Challenge response system and method

US 20050250473A1
Filed: 11/26/2004
Published: 11/10/2005
Est. Priority Date: 05/04/2004
Status: Active Grant

First Claim

Patent Images

2. The method of claim 1 further comprising the step of the authenticating device using the decrypted user password to carry out operations on the authenticating device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A challenge response scheme includes the authentication of a requesting device by an authenticating device. The authenticating device generates a challenge that is issued to the requesting device. The requesting device combines the challenge with a hash of a password provided by a user of the requesting device, and the combination of the hash of the password and the challenge is further hashed in order to generate a requesting encryption key that is used to encrypt the user supplied password. The encrypted user supplied password is sent to the authenticating device as a response to the issued challenge. The authenticating device generates an authenticating encryption key by generating the hash of a combination of the challenge and a stored hash of an authenticating device password. The authenticating encryption key is used to decrypt the response in order to retrieve the user-supplied password. If a hash of the user-supplied password matches the stored hash of the authenticating device password, then the requesting device has been authenticated and the authenticating device is in possession of the password.

Citations

21 Claims

2. The method of claim 1 further comprising the step of the authenticating device using the decrypted user password to carry out operations on the authenticating device.
- View Dependent Claims (7)
- - 7. A computing device program product comprising code operative to perform the method of claim 2.

11. A system for an authentication device to authenticate a requesting device, comprising:
- a challenge generator for generating a challenge, a communications link for transmitting the challenge to the requesting device and receiving a response to the challenge from the requesting device, the response comprising a requesting password encrypted using a requesting encryption key, the requesting encryption key comprising a hash of a combination of the challenge and a hash of the requesting password;
  
  a hash generator for generating an authenticating encryption key by hashing a combination of the challenge and a hash of a predetermined password;
  
  a decryptor for decrypting the encrypted requesting password using the authenticating encryption key to obtain a decrypted response; and
  
  a comparator for comparing a hash of the decrypted response with the hash of the predetermined password, whereby if the hash of the decrypted requesting password matches the hash of the predetermined password, the requesting device is authenticated.
- View Dependent Claims (12, 13)
- - 12. The system of claim 11, wherein the challenge generated by the challenge generator is a random or pseudo-random number.
  - 13. The system of claim 11, wherein the communications link is further configured to receive an authentication request from the requesting device.

14. A method for securely transmitting information to a receiving device, the receiving device being provided with a hash of the information, a random number, and a receiving encryption key comprising a hash of the random number and the hash of the information, comprising the steps of:
- receiving a random number from the receiving device;
  
  encoding the information to produce a hash of the information;
  
  combining the random number with the hash of the information;
  
  hashing the combined random number and hash of the information to produce a transmitting encryption key;
  
  encrypting the information using the transmitting encryption key;
  
  transmitting the encrypted information to the receiving device for decryption by the receiving device using the receiving encryption key.
- View Dependent Claims (1, 3, 4, 5, 6, 8, 9, 10, 15)
- - 1. A method for authentication of a requesting device by an authenticating device, the requesting device and the authenticating device each being operative to carry out a one-way hash operation and to carry out a key-based encryption operation, the authenticating device storing a hash of a defined password generated by applying the hash operation to the defined password, the authenticating device being further operative to carry out a key-based decryption operation for decrypting values obtained from the encryption operation, the method comprising the steps of:
    - the requesting device receiving a user password and carrying out the hash operation on the user password to obtain a hash of the user password, the authenticating device determining and transmitting a challenge to the requesting device;
      
      the requesting device receiving the challenge and defining a requesting encryption key by carrying out the hash operation on a combination of the challenge and the hash of the user password, the requesting device carrying out the encryption operation using the requesting encryption key to encrypt the user password, the requesting device transmitting a response comprising the encrypted user password to the authenticating device, the authenticating device receiving the response and defining an authenticating encryption key by carrying out the hash operation on a combination of the challenge and the hash of the defined password;
      
      the authenticating device using the authenticating encryption key in the decryption operation to decrypt the response to obtain a decrypted user password and carrying out the one-way hash operation on the decrypted user password;
      
      the authenticating device comparing the hash of the decrypted user password with the hash of the defined password to authenticate the requesting device when the comparison indicates a match.
  - 3. The method of claim 1 in which the authenticating device is a wireless handheld device and the requesting device is a desktop computer and in which the authentication of the requesting device is required to establish a connection between the wireless handheld device and the requesting device, the method further comprising the step of the requesting device sending a connection request to the authenticating device prior to the authenticating device determining a challenge and in which the step of authenticating the requesting device comprises the step of refusing to establish a connection when the hash of the decrypted user password does not match the hash of the defined password.
  - 4. The method of claim 1, in which the step of the authenticating device determining a challenge comprises the step of generating a random number to be used as the challenge.
  - 5. The method of claim 1, further comprising the initial step of the requesting device transmitting a connection request to the authenticating device and comprising the step of the authentication device receiving the connection request and carrying out the authentication of the requesting device if a defined flag is set on the authenticating device to indicate that the device has been secured with the defined password.
  - 6. A computing device program product comprising code operative to perform the method of claim 1.
  - 8. A computing device program product comprising code operative to perform the method of claim 3.
  - 9. A computing device program product comprising code operative to perform the method of claim 4.
  - 10. A computing device program product comprising code operative to perform the method of claim 5.
  - 15. A computing device program product comprising code operative to perform the method of claim 14.

15-1. A computing device program product comprising code operative to perform the method of claim 14.

16. A method for a requesting device to be authenticated by an authenticating device, the requesting device receiving a user password, the authenticating device being provided with a hash of a predetermined password, a random number, and a receiving encryption key comprising a hash of the random number and the hash of the predetermined password, comprising the steps of the requesting device:
- receiving a random number from the authenticating device;
  
  encoding the user password to produce a hash of the user password;
  
  combining the random number with the hash of the user password;
  
  hashing the combined random number and hash of the user password to produce a transmitting encryption key;
  
  encrypting the user password using the transmitting encryption key;
  
  transmitting the encrypted user password to the authenticating device for authentication by decryption by the authenticating device using the receiving encryption key.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16 further comprising the step of the authenticating device using the decrypted user password to carry out operations on the authenticating device.
  - 18. The method of claim 16 in which the authenticating device is a wireless handheld device and the requesting device is a desktop computer and in which the authentication of the requesting device is required to establish a connection between the wireless handheld device and the requesting device, the method further comprising the step of the authenticating device receiving a connection request prior to the authenticating device determining a challenge and in which the step of authenticating the requesting device comprises the step of refusing to establish a connection when the hash of the decrypted user password does not match the hash of the defined password.
  - 19. A computing device program product comprising code operative to perform the method of claim 16.
  - 20. A computing device program product comprising code operative to perform the method of claim 17.
  - 21. A computing device program product comprising code operative to perform the method of claim 18.

16-2. A method for authentication of a requesting device by an authenticating device, the requesting device and the authenticating device each being operative to carry out a one-way hash operation and to carry out a key-based encryption operation, the authenticating device storing a hash of a defined password generated by applying the hash operation to the defined password, the authenticating device being further operative to carry out a key-based decryption operation for decrypting values obtained from the encryption operation, the method comprising the steps of the authenticating device:
- determining and transmitting a challenge to the requesting device;
  
  receiving a response from the requesting device, the response comprising a requesting encryption key determined by carrying out the hash operation on a combination of the challenge and a hash of a received user password, the hash being defined by carrying out the hash operation on the received user password, defining an authenticating encryption key by carrying out the hash operation on a combination of the challenge and the hash of the defined password;
  
  using the authenticating encryption key in the decryption operation to decrypt the response to obtain a decrypted user password and carrying out the one-way hash operation on the decrypted user password;
  
  comparing the hash of the decrypted user password with the hash of the defined password to authenticate the requesting device when the comparison indicates a match.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Brown, Michael S., Brown, Michael K., Kirkup, Michael G., Little, Herbert A.

Granted Patent

US 7,603,556 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3271   using challenge-response

Challenge response system and method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Challenge response system and method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links