TAMPER-RESISTANT AND SCALABLE MUTUAL AUTHENTICATION FOR MACHINE-TO-MACHINE DEVICES
First Claim
1. A method, comprising:
- sending an authentication request message from a first computing device to a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device;
receiving a challenge message at the first computing device from the second computing device;
in response to the challenge message, computing a session key at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device;
upon generating the session key, the first computing device extracting a value from the challenge message and generating an authentication delegate based on the extracted value; and
sending the authentication delegate from the first computing device to a third computing device for verification to allow the first computing device access to the third computing device.
4 Assignments
0 Petitions
Accused Products
Abstract
An authentication request message is sent from a first computing device to a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device. A challenge message is received at the first computing device from the second computing device. In response to the challenge message, a session key is computed at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device. Upon generating the session key, the first computing device extracts a value from the challenge message and generates an authentication delegate based on the extracted value. The authentication delegate is sent from the first computing device to a third computing device for verification to allow the first computing device access to the third computing device.
-
Citations
23 Claims
-
1. A method, comprising:
-
sending an authentication request message from a first computing device to a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device; receiving a challenge message at the first computing device from the second computing device; in response to the challenge message, computing a session key at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device; upon generating the session key, the first computing device extracting a value from the challenge message and generating an authentication delegate based on the extracted value; and sending the authentication delegate from the first computing device to a third computing device for verification to allow the first computing device access to the third computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
receiving an authentication request message from a first computing device at a second computing device, wherein the first computing device and the second computing device communicate via a machine-to-machine communication protocol, and wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device; decrypting the token and verifying the integrity of the token at the second computing device; upon token integrity verification, computing a session key at the second computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device; sending a challenge message to the first computing device from the second computing device; and sending information for authentication delegation from the second computing device to a third computing device to allow the first computing device access to the third computing device. - View Dependent Claims (16, 17, 18)
-
-
19. An apparatus, comprising:
-
a memory; and a processor coupled to the memory, wherein the memory and processor are associated with a first computing device that is in machine-to-machine communication with a second computing device, and wherein the memory and processor are configured to; send an authentication request message from the first computing device to the second computing device, wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device; receive a challenge message at the first computing device from the second computing device; in response to the challenge message, compute a session key at the key obfuscation block of the first computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device; upon generating the session key, the first computing device extracting a value from the challenge message and generating an authentication delegate based on the extracted value; and sending the authentication delegate from the first computing device to a third computing device for verification to allow the first computing device access to the third computing device. - View Dependent Claims (20)
-
-
21. An apparatus, comprising:
-
a memory; and a processor coupled to the memory, wherein the memory and processor are associated with a second computing device that is in machine-to-machine communication with a first computing device, and wherein the memory and processor are configured to; receive an authentication request message from the first computing device at the second computing device, wherein the authentication request comprises a token issued by the second computing device and stored in a key obfuscation block of the first computing device; decrypt the token and verify the integrity of the token at the second computing device; upon token integrity verification, compute a session key at the second computing device, wherein the session key is computed based on a secret shared between the first computing device and the second computing device; send a challenge message to the first computing device from the second computing device; and send information for authentication delegation from the second computing device to a third computing device to allow the first computing device access to the third computing device. - View Dependent Claims (22)
-
-
23. A method, comprising:
authenticating a client device associated with an electric vehicle by an authentication server associated with a grid charging infrastructure, wherein the client device and the authentication server communicate via a machine-to-machine communication protocol, and wherein the authentication comprises use of a token issued by the authentication server and stored in a key obfuscation block of the client device, such that, once the client device is authenticated via the token, the client device is able to access a charging station associated with the grid charging infrastructure.
Specification