Authentication between device and portable storage

US 20050210279A1
Filed: 03/22/2005
Published: 09/22/2005
Est. Priority Date: 03/22/2004
Status: Active Grant

First Claim

Patent Images

1. A method for performing authentication between a device and a portable storage, which is performed by the device, comprising:

transmitting a first key from the device to the portable storage;

receiving a third key and a first encrypted random number, obtained by encrypting a first random number using the first key, from the portable storage and decrypting the first encrypted random number using a second key related with the first key;

generating a second encrypted random number by encrypting a second random number using the third key and transmitting the second encrypted random number from the device to the portable storage; and

generating a session key using the first random number and the second random number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

For digital rights management (DRM), a method for performing authentication between a device and a portable storage, which is performed by the device, includes transmitting a first key to the portable storage, receiving a third key and a first encrypted random number obtained by encrypting a first random number using the first key from the portable storage and decrypting the first encrypted random number using a second key related with the first key, generating a second encrypted random number by encrypting a second random number using the third key and transmitting the second encrypted random number to the portable storage, and generating a session key using the first random number and the second random number. The technique guarantees secure authentication between the device and the portable storage for DRM.

59 Citations

View as Search Results

28 Claims

1. A method for performing authentication between a device and a portable storage, which is performed by the device, comprising:
- transmitting a first key from the device to the portable storage;
  
  receiving a third key and a first encrypted random number, obtained by encrypting a first random number using the first key, from the portable storage and decrypting the first encrypted random number using a second key related with the first key;
  
  generating a second encrypted random number by encrypting a second random number using the third key and transmitting the second encrypted random number from the device to the portable storage; and
  
  generating a session key using the first random number and the second random number.
- View Dependent Claims (2, 3, 4, 5, 6, 25)
- - 2. The method of claim 1, wherein the first key and the second key are a related device public key and device private key, respectively, and the third key is a portable storage public key.
  - 3. The method of claim 1, wherein the first key is transmitted through a device certificate to the portable storage, and the third key is received from the portable storage through a portable storage certificate.
  - 4. The method of claim 1, wherein the first random number is generated by the portable storage, and the second random number is generated by the device.
  - 5. The method of claim 1, further comprising:
    - receiving information regarding a time at which a certificate revocation list (CRL) of the portable storage is issued, from the portable storage, together with the first encrypted random number and the third key; and
      
      transmitting information regarding a time at which a CRL of the device is issued to the portable storage together with the second encrypted random number.
  - 6. The method of claim 1, further comprising:
    - receiving information indicating a session key generated by the portable storage; and
      
      verifying whether the session key generated by the device is identical with the session key generated by the portable storage.
  - 25. A recording medium having a computer readable program recorded thereon, the program for executing the method of claim 1.

7. A method for performing authentication between a device and a portable storage, which is performed by the portable storage, comprising:
- receiving a first key from the device;
  
  obtaining a first encrypted random number by encrypting a first random number using the first key and transmitting the first encrypted random number and a third key to the device;
  
  receiving a second encrypted random number, obtained by encrypting a second random number using the third key, from the device and decrypting the second encrypted random number using a fourth key; and
  
  generating a session key using the first random number and the second random number.
- View Dependent Claims (8, 9, 10, 11, 12, 26)
- - 8. The method of claim 7, wherein the first key is a device public key, and the third and fourth keys are a related portable storage public key and portable storage private key, respectively.
  - 9. The method of claim 7, wherein the third key is transmitted to the device through a portable storage certificate, and the first key is received from the device through a device certificate.
  - 10. The method of claim 7, wherein the first random number is generated by the portable storage, and the second random number is generated by the device.
  - 11. The method of claim 7, further comprising:
    - transmitting information regarding a time at which a certificate revocation list (CRL) of the portable storage is issued, to the device, together with the first encrypted random number; and
      
      receiving information regarding a time at which a CRL of the device is issued, at the portable storage, together with the second encrypted random number and the first key.
  - 12. The method of claim 7, further comprising transmitting information indicating the session key generated by the portable storage to the device to enable the device to verify whether a session key generated by the device is identical with the session generated by the portable storage.
  - 26. A recording medium having a computer readable program recorded thereon, the program for executing the method of claim 7.

13. A method of safely transmitting data between a device and a portable storage comprising:
- setting a value of a send sequence counter of the device to an initial value;
  
  embedding the value of the send sequence counter in an application protocol data unit (APDU) to be transmitted to the portable storage while increasing the value of the send sequence counter sequentially after the value of the send sequence counter is embedded in the APDU; and
  
  receiving the APDU at the portable storage and determining whether the value of the send sequence counter embedded in the received APDU is correct.
- View Dependent Claims (14, 27)
- - 14. The method of claim 13, wherein the initial value is generated using a random number of the portable storage and a random number of the device, and wherein the random numbers are exchanged during mutual authentication between the portable storage and the device.
  - 27. A recording medium having a computer readable program recorded thereon, the program for executing the method of claim 13.

15. A method of safely transmitting data between a device and a portable storage comprising:
- setting a value of a send sequence counter of the portable storage to an initial value;
  
  embedding the value of the send sequence counter in an application protocol data unit (APDU) to be transmitted to the device while increasing the value of the send sequence counter sequentially after the value of the send sequence counter is embedded in the APDU; and
  
  receiving the APDU at the device and determining whether the value of the send sequence counter embedded in the received APDU is correct.
- View Dependent Claims (16, 28)
- - 16. The method of claim 15, wherein the initial value is generated using a random number of the portable storage and a random number of the device, and wherein the random numbers are exchanged during mutual authentication between the portable storage and the device.
  - 28. A recording medium having a computer readable program recorded thereon, the program for executing the method of claim 15.

17. A portable storage comprising:
- an interface unit which establishes a connection with a device;
  
  a public-key encryption module which encrypts a first random number using a first key received from the device connected through the interface unit and obtains a second random number by decrypting an encrypted second random number received from the device through the interface unit using a fourth key; and
  
  a session key generation module which generates a session key using the first random number and the second random number.
- View Dependent Claims (18, 19, 20)
- - 18. The portable storage of claim 17, wherein the first key is transmitted through a device certificate sent from the device to the portable storage.
  - 19. The portable storage of claim 17, wherein the first random number is generated by the session key generation module.
  - 20. The portable storage of claim 17, further comprising a send sequence counter storage module which stores one or more values of a send sequence counter sequentially embedded in application protocol data units (APDUs), respectively, of data transmitted between the portable storage and the device to enable detection of at least one of an unauthorized insertion and deletion of APDUs during the transmission.

21. A device comprising:
- an interface unit which establishes a connection with a portable storage;
  
  a public-key encryption module which obtains a first random number by decrypting an encrypted first random number received from the portable storage connected through the interface unit using a second key and encrypts a second random number using a third key received from the portable storage connected through the interface unit; and
  
  a session key generation module which generates a session key using the first random number and the second random number.
- View Dependent Claims (22, 23, 24)
- - 22. The device of claim 21, wherein the third key is transmitted to the device through a portable storage certificate sent from the portable storage.
  - 23. The device of claim 21, wherein the second random number is generated by the session key generation module.
  - 24. The device of claim 21, further comprising a send sequence counter storage module which stores one or more values of a send sequence counter sequentially embedded in application protocol data units (APDUs), respectively, of data transmitted between the device and the portable storage to enable detection of at least one of an unauthorized insertion and deletion of APDUs during the transmission.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Jung, Kyung-im, Kim, Tae-sung, Yoon, Joong-chul, Lee, Byung-rae

Granted Patent

US 8,209,535 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/194
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 2221/2103   Challenge-response

H04L 2209/603   Digital right managament [DRM]

H04L 9/0844   with user authentication or...

H04L 9/3268   using certificate validatio...

H04L 9/3273   for mutual authentication n...

Authentication between device and portable storage

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

59 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication between device and portable storage

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links