TAMPER-RESISTANT AND SCALABLE MUTUAL AUTHENTICATION FOR MACHINE-TO-MACHINE DEVICES

US 20150113275A1
Filed: 10/18/2013
Published: 04/23/2015
Est. Priority Date: 10/18/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

sending an authentication request message from a first computing device to a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device;

receiving a challenge message at the first computing device from the second computing device;

in response to the challenge message, computing a session key at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device;

upon generating the session key, the first computing device extracting a value from the challenge message and generating an authentication delegate based on the extracted value; and

sending the authentication delegate from the first computing device to a third computing device for verification to allow the first computing device access to the third computing device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication request message is sent from a first computing device to a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device. A challenge message is received at the first computing device from the second computing device. In response to the challenge message, a session key is computed at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device. Upon generating the session key, the first computing device extracts a value from the challenge message and generates an authentication delegate based on the extracted value. The authentication delegate is sent from the first computing device to a third computing device for verification to allow the first computing device access to the third computing device.

Citations

23 Claims

1. A method, comprising:
- sending an authentication request message from a first computing device to a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device;
  
  receiving a challenge message at the first computing device from the second computing device;
  
  in response to the challenge message, computing a session key at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device;
  
  upon generating the session key, the first computing device extracting a value from the challenge message and generating an authentication delegate based on the extracted value; and
  
  sending the authentication delegate from the first computing device to a third computing device for verification to allow the first computing device access to the third computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the authentication request also comprises an identity of the first computing device.
  - 3. The method of claim 1, wherein the token comprises a cipher-text that at least contains the identity of the first computing device, the time that the token was issued by the second computing device, and a public key of the first computing device.
  - 4. The method of claim 3, wherein the cipher-text is encrypted with a token key associated with the first computing device.
  - 5. The method of claim 1, wherein the first computing device is issued the token by the second computing device offline.
  - 6. The method of claim 1, wherein the first computing device is issued the token by the second computing device over the machine-to-machine communication protocol.
  - 7. The method of claim 1, wherein the key obfuscation block further comprises a read current authentication token interface.
  - 8. The method of claim 1, wherein the key obfuscation block further comprises a generate public key interface.
  - 9. The method of claim 1, wherein the key obfuscation block further comprises a compute session key interface.
  - 10. The method of claim 1, wherein the key obfuscation block further comprises a write first authentication token interface.
  - 11. The method of claim 1, wherein the key obfuscation block further comprises an update authentication token only interface.
  - 12. The method of claim 1, wherein the key obfuscation block further comprises an update authentication token with code interface.
  - 13. The method of claim 1, further comprising refreshing the secret shared between the first computing device and the second computing device.
  - 14. An article of manufacture comprising a processor-readable storage medium storing one or more software programs which when executed by a processor perform the steps of the method of claim 1.

15. A method, comprising:
- receiving an authentication request message from a first computing device at a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device;
  
  decrypting the token and verifying the integrity of the token at the second computing device;
  
  upon token integrity verification, computing a session key at the second computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device;
  
  sending a challenge message to the first computing device from the second computing device; and
  
  sending information for authentication delegation from the second computing device to a third computing device to allow the first computing device access to the third computing device.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein the information for authentication delegation comprises an identity of the first computing device and a pair of random numbers chosen by the second computing device.
  - 17. The method of claim 15, further comprising the second computing device removing data associated with the first computing device.
  - 18. An article of manufacture comprising a processor-readable storage medium storing one or more software programs which when executed by a processor perform the steps of the method of claim 15.

19. An apparatus, comprising:
- a memory; and
  
  a processor coupled to the memory, wherein the memory and processor are associated with a first computing device that is in machine-to-machine communication with a second computing device, and wherein the memory and processor are configured to;
  
  send an authentication request message from the first computing device to the second computing device, wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device;
  
  receive a challenge message at the first computing device from the second computing device;
  
  in response to the challenge message, compute a session key at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device;
  
  upon generating the session key, the first computing device extracting a value from the challenge message and generating an authentication delegate based on the extracted value; and
  
  sending the authentication delegate from the first computing device to a third computing device for verification to allow the first computing device access to the third computing device.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19, wherein the first computing device comprises a client device associated with an electric vehicle.

21. An apparatus, comprising:
- a memory; and
  
  a processor coupled to the memory, wherein the memory and processor are associated with a second computing device that is in machine-to-machine communication with a first computing device, and wherein the memory and processor are configured to;
  
  receive an authentication request message from the first computing device at the second computing device, wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device;
  
  decrypt the token and verify the integrity of the token at the second computing device;
  
  upon token integrity verification, compute a session key at the second computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device;
  
  send a challenge message to the first computing device from the second computing device; and
  
  send information for authentication delegation from the second computing device to a third computing device to allow the first computing device access to the third computing device.
- View Dependent Claims (22)
- - 22. The apparatus of claim 21, wherein the second computing device comprises an authentication server associated with a grid charging infrastructure.

23. A method, comprising:
- authenticating a client device associated with an electric vehicle by an authentication server associated with a grid charging infrastructure, wherein the client device and the authentication server communicate via a machine-to-machine communication protocol, and wherein the authentication comprises use of a token issued by the authentication server and stored in a key obfuscation block of the client device, such that, once the client device is authenticated via the token, the client device is able to access a charging station associated with the grid charging infrastructure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent USA, Inc. (Nokia Corporation)
Inventors
Kim, Young Jin, Kolesnikov, Vladimir Y.

Granted Patent

US 11,349,675 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0877   using additional device, e....

H04L 9/0891   Revocation or update of sec...

H04L 9/3234   involving additional secure...

H04L 9/3273   for mutual authentication n...

H04L 9/3278   using physically unclonable...

TAMPER-RESISTANT AND SCALABLE MUTUAL AUTHENTICATION FOR MACHINE-TO-MACHINE DEVICES

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

TAMPER-RESISTANT AND SCALABLE MUTUAL AUTHENTICATION FOR MACHINE-TO-MACHINE DEVICES

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links