Open protocol for authentication and key establishment with privacy
First Claim
1. A method for authenticating a device, comprising:
- generating authentication information at a host;
sending a request to authenticate the device, wherein the request includes at least a portion of the authentication information;
receiving a response to the request at the host, wherein the response includes encrypted information and an anonymous identifier of the device that does not provide readable identification information to an entity other than the host; and
authenticating the device using the encrypted information and the anonymous identifier.
2 Assignments
0 Petitions
Accused Products
Abstract
A suite of efficient authentication and key establishment protocols for securing contact or contactless interfaces between communicating systems. The protocols may be used in secure physical access, logical access and/or transportation applications, among other implementations. The system authenticates a mobile device such as a smart card and/or mobile phone equipped with a secure element presented to one or more host terminals and establishes shared secure messaging keys to protect communications between the device and terminal. Secure messaging provides an end-to-end protected path of digital documents or transactions through the interface. The protocols provide that the device does not reveal identification information to entities different from a trusted host. The terminal may be a contactless reader at a door for controlling physical access, a desktop, laptop or kiosk for controlling logical access, and/or an access point for obtaining an encrypted digital ticket from an authenticated mobile device used for transit applications.
41 Citations
40 Claims
-
1. A method for authenticating a device, comprising:
-
generating authentication information at a host; sending a request to authenticate the device, wherein the request includes at least a portion of the authentication information; receiving a response to the request at the host, wherein the response includes encrypted information and an anonymous identifier of the device that does not provide readable identification information to an entity other than the host; and authenticating the device using the encrypted information and the anonymous identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable medium storing computer software for authenticating a device, the computer software comprising:
-
executable code that generates authentication information at a host; executable code that sends a request to authenticate the device, wherein the request includes at least a portion of the authentication information; executable code that receives a response to the request from the device, wherein the response includes encrypted information and an anonymous identifier of the device that does not provide readable identification information to an entity other than the host; and executable code that authenticates the device using the encrypted information and the anonymous identifier. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for authenticating a device, comprising:
-
receiving, at the device, a request to authenticate the device; generating a response to the request; and sending the response to a host, wherein the response includes encrypted information and an anonymous identifier of the device that does not provide readable identification information to an entity other than the host and wherein the response authenticates the device to the host. - View Dependent Claims (23, 24, 25, 26, 27)
-
-
28. A non-transitory computer readable medium storing computer software for authenticating a device, the computer software comprising:
-
executable code that receives a request to authenticate the device; executable code that generates a response to the request; and executable code that sends the response to a host, wherein the response includes encrypted information and an anonymous identifier of the device that does not provide readable identification information to an entity other than the host and wherein the response authenticates the device to the host. - View Dependent Claims (29, 30, 31, 32, 33)
-
-
34. A system for authenticating a device, comprising:
-
a host; and a device that authenticates to the host, wherein the host includes a non-transitory computer readable medium that includes; executable code that generates authentication information at the host;
executable code that sends a request to authenticate the device, wherein the request includes at least a portion of the authentication information;
executable code that receives a response to the request from the device, wherein the response includes encrypted information and an anonymous identifier of the device that does not provide readable identification information to an entity other than the host; and
executable code that authenticates the device using the encrypted information and the anonymous identifier,and wherein the device includes a non-transitory computer readable that includes;
executable code that receives the request;
executable code that generates the response; and
executable code that sends the response to the host, wherein the response authenticates the device to the host. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
Specification