METHOD AND APPARATUS FOR TRANSMITTING DATA USING AUTHENTICATION

US 20080133918A1
Filed: 11/20/2007
Published: 06/05/2008
Est. Priority Date: 12/04/2006
Status: Active Grant

First Claim

Patent Images

1. A method of transmitting data using authentication between a first device and a second device, the method comprising:

encrypting a certificate of the first device using a shared key shared by the first device and the second device, and transmitting the encrypted certificate of the first device to the second device;

receiving at the first device, authentication key generation information for the first device for generating an authentication key, if it is determined that the certificate of the first device is valid and not revoked;

generating at the first device, a first random number of the first device;

generating at the first device, the authentication key based on the first random number and the authentication key generation information for the first device;

encrypting content data using the authentication key, at the first device; and

transmitting the encrypted content data from the first device to the second device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus of transmitting data using authentication between a first device and a second device are provided. The method includes transmitting an encrypted certificate of the first device using a shared key shared by the first device and the second device, receiving authentication key generation information for generating an authentication key, which is received when it is determined that the certificate of the first device is valid and not revoked, generating a first random number and generating an authentication key based on the first random number and the authentication key generation information, and encrypting and transmitting data using the authentication key.

Citations

25 Claims

1. A method of transmitting data using authentication between a first device and a second device, the method comprising:
- encrypting a certificate of the first device using a shared key shared by the first device and the second device, and transmitting the encrypted certificate of the first device to the second device;
  
  receiving at the first device, authentication key generation information for the first device for generating an authentication key, if it is determined that the certificate of the first device is valid and not revoked;
  
  generating at the first device, a first random number of the first device;
  
  generating at the first device, the authentication key based on the first random number and the authentication key generation information for the first device;
  
  encrypting content data using the authentication key, at the first device; and
  
  transmitting the encrypted content data from the first device to the second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising:
    - generating at the first device, a second random number of the first device;
      
      encrypting the second random number using the shared key;
      
      transmitting the encrypted second random number to the second device;
      
      decrypting the encrypted second random number at the second device; and
      
      receiving at the first device, the decrypted second random number, wherein the generating at the first device the authentication key is performed only if the decrypted second random number is received.
  - 3. The method of claim 1, further comprising:
    - receiving a certificate of the second device at the first device; and
      
      generating at the first device, a second random number of the first device, wherein the second random number is encrypted along with the certificate of the first device using the shared key, and transmitted along with the encrypted certificate of the first device to the second device, wherein the receiving at the first device the authentication key generation information for the first device comprises receiving data in which the authentication key generation information for the first device, and the second random number encrypted using the shared key are encrypted using a secret key of the second device; and
      
      wherein the generating the authentication key comprises decrypting the data, which is encrypted using the secret key of the second device, using a public key of the second device included in the certificate of the second device.
  - 4. The method of claim 3, further comprising:
    - decrypting the encrypted second random number, obtained by decrypting the data encrypted using the secret key of the second device, using the shared key; and
      
      determining whether the second random number obtained by the decrypting the encrypted second random number is equal to the generated second random number, wherein the generating of the authentication key is performed only if the second random number obtained by the decrypting the encrypted second random number is equal to the generated second random number.
  - 5. The method of claim 1, wherein the authentication key generation information for the first device is encrypted using the shared key, and wherein the generating at the first device the authentication key comprises decrypting the encrypted authentication key generation information for the first device using the shared key.
  - 6. The method of claim 1, wherein the authentication key generation information for the first device is generated using a third random number generated by the second device in order to generate the authentication key, and a coordinate of a fixed point on an elliptic curve used for encrypting.
  - 7. The method of claim 1, wherein the authentication key is a product of multiplying the authentication key generation information for the first device by the first random number.
  - 8. The method of claim 6, wherein the authentication key is generated using an X-axis coordinate of the product of multiplying the authentication key generation information for the first device by the first random number.
  - 9. The method of claim 1, wherein the certificate of the first device comprises an identification (ID) of the first device, a public key of the first device, and data in which a hash value of the ID of the first device and the public key of the first device are encrypted using a secret key of a certificate authority.
  - 10. The method of claim 1, further comprising determining whether the authentication key generation information for the first device has been altered, wherein the generating at the first device the authentication key is selectively performed based on a result of the determining whether the authentication key generation information for the first device has been altered.
  - 11. The method of claim 10, further comprising receiving a certificate of the second device at the first device, wherein the determining of whether the authentication key generation information for the first device has been altered comprises:
    - receiving an electronic signature of the authentication key generation information, wherein the electronic signature comprises data in which the authentication key generation information for the first device and a hash value of the authentication key generation information for the first device are encrypted using a secret key of the second device;
      
      decrypting the encrypted authentication key generation information for the first device using a public key of the second device included in the certificate of the second device, and comparing a hash value of the authentication key generation information for the first device obtained by the decrypting the encrypted authentication key generation information for the first device, and the hash value of the authentication key generation information for the first device included in the electronic signature.
  - 12. The method of claim 10, wherein the generating at the first device the authentication key is performed if it is determined that the authentication key generation information for the first device has not been altered.
  - 13. The method of claim 1, wherein the shared key is a value set by a user.
  - 14. The method of claim 1, wherein the shared key is an intrinsic identification number of the first device or the second device.
  - 15. The method of claim 1, wherein the encrypting the content data comprises encrypting the content data using one of an advanced encryption standard (AES) Cipher Block Chaining (CBC) mode algorithm and an AES counter mode algorithm.
  - 16. The method of claim 1, further comprising:
    - receiving a certificate of the second device at the first device;
      
      determining whether the certificate of the second device is valid and not revoked; and
      
      selectively transmitting to the second device authentication key generation information for the second device for generating an authentication key at the second device, based on a result of the determining.
  - 17. The method of claim 16, wherein the selectively transmitting to the second device the authentication key generation information for the second device is performed if it is determined that the certificate of the second device is valid and not revoked.

18. A method of transmitting data using authentication between a first device and a second device, the method comprising:
- transmitting a certificate of the first device to the second device;
  
  receiving at the first device, encrypted authentication key generation information for the first device for generating an authentication key if it is determined that the certificate of the first device is valid and not revoked;
  
  decrypting the encrypted authentication key generation information;
  
  generating a random number, and generating an authentication key based on the random number and the authentication key generation information for the first device obtained by the decrypting the encrypted authentication key generation information for the first device;
  
  encrypting content data using the authentication key; and
  
  transmitting said encrypted content data from the first device to the second device.

19. An apparatus for transmitting data using authentication with a second device;
- the apparatus comprising;
  
  an encryption unit which encrypts a certificate of the apparatus using a shared key shared by the apparatus and the second device;
  
  a transmitter which transmits the encrypted certificate of the apparatus to the second device;
  
  a receiver which receives authentication key generation information for the first device for generating an authentication key, if it is determined that the certificate of the apparatus is valid or revoked;
  
  a random number generator which generates a first random number of the first device for generating an authentication key; and
  
  an authentication key generator which generates the authentication key based on the first random number and the authentication key generation information for the first device, wherein the transmitter transmits to the second device content data encrypted using the authentication key.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The apparatus of claim 19, wherein the random number generator generates a second random number, wherein the encryption unit encrypts the second random number using the shared key, wherein the transmitter transmits the encrypted second random number to the second device, the receiver receives data in which the encrypted second random number is decrypted at the second device, and the authentication key generator generates the authentication key only if the second random number decrypted at the second device is received.
  - 21. The apparatus of claim 19, further comprising a decryption unit, wherein the receiver receives a certificate of the second device, wherein the random number generator generates a second random number, wherein the encryption unit encrypts the generated second random number and the certificate of the apparatus using the shared key, wherein the transmitter transmits to the second device the second random number and certificate of the apparatus encrypted using the shared key, wherein the receiver receives data in which the authentication key generation information for the first device and the second random number encrypted using the shared key are encrypted using the secret key of the second device, and wherein the decryption unit decrypts the data encrypted using the secret key of the second device, using a public key of the second device included in the certificate of the second device, to extract the authentication key generation information for the first device and the encrypted second random number.
  - 22. The apparatus of claim 21, further comprising a random number comparator which determines whether the decrypted second random number and the generated second random number are identical, and wherein the authentication key generator generates the authentication key only if the second random number obtained by decrypting the encrypted second random number and the generated second random number are identical.
  - 23. The apparatus of claim 19, further comprising a decryption unit which decrypts an encrypted authentication key generation information, wherein the decryption unit performs the decryption, if the receiver receives the authentication key generation information encrypted using the shared key, and wherein the authentication key generator generates the authentication key based on the decrypted authentication key generation information and the first random number.

24. An apparatus for transmitting data using authentication with a second device, the apparatus comprising:
- a transmitter which transmits a certificate of the apparatus to the second device;
  
  a receiver which receives data in which authentication key generation information for the first device for generating an authentication key is encrypted using a shared key shared by the apparatus and the second device, if it is determined that the certificate of the apparatus is valid or revoked;
  
  a decryption unit which decrypts the encrypted authentication key generation information for the first device;
  
  a random number generator which generates a random number for generating the authentication key; and
  
  an authentication key generator which generates the authentication key based on the random number and the authentication key generation information for the first device decrypted by decryption unit, wherein the transmitter transmits to the second device content data encrypted using the authentication key.

25. A computer readable recording medium having recorded thereon a program for executing a method of transmitting data using authentication between a first device and a second device, the method comprising:
- encrypting a certificate of the first device using a shared key shared by the first device and the second device, and transmitting the encrypted certificate of the first device to the second device;
  
  extracting at the second device, the certificate of the first device by decrypting the encrypted certificate of the first device;
  
  receiving at the first device, authentication key generation information for the first device for generating an authentication key, if it is determined that the certificate of the first device is valid and not revoked;
  
  generating at the first device, a first random number of the first device;
  
  generating at the first device, the authentication key based on the first random number and the authentication key generation information for the first device;
  
  encrypting content data using the authentication key, at the first device; and
  
  transmitting the encrypted content data from the first device to the second device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Samsung Electronics Co. Ltd.
Inventors
Kwon, Chang-yeul, Kim, Seong-soo, YOU, Yong-kuk

Granted Patent

US 8,078,874 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 9/0844   with user authentication or...

H04L 9/0869   involving random numbers or...

H04L 9/3268   using certificate validatio...

METHOD AND APPARATUS FOR TRANSMITTING DATA USING AUTHENTICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR TRANSMITTING DATA USING AUTHENTICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links