Systems and methods for authenticating communications in a network medium

US 20050100166A1
Filed: 11/10/2003
Published: 05/12/2005
Est. Priority Date: 11/10/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method for securing communications between at least two devices, comprising:

connecting a location-limited physical token channel to a first one of the at least two devices;

storing at least pre-authentication information of the first device to the location-limited physical token channel;

providing the location-limited physical token channel to a next one of the at least two devices, the next device acting as a current device;

connecting the location-limited physical token channel to the current device;

storing at least pre-authentication information of the current device to the location-limited physical token channel;

copying at least the pre-authentication information of the first device from the location-limited physical token channel to the current device;

repeating, for each other device of the at least two devices as the current device, the providing, current device connecting, current device storing and current device copying steps;

reconnecting the location-limited physical token channel to the first device;

copying at least the pre-authentication information of each other device of the at least two devices from the location-limited physical token channel to the first device; and

establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A location-limited channel is implemented using physical exchanges of physical tokens. The physical tokens are implemented using writeable or re-writeable storage media. Location-limited channels, when used to implement pre-authentication protocols, provide demonstrative identification and authenticity. A group originator loads pre-authentication information and a network location from a communication device onto the location-limited physical token channel. The location-limited physical token channel is passed to another participant, who copies the originator'"'"'s pre-authentication information and location onto that participant'"'"'s communication device. That participant then adds that participant'"'"'s own pre-authentication information and network location onto the location-limited physical token channel. This is repeated until the last participant passes the location-limited physical token channel back to the group originator. The originator thus has pre-authentication information and network locations for all other participants. The originator establishes secure communications with each participant based on the originator'"'"' and that participant'"'"'s shared information.

Citations

58 Claims

1. A method for securing communications between at least two devices, comprising:
- connecting a location-limited physical token channel to a first one of the at least two devices;
  
  storing at least pre-authentication information of the first device to the location-limited physical token channel;
  
  providing the location-limited physical token channel to a next one of the at least two devices, the next device acting as a current device;
  
  connecting the location-limited physical token channel to the current device;
  
  storing at least pre-authentication information of the current device to the location-limited physical token channel;
  
  copying at least the pre-authentication information of the first device from the location-limited physical token channel to the current device;
  
  repeating, for each other device of the at least two devices as the current device, the providing, current device connecting, current device storing and current device copying steps;
  
  reconnecting the location-limited physical token channel to the first device;
  
  copying at least the pre-authentication information of each other device of the at least two devices from the location-limited physical token channel to the first device; and
  
  establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. The method of claim 1, wherein establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel comprises, for each other device:
    - contacting that device;
      
      confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device.
  - 3. The method of claim 2, wherein establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel further comprises, for each other device:
    - confirming whether the first device contains requisite authentication information that matches the pre-authentication information, copied by that device from the location limited physical token channel, that is identified as being associated with the first device.
  - 4. The method of claim 3, wherein confirming whether the first device contains requisite authentication information that matches the pre-authentication information, copied by that device from the location limited physical token channel, that is identified as being associated with the first device comprises:
    - confirming that the first device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with the first device.
  - 5. The method of claim 2, wherein confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device comprises:
    - confirming that that device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with that device.
  - 6. The method of claim 1, wherein storing at least pre-authentication information of the first device to the location-limited physical token channel comprises additionally storing network location information for the first device to the location-limited physical token channel.
  - 7. The method of claim 6, wherein copying at least the pre-authentication information of the first device from the location-limited physical token channel to the current device comprises additionally copying network location information for the first device from the location-limited physical token channel to the current device.
  - 8. The method of claim 6, wherein storing at least pre-authentication information of the current device to the location-limited physical token channel comprises additionally storing network location information for the current device to the location-limited physical token channel.
  - 9. The method of claim 8, wherein establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel comprises, for each other device:
    - contacting that device using the network location information for that device stored on the location-limited physical token channel that is identified as being associated with that device;
      
      confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device; and
      
      confirming whether the first device contains requisite authentication information that matches the pre-authentication, copied by that device from the location-limited physical token channel, that is identified as being associated with the first device.
  - 10. The method of claim 9, wherein confirming whether the first device contains requisite authentication information that matches the pre-authentication information, copied by that device from the location limited physical token channel, that is identified as being associated with the first device comprises confirming that the first device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with the first device.
  - 11. The method of claim 9, wherein confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device comprises confirming that that device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with that device.
  - 12. The method of claim 1, wherein storing at least pre-authentication information of the current device to the location-limited physical token channel comprises additionally storing network location information for the current device to the location-limited physical token channel.
  - 13. The method of claim 12, wherein establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel comprises, for each other device:
    - contacting that device using the network location information for that device stored on the location-limited physical token channel that is identified as being associated with that device;
      
      confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device; and
      
      confirming whether the first device contains requisite authentication information that matches the pre-authentication, copied by that device from the location-limited physical token channel, that is identified as being associated with the first device.
  - 14. The method of claim 13, wherein confirming whether the first device contains requisite authentication information that matches the pre-authentication information, copied by that device from the location limited physical token channel, that is identified as being associated with the first device comprises confirming that the first device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with the first device.
  - 15. The method of claim 13, wherein confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device comprises confirming that that device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with that device.
  - 16. The method of claim 1, wherein storing at least pre-authentication information of the first device to the location-limited physical token channel comprises additionally storing at least one secret, stored on the first device, to the location-limited physical token channel.
  - 17. The method of claim 16, wherein copying at least the pre-authentication information of the first device from the location-limited physical token channel to the current device comprises additionally copying the at least one secret that is stored on the location-limited physical token channel from the location-limited physical token channel to the current device.
  - 18. The method of claim 17, further comprising deleting the at least one secret that is stored on the location-limited physical token channel from the location-limited physical token channel and replacing the deleted at least one secret with at least one secret stored on the current device.
  - 19. The method of claim 17, wherein establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel comprises:
    - contacting each other device in a manner that corresponds to an order that the location-limited physical token channel was provided to each next one of the at least two devices;
      
      confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device;
      
      confirming whether that device contains the at least one secret of an immediately preceding device; and
      
      obtaining the at least one secret of that device that was stored onto the location-limited physical token channel.
  - 20. The method of claim 19, wherein establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel further comprises, for each other device:
    - confirming whether the first device contains requisite authentication information that matches the pre-authentication information, copied by that device from the location limited physical token channel, that is identified as being associated with the first device.
  - 21. The method of claim 20, wherein confirming whether the first device contains requisite authentication information that matches the pre-authentication information, copied by that device from the location limited physical token channel, that is identified as being associated with the first device comprises confirming that the first device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with the first device.
  - 22. The method of claim 20, wherein confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device comprises confirming that that device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with that device.
  - 23. The method of claim 16, further comprising generating at least one authentication value for the first device based on the at least one secret stored on the first device, wherein storing at least pre-authentication information of the first device to the location-limited physical token channel further comprises additionally storing the at least one authentication value for the first device to the location-limited physical token channel.
  - 24. The method of claim 16, wherein copying at least the pre-authentication information of the first device from the location-limited physical token channel to the current device comprises additionally copying the at least one secret that is stored on the location-limited physical token channel from the location-limited physical token channel to the current device, the method further comprising:
    - generating at least one authentication value for the current device based on at least the at least one secret copied from the location-limited physical token channel, wherein storing at least pre-authentication information of the first device to the location-limited physical token channel further comprises additionally storing the at least one authentication value for the current device to the location-limited physical token channel.
  - 25. The method of claim 24, further comprising deleting the at least one secret that is stored on the location-limited physical token channel from the location-limited physical token channel and adding at least one secret stored on the current device to replace the deleted at least one secret.
  - 26. The method of claim 25, wherein generating the at least one authentication value for the current device comprises generating the at least one authentication value for the current device based on at least the at least one secret deleted from the location-limited physical token channel and the added at least one secret.
  - 27. The method of claim 26, wherein establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel comprises:
    - contacting each other device in a manner that corresponds to an order that the location-limited physical token channel was provided to each next one of the at least two devices;
      
      confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device;
      
      confirming whether that device contains the at least one secret of an immediately preceding device;
      
      obtaining the at least one secret of that device that was stored onto the location-limited physical token channel; and
      
      confirming, for each authentication value stored on the location-limited physical token channel that is identified as being associated with that device, whether that authentication value is valid based on at least the at least one secret of the immediately preceding device obtained from that device.
  - 28. The method of claim 27, wherein confirming, for each authentication value stored on the location-limited physical token channel that is identified as being associated with that device, whether that authentication value is valid comprises confirming whether that authentication value is valid additionally based on the at least one secret of that device obtained from that device.
  - 29. The method of claim 27, wherein establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel further comprises, for each other device:
    - confirming whether the first device contains requisite authentication information that matches the pre-authentication information, copied by that device from the location limited physical token channel, that is identified as being associated with the first device.

30. A method for supplying pre-authentication information from a first party to a second party, comprising:
- connecting a location-limited physical token channel to a device of the first party that contains the pre-authentication information;
  
  storing at least pre-authentication information of the first party contained in the device to the location-limited physical token channel; and
  
  providing the location-limited physical token channel at least indirectly to the second party.

31. A method for supplying pre-authentication information from a first party to a second party, comprising:
- receiving, at least indirectly from the first party, a location-limited physical token channel that contains the pre-authentication information of the first party;
  
  connecting the location-limited physical token channel to a device of the second party;
  
  copying at least the pre-authentication information of the first party from the location-limited physical token channel to the device of the second party.

32. A storage medium storing a set of program instructions executable on a data processing device and usable to secure communications between at least two devices, the set of program instructions comprising:
- instructions for storing at least pre-authentication information of the first device to a location-limited physical token channel connected to the first device;
  
  instructions for storing at least pre-authentication information of another device to the location-limited physical token channel;
  
  instructions for copying at least the pre-authentication information of at least the first device from the location-limited physical token channel to another device;
  
  instructions for copying at least the pre-authentication information of each other device of the at least two devices from the location-limited physical token channel to the first device; and
  
  instructions for establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
- - 33. The storage medium of claim 32, wherein the instructions for establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel comprise:
    - instructions for contacting, for each other device, that device;
      
      instructions for confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device; and
      
      instructions for confirming whether the first device contains requisite authentication information that matches the pre-authentication, copied by that device from the location-limited physical token channel, that is identified as being associated with the first device.
  - 34. The storage medium of claim 33, wherein the instructions for confirming whether the first device contains requisite authentication information that matches the pre-authentication information, copied by that device from the location limited physical token channel, that is identified as being associated with the first device comprise instructions for confirming that the first device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with the first device.
  - 35. The storage medium of claim 33, wherein the instructions for confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device comprise instructions for confirming that that device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with that device.
  - 36. The storage medium of claim 32, wherein the instructions for storing at least pre-authentication information of the first device to the location-limited physical token channel comprise instructions for additionally storing network location information for the first device to the location-limited physical token channel.
  - 37. The storage medium of claim 36, wherein the instructions for copying at least the pre-authentication information of the first device from the location-limited physical token channel to another device comprise instructions for additionally copying network location information for the first device from the location-limited physical token channel to the other device.
  - 38. The storage medium of claim 36, wherein the instructions for storing at least pre-authentication information of the other device to the location-limited physical token channel comprise instructions for additionally storing network location information for the other device to the location-limited physical token channel.
  - 39. The storage medium of claim 38, wherein the instructions for establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel comprise:
    - instructions for contacting, for each other device, that device using the network location information for that device stored on the location-limited physical token channel that is identified as being associated with that device;
      
      instructions for confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device; and
      
      instructions for confirming whether the first device contains requisite authentication information that matches the pre-authentication, copied by that device from the location-limited physical token channel, that is identified as being associated with the first device.
  - 40. The storage medium of claim 39, wherein the instructions for confirming whether the first device contains requisite authentication information that matches the pre-authentication information, copied by that device from the location limited physical token channel, that is identified as being associated with the first device comprise instructions for confirming that the first device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with the first device.
  - 41. The storage medium of claim 39, wherein the instructions for confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device comprise instructions for confirming that that device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with that device.
  - 42. The storage medium of claim 32, wherein the instructions for storing at least pre-authentication information of the other device to the location-limited physical token channel comprise instructions for additionally storing network location information for the other device to the location-limited physical token channel.
  - 43. The storage medium of claim 42, wherein the instructions for establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel comprise:
    - instructions for contacting, for each other device, that device using the network location information for that device stored on the location-limited physical token channel that is identified as being associated with that device;
      
      instructions for confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device; and
      
      instructions for confirming whether the first device contains requisite authentication information that matches the pre-authentication, copied by that device from the location-limited physical token channel, that is identified as being associated with the first device.
  - 44. The storage medium of claim 32, wherein the instructions for storing at least pre-authentication information of the first device to the location-limited physical token channel comprise instructions for additionally storing at least one secret, stored on the first device, to the location-limited physical token channel.
  - 45. The storage medium of claim 44, wherein the instructions for copying at least the pre-authentication information of the first device from the location-limited physical token channel to the other device comprise instructions for additionally copying the at least one secret that is stored on the location-limited physical token channel from the location-limited physical token channel to the other device.
  - 46. The storage medium of claim 45, further comprising:
    - instructions for deleting the at least one secret that is stored on the location-limited physical token channel from the location-limited physical token channel; and
      
      instructions for replacing the deleted at least one secret with at least one secret stored on the other device.
  - 47. The storage medium of claim 45, wherein the instructions for establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel comprise:
    - instructions for contacting each other device in a manner that corresponds to an order that the location-limited physical token channel was provided to each next one of the at least two devices;
      
      instructions for confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device;
      
      instructions for confirming whether that device contains the at least one secret of an immediately preceding device; and
      
      instructions for obtaining the at least one secret of that device that was stored onto the location-limited physical token channel.
  - 48. The storage medium of claim 47, wherein the instructions for establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel further comprise:
    - instructions for confirming whether the first device contains requisite authentication information that matches the pre-authentication information, copied by that device from the location limited physical token channel, that is identified as being associated with the first device.
  - 49. The storage medium of claim 48, wherein the instructions for confirming whether the first device contains requisite authentication information that matches the pre-authentication information, copied by that device from the location limited physical token channel, that is identified as being associated with the first device comprise instructions for confirming that the first device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with the first device.
  - 50. The storage medium of claim 47, wherein the instructions for confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device comprise instructions for confirming that that device contains at least one of a private key or a secret corresponding to the pre-authentication information associated with that device.
  - 51. The storage medium of claim 44, further comprising instructions for generating at least one authentication value for the first device based on the at least one secret stored on the first device, wherein the instructions for storing at least pre-authentication information of the first device to the location-limited physical token channel further comprise instructions for additionally storing the at least one authentication value for the first device to the location-limited physical token channel.
  - 52. The storage medium of claim 44, wherein the instructions for copying at least the pre-authentication information of the first device from the location-limited physical token channel to the other device comprise instructions for additionally copying the at least one secret that is stored on the location-limited physical token channel from the location-limited physical token channel to the other device, the set of instructions further comprising:
    - instructions for generating at least one authentication value for the other device based on at least the at least one secret copied from the location-limited physical token channel, wherein the instructions for storing at least pre-authentication information of the other device to the location-limited physical token channel further comprise instructions for additionally storing the at least one authentication value for the other device to the location-limited physical token channel.
  - 53. The storage medium of claim 52, further comprising:
    - instructions for deleting the at least one secret that is stored on the location-limited physical token channel from the location-limited physical token channel; and
      
      instructions for adding at least one secret stored on the other device to replace the deleted at least one secret.
  - 54. The storage medium of claim 53, wherein the instructions for generating the at least one authentication value for the other device comprise instructions for generating the at least one authentication value for the other device based on at least the at least one secret deleted from the location-limited physical token channel and the added at least one secret.
  - 55. The storage medium of claim 54, wherein the instructions for establishing, for each other device of the at least two devices, secure communications between the first device and that device based on at least the pre-authentication information of the first device and that device exchanged between the first device and that device using the location-limited physical token channel comprise:
    - instructions for contacting each other device in a manner that corresponds to an order that the location-limited physical token channel was provided to each next one of the at least two devices;
      
      instructions for confirming whether that device contains requisite authentication information that matches the pre-authentication information stored on the location-limited physical token channel that is identified as being associated with that device;
      
      instructions for confirming whether that device contains the at least one secret of an immediately preceding device;
      
      instructions for obtaining the at least one secret of that device that was stored onto the location-limited physical token channel; and
      
      instructions for confirming, for each authentication value stored on the location-limited physical token channel that is identified as being associated with that device, whether that authentication value is valid based on at least the at least one secret of the immediately preceding device obtained from that device.
  - 56. The storage medium of claim 55, wherein the instructions for confirming, for each authentication value stored on the location-limited physical token channel that is identified as being associated with that device, whether that authentication value is valid comprise instructions for confirming whether that authentication value is valid additionally based on the at least one secret of that device obtained from that device.

57. A storage medium of a first device storing a set of program instructions executable on a data processing device and usable to secure communications between the first device and at least one other device, the set of program instructions comprising:
- instructions for storing at least pre-authentication information of the first device to a location-limited physical token channel connected to the first device;
  
  instructions for copying at least pre-authentication information of each of the at least one other device from the location-limited physical token channel to the first device; and
  
  instructions for establishing, for each of the at least one other device, secure communications between the first device and that device based on at least the pre-authentication information of the first device and of that device exchanged between the first device and that device using the location-limited physical token channel.

58. A storage medium of a second device storing a set of program instructions executable on a data processing device and usable to secure communications between a first device and at least the second device using a location-limited physical token channel containing at least pre-authentication information of the first device, the set of program instructions comprising:
- instructions for storing at least pre-authentication information of the second device to the location-limited physical token channel;
  
  instructions for copying at least the pre-authentication information of at least the first device from the location-limited physical token channel to the second device; and
  
  instructions for copying at least the pre-authentication information of any other device of at least the second device that is contained in the location-limited physical token channel from the location-limited physical token channel to the second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PARC Management LLC
Original Assignee
PARC Management LLC
Inventors
Cousins, Steve B., Smetters, Diana K., Balfanz, Dirk, Durfee, Glenn E., Pendleton, Bryan A., Conley, Kenneth W., Shemtov, Hadar

Application Number

US10/703,437
Publication Number

US 20050100166A1
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/065   for group communications cr...

H04L 63/08   for authentication of entit...

H04L 63/12   Applying verification of th...

Systems and methods for authenticating communications in a network medium

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

58 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for authenticating communications in a network medium

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

58 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links