Trusted network transfer of content using off network input code

US 20050120215A1
Filed: 07/09/2004
Published: 06/02/2005
Est. Priority Date: 11/14/2003
Status: Active Grant

First Claim

Patent Images

1. A method for transmitting content from a first computing device to a second computing device in a network, comprising:

generating a trust code on the first computing device;

transporting the trust code, off the network, from the first computing device to the second computing device, the trust code once delivered off the network being a comparison code; and

performing an authentication exchange between the first computing device and the second computing device on the network, including comparing the comparison code to the trust code, wherein if the comparison code does not have a pre-defined relationship with the trust code, the content is not trusted for delivery to the second computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for use in connection with the trusted transmission and reception of content, such as encryption key information, from one computing device in a network to a second computing device are provided. In one embodiment, the invention provides a way to trust or validate the transfer of a public key using a very short code entered out of band of the network that is easy for end-users to remember, or write down.

Citations

51 Claims

1. A method for transmitting content from a first computing device to a second computing device in a network, comprising:
- generating a trust code on the first computing device;
  
  transporting the trust code, off the network, from the first computing device to the second computing device, the trust code once delivered off the network being a comparison code; and
  
  performing an authentication exchange between the first computing device and the second computing device on the network, including comparing the comparison code to the trust code, wherein if the comparison code does not have a pre-defined relationship with the trust code, the content is not trusted for delivery to the second computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method according to claim 1, wherein the content is a credential of the first computing device.
  - 3. A method according to claim 2, wherein the credential is a public key.
  - 4. A method according to claim 1, wherein said transporting includes:
    - displaying the trust code via the first computing device; and
      
      inputting the trust code to the second computing device as said comparison code.
  - 5. A method according to claim 4, wherein said inputting includes specifying the trust code at most once to the second computing device, so that there are no second tries with respect to comparing said comparison code.
  - 6. A method according to claim 4, wherein said inputting includes specifying the trust code to the second computing device, whereby fuzzy logic is included in said comparing so that the comparison code may differ slightly from said trust code while nonetheless retaining trust for the delivery of the content.
  - 7. A method according to claim 1, wherein said transporting includes:
    - inserting a component into the first computing device to receive the trust code; and
      
      inserting the component into the second computing device to deliver the trust code as said comparison code.
  - 8. A method according to claim 7, wherein the component is a memory component inserted into at least one data port of the respective first and second computing devices.
  - 9. A method according to claim 1, wherein if said comparison code does not have the pre-defined relationship with said trust code, the content is not delivered to the second device.
  - 10. A method according to claim 1, wherein if said comparison code does not have the pre-defined relationship with said trust code, and said content is a public key, a private key associated with the public key and the public key of the first computing device are invalidated for future use.
  - 11. A method according to claim 1, wherein if said comparison code does not have the pre-defined relationship with said trust code, the trust code is invalidated for future use, unless independently randomly generated in the future.
  - 12. A computer readable medium comprising computer executable instructions for carrying out the method of claim 1.
  - 13. A modulated data signal carrying computer executable instructions for performing the method of claim 1.
  - 14. A computing device comprising means for carrying the method of claim 1.

15. A method for transmitting content from a first computing device to a second computing device in a network, comprising:
- generating a trust code on the second computing device;
  
  transporting the trust code, off the network, from the second computing device to the first computing device, the trust code delivered off the network being a comparison code; and
  
  performing an authentication exchange between the second computing device and the first computing device on the network, including comparing the comparison code to the trust code, wherein if the comparison code does not have the pre-defined relationship with the trust code, the content is not trusted for receipt by the second computing device.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 16. A method according to claim 15, wherein the content is a credential of the second computing device.
  - 17. A method according to claim 16, wherein the credential is a public key.
  - 18. A method according to claim 15, wherein said transporting includes:
    - displaying the trust code via the second computing device; and
      
      inputting the trust code to the first computing device as said comparison code.
  - 19. A method according to claim 18, wherein said inputting includes specifying the trust code at most once to the first computing device, so that there are no second tries with respect to comparing said comparison code.
  - 20. A method according to claim 18, wherein said inputting includes specifying the trust code to the first computing device, whereby some fuzzy logic is built into said comparing so that the comparison code may differ slightly from said trust code while nonetheless retaining trust for the delivery of the content.
  - 21. A method according to claim 15, wherein said transporting includes:
    - inserting a component into the second computing device to receive the trust code; and
      
      inserting the component into the first computing device to deliver the trust code.
  - 22. A method according to claim 21, wherein the component is a memory component inserted into at least one data port of the respective second and first computing devices.
  - 23. A method according to claim 15, wherein if said comparison code does not have the pre-defined relationship with said trust code, the content is not delivered to the first device.
  - 24. A method according to claim 15, wherein if said comparison code does not have the pre-defined relationship with said trust code, and said content is a public key, a private key associated with the public key and the public key of the second computing device are invalidated for future use.
  - 25. A method according to claim 15, wherein if said comparison code does not have the pre-defined relationship with said trust code, the trust code is invalidated for future use, unless independently randomly generated in the future.
  - 26. A computer readable medium comprising computer executable instructions for carrying out the method of claim 15.
  - 27. A modulated data signal carrying computer executable instructions for performing the method of claim 15.

28. A method for transmitting content from a first computing device to a second computing device in a network, comprising:
- generating a trust code on the first computing device;
  
  transporting the trust code, off the network, from the first computing device to the second computing device, the trust code once delivered off the network being a comparison code;
  
  receiving affirmation on the network that the second device has received a comparison code;
  
  generating a hash value with a hashing algorithm based on at least the trust code;
  
  transmitting the hash value on the network to the second computing device;
  
  receiving the comparison code on the network by the first computing device;
  
  comparing the comparison code to the trust code, wherein if the comparison code has a pre-defined relationship with the trust code, the content is trusted for delivery to the second computing device.
- View Dependent Claims (29, 30)
- - 29. A method according to claim 28, wherein said content is a public key.
  - 30. A method according to claim 29, wherein said hashing algorithm is based on said public key and said trust code.

31. A method for receiving content from a first computing device by a second computing device in a network, comprising:
- receiving a comparison code off the network by the second computing device after a trust code has been output by the first computing device;
  
  notifying the first device of the receipt of the comparison code off the network;
  
  receiving a hash value generated by the first device with a hashing algorithm based on at least the trust code;
  
  transmitting the comparison code to the first computing device on the network; and
  
  if the comparison code has a pre-defined relationship with the trust code as compared by said first computing device, trusting and receiving the content by the second computing device.
- View Dependent Claims (32, 33)
- - 32. A method according to claim 31, wherein said content is a public key.
  - 33. A method according to claim 31, wherein said hashing algorithm is based on said public key and said trust code.

34. User interface components for use in connection with establishing trust for the delivery of content from a first computing device to a second computing device over a network, comprising:
- a first component for generating and outputting a trust code to a user on the first computing device via a display of the first computing device; and
  
  a second component for receiving the trust code, off the network, via at least one input device of the second computing device, the trust code once delivered off the network being a comparison code;
  
  wherein, in response to said second component receiving the comparison code, said first and second components perform an authentication exchange between the first computing device and the second computing device on the network, including comparing the comparison code to the trust code, wherein if the comparison code does not have a pre-defined relationship with the trust code, the content is not trusted for delivery to the second computing device.
- View Dependent Claims (35)
- - 35. User interface components according to claim 34, wherein the content is a public key of the first computing device.

36. An interface component for use in connection with establishing trust for the delivery of content from a first computing device to a second computing device over a network, comprising:
- an input for receiving a trust code from a first computing device in response to being inserted in the first computing device; and
  
  an output for outputting the trust code, off the network, in response to being inserted in the second computing device, the trust code once delivered off the network being a comparison code;
  
  wherein, in response to said second computing device receiving the comparison ode, an authentication exchange occurs between the first computing device and the second computing device on the network, including comparing the comparison code to the trust code, wherein if the comparison code does not have a pre-defined relationship with the trust code, the content is not trusted for delivery to the second computing device.
- View Dependent Claims (37)
- - 37. An interface component according to claim 36, wherein the interface component is a memory component inserted into at least one data port of the respective first and second computing devices.

38. A computer readable medium comprising computer executable modules having computer executable instructions for transmitting content between a first device and a second device in a trusted manner in a network, comprising:
- means for generating a trust code on the first computing device;
  
  means for transporting the trust code, off the network, from the first computing device to the second computing device, the trust code once delivered off the network being a comparison code; and
  
  means for performing an authentication exchange between the first computing device and the second computing device on the network, including means for comparing the comparison code to the trust code, wherein if the comparison code does not have the pre-defined relationship with the trust code, the content is not trusted for delivery to the second computing device.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 39. A computer readable medium according to claim 38, wherein the content is a public key.
  - 40. A computer readable medium according to claim 38, wherein said means for transporting includes:
    - means for displaying the trust code via the first computing device; and
      
      means for inputting the trust code to the second computing device as said comparison code.
  - 41. A computer readable medium according to claim 40, wherein said means for inputting includes specifying the trust code at most once to the second computing device, so that there are no second tries by said means for comparing said comparison code.
  - 42. A computer readable medium according to claim 38, wherein said means for inputting includes means for specifying the trust code to the second computing device, whereby some fuzzy logic is built into said means for comparing so that the comparison code may differ slightly from said trust code while nonetheless retaining trust for the delivery of the content.
  - 43. A computer readable medium according to claim 38, wherein said means for transporting includes:
    - means for inserting a component into the first computing device to receive the trust code; and
      
      means for inserting the component into the second computing device to deliver the trust code.
  - 44. A computer readable medium according to claim 43, wherein the component is a memory component inserted into at least one data port of the respective first and second computing devices.
  - 45. A computer readable medium according to claim 38, wherein if said comparison code does not have the pre-defined relationship with said trust code, the content is not delivered to the second device.
  - 46. A computer readable medium according to claim 38, wherein if said comparison code does not have the pre-defined relationship with said trust code, and said content is a public key, a private key associated with the public key and the public key of the first computing device are invalidated for future use.
  - 47. A computer readable medium according to claim 38, wherein if said comparison code does not have the pre-defined relationship with said trust code, the trust code is invalidated for future use, unless independently randomly generated in the future.

48. A computer readable medium comprising computer executable modules having computer executable instructions for transmitting content between a first device and a second device in a trusted manner in a network, comprising:
- means for generating a trust code on the second computing device;
  
  means for transporting the trust code, off the network, from the second computing device to the first computing device, the trust code delivered off the network being a comparison code; and
  
  means for performing an authentication exchange between the second computing device and the first computing device on the network, including means for comparing the comparison code to the trust code, wherein if the comparison code does not have the pre-defined relationship with the trust code, the content is not trusted for receipt by the second computing device.
- View Dependent Claims (49, 50, 51)
- - 49. A computer readable medium according to claim 48, wherein the content is a public key.
  - 50. A computer readable medium according to claim 48, wherein said means for transporting includes:
    - means for displaying the trust code via the second computing device; and
      
      means for inputting the trust code to the first computing device as said comparison code.
  - 51. A computer readable medium according to claim 48, wherein said means for transporting includes:
    - means for inserting a component into the second computing device to receive the trust code; and
      
      means for inserting the component into the first computing device to deliver the trust code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Pyle, Harry S., Lehew, Christian R., Fang, Nicholas Jie

Granted Patent

US 7,673,046 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 63/061 for key exchange, e.g. in p...

Trusted network transfer of content using off network input code

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted network transfer of content using off network input code

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links