Altpass LLC v. Apple Inc

Filing 1

COMPLAINT ( Filing fee $ 402 receipt number 0542-15080913), filed by Altpass LLC. (Attachments: #1 Exhibit Exhibit A, #2 Exhibit Exhibit A-1, #3 Exhibit Exhibit B, #4 Exhibit Exhibit B-1, #5 Exhibit Exhibit C, #6 Exhibit Exhibit C-1, #7 Civil Cover Sheet Civil Cover Sheet)(Massand, Neal)

Download PDF
EXHIBIT C US008429415B1 (12) Umted States Patent (10) Patent N0.2 Odom (54) US 8,429,415 B1 (45) Date of Patent: USER-SELECTABLE SIGNATURES . (75) Inventor. 4,962,530 A 4,964,163 A 5,091,939 A Gary Odom, Portland, OR (US) 5,161,190 A (73) Assignee: Tierra Intelectual Borinquen, San 10/1990 Cairns 10/1990 Berry 2/1992 Cole ll/l992 Ca-ims 2 Juan, PR (US) *Apr. 23, 2013 \cxgigenberg 7/1993 Seymour 5,229,764 A ( * ) Notice: 5,226,172 A 7/1993 Matchett Subject to any disclaimer, the term of this . 2 . , patent 1s exltertded ordadjusted under 35 . - - au man 5,638,513 A U-S-C-154( ) Y379 ays- 5,664,099 A - - EH11? , 5 680 462 A 6/1997 Ananda 9/1997 Ozzie 10/1997 M'll This patent 1s subJect to a termmal d1s- 536823475 A “M997 loiufsgn Clalmer- 5,696,686 A 5,721,780 A 12/1997 Sanka 2/1998 Ensor (21) Appl. No.: 12/759,660 (22) (63) Filed: (Continued) Apr. 13, 2010 FOREIGN PATENT DOCUMENTS Related US. Application Data Continuation of application No. 11/ 615,966, ?led on Dec. 23, 2006, HOW Pat. NO. 7,725,725, Which is a continuation of application No. 10/090,520, ?led on Mar. 4, 2002, noW Pat. No. 7,350,078. JP 11102345 4/1999 OTHER PUBLICATIONS Feldmeier et al., UNIX Password SecurityiTen Years Later, 1990, springer-Verlag, pp, 44-63, (C _ d) ont1nue (60) Provisional application No. 60/286,457, ?led on Apr. 26, 2001~ (51) (52) Primary Examiner * David Garcia Cervetti Int Cl (74) Attorney, Agent, or Firm * Ferraiuoli LLC 21/00 (2006.01) (57) USPC ....................................................... .. 713/182 (58) Field of Classi?cation complete................. .. 713/182 Search search history. See application ?le for (56) ABSTRACT Computer login may comprise any user'determined 5111311115‘ 51?“ All“? Inlay Select “gong dlll?eiem ?evlces fofr .mpul" Se eon e slgna. Content’ an as We Se .ectt .6 typés O slgna S used for a logm slgnature. Account 1dent1?cat1on may be References Cited inferred by signature rather than explicitly stated. A plurality U.S. PATENT DOCUMENTS of discontiguous data blocks in a plurality of ?les may be employed for validation. The paths to data used in validation may be multifarious, regardless of the prospects for success . . 4,218,738 A 8/1980 Matyas 4,288,659 A 4,621,334 A 9/1981 Atalla 11/1986 Garcia 4,805,222 A fulauthonzanm 2/1989 Young 17 Claims, 10 Drawing Sheets I08 KEYBOARD 2 SIGNAL 1 TRANSMISSION —> 25 SIMPLE SIGNAL I07 MOUSE OR I TRANSMISSION —> 25 SIMPLE SIGNAL 108 KEYBOARD UU Ell] IM TRANSMISSION g DU — —> 2c COMPOSITE SIGNAL 107 MOUSE US 8,429,415 B1 Page 2 US. PATENT DOCUMENTS 5,768,387 A @1998 Akiyama 6,948,154 B1 6,957,337 B1 5,787,169 A 7,136,490 B2 5,825,906 A * 5,838,306 A * 5 867 647 A ’ 1 . 7/1998 Eldridge 10/1998 11/1998 Obata et al. ................. .. 382/119 , 0 Connor et a1. .......... .. 345/163 21999 H . h mg 5,889,866 A 4/1999 Halstead 6/1999 Green . 2/2001 Lambert 6,205,204 B1 3/2001 Morganstein 1 1 6,311,272 B1 6332195 Bl 7,506,174 B2 . 30001 J 1.1. a ‘1 4/2001 Gooderum 9/2001 Krahn 10/2001 Gressel 120001 G 6136311 53 B1 3/2002 Prelim ’ 1 6,405,922 B1* 6/2002 6,421,453 B1 7/2002 Kanevsky . 6,442,692 B1 6466 781 B1 1 1 6,480,825 B1 ‘1r er Kroll ........................... .. 235/379 8/2002 Zilberman 100002 B 7,200,804 B1 b mm ‘1 11/2002 Sharma 6,607,136 B1* 8/2003 Atsmon et al. .............. .. 235/492 6,618,806 B1* 9/2003 7,882,032 B1 7,941,669 B2 11/2006 Martinez 3/2007 Uchida ....................... .. 709/229 - 4/2007 Khavari 7,444,517 B2 4/2000 H1llhouse 6,193,153 B1 6,219,707 B1 6,292,790 B1 7,191,238 B2 6/2006 Taguchi * 7,386,731 B2 7,409,705 B2 6,052,468 A 6 209104 Bl 7,065,786 B2 7,298,242 B2* 3/1999 Cyras 5,896,497 A 5,913,024 A 9/2005 Rothermel 10/2005 Chainer 11/2007 Fujita etal. ................ .. 340/583 6/2008 Sanai- et al. 8/2008 Ueda 10/2008 Dayan * * 2001/0007130 A1 * 2001/0047488 A1 3/2009 Davis 2/2011 Hoffman ....................... .. 705/50 5/2011 Foley et al. ................. .. 713/182 7/2001 Takaragi ..................... .. 713/186 11/2001 Verplaetse 2002/0002678 A1 2002/0002685 A1 1/2002 Chow 1/2002 Shim 2002/0083339 A1 6/2002 Blumenau 2002/0087894 A1* 7/2002 2002/0091937 A1 7/2002 Ortiz 2002/0141586 A1 Foley etal. ................. .. 713/202 10/2002 Margalit - 2003/0056120 A1 3/2003 Liu 2004/0093349 A1* 5/2004 2004/0128508 A1 7/2004 Wheeler 2006/0036547 A1 2/2006 Yasuhara Buineviciusetal. .... .. 707/1041 Brown et al. ............... .. 713/186 6,636,975 B1 10/2003 Khidekel 6,647,400 B1 11/2003 Moran 6,647,498 6,651,168 6,657,614 6,671,813 6,732,278 6,751,734 6,766,456 6,895,514 B1 B1 B1 B2 B2 B1 B1 B1 1 1/2003 11/2003 12/2003 12/2003 5/ 2004 6/2004 7/2004 5/2005 Cho K30 Ito Ananda Baird Uchida McKeeth Kermani OTHER PUBLICATIONS _ _ _ _ _ _ Syukr1 et al., A User Ident1?cat1on System Using S1gnature Wr1tten With Mouse, 1998, Springer-Verlag, pp. 403-414. Harn et al., Integration of User Authentication and Access Control, 1992, IEEE, vol. 139, No. 2, pp. 139-143. Monrose et al., Password Hardening Based on Keystroke Dynamics, 1999, ACM, pp. 73-82. * cited by examiner US. Patent Apr. 23, 2013 100 COMPUTER 101 DISPLAY DEVICE Sheet 1 0110 US 8,429,415 B1 9 SUBMISSION 3 IDENTIFICATION 1I TRANSMISSION(S) 102 CPU 21 SIGNAL(S) 103 STORAGE 104 MEMORY 4A SIGNATURE 105 RETENTION 1A TRANSMISSION(S) DEVICES(S) 2A SIGNAL(S) 106 INPUT DEVICE(S) 107 POINTING DEVICE (E.G. MOUSE) FIGURE 3 108 KEYBOARD 9 SUBMISSION 109 BIOMETRIC DEVICE FIGURE 1 4S SIGNATURE 1S TRANSMISSION(S) 2S SIGNALS FIGURE 4 97 ACCESS AUTHENTICATION 9 SUBMISSION 1 1 TRANSMISSION TYPE 2 SIGNAL 21 SIGNAL TYPE 18 VALIDATION 22 SIGNAL DATA 27 AUTHORIZATION FIGURE 2 FIGURE 5 US. Patent Apr. 23, 2013 Sheet 2 or 10 US 8,429,415 B1 108 KEYBOARD 2 SIGNAL CICIDUUUUCICIC] UUDUUUUUUC] CICICJCICICICICIC] CICICJCICICICICICIC] DC] :1 DC] DUDE] DUE] DOC] DOC] :10 [1 1 TRANSMISSION —> 2S SIMPLE SIGNAL 107 MOUSE OR 1 TRANSMISSION —> 2S SIMPLE SIGNAL 108 KEYBOARD X C] C] DODGO S‘ D U OUG DOUG DOUG DOUG DOUG DOUG GODU GO DOUG DOUG U u) DU 1M TRANSMISSION Cl C] AND —> 20 COMPOSITE SIGNAL FIGURE 6 107 MOUSE US. Patent Apr. 23, 2013 Sheet 3 0f 10 US 8,429,415 B1 78 ACTIVE TERMINATION 77 PASSIVE TERMINATION 9 SUBMISSION 9 SUBMISSION 2 INPUT SIGNALS 2 INPUT SIGNALS 1 TRANSMISSION 1 TRANSMISSION 25 OVERT TERMINATION 61NO 26 TERMINATION CONDITION 63 NO () K) 23 SUBMISSION TERMINATION 23 SUBMISSION TERMINATION FIGURE 7 FIGURE 8 US. Patent Apr. 23, 2013 Sheet 4 or 10 US 8,429,415 B1 ( 41 TEXT INPUT DIALOG ( 40 SCREEN \ \ 42 TEXT INPUT CONTROL TEXT INPUT \\/ 43 ACKNOWLEDGE BUTTON OK \/ 1 TRANSMISSION <25 TERMINATE F|GURE9 _ @ LOCATION 21 SIGNAL TYPE B SPEED V |X| VECTOR _|:| SHAPE TEXT INPUT OK FIGURE 10 2 SIGNAL US. Patent Apr. 23, 2013 Sheet 5 0f 10 US 8,429,415 B1 99 ACCOUNT INPUT 2 INPUT 10 A SIGNALS C CCOUNT IREATION 13 PACKAGING 14 ENCRYPTION 15 SEQUENCING - 16 KEY CREATION / EMPLOYMENT FIGURE 11 6KEY 5 SIGNAL MATCH 7 NEXT KEY TRAJECTORY Q ‘Q 13 PACKAGING FIGURE 12 16 KEY UNIT 6 KEY 8 KEY FILE 109 ACCOUNT FIGURE 13 US. Patent Apr. 23, 2013 Sheet 6 0f 10 US 8,429,415 B1 801 KEY FILE 62 KEY 61 KEY INDEX / INDEX (61 1 INITIAL KEY INDEX) ENTRY ----- 210 KEY CODE 211 KEYSTROKETIMING ________ 212 MOUSE CLICKS 213 MOUSE VECTOR 214 MOUSE LOCATION 215 MOUSE SHAPE ---- 216 MOUSE SPEED i 217 KEY & MOUSE CLICK 6210 - .> 6215 i 4- - - J 802 KEY FILE FIGURE 14 ___ US. Patent Apr. 23, 2013 Sheet 7 0f10 US 8,429,415 B1 180 POST-SUBMISSION VALIDATION 9 SUBMISSION 2 INPUT L SIGNALS V 47 ACCUMULATE SIGNAL DATA l 45 NO 44 SUBMISSION COMPLETED 18 VALIDATION l 27 AUTHORIZATION 181 INCREMENTAL VALIDATION FIGURE 15 9 SUBMISSION 881_ CONTINUING INPUT 2 INPUT L SIGNALS V 18 VALIDATION l 27 AUTHORIZATION FIGURE 16 US. Patent Apr. 23, 2013 18 VALIDATION Sheet 8 0f10 @ 808 I US 8,429,415 B1 I 818 @ 50 ACCUMULATE INITIAL SIGNAL KEYS 51 DISCARD UNMATCHED KEYS 52 FOR EACH POSSIBLE INITIAL SIGNAL KEY 56 FOR EACH SIGNAL FOR EACH REMAINING KEY WW 4 61 53 SIGNAL MATCH? SIGNAL MATCH? 55 ACCUMULATE POSSIBLE KEYS 59 DISCARD KEY 70 808 73 NO KEY REMAINING () 33 MATCH RESULTS 71 NEXT KEY TO: 27 AUTHORIZATION v 75 NO FIGURE 17 TRAJEQCTORY 74 YES US. Patent Apr. 23, 2013 Sheet 9 0f10 9 " "" ' ' ’ SUBMISSION US 8,429,415 B1 2 INPUT { SIGNALS 18 VALIDATION 71 FIRST KEY TRAJECTORY 8I INITIAL KEY FILE 8W WRONG l KEY FILE l 72 SECOND KEY TRAJECTORY 73 THIRD KEY TERMINAL TRAJECTORY 8T KEY FILE LAST KEY TRAJECTORY 63 YES " 33 MATCH RESULTS 38 RETRY ‘ """""" ' ' " 86 NO FIGURE 18 ‘2 i 65 NO V 37 ACCESS DENIED 72 YES — AUTHORIZATION SUCCESS US. Patent Apr. 23, 2013 Sheet 10 0f10 9 —’ SUBMISSION US 8,429,415 B1 ZINPUT L 18 VALIDATION SIGNALS 71 FIRST KEY TRAJEcTORY 7W WRONG KEY TRAJEcTORY SECOND KEY TRAJECTORY 7N LAST KEY TRAJEcTORY 33 MATCH RESULTS 63 YES " FIGURE 19 38 RETRY ? : 65 NO V 86 NO : AUTHORIZATION AUTHORIZATION FAILURE ? : 72 YES US 8,429,415 B1 1 2 USER-SELECTABLE SIGNATURES These aspects are independent: one does not rely upon the other. Any one or all may be employed to enhance computer login security. CROSS-REFERENCE TO RELATED APPLICATIONS Access privileges for accounts are not germane. Determin ing or setting account access privileges are separate opera tions that occur after submission validation and authorization. This application is a continuation of US. patent applica tion Ser. No. 11/615,966, ?led Dec. 23, 2006, now US. Pat. No. 7,725,725, Which is a continuation of Ser. No. 10/090, 520, ?led Mar. 4, 2002, now US. Pat. No. 7,350,078, Which BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS is a non-provisional ?ling of provisional application 60/286, FIG. 1 is a block diagram of a computer suitable for prac 457, ?led on Apr. 26, 2001. As such, this application claims priority to Apr. 26, 2001. ticing the invention. FIG. 2 depicts the access authentication process. FIG. 3 depicts an embodiment of identi?cation and signa STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT ture comprising submission. FIG. 4 depicts an embodiment of signature solely compris ing submission. FIG. 5 depicts classifying signals by their transmission and Not Applicable THE NAMES OF THE PARTIES TO A JOINT RESEARCH AGREEMENT signal types. 20 FIG. 7 depicts active submission termination. FIG. 8 depicts passive submission termination. Not Applicable INCORPORATION-BY-REFERENCE OF MATERIAL SUBMITTED ON A COMPACT DISC 25 FIGS. 9 & 10 depict example submission screens. FIG. 11 depicts account creation. FIG. 12 depicts a key. FIG. 13 depicts a key unit. FIG. 14 depicts an example of key indexing. Not Applicable BACKGROUND OF THE INVENTION FIG. 6 depicts simple and composite signals. 30 FIG. 15 depicts validation after submission termination. FIG. 16 depicts incremental validation. FIG. 17 depicts the validation process. FIG. 18 depicts an example of validation key trajectory 1. Field of the Invention resulting in access. The relevant technical ?eld is computer login security. 2. Description of the Related Art Including Information FIG. 19 depicts an example of validation key trajectory resulting in authorization failure. Disclosed Under 37 CFR 1.97 and 1.98 Computer login traditionally consists of a user typing in an 35 DETAILED DESCRIPTION OF THE INVENTION account name and a passWord. Historically, access validation (authenticating a passWord one an account name is known) FIG. 1 is a block diagram of a desktop computer 100 Which has been through reading data from a single passWord ?le comprises a CPU 102; storage 103, Which comprises memory comprising account name and encrypted passWord. Once a single account and a typed passWord is known, system secu rity can be compromised. Once encryption for a single pass Word is broken, all other passWords are potentially com prised, as all passWords and account names are conveniently located in the single passWord ?le and use the same encryp tion. 40 104 and optionally one or more devices With retention medi um(s) 105 such as hard disks, diskettes, compact disks, or tape; an optional display device 101; and one or more input devices 106, examples of Which include but are not exclusive to: a keyboard 108; one or more pointing devices 107, such as 45 a mouse; or a biometric device 109, such as a ?ngerprint reader. The mouse is the most popular pointing device 107 for desktop computers 100. In the description beloW, mention of BRIEF SUMMARY OF THE INVENTION a mouse is meant to include pointing devices 107 of any type, including, for example, a pen or stylus used in computing Computer login may comprise any user-determined sub mission, including a plurality of transmissions for Which 50 devices Where a user may “Write” upon a screen. The submission may be passively terminated. Preferably a user determines the input devices and signal types as Well as the content of signals. This makes submission theft more dif?cult 100. As Well, the softWare described may ?nd application in other computer-like devices requiring secured access, includ and less likely. Account identi?cation may be inferred by signature rather than explicitly stated. Overt account identi?cation provides described softWare may be employed on such a computer ing hand-held or embedded devices. 55 In the folloWing description, software-determined protocol includes exemplary methods or techniques such as algo rithms; or non-algorithmic methods or techniques, including, for example, fuzzy logic or neural netWork pattern matching; an entry point for hacking; With inferred account identi?ca tion, this entry point is eliminated. or, random or pseudo-random determinations. A random or A plurality of discontiguous data blocks (keys) in a one or more ?les may be employed for validation. This ameliorates pseudo-random technique that results in seemingly arbitrary having a single authentication key that, once accessed, may as non-deterministic. selection, the equivalent of softWare rolling dice, is referred to In the folloWing description, protocols, algorithm types, be deciphered and security compromised. Multiple trajectories to keys, hence multiple paths to authorization as Well as ersatz trajectories and paths When submission Will not garner authorized access, obfuscate vali dation protocol to spy softWare and devices. 65 data types, and types of data, such as transmission 11, signal 21, packaging 13, sequencing 15, or encryption 14 types or protocols, are identi?able using binary identi?cation codes (type identi?ers), by data length, or other data signature, such US 8,429,415 B1 3 4 as a uniquely identi?able bit pattern, or by convention, such as known location (offset) Within a data structure. FIG. 2 depicts the access authentication process 97, com may be employed if identi?cation 3 or signature 4s does not represent the actual account identi?er 109. prising submission 9, validation 18, and authoriZation 27. security precaution to preclude unauthorized access 39. His torically, a single signal 2 of a single transmission 1 has typically been used for a signature 4, namely a passWord, Which is a signature 4 of a single Word of text. A pass-phrase A signature 4 is at least one transmission 1 intended as a Naturally, an account 109 must be created 10 before any access authentication process 97 may occur. Submission 9 comprises one or more transmissions 1 intended for authenticating access to a computer 100 or net is a signature 4 of a plurality of Words of text. A plurality of transmissions 1 or signals 2 may be used for Work of computers 100. As depicted in FIG. 3, in one embodi ment, a submission 9 comprises identi?cation 3 and signature identi?cation 3 or signature 4. In some embodiments, a user 4. Historically, an account name Would be an identi?cation 3, may determine the transmission(s) 1, signal(s) 2, transmis and a passWord a signature 4. If surety of uniqueness may be sion type(s) 11, or signal type(s) 21 that comprise a submis sion 9. Altemately, transmission 1 or signal 2 determination assured, in an alternate embodiment, a submission 9 com prises a single signature 4s, as depicted in FIG. 4, supplanting separate identi?cation 3 & signature 411 While providing for accords With a software-determined protocol. the dual components of identi?cation 3 and signature 4. With submission 9 solely comprising signature 4s, an account 109 may be identi?ed by the signature 4s data itself, or by having match 5 to input 22: for example, no deviance from a char Historically, validation 18 has required an absolute signal acter-based passWord has been permitted. With mouse 107 movements, or other dif?cult-to-exactly-replicate signals 2, hoWever, some tolerance may be permitted. Signal 22 toler an account identi?er 109 embedded Within a key 6 that has been accessed during validation 18 of the signature 4s. A transmission 1 is user input into the computer 100 via one or more input devices 106, Whereupon termination of transmission 1 is recognizable, and resulting in at least one signal 2. There may be different types 11 of transmissions 1, examples of Which include mouse 107 movements or clicks, keyboard 108 entry, or combinations thereof. Other types 11 of transmissions 1 are possible With different input devices 106, such as, for example, voice transmission 1 if the com puter 100 is equipped With a microphone and speakers. Multiple-device 106 transmission 1m is conceivable. An 20 ance should be alloWed When appropriate, and may be set by softWare-determined protocol or user selection. For example, deviance up to 10% from recorded signal match 5 for key stroke timing 211 may be acceptable. Similarly, as another 25 pixels and still be tolerated. As multiple signals 2 may com prise a submission 9, the need for exactness for any single signal 2 to properly authenticate access 97 is lessened. example, mouse click location may vary Within a radius of 10 Termination of submission 9 may be active or passive. FIGS. 7 & 8 illustrate. Inputting a passWord or pass-phrase, 30 example of a multiple-device 106 transmission 1 is a combi the mouse 107. As another example, inputting mouse 107 movement may be actively terminated by a mouse 107 click. nation of mouse 107 movement While one or more keys 108 are pressed, as depicted in FIG. 6. A signal 2 is a set of related softWare-recogniZable data from a single transmission 1. A plurality of signals 2 of With active termination 78, a user terminates submission 9 35 different types 21 may emanate from a single transmission 1. example: mouse 107 movement of the cursor may yield sig 107 movement or sound for a limited time, or until a certain 40 previous transmission 1 termination. For example, changing 45 from cursor/mouse movement to mouse button clicking may 50 be considered a change in signal type 21, and hence a possible basis for passive termination. Biometric transmission 1 is typically passively terminated 77: softWare terminates sub mission 9 When su?icient biometric signals 2 have been recorded. types 21 from a single-device transmission 1. Signal data 22 may be categoriZed by its transmission type 11 and/or signal type 21, as depicted in FIG. 5. For easy identi?cation, each possible transmission type 11 or signal type 21 may be assigned a unique ordinal. Hypothetically, if elapsed time absent further input; until su?icient signal 2 has been input to alloW a signal match 5; or until a succeeding transmission 1 of another transmission type 11 or signal type 21 commences, the change of type 11 itself indicative of 215. A transmission 1 of composite signals 2C comprising a plurality of simple signals 2S is conceivable. For example, a multiple-device 106 transmission 11 produces a composite signal 2C if matching to signals 2 of both devices 106 is required, as does requiring signal match 5 of multiple signal through a prescribed indication 25. With passive termination 77, softWare terminates submission 9 Without overt user action, but instead When a predetermined condition is met 26. Examples of pas sive termination 77 include: recording mouse For example, typing a Word may yield the signals 2 of entered keys 210 and the timing betWeen keystrokes 211. Another nals 2 of locations 214, velocities, duration, and shape pattern (s) (such as script signatures, draWn characters, and so on) for example, is typically terminated by pressing the ‘Enter’ key or clicking an equivalent acknoWledge button 43 using Termination 23 of identi?cation 3 or signature 4 may occur using any number of protocols: passively 77 by a predeter a multiple-device 106 transmission 1 is identi?ed as a unique mined or user-selected number of transmissions 1; ?nal trans transmission type 11, the range of transmission types 11 may extend to the factorial of all possible input devices 106, depending upon the embodiment employed. To avoid unnec essary complication, consider signal type 21 as potentially mission 1 by a particular type of action; active termination 78 by a ?nal gesture, such a key or button press; passive termi 55 nation 77 by time out of a predetermined duration or su?i ciency of data collection. Another example: incremental vali dation 181 permits passive termination 77 via absence of next additive (rather than combinatorial): for example, a key mouse transmission 1 could be considered as comprising key 108 plus mouse 107 signals 2, rather than some uniquely key trajectory 7, or, alternately, completed signal matching 5 60 identi?able key-mouse signal type 21. account 109 creation submission 9 screen 40, employed to input at least a signature 4. (In one embodiment, account identi?ers 3 may be assigned.) Text transmission(s) 1 can be Identi?cation 3 is at least one transmission 1 of an account identi?er 109. Historically, identi?cation 3 has been a keyed in account name 109. Employing the invention, identi?cation 3 comprises at least one signal 2 from at least one transmis sion 1. A translation table, algorithmic method, or other soft Ware-determined protocol, With or Without encryption 14, of all relevant keys 6. FIGS. 9 & 10 depict an example account input 99 or post 65 input in the text input dialog 41 comprising a text input control 42 and acknoWledge button 43. Signature 4 transmis sion(s) 1 can be input, and input signals 2 recorded. FIG. 9 US 8,429,415 B1 5 6 depicts dragging the text input dialog 41 doWn the screen 40 2 basis. If a plurality of protocols are used for encryption 14, the protocol 14 employed must be identi?able. as a transmission 1 (by pressing the proper mouse 107 button When the cursor is over an appropriate section of dialog 41, As a suggestion for encryption 14, initial input signals 2 in thus selecting the dialog 41, then moving the mouse 107 While keeping the button pressed). The dragging action in this example is terminated by a mouse-up (releasing the mouse the ?rst transmission 1 may comprise a parametric seed for encrypting one or more keys 6. Caution is advised if non exact signal matching 5 is tolerated, as close may not good be enough for decryption using such a seed technique, but it is possible to incorporate tolerance into an encryption 14 algo 107 button). In one embodiment, a user may determine as part of rithm, so that an acceptable margin of error for signal match ing 5 may also suf?ce for decryption as Well. Mathematical account creation 99 Which signal types 21 are to be consid ered for validation 18 of subsequent submissions 9. This is an editing process that may be construed as part of account input rounding is a suggested technique alloWing such tolerance; as 99. For example, after submission termination 23, having recorded signals 2 for account input 99, as depicted in the Well employing a subset of possible signals 2, such as a high example of FIG. 10, the user may select, via checkbox con trols as shoWn, Which signal types 21 of the transmission 1 depicted in FIG. 9 are to be considered for the transmission 1 such as median or mean. being recorded. The checkboxes are speci?c to types of sig nals 21 appropriate to the type of transmission 11 employed. In the described example, the checkboxes (for signal type 21 selection) appear only for account input 99, not When a user is and loW, or using one or more algorithmically-derived values, Signal sequencing 15 is codi?cation of the order of signals 2. Signal sequencing 15 may be predetermined (softWare determined), such as, for example, input order, or, alternately, 20 a predetermined prioritization. In alternative embodiments, signal sequencing 15 may vary by software-determined pro tocol or by user selection. If a plurality of protocols are used making an submission 9 after an account 109 has been cre for signal sequencing 15, the protocol employed must be ated, as the prerequisite signals 2 for signature 4 or identi? cation 3 have already been stored. identi?able. Sequencing 15 and encryption 14 may be combined, offer FIG. 9 depicts a button 25 for submission termination 78.A termination button 25 or its equivalent is necessary only With active termination 78. Initial input for account creation 10 may use active termination 78 Which is later edited out during a subsequent signal 2 and transmission 1 selection process, 25 resulting in passive termination 77. 30 During account creation 10, each selected signal 2 is optionally encrypted 14, encoded for subsequent signal matching 5, and stored in keys 6, Which are stored in key ?les There is an embodiment Whereby a user may determine some or all of the transmissions 1 or transmission types 11 comprising account input 99. There is an embodiment Whereby a user may determine Which signal types 21 of select transmissions 1 comprise account input 99. Otherwise, soft ing further opportunity for obscuring decipherment of pack aging 13 protocols. 35 8, for subsequent access authentications 97. As in the prior art, each account 109 must be unique. For accounts 109 Where submission 9 comprises identi?cation 3 and signature 4A, identi?cation 3 must be unique. For accounts Where submission 9 comprises signature 4s, the signature 4s itself must be unique. During account creation Ware-determined protocol may determine all or some trans 10, this can be veri?ed by attempting to validate 18 the appro missions 1 or signals 2 comprising account input 99. In one embodiment, account input 99 captures all trans mission 1 signals 2 until actively terminated 78. In an alter nate embodiment, account input 99 may be passively termi nated 77. In one embodiment, transmissions 1 and signals 2 from account input 99 may be edited, the user selecting sig priate component of a submission 9 for a neW account 109 prior to establishing the account 10. A key 6 may contain account 109 identi?cation 3. 40 key 6 may have a plurality of signal matches 5, and thereby nals 2 and termination, such that only select, edited signals 2 function as a plurality of keys 5 in alternate embodiments, a key 6 may comprise a key unit 16. A key ?le 8 as an actual or and termination types are employed as account submission 9. In alternate embodiments, as aspects of account input 99, 45 potential collection of keys 6 a key unit 8. An established account 109 may be considered a virtual aggregation of the keys 6 used to validate 18 submission 9 for that account 109, hence also represents a key unit 16. A key ?le 8 comprises at least one key 6. A key ?le 8 may signals 2 may not be edited or user-selected, or termination 23 type user-determined. FIG. 11 depicts account creation 10, in the beginning of Which account input 99 provides one or more signals 2 from one or more transmissions 1 for packaging into one or more 50 keys 6. Each user account 109 has at least one key 6 for access authentication 97. There are tWo aspects to account creation 10: packaging 13, and key 6 creation or employment 16. Packaging 13 tells hoW to interpret keys 6, including stored As depicted in FIG. 11, a key unit 16 is a virtual or actual collection of signal matches 5. As in one embodiment a single 55 comprise a plurality of keys 6, or What deceptively may be keys 6: a key ?le 8 may have pseudo-keys as key ?le 8 ?ller. In one embodiment, key ?les 8 may be a uniform number of bytes, regardless of the number of keys 6 stored in a key ?le 8. Keys 6 may be in ?les 8 not exclusively comprising keys 6 (or pseudo-keys); in other Words, a key ?le 8 may as Well be match signals 5. Overt packaging 13 is optional, and may vary employed for other purposes, including ?les 8 comprising by embodiment. Packaging 13 may be implicit by softWare determined protocol, obviating the need for overt, data-based unrelated data or even executable code. packaging 13. There may be tWo optional aspects to packag 13, at least one signal match 5 facility, and at least one next ing 13: encryption 14 and signal sequencing 15. As depicted in FIG. 12, a key 6 may comprise packaging 60 of key 6 data. Encryption 14 is optional, but recommended. Encryption 14 employment may vary by embodiment. In one embodiment, the same encryption 14 protocol or algorithm is used throughout (thus, predetermined). In alternative embodiments, encryption 14 may vary by softWare-deter mined protocol or by user selection on a per-user or per- signal key trajectory 7. In alternate embodiments, key 6 composition varies; the minimum requirement is that a key 6 comprises at least one signal match 5. Packaging 13 and next key trajectory 7 inherency may vary. A signal match 5 is a signal 2 stored in a key 6 during Encryption 14 refers to encrypting or decrypting all or part 65 account creation 10, used for validation 18 of a subsequent submission 9 signal 2. A key 6 may comprise a plurality of signal matches 5. US 8,429,4l5 B1 7 8 A next key traj ectory 7 vectors validation 18 to the next key 6, or, if the terminal key 62, results in forwarding match results 33 for authorization 27, by absence of next key trajectory 7 in one embodiment. Next key trajectories 7 are a sequential be sorted. For example, keys 6 for initial signals 21' may be arranged in binary sorted order by signal type 21 and signal 2. Key ?les 8 may be organized by account 109, or by trans mission type 11. Key ?les 8 may be organized by signal type 21, With keys 6 Within ?les 8 organized by input ordinal. Alternately, an initial key ?le 8i may comprise all possible initial keys 61' (of ?rst signal matches 5), possibly organized or organizational facility for keys 6. Next key trajectories 7 may be obviated by having a single key 6 With suf?cient contiguous signal matches 5 for valida tion 18, Whereupon the signal matches 5 Within the key 6 are sequenced, organized, indexed, or otherWise knoWable by softWare-determined protocol in relation to packaging 13. As the correspondence of signal match 5 to key 6 varies by embodiment, so too Where a next key trajectory 7 leads. Depending upon restrictions that may be imposed in an embodiment, a next key trajectory 7 may lead to a key 6 in the same key ?le 8 as the last key 6, a key 6 in another key ?le 8, or the same key 6 if the key 6 holds a plurality of signal matches 5. Next key trajectory 7 provides all or part of a reference to the next key 6 used in validation 18, if there is a next key 6. A indexed by signal type 21. One or more key ?les 8 may contain one or more indexes 61 to keys 6 Within their respec tive ?les 8. A key ?le 8 may include an index, or key ?les 8 themselves be indexed. The next key trajectory 7 may provide next key 6 lookup via an index 61. A key ?le 8 may include an index 611' to initial signal keys 6i. The index 61 may comprise key trajectories 7, including key trajectories 7 to possible ?rst keys 61', Which may be organized by transmission type 11 and/or signal type 21. FIG. 14 depicts an example of key 6 indexing. Key 6 20 next key trajectory 7 may be encrypted 14. A next key trajectory 7 may be combined With other data that may have been or need to be mathematically transposed to determine the next key 6. For example, all or a portion of an account 109 identi?er 3, part of a signal match 5, or some 25 portion of packaging 13 may be combined With the next key trajectory 7 as a next key 6 identi?er. Next key trajectory 7 this example, checking possible initial keys 6i constitutes may comprise or reference an offset in a key ?le 8. A next key trajectory 7 may reference a key index entry 62. A key 6 may include a plurality ofnext key trajectories 7, 30 in Which case a different next key trajectory 7 may be selected based upon signal match 5 resultsione or more next key trajectories 7 for a correct signal match 5, likeWise for an Wrong signal match 5. With a plurality of next key trajectories 7, a next key trajectory 7 may be selected based upon signal 35 same ?le 801 as the index 611, While keystroke timing keys 40 A key code & mouse click key index entry 217 is depicted in FIG. 14 as an example of a composite signal 2. The key code & mouse click key index entry 217 may reference keys 45 6 comprising multiple signal matches 5, one for each simple signal 2 (key code 210 and mouse click 212), or, alternately, reference multiple keys 6, each With simple signal matches 5 that altogether comprise the composite signal 2. 50 security. Signature 4 has played gate-keeper to unauthorized Without key ?le 8 organization or key indexing 61, more keys 6 may need to be considered than just those keys 61' for initial signal matches 5. With next key trajectories 7 referring to subsequent keys 6, optimally, only potential initial keys 61' An initial key 61' that may ultimately lead to authorized 27 need be searched to commence validation 18. FIG. 15 depicts post-submission validation 180: input sig access 39 must associate to an account 109, either directly or 55 cannot succeed 86 that may not associate to an account 109 for Which access 39 may be obtained. A key unit 16 for Which authorized 27 access 39 is unobtainable is referred to as a fake key 6w. Organize key units 16 as an optimization. Various conven 6211 referenced by the keystroke timing index entry 211 reside in another key ?le 802. Key indexing 61 is an optimi zation. access 39, not account identi?cation 3. by reference. There may be keys 6 for Which authorization 27 necessary signal matches 5 for validation 18. A key index 61 may reference keys 6 in different ?les 8. As depicted in the FIG. 14 example, initial key index 611 entries 62 reference keys 6 of the same input signal type 21. Initial key code keys 210, for example, reference keys 6210 in the the same type 21 as the next signal match 5, authorization 27 may fail 86. Knowing that at that point, a Wrong trajectory protocol 7w may be invoked to avoid identifying a proper key unit 16. A submission 9 comprising identi?cation 3 folloWed by signature 4a is easier to validate 18 than a submission 9 solely comprising signature 4s: knoWing an account identi?er 3 provides the means to knoW What the signature 411 should be. Historically, identi?cation 3 has not been relied upon for initial key trajectory 71. One or more next key trajectories 7 in an initial key 61' may indicate keys 8 for succeeding signal matching 5, like links in a chain, so only an index of initial keys 61' is required. Alternately, a single key 6 may contain all match 5 results, or by software-determined protocol, or a combination thereof. Packaging 15 may be encoded as part of the next key trajectory 7. For example, a next key trajectory 7 may include the signal sequencing 15 that identi?es next signal match 5 type 21. In this instance, if the next input signal 2 cannot be of indexing 61 or organization is recommended When submis sion solely comprises signature 4s Where a user may input signals 2 in any user-determined manner. Depicted in FIG. 14 is a key ?le 801 With a key index 61, speci?cally an initial key index 611. The depicted initial key index 611 contains refer ences to keys 61' that contain at least initial signals 2. In the FIG. 14 example, only initial keys 61' are indexed. In 60 tions of organizing or indexing accounts 109, keys 6, and key nals 2 are accumulated 47 and submission 9 completed 46 before validation 18 commences. FIG. 16 depicts incremental validation 181: validation 18 is concurrent With submission 9 transmission 1. In other Words, With incremental validation 181, validation 18 may progress With each signal 2 or trans mission 1. ?les 8 may be employed. In alternate embodiments, the same Submission termination 23 must be knoWn using post submission validation 180. This is a potential draWback: organizing principles may be applied at the level of key 6, key unless softWare-determined protocol determines submission termination 23, passive termination 77 cannot be accom ?le 8, or account 109. Optimally, keys 6 are organized to facilitate rapid search for signal matches 5, particularly for ?nding initial signals 2i When submission 9 solely comprises signature 4s. Keys 6 may 65 plished using post-submission validation 180; active termi nation 78 must be used. For full user-determined submission 9, employ incremental validation 181, Which has the con US 8,429,415 B1 10 comitant advantage of immediate knowledge of authorization results 33 for authorization 27. In the depicted example, input signals 2 are validated 18 in input order interactively 88 With input 2. In other Words, validation 18 is incrementally cote failure 86, allowing Wrong key trajectory 7w protocol inter posing. FIG. 17 depicts the validation 18 process, Which is similar regardless Whether post-submission validation 180 or incre mental validation 181 is employed. mporaneous 88 With submission 9. In an alternate embodi ment With alternate sequencing 15, input signal 2 validation 18 may not commence until submission 9 is completed 46. The described example facilitates rapid authorization 27 by Incremental validation 181 may commence once the ?rst transmission 1 completes, or, in a more sophisticated embodi incremental validation 18. Actually, While access 39 may ment, ongoing 88 With signal input 2. In a concurrent valida tion 181 embodiment, initial signal keys may be accumulated 50 and subsequent unmatched keys discarded 51 concurrent marginally be accelerated by incremental validation 18, only lack is authorization 86 is notably rapidly facilitated, as con tinued input 2 of a submission 9 that cannot possibly be With transmission 1, on a signal-by-signal 2 basis. validated 18 may be interrupted so that a user may retry 63. Validation 18 commences by accumulating possible keys FIG. 19 depicts an example of an embodiment employing 55 based upon signal match 54 betWeen signals 2 of the ?rst transmission 1 and possible initial signal keys 52. For subse quent transmissions 1, accumulated keys are discarded 59 by failure to match signals 57. Match results 33 are passed to a Wrong trajectory protocol 7w. Wrong trajectory protocol 7w is employed as a means of obfuscation targeted at computer monitoring devices. In the depicted example, keys 6 are con structed With multiple key trajectories 7, With at least one trajectory to a succeeding key 6 Whereupon authorization 27 may succeed 72, and at least one trajectory 7w Whereupon authorization 27 When there are no keys remaining 73 or no next key trajectories 7 for remaining keys 75. As long as there are remaining keys 34 With next key trajectories 74, the pro 20 that cannot result in successful authorization 86: Whatever one-to-one correspondence betWeen signal match 5 and key 6. Through access to one or more keys 6 Which may reside in 25 one or more key ?les 8, validation 18 produces signal match results 33, upon Which authorization 27 permits access 29, alloWs retry 28 of submission 9, or denies access 27. Full submission 9 comprises a set of signals 2 upon Which access 39 may be granted 72. Incomplete submission 9 com prises a set of signals 2 to Which additional user input is either for authorization success 72 or failure 86. 30 upon signal match 5 results, one of the three right or Wrong 35 acter) codes 210, and timing of key strokes (rhythm) 211. As 40 signals 2. It may be, for example, that user-selected signal 45 this example, though With incremental signal matching 5, this 50 ?rst and second input devices both of Which are part of the 55 consideration. In this example, subsequent input signals 2 60 plurality of input signals 2 before signal match 5 may effec tively commence. In the example above, Where key rhythm 211 is the ?rst signal 2 to be matched 5, tWo key code 210 signals 2 must be input before key rhythm 211 may even be considered. In the example of FIG. 18, validation 18 accesses three key ?les 8 through successive key trajectories 7, bundling match a program memory; a data storage memory; sion 1 to tWo possible accounts meriting validation 18 narroW validation 18 to a single account 109 by a sequential process of elimination. So, With incremental validation 181 there may need to be a different key ?les 8 may be employed to have various paths to authorization 27. As another suggestion, different signal sequencing 15 may be employed to differ trajectories 7. The folloWing is claimed: 1. A computing device Which provides secured access, the computing device comprising: code (as rhythm is the timing betWeen successive keystrokes), example, the key 6 With rhythm 211 signal match 5 may have sequence packaging 15 indicating that key code 210 is ignored for this transmission 1. So, in this example of incre mental validation 181, initial signal input 2 has multiple sig nal matches 5, narroWing possibilities in the initial transmis As described, validation protocols 18 may vary, and differ ent protocols may be combined. Multiple non-deterministic trajectory 7 paths, including Wrong trajectory 7w, is one example. In some embodiments, validation protocol 18 authorizing 27 access 39 may use different trajectories 7. Duplicate signal matches 5 in different keys 6 in the same or Would not be knoWn at ?rst. A key unit 8 of key rhythm 211 signal types 21 Would also ?nd a match 5 after the second key this time (in this example) for the correct user. In this trajectories 7 that play out to authorization 27. It is possible for different next key trajectories 7 to diverge to different (possibly duplicate) keys 6 that later converge back to the same key 6. input 2, With tWo possible corresponding signals 2: key (char selection Was employed, With initial key code 210 signals 2 for the ?rst input to be ignored, and key rhythm 211 used. A key code 210 match 5 may be found, but it Would be Wrong in For example, a key 6 may contain six next key trajectories 7, three of Which are Wrong key trajectories 7w. Depending trajectories 7 are non-deterministically chosen. This example presupposes sequences of keys 6 strung together by next key Would not succeed 86. an example, a key unit 16 of key code signal type 21 might be accessed to search keys 6 for signal matches 5 of key code 210 key 6 or key ?le 8 pinball is used, authorization fails 86. Trajectories 7 may be selected non-deterministically. This suggestion is most effective When there are multiple possible trajectories 7, including Wrong key trajectories 7w, that augur ongoing 88, and for Which by themselves 2 authorization 27 In an example depicted by FIG. 18, the ?rst trajectory 71 is to a key 61' in a key ?le 8i determined by signal type 21. Keep in mind that this process may be repeated for all possible initial keys 61'. For example, consider key 108 transmission 1 access 39 is hopeless (fake keys 6w). In the example, signal match 77 in the initial key 77 in the initial key ?le 8i mis matches. In this case, key trajectory 7w leads to a fake key 6w cess of discarding keys that don’t match 51 continues 818. FIGS. 18 & 19 depict examples of the access authentica tion 97 process. FIGS. 18 & 19 illustrate an example of 65 computing device and are selectable by a user via the computing device to alloW the user to generate a refer ence signature that can be compared to a future submit ted signature for authentication purposes to alloW it to be determined Whether access to the computing device should be granted based on the user selection, Wherein at least one of the ?rst and second user selectable input devices is of a type of input device other than a keyboard; a processor operatively interfaced With the program memory, the data storage memory, and the ?rst and second user selectable input devices; a ?rst set of instructions stored in the program memory that, When executed by the processor, alloW a user to select at least one signal type, among at least tWo differ ent user selectable signal types, to be received and stored US 8,429,415 B1 11 12 in the memory, the at least tWo different signal types 6. The computing device of claim 1, Wherein at least one of being associated With the ?rst or second user selectable the ?rst and second input devices comprises a pointing input devices; device. 7. The computing device of claim 6, Wherein the pointing a second set of instructions stored in the memory that are device comprises a mouse. adapted to be executed after the ?rst set of instructions has been executed, the second set of instructions, When 8. The computing device of claim 1, Wherein at least one of the ?rst and second input devices comprises a keyboard. 9. The computing device of claim 1, Wherein the ?rst and second input devices comprise a keyboard and a pointing executed by the processor, causing (a) input data of at least one signal type from the user selected one of the ?rst and second input devices to be generated and then recorded in the data storage device. 10. The computing device of claim 9, Wherein the ?rst and second input devices comprise a keyboard and a mouse. 1 1. The computing device of claim 1, Wherein the reference memory, (b) a reference signature to be created Which comprises in part at least a portion of the input data recorded in the data storage memory, and (c) the reference signature to be stored in the data storage memory; and a third set of instructions stored in the program memory that are adapted to be executed after both the ?rst and second sets of instructions have been executed, the third signature stored in the data storage memory does not entirely comprise text-character codes. 12. The computing device of claim 1, Wherein the reference signature stored in the data storage memory comprises at least tWo user-selected signal types. 13. The computing device of claim 1, Wherein the signal type comprises a category, among at least tWo different pos 20 set of instructions, When executed by the processor, retrieving the reference signature from the data storage memory and comparing it to a subsequent signature submission signal to alloW a determination to be made as to Whether or not access to the computing device should be granted. 2. The computing device of claim 1, Wherein the comput ing device comprises a computer. 3. The computing device of claim 2, Wherein the computer comprises a desktop computer. 4. The computing device of claim 1, Wherein the comput ing device comprises a hand-held computing device. 5. The computing device of claim 1, Wherein the determi nation is made by accepting the comparison Within a desig nated tolerance of inexactness, thereby authenticating the subsequent signature. sible categories, of measurable variable input associated With at least one of the ?rst and second user selectable input devices. 14. The computing device of claim 1, Wherein the signal type comprises a category of measurable variable input that 25 arises from a user’s interaction With a keyboard. 15. The computing device of claim 1, Wherein the signal type comprises a category of measurable variable input that arises from a user’s interaction With a pointing device. 30 16. The computing device of claim 15, Wherein the cat egory of measurable variable input arises from a user’s inter action With a mouse. 17. The computing device of claim 1, Wherein at least tWo different categories of measurable variable input are associ ated With both of the ?rst and second input devices. * * * * *

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?