Authentication device and/or method

US 20070088952A1
Filed: 10/06/2006
Published: 04/19/2007
Est. Priority Date: 12/21/2004
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a remote service to a user via a communications network, the method including:

the remote service obtaining a service authentication code that has been generated, using a code generation algorithm, based on a first secret key;

communicating the service authentication code to the user via the communications network;

receiving or entering the service authentication code into an authentication device associated with the user;

the authentication device generating, using the same code generation algorithm, an expected code value based on a second secret key and thereafter comparing the expected code value to the service authentication code; and

responsive to the comparison, and in the event that the expected code value correlates with the service authentication code, the authentication device generating a response that indicates to the user the authenticity of the remote service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating a remote service (104) to a user (102) via a communications network (106) is disclosed. The remote service (104) obtains a service authentication code that has been generated, using a code generation algorithm, based on a first secret key. The service authentication code is communicated to the user (102) via the communications network (106) and received, or entered, into an authentication device (106) associated with the user (102). The authentication device (106) then generates, using the same code generation algorithm, an expected code value based on a second secret key and compares the expected code value to the service authentication code. Responsive to the comparison, and in the event that the expected code value correlates with the service authentication code, the authentication device (106) generates a response that indicates to the user (102) the authenticity of the remote service (104).

115 Citations

View as Search Results

36 Claims

1. A method of authenticating a remote service to a user via a communications network, the method including:
- the remote service obtaining a service authentication code that has been generated, using a code generation algorithm, based on a first secret key;
  
  communicating the service authentication code to the user via the communications network;
  
  receiving or entering the service authentication code into an authentication device associated with the user;
  
  the authentication device generating, using the same code generation algorithm, an expected code value based on a second secret key and thereafter comparing the expected code value to the service authentication code; and
  
  responsive to the comparison, and in the event that the expected code value correlates with the service authentication code, the authentication device generating a response that indicates to the user the authenticity of the remote service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 34)
- - 2. A method according to claim 1 wherein the remote service includes an electronic commerce service.
  - 3. A method according to claim 1 wherein the electronic commerce service includes an internet commerce service.
  - 4. A method according to claim 1 wherein the service authentication code is generated by an authentication server communicatively coupled to a server hosting the remote service.
  - 5. A method according to claim 1 wherein the first secret key is retrieved by indexing a user provided code into a database containing a code for each authentication device that has been registered for accessing the remote service, and the first secret key associated therewith, so as to retrieve the first secret key associated with the user provided code.
  - 6. A method according to claim 5 wherein the user provided code uniquely identifies the authentication device.
  - 7. A method according to claim 1 wherein the generation of the service authentication code includes encoding the first secret key to provide a one-time usable authentication code.
  - 8. A method according to claim 7 wherein each instance of the code generation algorithm uses a first pseudorandom encoding sequence and a second pseudorandom encoding sequence, the second pseudorandom encoding sequence having the same sequence length as the first pseudorandom encoding sequence.
  - 9. A method according to claim 8 wherein the first pseudorandom encoding sequence includes a sequence of singularly occurring characters forming a character set from which the first secret key is derived so that the first pseudorandom encoding sequence includes the characters of the first secret key.
  - 10. A method according to claim 8 wherein the second pseudorandom encoding sequence includes an arrangement of characters from a different character set to the first secret key.
  - 11. A method according to claim 8 wherein the code generation algorithm for generating the service authentication code or the expected value respectively includes:
    - identifying, in order, the location of characters in the first pseudorandom encoding sequence corresponding to the characters of the first secret key or the second secret key;
      
      mapping the location of the identified characters in the first pseudorandom encoding sequence to characters of the second pseudorandom encoding sequence having the same sequence location to provide a set of characters from the second pseudorandom encoding sequence; and
      
      arranging, in the order of identification, the set of characters of second pseudorandom encoding sequence so as to form the service authentication code.
  - 12. A method according to claim 8 wherein different first and second pseudorandom encoding sequences are used whenever a service authentication code is generated to reduce the likelihood of the same service authentication code being regenerated.
  - 13. A method according to claim 1 wherein the response includes the authentication device activating to generate a user authentication code for authenticating the user to the remote service.
  - 14. A method according to claim 1 wherein the second secret key is stored in memory on-board the authentication device so as to be normally inaccessible to the user.
  - 15. A method according to claim 1 wherein the service authentication code includes an identifier for synchronising the code generation algorithm for generating the service authentication code with the code generation algorithm for generating the expected code value.
  - 16. A method according to claim 1 wherein the code generation algorithm for generating the service authentication code based on the first secret key, and the code generation algorithm for generating the expected code value based on the second secret key, use synchronised encoding sequences for generating the service authentication code and the expected code value based on the first secret key and the second secret key respectively.
  - 17. A method according to claim 16 wherein the encoding sequences are modified each time a service authentication code is generated.
  - 34. A method of authenticating the identity and/or credentials of a second user to a first user using a remote service via a communications network, the method including:
    - the first user authenticating the remote service using a method according to claim 1;
      
      in the event that remote service is validly authenticated, the first user providing a user authentication code generated by an authentication device of the second user based on a secret key associated with, or provided by, the second user;
      
      communicating the user authentication code to the remote service via the communications network;
      
      the remote service obtaining an expected code value that has been generated based on a secret key and thereafter comparing the expected code value to the user authentication code for a second user; and
      
      responsive to the comparison and in the event that the expected code correlates with the user authentication code, the remote service providing a response to the first user that indicates the authenticity of the second user.

18. A method of authenticating a remote service to a user via a communications network, the method including:
- the remote service obtaining a service authentication code that has been generated, using a code generation algorithm, based on a first secret key;
  
  communicating the service authentication code to the user via the communications network;
  
  receiving or entering the service authentication code into an authentication device associated with the user;
  
  the authentication device generating, using the same code generation algorithm, an expected code value based on a second secret key and thereafter comparing the expected code value to the service authentication code; and
  
  responsive to the comparison, and in the event that the expected code value correlates with the service authentication code, the authentication device generating a response that indicates to the user the authenticity of the remote service;
  
  wherein the code generation algorithm for generating the service authentication code based on the first secret key, and the code generation algorithm for generating the expected code value based on the second secret key use synchronised encoding sequences for generating the service authentication code and the expected code value based on the first secret key and the second secret key respectively

19. A method of mutually authenticating a remote service user and a remote service via a communications network, the method including:
- the remote service obtaining a service authentication code that has been generated, using a code generation algorithm, based on a first secret key;
  
  communicating the service authentication code to the user via the communications network;
  
  receiving or entering the service authentication code into an authentication device associated with the user;
  
  the authentication device generating, using the same code generation algorithm, an expected code value based on a second secret key and thereafter comparing the expected code value to the service authentication code;
  
  responsive to the comparison, and in the event that the expected code correlates with the service authentication code, the authentication device generating, using a code generation algorithm, a user authentication code value based on a third secret key;
  
  communicating the user authentication code to the remote service via the communications network;
  
  the remote service, or other service, obtaining a second expected code value that has been generated based on a fourth secret key and thereafter comparing the second expected code value to the user authentication code; and
  
  responsive to the comparison and in the event that the second expected code value correlates with the user authentication code, the remote service allowing the user further access to the remote service.

20. A software architecture embodied on one or more computer-readable media for implementation on a server, the software architecture including:
- a service authentication code generator for generating a service authentication code, using a code generation algorithm, based on a first secret key, the generation of the service authentication code including encoding the first secret key using a first pseudorandom encoding sequence and a second pseudorandom encoding sequence having the same sequence length as the first pseudorandom encoding sequence, the encoding including;
  
  identifying, in order, the location of characters in the first pseudorandom encoding sequence that correspond to the characters of the first secret key;
  
  mapping the sequence location of the identified characters to characters of the second pseudorandom encoding sequence having the same sequence location to provide a set of characters from the second pseudorandom encoding sequence; and
  
  arranging, in order of identification, the set of characters of the second pseudorandom encoding sequence to form the service authentication code; and
  
  a communication driver for communicating the service authentication code to a remote user via the communications network;
  
  wherein the service authentication code varies according to the first and a second pseudorandom encoding sequences used by the code generation algorithm and wherein a different first and second pseudorandom encoding sequence is used whenever a service authentication code is generated to reduce the likelihood of the same service authentication code being regenerated.

21. A software architecture embodied on one or more computer-readable media for implementation on an authentication device, the software architecture including:
- an input driver for receiving or entering a service authentication code provided by a remote service, the service authentication code having been generated using a code generation algorithm, based on a first secret key;
  
  a generator for generating, using the code generation algorithm, an expected code value based on a second secret key;
  
  a comparator for comparing the expected code value to the service authentication code; and
  
  a response generator for generating a response indicative of the authenticity of the remote service according to a comparison of the expected code with the service authentication code.
- View Dependent Claims (35, 36)
- - 35. A method of creating an authenticating device according to claim 22 the method including:
    - a user accessing a service hosting a software program for installation on an electronic device to create a software architecture according to claim 21;
      
      the service communicating the software program to the portable electronic device; and
      
      executing, or installing, the software program to create the software architecture on the portable electronic device.
  - 36. A method according to claim 35 wherein the software architecture is communicated via:
    - (a) a short message service;
      
      (b) an electronic mail service;
      
      or (c) a packet based communications service.

22. An authentication device for providing a response that indicates, to a user of the authentication device, the authenticity of a remote service based on an service authentication code provided by the remote service, the authentication device including input means for receiving or entering the service authentication code, the service authentication code having been generated using a code generation algorithm, based on a first secret key;
- generator means for generating, using the same code generation algorithm, an expected code value based on a second secret key;
  
  comparator means for comparing the expected code value to the service authentication code; and
  
  a response generator means for generating a response indicative of the authenticity of the remote service according to a comparison of the expected code with the service authentication code.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 23. A device according to claim 22 wherein each code generation algorithm uses a first pseudorandom encoding sequence and a second pseudorandom encoding sequence, the second pseudorandom encoding sequence having the same sequence length as the first pseudorandom encoding sequence.
  - 24. A device according to claim 23 wherein the first pseudorandom encoding sequence includes a sequence of singularly occurring characters forming a character set from which the first secret key is derived so that the first pseudorandom encoding sequence includes the characters of the first secret key.
  - 25. A device according to claim 23 wherein the second pseudorandom encoding sequence includes an arrangement of characters from the same or different character set to the first secret key.
  - 26. A device according to claim 23 wherein the code generation algorithm for generating the expected value respectively includes:
    - identifying, in order, the location of characters in the first pseudorandom encoding sequence corresponding to the characters of the second secret key;
      
      mapping the location of the identified characters in the first pseudorandom encoding sequence to characters of the second pseudorandom encoding sequence having the same sequence location to provide a set of characters from the second pseudorandom encoding sequence; and
      
      arranging, in the order of identification, the set of characters of second pseudorandom encoding sequence so as to form the service authentication code.
  - 27. A device according to claim 23 wherein different first and second pseudorandom encoding sequences are used whenever a service authentication code is generated to reduce the likelihood of the same service authentication code being regenerated.
  - 28. A device according to claim 22 wherein the response includes the authentication device activating for generating a user authentication code for authenticating the user to the remote service.
  - 29. A device according to claim 22 wherein the second secret key is stored in memory on-board the authentication device so as to be normally inaccessible to the user.
  - 30. A device according to claim 22 wherein the service authentication code includes an identifier for synchronising the code generation algorithm for generating the service authentication code with the code generation algorithm for generating the expected code value.
  - 31. A device according to claim 22 wherein the code generation algorithm for generating the service authentication code based on the first secret key, and the code generation algorithm for generating the expected code value based on the second secret key, use synchronised encoding sequences for generating the service authentication code and the expected code value based on the first secret key and the second secret key respectively.
  - 32. A device according to claim 31 wherein the encoding sequences are modified each time a service authentication code is generated.

33. A method of authenticating a remote service to a user via a communications network, the method including:
- a user operating an authentication device to retrieve, from the device, a unique identification code associated therewith;
  
  communicating the unique identification code to the remote service via a communications network;
  
  the remote service obtaining a service authentication code that has been generated, using a code generation algorithm, based on a first secret key, the first secret key being retrieved from a database by indexing the unique identification code into the database, the database including identification codes for authentication devices that have been registered for accessing the remote service;
  
  communicating the service authentication code to the user via the communications network;
  
  receiving or entering the service authentication code into an authentication device associated with the user;
  
  the authentication device generating, using the same code generation algorithm, an expected code value based on a second secret key and thereafter comparing the expected code value to the service authentication code; and
  
  responsive to the comparison, and in the event that the expected code value correlates with the service authentication code, the authentication device generating a response that indicates to the user the authenticity of the remote service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMUE Limited, Richard Jacka, Simon Charles Hughes-Hewitt
Original Assignee
Richard Jacka, Simon Charles Hughes Hewitt
Inventors
Bender, Jason, Lenon, James, Hewitt, Simon

Granted Patent

US 8,151,364 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 2463/102   applying security measure f...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

Authentication device and/or method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

115 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication device and/or method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

115 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links