Challenge-Response Authentication Using a Masked Response Value

US 20140156998A1
Filed: 11/30/2012
Published: 06/05/2014
Est. Priority Date: 11/30/2012
Status: Active Grant

First Claim

Patent Images

1. A method for a first device to authenticate a second device, the method performed by the first device and comprising:

the first device sending to the second device a challenge value corresponding to an expected response value known by the first device, and a hiding value;

the first device receiving from the second device a masked response value;

the first device obtaining an expected masked response value from the expected response value and the hiding value;

the first device determining whether the expected masked response value matches the masked response value received from the second device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Challenge-response authentication protocols are disclosed herein, including systems and methods for a first device to authenticate a second device. In one embodiment, the following operations are performed by the first device: (a) sending to the second device: (i) a challenge value corresponding to an expected response value known by the first device, and (ii) a hiding value; (b) receiving from the second device a masked response value; (c) obtaining an expected masked response value from the expected response value and the hiding value; and (d) determining whether the expected masked response value matches the masked response value received from the second device. The operations from the perspective of the second device are also disclosed, which in some embodiments include computing the masked response value using the challenge value, the hiding value, and secret information known to the second device.

40 Citations

View as Search Results

20 Claims

1. A method for a first device to authenticate a second device, the method performed by the first device and comprising:
- the first device sending to the second device a challenge value corresponding to an expected response value known by the first device, and a hiding value;
  
  the first device receiving from the second device a masked response value;
  
  the first device obtaining an expected masked response value from the expected response value and the hiding value;
  
  the first device determining whether the expected masked response value matches the masked response value received from the second device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising repeating the method using a different hiding value.
  - 3. The method of claim 1, wherein the masked response value received from the second device was computed by the second device using the challenge value, the hiding value, and secret information known to the second device.
  - 4. The method of claim 3, wherein the secret information is not known to the first device, and the challenge value and the expected response value are stored on the first device.
  - 5. The method of claim 1, wherein said obtaining the expected masked response value from the expected response value and the hiding value comprises computing the expected masked response value by performing a cryptographic hash of a message that comprises the expected response value and the hiding value.
  - 6. The method of claim 5, wherein the expected masked response value is computed as xmaskres=cryptographic hash(xres∥
    - h), where xmaskres is the expected masked response value, cryptographic hash(•
      
      ) is the cryptographic hash, xres is the expected response, h is the hiding value, and ∥
      
      represents concatenation.
  - 7. The method of claim 5, wherein the cryptographic hash is one that is progressively computed and is the same as a cryptographic hash used by the second device to compute the masked response value.
  - 8. The method of claim 7, wherein the cryptographic hash does not incorporate a value representing a length of the message into the input of the cryptographic hash.
  - 9. The method of claim 1, wherein the first device is a mobile device and the second device is a battery.

10. An device comprising:
- a memory configured to store a challenge value and an expected response value corresponding to the challenge value; and
  
  an interface configured to send to another device the challenge value and a hiding value, and to receive a masked response value from the another device;
  
  the device configured to obtain an expected masked response value from the expected response value and the hiding value, and to determine whether the expected masked response value matches the masked response value received from the another device.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The device of claim 10, further comprising a processor configured to compute the expected masked response value from the expected response value and the hiding value and to determine whether the expected masked response value matches the masked response value.
  - 12. The device of claim 10, wherein the device is a mobile device and the another device is a battery.
  - 13. The device of claim 10, wherein the device is further configured to obtain different hiding values such that a subsequent hiding value sent to the another device and used in obtaining a subsequent expected masked response value is different from the hiding value.
  - 14. The device of claim 10, wherein the masked response value received from the another device was computed by the another device using the challenge value, the hiding value, and secret information known to the another device.
  - 15. The device of claim 14, wherein the secret information is not known to the device.
  - 16. The device of claim 10, wherein the device is configured to compute the expected masked response value by performing a cryptographic hash of a message that comprises the expected response value and the hiding value.

17. A processor readable medium having stored thereon processor readable instructions that, when executed, cause a first device to authenticate a second device by performing operations comprising:
- sending to the second device a challenge value corresponding to an expected response value known by the first device, and a hiding value;
  
  receiving from the second device a masked response value;
  
  obtaining an expected masked response value from the expected response value and the hiding value;
  
  determining whether the expected masked response value matches the masked response value received from the second device.
- View Dependent Claims (18, 19, 20)
- - 18. The processor readable medium of claim 17, wherein the instructions, when executed, further cause the first device to repeat the operations using a different hiding value.
  - 19. The processor readable medium of claim 17, wherein the masked response value received from the second device was computed by the second device using the challenge value, the hiding value, and secret information known to the second device.
  - 20. The processor readable medium of claim 19, wherein the secret information is not known to the first device, and the challenge value and the expected response value are stored on the first device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Certicom Corporation (Blackberry Limited)
Inventors
Lambert, Robert John

Granted Patent

US 9,727,720 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 2221/2103   Challenge-response

H04L 9/3236   using cryptographic hash fu...

H04L 9/3271   using challenge-response

H04L 9/3273   for mutual authentication n...

Challenge-Response Authentication Using a Masked Response Value

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Challenge-Response Authentication Using a Masked Response Value

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others