Challenge-response badge
First Claim
1. An access-control system comprising:
- a card reader configured to transmit a challenge message that includes a first sequence value;
an access card configured to determine validity of the challenge message based at least in part on the first sequence value and a high-water-mark value stored on the access card, the high-water mark value based at least in part on a second sequence value associated with a previously-received valid challenge message, and in response to determining that the challenge message is valid, transmit a response message and update the high-water-mark value based at least in part on the first sequence value; and
a security server configured to;
determine that the response message is valid as a result of a timespan between a first recorded time when the challenge message is transmitted and a second recorded time when the response message is received does not exceed a threshold value; and
as a result of determining that the response message is valid, cause an access control point device to grant access to an enclosed physical space.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques described and suggested in the present document include access-card systems and methods that are resistant to attack. In certain implementations, a card reader transmits a challenge message to an access card. When the access card receives the challenge message, the access card validates the challenge message, and then generates a response message based at least in part on the information contained in the challenge message. A security server validates the response message, and when the security server determines that the response is secure, valid, and from an authorized access card, the security server grants access to a physical space. In some implementations, the challenge and response messages are digitally signed using a cryptographic key. Additional implementations include various tests that, when performed on the challenge and/or response messages detect and defeat many attempts to compromise the access-card system.
-
Citations
15 Claims
-
1. An access-control system comprising:
-
a card reader configured to transmit a challenge message that includes a first sequence value; an access card configured to determine validity of the challenge message based at least in part on the first sequence value and a high-water-mark value stored on the access card, the high-water mark value based at least in part on a second sequence value associated with a previously-received valid challenge message, and in response to determining that the challenge message is valid, transmit a response message and update the high-water-mark value based at least in part on the first sequence value; and a security server configured to; determine that the response message is valid as a result of a timespan between a first recorded time when the challenge message is transmitted and a second recorded time when the response message is received does not exceed a threshold value; and as a result of determining that the response message is valid, cause an access control point device to grant access to an enclosed physical space. - View Dependent Claims (2, 3, 4, 5)
-
-
6. One or more devices, comprising:
-
a card reader configured to transmit a challenge message that includes a first sequence value; an access card configured to determine validity of the challenge message based at least in part on the first sequence value and a high-water-mark value stored on the access card, the high-water mark value based at least in part on a second sequence value associated with a previously-received valid challenge message, and in response to determining that the challenge message is valid, transmit a response message and update the high-water-mark value based at least in part on the first sequence value; and a security server configured to; determine that the response message is valid as a result of a timespan between a first recorded time when the challenge message is transmitted and a second recorded time when the response message is received does not exceed a threshold value; and as a result of determining that the response message is valid, cause an access control point device to grant access to an enclosed physical space. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer-implemented method, comprising:
-
transmitting, by a card reader, a challenge message that includes a first sequence value; determining, by an access card, validity of the challenge message based at least in part on the first sequence value and a high-water-mark value stored on the access card, the high-water mark value based at least in part on a second sequence value associated with a previously-received valid challenge message, and in response to determining that the challenge message is valid, transmit a response message and update the high-water-mark value based at least in part on the first sequence value; determining, by a security server, that the response message is valid as a result of a timespan between a first recorded time when the challenge message is transmitted and a second recorded time when the response message is received does not exceed a threshold value; and as a result of determining that the response message is valid, cause an access control point device to grant access to an enclosed physical space. - View Dependent Claims (12, 13, 14, 15)
-
Specification