NETWORK HELPER FOR AUTHENTICATION BETWEEN A TOKEN AND VERIFIERS
First Claim
1. A method operational on a networked helper to assist a verifier in authenticating a token, comprising:
- receiving a plurality of encoded puzzles associated with a token identifier from a token provisioner;
storing the plurality of encoded puzzles;
receiving a request from the verifier for puzzles associated with the token identifier during an initial authentication stage between the verifier and the token in which a symmetric key is established between the verifier and the token;
selecting a subset of the stored plurality of encoded puzzles associated with the token identifier; and
sending the selected subset of encoded puzzles to the verifier.
1 Assignment
0 Petitions
Accused Products
Abstract
A network helper is provided that assists verifiers in executing a puzzle-based protocol for authentication of a token. A token stores a secret key and one or more puzzle-generating algorithms. The helper stores a plurality of puzzles associated with a particular token. When requested to do so by a verifier, the helper provides a plurality of pseudorandomly selected puzzles for the token to a verifier. The puzzles are encoded with information that is used between the verifier and token to establish a secured symmetric key. The verifier selects one or a few of the encoded puzzles and breaks them by a brute force attack. Because the helper does not know which puzzles have been selected, it has to break all puzzles to attempt to figure out the symmetric key. However, if a large number of puzzles are utilized, say millions, then breaking all of them becomes a computationally prohibitive task.
139 Citations
24 Claims
-
1. A method operational on a networked helper to assist a verifier in authenticating a token, comprising:
-
receiving a plurality of encoded puzzles associated with a token identifier from a token provisioner; storing the plurality of encoded puzzles; receiving a request from the verifier for puzzles associated with the token identifier during an initial authentication stage between the verifier and the token in which a symmetric key is established between the verifier and the token; selecting a subset of the stored plurality of encoded puzzles associated with the token identifier; and sending the selected subset of encoded puzzles to the verifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A helper device for assisting a verifier in authenticating tokens, comprising:
-
a first communication interface having high bandwidth to a network; and a processing circuit coupled to the first communication interface, the processing circuit configured to receive a plurality of encoded puzzles associated with a token identifier from a token provisioner; store the plurality of encoded puzzles; receive a request from the verifier for puzzles associated with the token identifier during an initial authentication stage between the verifier and the token in which a symmetric key is established between the verifier and the token; select a subset of the stored plurality of encoded puzzles associated with the token identifier; and send the selected subset of encoded puzzles to the verifier. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A helper device for assisting a verifier in authenticating tokens, comprising:
-
means for receiving a plurality of encoded puzzles associated with a token identifier from a token provisioner; means for storing the plurality of encoded puzzles; means for receiving a request from the verifier for puzzles associated with the token identifier during an initial authentication stage between the verifier and the token in which a symmetric key is established between the verifier and the token; means for selecting a subset of the stored plurality of encoded puzzles associated with the token identifier; and means for sending the selected subset of encoded puzzles to the verifier. - View Dependent Claims (16, 17, 18)
-
-
19. A processing device, comprising:
a processing circuit configured to receive a plurality of encoded puzzles associated with a token identifier from a token provisioner; store the plurality of encoded puzzles; receive a request from the verifier for puzzles associated with the token identifier during an initial authentication stage between the verifier and the token in which a symmetric key is established between the verifier and the token; select a subset of the stored plurality of encoded puzzles associated with the token identifier; and send the selected subset of encoded puzzles to the verifier. - View Dependent Claims (20, 21)
-
22. A machine-readable medium having one or more instructions operational on a networked helper for assisting a verifier in authenticating a token, which when executed by a processor causes the processor to:
-
receive a plurality of encoded puzzles associated with a token identifier from a token provisioner; store the plurality of encoded puzzles; receive a request from the verifier for puzzles associated with the token identifier during an initial authentication stage between the verifier and the token in which a symmetric key is established between the verifier and the token; select a subset of the stored plurality of encoded puzzles associated with the token identifier; and send the selected subset of encoded puzzles to the verifier. - View Dependent Claims (23, 24)
-
Specification