TECHNIQUES FOR ENSURING AUTHENTICATION AND INTEGRITY OF COMMUNICATIONS

US 20150163058A1
Filed: 01/12/2015
Published: 06/11/2015
Est. Priority Date: 06/26/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented communication method comprising:

sending a request from a first module to a second module, the request comprising a first portion that is a shared secret encrypted with a public key of an asymmetric key pair, the request comprising a second portion identifying a right associated with the request, the shared secret comprising a session key associated with a communication session between the first module and the second module, the session key having a size in a range of bytes and generated based upon the public key and a current time; and

receiving a response to the request from the second module, the response comprising authentication data based upon the shared secret, a token that is unique for the response, and a version number associated with an application corresponding to the request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for ensuring data integrity and authentication of received messages. One technique includes sending a request from a first module to a second module in which the request includes a first portion that is a shared secret encrypted with a public key, obtaining by the second module a private key from a secure and trusted information store, such as a license information store, including license information or other application specific information for the first module, using the private key to decrypt the first portion and obtain the shared secret, sending a response from the second module to the first module in which the response includes authentication data and at least one data item used with the shared secret to determine the authentication data, and performing by the first module verification processing to verify the authentication data included in the response.

55 Citations

View as Search Results

20 Claims

1. A computer-implemented communication method comprising:
- sending a request from a first module to a second module, the request comprising a first portion that is a shared secret encrypted with a public key of an asymmetric key pair, the request comprising a second portion identifying a right associated with the request, the shared secret comprising a session key associated with a communication session between the first module and the second module, the session key having a size in a range of bytes and generated based upon the public key and a current time; and
  
  receiving a response to the request from the second module, the response comprising authentication data based upon the shared secret, a token that is unique for the response, and a version number associated with an application corresponding to the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, the sending a request comprising:
    - sending the request from a first computer comprising the first module.
  - 3. The method of claim 1, the sending a request comprising:
    - sending the request to a second computer comprising the second module.
  - 4. The method of claim 1, the receiving a response comprising:
    - receiving the response comprising encrypted data.
  - 5. The method of claim 1, the receiving a response comprising:
    - receiving the response comprising an encrypted hash value.
  - 6. The method of claim 1, comprising:
    - performing verification processing of at least some of the response.
  - 7. The method of claim 1, comprising:
    - performing verification processing of the authentication data using the public key.

8. A system comprising:
- one or more processing units; and
  
  memory comprising instructions that when executed by at least one of the one or more processing units perform a method comprising;
  
  sending a request from a first module to a second module;
  
  receiving a response to the request from the second module, the response comprising a digital signature formed using a private key of an asymmetric key pair and at least one data item; and
  
  performing, by the first module, verification processing using a public key of the asymmetric key pair to verify the digital signature comprised in the response.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, the receiving a response comprising:
    - receiving the response comprising a hash value encrypted using the private key.
  - 10. The system of claim 8, the performing the verification processing comprising:
    - computing a hash value using the at least one data item; and
      
      using the public key of the asymmetric key pair to verify the hash value against the digital signature comprised in the response.
  - 11. The system of claim 9, the hash value comprising a version number and at least one of a nonce or response data.
  - 12. The system of claim 8, the asymmetric key pair from a license information store comprising license information.
  - 13. The system of claim 8, the sending a request comprising:
    - sending the request from a first computer comprising the first module.
  - 14. The system of claim 8, the sending a request comprising:
    - sending the request to a second computer comprising the second module.

15. A computer readable storage medium comprising executable code stored thereon for:
- sending a request from a first module to a second module, the request comprising a first portion that is a shared secret encrypted with a public key of an asymmetric key pair, the request comprising a second portion identifying a right associated with the request, the shared secret comprising a session key associated with a communication session between the first module and the second module, the session key generated based upon the public key; and
  
  receiving a response to the request from the second module, the response comprising authentication data based upon the shared secret and a token.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer readable storage medium of claim 15, the sending a request comprising:
    - sending the request from a first computer comprising the first module to a second computer comprising the second module.
  - 17. The computer readable storage medium of claim 15, the receiving a response comprising:
    - receiving the response comprising encrypted data.
  - 18. The computer readable storage medium of claim 15, the receiving a response comprising:
    - receiving the response comprising an encrypted hash value.
  - 19. The computer readable storage medium of claim 15, comprising executable code stored thereon for:
    - performing verification processing of at least some of the response.
  - 20. The computer readable storage medium of claim 15, comprising executable code stored thereon for:
    - performing verification processing of the authentication data using the public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Hsu, Wen-Pin Scott, Soulami, Tarik, Zagorski, Mark, Zhang, Ning, Perlman, Brian

Granted Patent

US 9,847,880 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/125   by manipulating the program...

G06F 21/31   User authentication

G06F 21/608   Secure printing

G06F 2221/2103   Challenge-response

G06F 2221/2107   File encryption

G06F 2221/2137   Time limited access, e.g. t...

H04L 2209/60   Digital content management,...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 9/08   Key distribution or managem...

H04L 9/30   Public key, i.e. encryption...

H04L 9/32   including means for verifyi...

H04L 9/3242   involving keyed hash functi...

H04L 9/3247   involving digital signatures

H04M 3/16   with lock-out or secrecy pr...

H04W 12/06   Authentication

TECHNIQUES FOR ENSURING AUTHENTICATION AND INTEGRITY OF COMMUNICATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR ENSURING AUTHENTICATION AND INTEGRITY OF COMMUNICATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links