Authentication for information exchange over a communication network

US 6,275,934 B1
Filed: 10/16/1998
Issued: 08/14/2001
Est. Priority Date: 10/16/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for authenticating an information exchange between a host and a guest on a network, the host having a host key and the guest having a guest key, the method comprising:

(a) authenticating the guest by an authenticating server, the authenticating server using the host key and the guest key;

(b) the guest authenticating the authenticating server using the guest key; and

(c) the host authenticating the guest and the authenticating server using the host key.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is a method and apparatus for authenticating an information exchange between a host and a guest on a network. The host has a host key and the guest has a guest key. An authenticating server authenticates the guest. The authenticating server uses the host key and the guest key. The guest authenticates the authenticating server using the guest key. The host authenticates the guest and the authenticating server using the host key.

Citations

20 Claims

1. A method for authenticating an information exchange between a host and a guest on a network, the host having a host key and the guest having a guest key, the method comprising:
- (a) authenticating the guest by an authenticating server, the authenticating server using the host key and the guest key;
  
  (b) the guest authenticating the authenticating server using the guest key; and
  
  (c) the host authenticating the guest and the authenticating server using the host key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising:
3. The method of claim 1 wherein (a) authenticating the guest comprises:
- the guest encrypting a message using a guest key;
  
  the guest appending the encrypted message to a parameter list, the parameter listing including a guest identification and a device type;
  
  the guest sending the encrypted message and the appended parameter list to the authenticating server;
  
  the authenticating server decrypting the encrypted message to obtain a decrypted guest code; and
  
  the authenticating server authenticating the guest if the decrypted guest code matches the appended guest identification.
4. The method of claim 1 wherein (b) the guest authenticating the authenticating server comprises:
- the authenticating server encrypting a response using a temporary key, the temporary key being derived from the guest key;
  
  the guest decrypting the encrypted response to obtain a decrypted guest code using the guest key; and
  
  the guest authenticating the authenticating server if the decrypted guest code matches a guest identification.
5. The method of claim 1 wherein (c) the host authenticating the guest and the authenticating server comprises:
- the guest converting a decrypted response from the authenticating server using a temporary key to an encrypted ticket;
  
  the guest appending a guest identification to the encrypted ticket;
  
  the host decrypting the encrypted ticket using the host key; and
  
  the host authenticating the guest and the authenticating server if the decrypted guest code matches the appended guest identification.
6. The method of claim 4 wherein the guest encrypting the message comprises:
- generating a session key;
  
  appending a time to the session key to produce a first message part;
  
  encrypting the first message part using the guest key;
  
  generating second message part, the second message part including a guest identification and a customer identification; and
  
  encrypting the second message part using the temporary key.
7. The method of claim 6 wherein the temporary key is created by:
- generating a data key from a portion of an MD5 digest of the session key; and
  
  creating the temporary key from a portion of an MD5 of the data key.
8. The method of claim 7 wherein the authenticating server decrypting the encrypted message comprises:
- obtaining a secret key according to the device type; and
  
  decrypting the encrypted message using the secret key.
9. The method of claim 8 further comprising:
- the authenticating server determining if the time is within a predetermined range relative to a current time; and
  
  the authenticating server requesting the guest to re-send the message and the parameter list if the time is not within the predetermined range.
10. The method of claim 6 wherein the authenticating server encrypting the response further comprises:
- encrypting the session key and the time using the host key to produce a first response part;
  
  encrypting the guest identification and a customer identification by the temporary key to produce a second response part; and
  
  encrypting the first and second response parts using the temporary key.

11. A system for authenticating an information exchange between a host and a guest on a network, the host having a host key and the guest having a guest key, the system comprising:
- an authenticating server coupled to the guest for authenticating the guest, the authenticating server using the host key and the guest key; and
  
  wherein the guest authenticating the authenticating server using the guest key and the host authenticating the guest and the authenticating server using the host key.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11 wherein the guest initiates a request to the host and the host redirects the guest to connect to the authenticating server in response to the request.
  - 13. The system of claim 11 wherein
14. The system of claim 11 wherein:
- the authenticating server encrypts a response using a temporary key, the temporary key being derived from the guest key;
  
  the guest decrypts the encrypted response to obtain a decrypted guest code using the guest key; and
  
  the guest authenticates the authenticating server if the decrypted guest code matches a guest identification.
15. The system of claim 11 wherein:
- the guest converts a decrypted response from the authenticating server using a temporary key to an encrypted ticket;
  
  the guest appends a guest identification to the encrypted ticket;
  
  the host decrypts the encrypted ticket using the host key; and
  
  the host authenticates the guest and the authenticating server if the decrypted guest code matches the appended guest identification.
16. The system of claim 14 wherein the guestgenerates a session key;
- appends a time to the session key to produce a first message part;
  
  encrypts the first message part using the guest key;
  
  generates a second message part, the second message part including a guest identification and a customer identification; and
  
  encrypts the second message part using the temporary key.
17. The system of claim 16 wherein the temporary key is created from a portion of an MD5 of a data key, the data key being generated from a portion of an MD5 digest of the session key.
18. The system of claim 17 wherein the authenticating server:
- obtains a secret key according to the device type; and
  
  decrypts the encrypted message using the secret key.
19. The system of claim 18 wherein the authenticating server:
- determines if the time is within a predetermined range relative to a current time; and
  
  requests the guest to re-send the message and the parameter list if the time is not within the predetermined range.
20. The system of claim 16 wherein the authenticating server:
- encrypts the session key and the time using the host key to produce a first response part;
  
  encrypts the guest identification and a customer identification by the temporary key to produce a second response part; and
  
  encrypts the first and second response parts using the temporary key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rovi Technologies Corporation (Adeia Inc.)
Original Assignee
Soft Book Press Incorporated
Inventors
Rivlin, John Michael, Conboy, Garth, Sachs, James, Novicov, Aleksey
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
Seal, James

Application Number

US09/173,970
Time in Patent Office

1,033 Days
Field of Search

713/168
US Class Current

713/168
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/33   using certificates

G06F 21/445   by mutual authentication, e...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2115   Third party

H04L 63/0435   wherein the sending and rec...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/40   Network security protocols

Authentication for information exchange over a communication network

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication for information exchange over a communication network

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links