System and method for authenticating streamed data

US 20070038855A1
Filed: 08/12/2005
Published: 02/15/2007
Est. Priority Date: 08/12/2005
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating data streamed as indexed data packets to a device, in which authentication data is not distributed over the packets, the method comprising the steps of:

a) receiving, at the device, data in a plurality of packets transmitted by a data server;

b) submitting a request for a server-computed authentication value to a data authentication server, wherein the data authentication server is adapted to compute the server-computed authentication value based on a subset of the data transmitted by the data server;

c) receiving, at the device, the server-computed authentication value from the data authentication server in response to the request;

d) computing a device-computed authentication value based on a subset of the data received at the device corresponding to the subset of the data transmitted by the data server; and

e) determining if the subset of the data received at the device is authentic by comparing the server-computed and device-computed authentication values.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method that facilitates the authentication of streamed data received at a device, where authentication information is not distributed over the data stream. One embodiment of a method of authenticating data comprises the steps of: receiving, at the device, data in a plurality of packets transmitted by a data server; submitting a request for a server-computed authentication value to a data authentication server, wherein the data authentication server is adapted to compute the server-computed authentication value based on a subset of the data transmitted by the data server; receiving, at the device, the server-computed authentication value from the data authentication server in response to the request; computing a device-computed authentication value based on a subset of the data received at the device corresponding to the subset of the data transmitted by the data server; and determining if the subset of the data received at the device is authentic by comparing the server-computed and device-computed authentication values.

13 Citations

View as Search Results

21 Claims

1. A method of authenticating data streamed as indexed data packets to a device, in which authentication data is not distributed over the packets, the method comprising the steps of:
- a) receiving, at the device, data in a plurality of packets transmitted by a data server;
  
  b) submitting a request for a server-computed authentication value to a data authentication server, wherein the data authentication server is adapted to compute the server-computed authentication value based on a subset of the data transmitted by the data server;
  
  c) receiving, at the device, the server-computed authentication value from the data authentication server in response to the request;
  
  d) computing a device-computed authentication value based on a subset of the data received at the device corresponding to the subset of the data transmitted by the data server; and
  
  e) determining if the subset of the data received at the device is authentic by comparing the server-computed and device-computed authentication values.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the data authentication server is adapted to compute the server-computed authentication value by applying an authentication value generating function to the subset of the data transmitted by the data server, and wherein the device-computed authentication value is computed at the computing step by applying the same authentication value generating function to the subset of the data received at the device corresponding to the subset of the data transmitted by the data server.
  - 3. The method of claim 2, wherein the authentication value generating function is a hash function.
  - 4. The method of claim 1, further comprising the step of identifying an end index, wherein the request submitted in the submitting step comprises the end index, and wherein the end index defines both the subset of the data transmitted by the data server on which the server-computed authentication value is based and the subset of the data received by the device on which the device-computed authentication value is based.
  - 5. The method of claim 4, wherein the end index identified at the identifying step is associated with the last non-truncated packet of data received at the device.
  - 6. The method of claim 1, further comprising the step of submitting a request to the data server to re-transmit data of at least one of the plurality of packets.
  - 7. The method of claim 1, further comprising the step of identifying a start index, wherein the request submitted in the submitting step further comprises the start index, and wherein the start index defines both the subset of the data transmitted by the data server on which the server-computed authentication value is based and the subset of the data received by the device on which the device-computed authentication value is based.
  - 8. The method of claim 1, wherein the subset of the data transmitted by the data server on which the server-computed authentication value is based includes all of the packets in the plurality of packets transmitted by the data server.
  - 9. The method of claim 1, wherein the data authentication server is further adapted to sign the server-computed authentication value computed thereby, wherein the server-computed authentication value received at step c) is signed, and wherein step e) further comprises verifying the signature of the server-computed authentication value.
  - 10. The method of claim 1, wherein the data authentication server is further adapted to generate a message authentication code for the server-computed authentication value computed thereby, wherein the method further comprises receiving the message authentication code for the server-computed authentication value received at step c), and wherein step e) further comprises verifying the message authentication code for the server-computed authentication value.
  - 11. The method of claim 1, wherein the device is a mobile device.
  - 12. The method of claim 1, wherein the data server is adapted to store a copy of data transmitted thereby in a streamed data store, accessible to the data authentication server.
  - 13. The method of claim 1, wherein the data server and the data authentication server are the same computing device.
  - 14. A software application comprising a plurality of instructions stored on a computer-readable medium, the instructions for a method of authenticating data as claimed in claim 1.
  - 15. A mobile device, comprising an application programmed to perform the steps, when the application is executed, of a method of authenticating data as claimed in claim 1.

16. A system for authenticating data streamed as indexed data packets to a device, wherein authentication data is not distributed over the packets, the system comprising:
- a) a data server adapted to transmit data in a plurality of packets;
  
  b) a device that receives data in the plurality of packets transmitted by the data server;
  
  c) a data authentication server adapted to compute a server-computed authentication value based on a subset of the data transmitted by the data server;
  
  wherein, in operation, the device receives data transmitted by the data server, submits a request to the data authentication server for the server-computed authentication value, receives the server-computed authentication value in response to the request, computes a device-computed authentication value based on a subset of the data received at the device corresponding to the subset of the data transmitted by the data server, and determines if the subset of the data received at the device is authentic by comparing the server-computed and device-computed authentication values.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The system of claim 16, wherein the data authentication server is further adapted to sign the server-computed authentication value computed thereby.
  - 18. The system of claim 16, wherein the data authentication server is further adapted to generate a message authentication code for the server-computed authentication value computed thereby.
  - 19. The system of claim 16, wherein the device is a mobile device.
  - 20. The system of claim 16, further comprising a streamed data store in which a copy of data transmitted by the data server is stored, wherein the streamed data store is accessible to the data authentication server.
  - 21. The system of claim 16, wherein the data server and the data authentication server are the same computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael, Tapuska, David

Granted Patent

US 8,078,867 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/161
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/123 received data contents, e.g...

System and method for authenticating streamed data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authenticating streamed data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links