SYSTEM AND METHODS FOR AUTHENTICATING A RECEIVER IN AN ON-DEMAND SENDER-RECEIVER TRANSACTION

US 20110231656A1
Filed: 03/16/2010
Published: 09/22/2011
Est. Priority Date: 03/16/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method for authenticating a first device to a second device, the method comprising the steps of:

determining, at the directory, a secret key and a first set of images by communicating with the first device;

receiving, at the directory, a transaction request from the second device to authenticate the first device;

generating, at the directory, a tag using said secret key and first information associated with said transaction request;

selecting a second set of images from said first set of images according to said tag;

sending said second set of images from the directory to the second device;

wherebyusing said first set of images, said secret key, and said information associated with said transaction request, the first device may select a third set of images that, when sent to the second device, may be used at the second device, in comparison to said second set of images, to authenticate the first device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for authenticating a first device to a second device. This involves determining, at the directory, a secret key and a first set of images by communicating with the first device; receiving, at the directory, a transaction request from the second device to authenticate the first device; and generating, at the directory, a tag using said secret key and first information associated with said transaction request. This also involves selecting a second set of images from said first set of images according to said tag, and sending said second set of images from the directory to the second device. Moreover, using said first set of images, said secret key, and said information associated with said transaction request, the first device may select a third set of images that, when sent to the second device, may be used at the second device, in comparison to said second set of images, to authenticate the first device.

Citations

19 Claims

1. A method for authenticating a first device to a second device, the method comprising the steps of:
- determining, at the directory, a secret key and a first set of images by communicating with the first device;
  
  receiving, at the directory, a transaction request from the second device to authenticate the first device;
  
  generating, at the directory, a tag using said secret key and first information associated with said transaction request;
  
  selecting a second set of images from said first set of images according to said tag;
  
  sending said second set of images from the directory to the second device;
  
  wherebyusing said first set of images, said secret key, and said information associated with said transaction request, the first device may select a third set of images that, when sent to the second device, may be used at the second device, in comparison to said second set of images, to authenticate the first device.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein said first information includes at least a portion of a time value, a first device ID, and a second device ID extracted from said transaction request.
  - 3. The method of claim 2, wherein the step of generating said tag further comprises the steps of:
    - calculating said tag by applying a message authentication code function to said first information and said secret key, said tag including a plurality of bits;
      
      dividing said bits of said tag into a plurality of sub-tags; and
      
      wherein the step of selecting a second set of images includes selecting one of said first set of images with said sub-tags, each of said images of said second set of images being associated with one of said sub-tags.
  - 4. The method of claim 3, wherein the step of calculating said tag further comprises the step of:
    - applying said message authentication code function as a hash function.

5. A system for authenticating a first device to a second device using a directory, the system including:
- a first processor associated with said directory and programmed to;
  
  determine a secret key and a first set of images by communicating with the first device;
  
  receive a transaction request from the second device to authenticate the first device;
  
  generate a first tag using said secret key and first information associated with said first transaction request;
  
  select a second set of images from said first set of images according to said first tag; and
  
  send said second set of images to the second device.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The system of claim 5, further including:
    - a second processor associated with said first device and programmed to;
      
      determine said secret key and said first set of images by communicating with said first processor;
      
      receive said first information associated with said transaction request;
      
      generate a second tag using said secret key and said first information associated with said transaction request;
      
      select a third set of images from said first set of images according to said second tag; and
      
      send said third set of images to the second device.
  - 7. The system of claim 6, further including:
    - a third processor associated with said second device and programmed to;
      
      send said transaction request to the directory;
      
      receive said second set of images from said first processor;
      
      receive said third set of images from said first device; and
      
      display said second set of images and said third set of images to a user of the second device, whereby a user of said second device authenticates the first device by comparing said second and third sets of images.
  - 8. The system of claim 7, wherein said third processor is further programmed to send said transaction request to the first device.
  - 9. The system of claim 7, wherein said first processor is further programmed to send said transaction request to the first device.
  - 10. The system of claim 5, wherein:
    - said first information includes at least a portion of a time value, a first device ID, and a second device ID extracted from said first transaction request; and
      
      said second information includes at least a portion of a time value, a first device ID, and a second device ID extracted from a second transaction request.
  - 11. The system of claim 5, 6, or 7, wherein said first processor is further programmed to:
    - calculate said first tag by applying a message authentication code function to said first information and said secret key, said first tag including a plurality of bits;
      
      divide said bits of said first tag into a plurality of sub-tags; and
      
      select one of said first set of images with said sub-tags, each of said images of said second set of images being associated with one of said sub-tags.
  - 12. The system of claim 6 or 7, wherein said second processor is further programmed to:
    - calculate said second tag by applying a message authentication code function to said first information and said secret key, said second tag including a plurality of bits;
      
      divide said bits of said second tag into a plurality of sub-tags; and
      
      select one of said first set of images with said sub-tags, each of said images of said third set of images being associated with one of said sub-tags.
  - 13. The system of claim 12, wherein said first processor is further programmed to:
    - calculate said first tag by applying said message authentication code function as a hash function.
  - 14. The system of claim 13, wherein said second processor is further programmed to:
    - calculate said second tag by applying said message authentication code function as a hash function.

15. A computer-readable medium comprising program instructions, which, when executed by a processor, cause said processor to perform a method for authenticating a first device to a second device, the method comprising the steps of:
- determining, at the directory, a secret key and a first set of images by communicating with the first device;
  
  receiving, at the directory, a transaction request from the second device to authenticate the first device;
  
  generating, at the directory, a tag using said secret key and first information associated with said transaction request;
  
  selecting a second set of images from said first set of images according to said tag;
  
  sending said second set of images from the directory to the second device;
  
  using said first set of images, said secret key, and said information associated with said transaction request, the first device may select a third set of images that, when sent to the second device, may be used at the second device, in comparison to said second set of images, to authenticate the first device.
- View Dependent Claims (16, 17, 18)
- - 16. The computer-readable medium of claim 15, wherein:
    - said information includes at least a portion of a time value, a first device ID, and a second device ID extracted from said transaction request.
  - 17. The computer-readable medium of claim 15, wherein the step of generating said tag further comprises the steps of:
    - calculating said tag by applying a message authentication code function to said first information and said secret key, said tag including a plurality of bits;
      
      dividing said bits of said tag into a plurality of sub-tags; and
      
      wherein the step of selecting a second set of images includes selecting ones of said first set of images with said sub-tags, each of said images of said second set of images being associated with one of said sub-tags.
  - 18. The computer-readable medium of claim 17, wherein the step of calculating said tag further comprises the step of:
    - applying said message authentication code function as a hash function.

19. A method for authenticating a first device to a second device using a directory, including the steps of:
- determining, at the directory, a secret key and a first set of images by communicating with the first device;
  
  determining, at the first device, said secret key and said first set of images by communicating with the directory;
  
  sending a transaction request from the second device to the directory;
  
  receiving said transaction request at the directory from the second device to authenticate the first device;
  
  generating, at the directory, a first tag using said secret key and first information associated with said transaction request;
  
  selecting, at the directory, a second set of images from said first set of images according to said first tag;
  
  sending said second set of images from the directory to the second device;
  
  receiving, at the second device, said second set of images from said directory;
  
  receiving, at the first device, said first information associated with said first transaction request;
  
  generating, at the first device, a second tag using said secret key and said first information associated with said transaction request;
  
  selecting, at the first device, a third set of images from said first set of images according to said second tag;
  
  sending said third set of images from the first device to the second device;
  
  receiving, at the second device, said third set of images from said first device; and
  
  comparing said second and third sets of images.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telcordia Technologies Incorporated (Telefonaktiebolaget LM Ericsson)
Original Assignee
Telcordia Technologies Incorporated (Telefonaktiebolaget LM Ericsson)
Inventors
Di Crescenzo, Giovanni

Application Number

US12/724,495
Publication Number

US 20110231656A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/321   involving a third party or ...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3271   using challenge-response

SYSTEM AND METHODS FOR AUTHENTICATING A RECEIVER IN AN ON-DEMAND SENDER-RECEIVER TRANSACTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHODS FOR AUTHENTICATING A RECEIVER IN AN ON-DEMAND SENDER-RECEIVER TRANSACTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links