Challenge-Response Authentication Using a Masked Response Value

US 20140153714A1
Filed: 11/30/2012
Published: 06/05/2014
Est. Priority Date: 11/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method for a second device to be authenticated by a first device, the method performed by the second device and comprising:

the second device receiving from the first device a challenge value and a hiding value;

the second device computing a masked response value using the challenge value, the hiding value, and secret information known to the second device;

the second device sending to the first device the masked response value for comparison to an expected masked response value.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Challenge-response authentication protocols are disclosed herein, including systems and methods for a first device to authenticate a second device. In one embodiment, the following operations are performed by the first device: (a) sending to the second device: (i) a challenge value corresponding to an expected response value known by the first device, and (ii) a hiding value; (b) receiving from the second device a masked response value; (c) obtaining an expected masked response value from the expected response value and the hiding value; and (d) determining whether the expected masked response value matches the masked response value received from the second device. The operations from the perspective of the second device are also disclosed, which in some embodiments include computing the masked response value using the challenge value, the hiding value, and secret information known to the second device.

38 Citations

View as Search Results

20 Claims

1. A method for a second device to be authenticated by a first device, the method performed by the second device and comprising:
- the second device receiving from the first device a challenge value and a hiding value;
  
  the second device computing a masked response value using the challenge value, the hiding value, and secret information known to the second device;
  
  the second device sending to the first device the masked response value for comparison to an expected masked response value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising repeating the method using a different hiding value received from the first device.
  - 3. The method of claim 1, wherein said computing the masked response value comprises first computing a response value using the challenge value and the secret information, and then computing the masked response value using the response value and the hiding value.
  - 4. The method of claim 1, wherein said computing the masked response value comprises first computing a cryptographic hash of a message comprising the challenge value and the secret information to obtain a response value, and then computing a cryptographic hash of another message comprising the response value and the hiding value to obtain the masked response value.
  - 5. The method of claim 4, wherein the cryptographic hash used to obtain the response value is the same as the cryptographic hash used to obtain the masked response value.
  - 6. The method of claim 1, wherein said computing the masked response value comprises computing a cryptographic hash of a message comprising the challenge value, the hiding value, and the secret information.
  - 7. The method of claim 6, wherein the cryptographic hash is one that is progressively computed and is the same as a cryptographic hash used by the first device to compute the expected masked response value.
  - 8. The method of claim 1, wherein the expected masked response value is to be computed by the first device using the hiding value and an expected response value known by the first device and corresponding to the challenge value.
  - 9. The method of claim 1, wherein the secret information is not known to the first device.
  - 10. The method of claim 1, wherein the first device is a mobile device and the second device is a battery.

11. A device comprising:
- a memory configured to store secret information;
  
  an interface configured to receive from another device a challenge value and a hiding value, and to send to the another device a masked response value for comparison to an expected masked response value; and
  
  a processor configured to compute the masked response value using the challenge value, the hiding value, and the secret information.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The device of claim 11, wherein the interface is further configured to receive from the another device different hiding values such that a subsequent hiding value received from the another device and used in computing a subsequent masked response value is different from the hiding value.
  - 13. The device of claim 11, wherein the processor is configured to compute the masked response value by first computing a response value using the challenge value and the secret information, and then computing the masked response value using the response value and the hiding value.
  - 14. The device of claim 11, wherein the processor is configured to compute the masked response value by first computing a cryptographic hash of a message comprising the challenge value and the secret information to obtain a response value, and then computing a cryptographic hash of another message comprising the response value and the hiding value to obtain the masked response value.
  - 15. The device of claim 11, wherein the processor is configured to compute the masked response value by computing a cryptographic hash of a message comprising the challenge value, the hiding value, and the secret information.
  - 16. The device of claim 11, wherein the expected masked response value is to be computed by the another device using the hiding value and an expected response value known by the another device and corresponding to the challenge value.
  - 17. The device of claim 11, wherein the device is a battery and the another device is a mobile device.

18. A processor readable medium having stored thereon processor readable instructions for a second device to be authenticated by a first device;
- the processor readable instructions, when executed, cause the second device to perform operations comprising;
  
  receiving from the first device a challenge value and a hiding value;
  
  computing a masked response value using the challenge value, the hiding value, and secret information known to the second device;
  
  sending to the first device the masked response value for comparison to an expected masked response value.
- View Dependent Claims (19, 20)
- - 19. The processor readable medium of claim 18, wherein the instructions, when executed, further cause the second device to repeat the operations using a different hiding value received from the first device.
  - 20. The processor readable medium of claim 18, wherein said computing the masked response value comprises either:
    - first computing a cryptographic hash of a message comprising the challenge value and the secret information to obtain a response value, and then computing a cryptographic hash of another message comprising the response value and the hiding value to obtain the masked response value;
      
      orcomputing a cryptographic hash of a message comprising the challenge value, the hiding value, and the secret information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Lambert, Robert John

Granted Patent

US 9,369,290 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/28
CPC Class Codes

H04L 2209/04   Masking or blinding

H04L 9/3236   using cryptographic hash fu...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

Challenge-Response Authentication Using a Masked Response Value

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Challenge-Response Authentication Using a Masked Response Value

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others