METHOD OF AUTHENTICATING A FIRST AND A SECOND ENTITY AT A THIRD ENTITY

US 20140057601A1
Filed: 12/22/2011
Published: 02/27/2014
Est. Priority Date: 12/30/2010
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a first entity and a second entity by using a third entity, said first and third entities sharing a first secret key, said second and third entities sharing a second secret key, wherein the method comprises steps of:

the third entity sending to the first entity a challenge,the first entity using the first secret key to calculate an authentication value on the basis of the received challenge,the first entity sending the second entity the calculated authentication value,the second entity using a cipher algorithm parameterized by the second secret key to calculate an authentication response, on the basis of a token that is known to the third entity and to the second entity and on the basis of the authentication value received from the first entity,the second entity sending to the third entity the authentication response,the third entity using the first and second secret keys to calculate an expected authentication response, on the basis of the token and the challenge, andthe received authentication response being compared with the calculated expected authentication response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for authenticating a first entity and a second entity at a third entity. The first and third entities share a first secret key, and the second and third entities share a second secret key. The method includes steps of: dispatching by the third entity to the first entity of a challenge, calculation by the first entity, using the first secret key, of an authentication value; dispatching by the first entity to the second entity the authentication value, calculation by the second entity, using the second secret key, of an authentication response; dispatching by the second entity to the third entity of the authentication response; calculation by the third entity of an expected authentication response; and comparison of the authentication response received with the expected calculated authentication response.

6 Citations

View as Search Results

12 Claims

1. A method for authenticating a first entity and a second entity by using a third entity, said first and third entities sharing a first secret key, said second and third entities sharing a second secret key, wherein the method comprises steps of:
- the third entity sending to the first entity a challenge,the first entity using the first secret key to calculate an authentication value on the basis of the received challenge,the first entity sending the second entity the calculated authentication value,the second entity using a cipher algorithm parameterized by the second secret key to calculate an authentication response, on the basis of a token that is known to the third entity and to the second entity and on the basis of the authentication value received from the first entity,the second entity sending to the third entity the authentication response,the third entity using the first and second secret keys to calculate an expected authentication response, on the basis of the token and the challenge, andthe received authentication response being compared with the calculated expected authentication response.
- View Dependent Claims (4, 5, 6, 7)
- - 4. The method as claimed in claim 1, comprising, if the received authentication response is not equal to the calculated response, the following steps implemented by the third entity:
    - deciphering the received authentication response using the second secret key,verifying that the deciphered response comprises the token.
  - 5. The method as claimed in claim 4, comprising, if the verifying is positive:
    - calculation of an expected value on the basis of the challenge and the first secret key, and verification that the deciphered response comprises the expected value.
  - 6. The method as claimed in claim 1, in which the token comprises a plurality of padding bits.
  - 7. The method as claimed in claim 1, in which the token comprises part of the challenge.

2. A method for authenticating a first and a second entity by using a third entity, said first and third entities sharing a first secret key, said second and third entities sharing a second secret key, wherein the method comprises steps of:
- a challenge being sent to the first entity,a cipher algorithm, which is parameterized by the second secret key, being used to calculate an expected authentication response, on the basis of a token that is known to the third entity and to the second entity, and a signature for the challenge using the first secret key,a response to said challenge being received from the second entity, andthe received response being compared with the calculated authentication response.

3. A method for authenticating a group made up of at least two entities with a third entity, the third entity and a first entity from the group sharing a first secret key, the third entity and a second entity from the group sharing a second secret key, wherein said method comprises steps of:
- a challenge being received from the third entity,the first entity from the group using the first secret key to calculate an authentication value on the basis of the received challenge,the first entity sending to the second entity from the group the calculated authentication value,the second entity from the group using a cipher algorithm parameterized by the second secret key to calculate an authentication response, on the basis of a token that is known to the third entity and to the second entity and on the basis of the authentication value received from the first entity, andthe second entity from the group sending to the third entity the calculated authentication response.

8. An authentication device configured to authenticate a first and a second entity, said device sharing a first secret key with the first entity, and a second secret key with the second entity, wherein said device comprises:
- sending means for sending a challenge to the first entity,calculation means for calculating, using a cipher algorithm, which is parameterized by the second secret key, an expected authentication response, on the basis of a token that is known to the authentication device and to the second entity, and a signature for the challenge using the first secret key,reception means for receiving a response to said challenge from the second entity, andcomparison means for comparing the received response with the calculated authentication response.

9. A system comprising:
- set of two entities comprising a first and a second entity, said set being configured for being authenticated by an authentication device, the authentication device sharing a first secret key with the first entity and a second key with the second entity, wherein said set comprises;
  
  reception means for receiving a challenge from the authentication device,first calculation means configured so that the first entity from the set uses the first secret key to calculate an authentication value on the basis of the challenge,transmission means configured so that the first entity transmits the authentication value to the second entity from the group,second calculation means configured so that the second entity uses a cipher algorithm parameterized by the second secret key to calculate an authentication response, on the basis of a token that is known to the authentication device and to the second entity and on the basis of the authentication value received from the first entity in the set, andsending means for sending to the authentication device the calculated authentication response.
- View Dependent Claims (10)
- - 10. The system of claim 9, further comprising:
    - the authentication device.

11. A non-transitory data storage medium comprising a computer program stored thereon and able to be loaded into the internal memory of an authentication device, the program comprising code portions for executing steps of a method for authenticating a first and a second entity by using the authentication device, when the program is executed on said authentication device, said first and third entities sharing a first secret key and said second and third entities sharing a second secret key, wherein the method comprises:
- sending a challenge from the authentication device to the first entity,using a cipher algorithm that is parameterized by the second secret key to calculate an expected authentication response on the basis of a token that is known to the authentication device and to the second entity, and a signature for the challenge using the first secret key,receiving a response to said challenge from the second entity, andcomparing the received response with the calculated authentication response.

12. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
Michau, Benoit, Robshaw, Matthew

Granted Patent

US 9,008,624 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/062   Pre-authentication

H04W 88/02   Terminal devices

METHOD OF AUTHENTICATING A FIRST AND A SECOND ENTITY AT A THIRD ENTITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

6 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

METHOD OF AUTHENTICATING A FIRST AND A SECOND ENTITY AT A THIRD ENTITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others