Challenge-response data communication protocol
First Claim
1. A data communication method comprising:
- sending an ID from a first component to a second component, said ID identifying said first component;
sending a challenge from said second component to said first component, said challenge being based upon said ID;
sending a response to said challenge, and a data element, from said first component to said second component if said first component validates said challenge, said response being based upon said data element; and
accepting said data element at said second component if said second component validates said response.
1 Assignment
0 Petitions
Accused Products
Abstract
A data communication technique facilitates the transmission of a data element in a trusted manner such that the receiver component can trust that the data element was not modified during the transmission. In addition, the receiver component is assured that the data element could only have been transmitted by a particular sender component. The data communication technique utilizes a challenge-response routine that ensures data integrity and non-repudiation. The data element is sent from the sender component to the receiver component during the challenge-response routine; in accordance with the example embodiment, the hashed response generated by the sender component is based upon the data element. The data communication technique can be implemented in the context of a single sign-on protocol that allows an authenticated user of a linking site to access protected resources associated with a linked web site without having to separately login to the linked web site.
-
Citations
28 Claims
-
1. A data communication method comprising:
-
sending an ID from a first component to a second component, said ID identifying said first component;
sending a challenge from said second component to said first component, said challenge being based upon said ID;
sending a response to said challenge, and a data element, from said first component to said second component if said first component validates said challenge, said response being based upon said data element; and
accepting said data element at said second component if said second component validates said response. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A data communication method comprising:
-
conducting a challenge-response protocol to establish trust between a first component and a second component;
sending a data element from said first component to said second component during said challenge-response protocol; and
verifying integrity of said data element as received by said second component. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A data communication method comprising:
-
sending an ID from a first component to a second component, said ID identifying said first component;
receiving a challenge from said second component, said challenge being based upon said ID;
generating a response to said challenge, said response being based upon a data element; and
sending said response, and said data element, to said second component. - View Dependent Claims (17, 18, 19)
-
-
20. A computer program for establishing trust between a first processing component and a second processing component, said computer program being embodied on a computer-readable medium, said computer program having computer-executable instructions for carrying out a method comprising:
-
sending an ID from a first component to a second component, said ID identifying said first component;
receiving a challenge from said second component, said challenge being based upon said ID;
generating a response to said challenge, said response being based upon a data element; and
sending said response, and said data element, to said second component.
-
-
21. An apparatus for establishing trusted data communication with a processing component, said apparatus comprising:
-
at least one data communication element configured to establish a communication session with said processing component, send data to said processing component, and receive data from said processing component; and
at least one processor configured to carry out a method comprising;
sending an ID from a first component to a second component, said ID identifying said first component;
receiving a challenge from said second component, said challenge being based upon said ID;
generating a response to said challenge, said response being based upon a data element; and
sending said response, and said data element, to said second component.
-
-
22. A data communication method comprising:
-
retrieving a secret key shared between a first component and a second component;
generating a challenge based upon said secret key;
sending said challenge to said first component;
receiving a data element from said first component;
receiving a response to said challenge from said first component, said response being based upon said data element; and
said second component accepting said data element if said second component validates said response. - View Dependent Claims (23, 24, 25, 26)
-
-
27. A computer program for establishing trust between a first processing component and a second processing component, said computer program being embodied on a computer-readable medium, said computer program having computer-executable instructions for carrying out a method comprising:
-
retrieving a secret key shared between a first component and a second component;
generating a challenge based upon said secret key;
sending said challenge to said first component;
receiving a data element from said first component;
receiving a response to said challenge from said first component, said response being based upon said data element; and
said second component accepting said data element if said second component validates said response.
-
-
28. An apparatus for establishing trusted data communication with a processing component, said apparatus comprising:
-
at least one data communication element configured to establish a communication session with said processing component, send data to said processing component, and receive data from said processing component; and
at least one processor configured to carry out a method comprising;
retrieving a secret key shared between a first component and a second component;
generating a challenge based upon said secret key;
sending said challenge to said first component;
receiving a data element from said first component;
receiving a response to said challenge from said first component, said response being based upon said data element; and
said second component accepting said data element if said second component validates said response.
-
Specification