a per-user or per- signal
key trajectory 7. In alternate embodiments, key 6 composition
varies; the minimum requirement is that a key 6 comprises at
least one signal match 5. Packaging 13 and next key trajectory
7 inherency may vary.
A signal match 5 is a signal 2 stored in a key 6 during
Encryption 14 refers to encrypting or decrypting all or part
65
account creation 10, used for validation 18 of a subsequent
submission 9 signal 2. A key 6 may comprise a plurality of
signal matches 5.
US 7,725 ,725 B1
7
8
A next key traj ectory 7 vectors validation 18 to the next key
6, or, if the terminal key 62, results in forwarding match results
33 for authorization 27, by absence of next key trajectory 7 in
one embodiment. Next key trajectories 7 are a sequential
be sorted. For example, keys 6 for initial signals 21' may be
arranged in binary sorted order by signal type 21 and signal 2.
Key ?les 8 may be organized by account 109, or by trans
mission type 11. Key ?les 8 may be organized by signal type
21, With keys 6 Within ?les 8 organized by input ordinal.
Alternately, an initial key ?le 8i may comprise all possible
initial keys 61' (of ?rst signal matches 5), possibly organized or
organizational facility for keys 6.
Next key trajectories 7 may be obviated by having a single
key 6 With suf?cient contiguous signal matches 5 for valida
tion 18, Whereupon the signal matches 5 Within the key 6 are
sequenced, organized, indexed, or otherWise knoWable by
softWare-determined protocol in relation to packaging 13.
As the correspondence of signal match 5 to key 6 varies by
indexed by signal type 21. One or more key ?les 8 may
contain one or more indexes 61 to keys 6 Within their respec
tive ?les 8.
A key ?le 8 may include an index, or key ?les 8 themselves
embodiment, so too Where a next key trajectory 7 leads.
Depending upon restrictions that may be imposed in an
embodiment, a next key trajectory 7 may lead to a key 6 in the
same key ?le 8 as the last key 6, a key 6 in another key ?le 8,
or the same key 6 if the key 6 holds a plurality of signal
matches 5.
Next key trajectory 7 provides all or part of a reference to
the next key 6 used in validation 18, if there is a next key 6. A
next key trajectory 7 may be encrypted 14.
A next key trajectory 7 may be combined With other data
be indexed. The next key trajectory 7 may provide next key 6
lookup via an index 61. A key ?le 8 may include an index 611'
to initial signal keys 6i. The index 61 may comprise key
trajectories 7, including key trajectories 7 to possible ?rst
keys 61', Which may be organized by transmission type 11
and/or signal type 21.
FIG. 14 depicts an example of key 6 indexing. Key 6
20
that may have been or need to be mathematically transposed
to determine the next key 6. For example, all or a portion of an
account 109 identi?er 3, part of a signal match 5, or some
portion of packaging 13 may be combined With the next key
trajectory 7 as a next key 6 identi?er. Next key trajectory 7
25
this example, checking possible initial keys 6i constitutes
may comprise or reference an offset in a key ?le 8. A next key
initial key trajectory 71. One or more next key trajectories 7 in
an initial key 61' may indicate keys 8 for succeeding signal
matching 5, like links in a chain, so only an index of initial
trajectory 7 may reference a key index entry 62.
A key 6 may include a plurality ofnext key trajectories 7,
in Which case a different next key trajectory 7 may be selected
based upon signal match 5 resultsione or more next key
trajectories 7 for a correct signal match 5, likeWise for an
keys 61' is required. Alternately, a single key 6 may contain all
necessary signal matches 5 for validation 18.
Wrong signal match 5. With a plurality of next key trajectories
7, a next key trajectory 7 may be selected based upon signal
match 5 results, or by software-determined protocol, or a
combination thereof.
Packaging 15 may be encoded as part of the next key
trajectory 7. For example, a next key trajectory 7 may include
the signal sequencing 15 that identi?es next signal match 5
type 21. In this instance, if the next input signal 2 cannot be of
35
40
security. Signature 4 has played gate-keeper to unauthorized
45
50
6 comprising multiple signal matches 5, one for each simple
signal 2 (key code 210 and mouse click 212), or, alternately,
Without key ?le 8 organization or key indexing 61, more
keys 6 may need to be considered than just those keys 61' for
initial signal matches 5. With next key trajectories 7 referring
to subsequent keys 6, optimally, only potential initial keys 61'
need be searched to commence validation 18.
An initial key 61' that may ultimately lead to authorized 27
FIG. 15 depicts post-submission validation 180: input sig
access 39 must associate to an account 109, either directly or
55
cannot succeed 86 that may not associate to an account 109
for Which access 39 may be obtained. A key unit 16 for Which
authorized 27 access 39 is unobtainable is referred to as a fake
key 6w.
Organize key units 16 as an optimization. Various conven
zation.
reference multiple keys 6, each With simple signal matches 5
that altogether comprise the composite signal 2.
access 39, not account identi?cation 3.
by reference. There may be keys 6 for Which authorization 27
A key index 61 may reference keys 6 in different ?les 8. As
depicted in the FIG. 14 example, initial key index 611 entries
62 reference keys 6 of the same input signal type 21. Initial
key code keys 210, for example, reference keys 6210 in the
same ?le 801 as the index 611, While keystroke timing keys
6211 referenced by the keystroke timing index entry 211
reside in another key ?le 802. Key indexing 61 is an optimi
A key code & mouse click key index entry 217 is depicted
in FIG. 14 as an example of a composite signal 2. The key
code & mouse click key index entry 217 may reference keys
the same type 21 as the next signal match 5, authorization 27
may fail 86. Knowing that at that point, a Wrong trajectory
protocol 7w may be invoked to avoid identifying a proper key
unit 16.
A submission 9 comprising identi?cation 3 folloWed by
signature 4a is easier to validate 18 than a submission 9 solely
comprising signature 4s: knoWing an account identi?er 3
provides the means to knoW What the signature 411 should be.
Historically, identi?cation 3 has not been relied upon for
indexing 61 or organization is recommended When submis
sion solely comprises signature 4s Where a user may input
signals 2 in any user-determined manner. Depicted in FIG. 14
is a key ?le 801 With a key index 61, speci?cally an initial key
index 611. The depicted initial key index 611 contains refer
ences to keys 61' that contain at least initial signals 2.
In the FIG. 14 example, only initial keys 61' are indexed. In
60
tions of organizing or indexing accounts 109, keys 6, and key
nals 2 are accumulated 47 and submission 9 completed 46
before validation 18 commences. FIG. 16 depicts incremental
validation 181: validation 18 is concurrent With submission 9
transmission 1. In other Words, With incremental validation
181, validation 18 may progress With each signal 2 or trans
mission 1.
?les 8 may be employed. In alternate embodiments, the same
Submission termination 23 must be knoWn using post
submission validation 180. This is a potential draWback:
organizing principles may be applied at the level of key 6, key
unless softWare-determined protocol determines submission
?le 8, or account 109.
Optimally, keys 6 are organized to facilitate rapid search
for signal matches 5, particularly for ?nding initial signals 2i
When submission 9 solely comprises signature 4s. Keys 6 may
termination 23, passive termination 77 cannot be accom
65
plished using post-submission validation 180; active termi
nation 78 must be used. For full user-determined submission
9, employ incremental validation 181, Which has the con
US 7,725 ,725 B1
10
comitant advantage of immediate knowledge of authorization
results 33 for authorization 27. In the depicted example, input
signals 2 are validated 18 in input order interactively 88 With
input 2. In other Words, validation 18 is incrementally con
failure 86, allowing Wrong key trajectory 7w protocol inter
posing.
FIG. 17 depicts the validation 18 process, Which is similar
regardless Whether post-submission validation 180 or incre
mental validation 181 is employed.
temporaneous 88 With submission 9. In an alternate embodi
ment With alternate sequencing 15, input signal 2 validation
18 may not commence until submission 9 is completed 46.
The described example facilitates rapid authorization 27 by
Incremental validation 181 may commence once the ?rst
transmission 1 completes, or, in a more sophisticated embodi
incremental validation 18. Actually, While access 39 may
ment, ongoing 88 With signal input 2. In a concurrent valida
tion 181 embodiment, initial signal keys may be accumulated
50 and subsequent unmatched keys discarded 51 concurrent
marginally be accelerated by incremental validation 18, only
lack is authorization 86 is notably rapidly facilitated, as con
tinued input 2 of a submission 9 that cannot possibly be
With transmission 1, on a signal-by-signal 2 basis.
validated 18 may be interrupted so that a user may retry 63.
Validation 18 commences by accumulating possible keys
FIG. 19 depicts an example of an embodiment employing
55 based upon signal match 54 betWeen signals 2 of the ?rst
transmission 1 and possible initial signal keys 52. For subse
quent transmissions 1, accumulated keys are discarded 59 by
failure to match signals 57. Match results 33 are passed to
a Wrong trajectory protocol 7w. Wrong trajectory protocol 7w
is employed as a means of obfuscation targeted at computer
monitoring devices. In the depicted example, keys 6 are con
structed With multiple key trajectories 7, With at least one
trajectory to a succeeding key 6 Whereupon authorization 27
may succeed 72, and at least one trajectory 7w Whereupon
authorization 27 When there are no keys remaining 73 or no
next key trajectories 7 for remaining keys 75. As long as there
are remaining keys 34 With next key trajectories 74, the pro
20
that cannot result in successful authorization 86: Whatever
one-to-one correspondence betWeen signal match 5 and key
6. Through access to one or more keys 6 Which may reside in
25
one or more key ?les 8, validation 18 produces signal match
results 33, upon Which authorization 27 permits access 29,
alloWs retry 28 of submission 9, or denies access 27.
Full submission 9 comprises a set of signals 2 upon Which
access 39 may be granted 72. Incomplete submission 9 com
prises a set of signals 2 to Which additional user input is
either for authorization success 72 or failure 86.
30
upon signal match 5 results, one of the three right or Wrong
35
acter) codes 210, and timing of key strokes (rhythm) 211. As
40
signals 2. It may be, for example, that user-selected signal
45
this example, though With incremental signal matching 5, this
50
recording user input signals by type from at least one
user-selected device among a plurality of selectable user
input devices connected to a single computer,
Wherein a signal comprises a set of related softWare-rec
ognizable data of the same type received from at least
55
sion 1 to tWo possible accounts meriting validation 18
consideration. In this example, subsequent input signals 2
narroW validation 18 to a single account 109 by a sequential
process of elimination.
So, With incremental validation 181 there may need to be a
different key ?les 8 may be employed to have various paths to
authorization 27. As another suggestion, different signal
sequencing 15 may be employed to differ trajectories 7.
The folloWing is claimed:
1. A computer-implemented process comprising:
receiving user indication of signature input recording;
code (as rhythm is the timing betWeen successive keystrokes),
example, the key 6 With rhythm 211 signal match 5 may have
sequence packaging 15 indicating that key code 210 is
ignored for this transmission 1. So, in this example of incre
mental validation 181, initial signal input 2 has multiple sig
nal matches 5, narroWing possibilities in the initial transmis
As described, validation protocols 18 may vary, and differ
ent protocols may be combined. Multiple non-deterministic
trajectory 7 paths, including Wrong trajectory 7w, is one
example. In some embodiments, validation protocol 18
authorizing 27 access 39 may use different trajectories 7.
Duplicate signal matches 5 in different keys 6 in the same or
Would not be knoWn at ?rst. A key unit 8 of key rhythm 211
signal types 21 Would also ?nd a match 5 after the second key
this time (in this example) for the correct user. In this
trajectories 7 that play out to authorization 27. It is possible
for different next key trajectories 7 to diverge to different
(possibly duplicate) keys 6 that later converge back to the
same key 6.
input 2, With tWo possible corresponding signals 2: key (char
selection Was employed, With initial key code 210 signals 2
for the ?rst input to be ignored, and key rhythm 211 used. A
key code 210 match 5 may be found, but it Would be Wrong in
For example, a key 6 may contain six next key trajectories
7, three of Which are Wrong key trajectories 7w. Depending
trajectories 7 are non-deterministically chosen. This example
presupposes sequences of keys 6 strung together by next key
Would not succeed 86.
an example, a key unit 16 of key code signal type 21 might be
accessed to search keys 6 for signal matches 5 of key code 210
key 6 or key ?le 8 pinball is used, authorization fails 86.
Trajectories 7 may be selected non-deterministically. This
suggestion is most effective When there are multiple possible
trajectories 7, including Wrong key trajectories 7w, that augur
ongoing 88, and for Which by themselves 2 authorization 27
In an example depicted by FIG. 18, the ?rst trajectory 71 is
to a key 61' in a key ?le 8i determined by signal type 21. Keep
in mind that this process may be repeated for all possible
initial keys 61'. For example, consider key 108 transmission 1
access 39 is hopeless (fake keys 6w). In the example, signal
match 77 in the initial key 77 in the initial key ?le 8i mis
matches. In this case, key trajectory 7w leads to a fake key 6w
cess of discarding keys that don’t match 51 continues 818.
FIGS. 18 & 19 depict examples of the access authentica
tion 97 process. FIGS. 18 & 19 illustrate an example of
one input device,
Wherein a signal type comprises a category of measurable
variable input associated With at least one user-select
able input device, and
Wherein at least one user-selectable input device affords
60
recording a plurality of signal types;
plurality of input signals 2 before signal match 5 may effec
tively commence. In the example above, Where key rhythm
terminating said recording;
211 is the ?rst signal 2 to be matched 5, tWo key code 210
signals 2 must be input before key rhythm 211 may even be
considered.
In the example of FIG. 18, validation 18 accesses three key
creating a signature based at least in part upon at least a
?les 8 through successive key trajectories 7, bundling match
storing at least a portion of said recording;
portion of said stored recording; and
65
storing said signature.
2. The process according to claim 1, Wherein said recording
comprises signals from a plurality of user-selected devices.
US 7,725 ,725 B1
11
12
creating a signature using said stored recorded user input
signals from a plurality of categories of measurable vari
able input; and
3. The process according to claim 1, further comprising:
receiving user indication to edit said signature;
receiving user selection of at least one signal type from a
plurality of signal types associated With at least one user
input device of said recording;
storing said signature.
5
editing said stored signature to exclude recorded data of at
least one signal type.
4. The process according to claim 1, further comprising:
comparing a subsequent signature submission to at least a
said recording.
12. The process according to claim 10, Wherein passively
terminating said recording.
portion of said recording,
and accepting said comparison Within a predetermined
13. The process according to claim 10, further comprising:
dividing a stored signature into distinct data portions;
recording and storing a second series of user input signals
degree of inexactness,
thereby authenticating said subsequent signature.
after storing said signature,
5. The process according to claim 4, Wherein said prede
termined degree comprises a user-designated tolerance.
6. The process according to claim 1, further comprising
Wherein said second series of user input signals are
received in incremental portions;
presenting at least a portion of said recording to said user for
comparing at least one said distinct data portion to at least
one said incremental portion;
editing,
Wherein said presented recording portion does not com
prise teXt-character codes.
storing said comparison; and
20
7. The process according to claim 1, Wherein at least a
portion of said recording comprises at least one signal type
comprising signal input from a plurality of devices.
8. The process according to claim 1, further comprising:
dividing a stored signature into distinguishable data por
parison.
comparing a subsequent signature submission to at least a
25
degree of inexactness,
key;
thereby authenticating said subsequent signature.
linking keys of a signature,
30
user-selected device among a plurality of selectable user
input devices connected to a single computer,
35
input data;
user input data and performing a corresponding authen
able input associated With at least one user-selectable
input device, and
40
?rst portion, discarding from further processing previ
user-selected device;
storing at least a portion of said recording;
creating a signature based at least in part upon at least a
45
16. The method according to claim 15, Wherein said sig
nature comprises signals from at least one signal type deter
mined by received input after said storing at least a portion of
50
said recording.
55
17. The method according to claim 15, Wherein creating
said signature using recorded signals from a plurality of sig
nal types.
18. The method according to claim 15, further comprising:
dividing a stored signature into distinct data portions; and
recording.
10. A computer-implemented process comprising:
commencing signature input recording;
recording user input signals by type from at least one
input devices connected to a single computer,
incrementally authenticating a second series of user input
signals to said signature by comparing said second series
Wherein a signal comprises a set of related softWare-rec
ogniZable data of the same type received from at least
one input device,
Wherein a signal type comprises a category of measurable
variable input associated With at least one user-select
of user input signals to their respective distinct data
portions of said stored signature.
60
able input device, and
Wherein at least one user-selectable input device affords
recording a plurality of signal types;
terminating said recording;
storing at least a portion of said recording;
portion of said stored recording; and
storing said signature.
nation determining authentication impossible.
user-selected device among a plurality of selectable user
Wherein recording a plurality of signal types for at least one
terminating said recording;
ing said user input data portion, or by process of elimi
9. The process according to claim 1, Wherein said signature
comprises signals from at least one category determined by
received input after said storing at least a portion of said
Wherein a signal comprises a set of related softWare-rec
ogniZable data of the same type received from at least
one input device,
Wherein a signal type comprises distinct measurable vari
subsequently, iteratively receiving a plurality of portions of
ously accumulated keys based upon failure in matching
respective key data to said user input data portion; and
Whereby continuing said iterative process until completing
authentication by matching said last key to correspond
15. A computer-implemented method for recording input
and creating a signature comprising:
recording user input signals by type from at least one
dividing a plurality of stored signatures into keys;
tication step for each portion,
Wherein, upon receiving each subsequent portion after said
portion of said recording,
and accepting said comparison Within a predetermined
Wherein each said distinguishable data portion comprises a
receiving a ?rst portion of user input data;
accumulating keys of a plurality of signatures based upon
matching stored key data to said ?rst portion of user
determining Whether to continue receiving and storing a
succeeding incremental portion based upon said com
14. The process according to claim 10, further comprising:
tions,
said links determined at least in part by sequential order of
user input corresponding to recorded signals;
11. The process according to claim 10, Wherein said sig
nature comprises signals from at least one signal type deter
mined by received input after said storing at least a portion of
19. The method according to claim 15, Wherein creating
said signature from input signals from a plurality of user
selected input devices.
20. The method according to claim 15, Wherein said sig
nature comprises in part signals from a pointing device.
65
*
*
*
*
*
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
