Authentication of a host processor requesting service in a data processing network
First Claim
1. In a data processing network, a method of operating a data processing device to authenticate a host processor requesting service, said method comprising:
- a) the data processing device receiving a request for service from the host processor, and the data processing device responding by returning a first random number to the host processor, and encrypting the first random number using an encryption scheme preassigned to the host processor to produce an encrypted value; and
b) the data processing device receiving encrypted data from the host processor, and authenticating the host processor when the encrypted data from the host processor matches the encrypted value;
wherein the data processing device further responds to the request for service by sending additional random numbers to the host processor, storing the additional random numbers in a list in memory, and encrypting the additional random numbers in the list as a background process relative to receipt of the encrypted data from the host processor to produce a sequence of encrypted values.
7 Assignments
0 Petitions
Accused Products
Abstract
An object is authenticated by transmitting a random number to the object. The object has an integrated circuit chip including a memory and encryption circuitry. The memory stores information defining an encryption scheme preassigned to the object. The encryption circuitry reads the memory, and encrypts the random number according to the encryption scheme defined by the information read from the memory to produce encrypted data. The memory cannot be read from any output of the integrated chip, and the chip is constructed so that it is virtually impossible to recover the information contained in the memory by visual inspection, probing, or disassembly of the chip. The object is authenticated by checking whether the encrypted data is a correct result of encrypting the data using the encryption scheme pressigned to the object. The method can be used in a data processing system to authenticate each message transmitted by a host processor to a data processing device. For example, when a host logs into the data processing device, the data processing device transmits a series of random numbers to the host. The host encrypts the random numbers to produce a series of encrypted data, and the data processing device concurrently encrypts the random numbers to produce a series of encrypted values. The host inserts respective encrypted data into each message, and the data processing device authenticates each message by comparing the encrypted data in the message to a corresponding encrypted value.
-
Citations
16 Claims
-
1. In a data processing network, a method of operating a data processing device to authenticate a host processor requesting service, said method comprising:
-
a) the data processing device receiving a request for service from the host processor, and the data processing device responding by returning a first random number to the host processor, and encrypting the first random number using an encryption scheme preassigned to the host processor to produce an encrypted value; and
b) the data processing device receiving encrypted data from the host processor, and authenticating the host processor when the encrypted data from the host processor matches the encrypted value;
wherein the data processing device further responds to the request for service by sending additional random numbers to the host processor, storing the additional random numbers in a list in memory, and encrypting the additional random numbers in the list as a background process relative to receipt of the encrypted data from the host processor to produce a sequence of encrypted values. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A data processing device comprising, in combination:
-
a data processor; and
a data port for linking the data processor to at least one host processor;
wherein the data processor is programmed to respond to a request for service from the host processor by returning a first random number to the host processor, encrypting the first random number using an encryption procedure preassigned to the host processor to produce an encrypted value, and authenticating the host processor when encrypted data returned by the host processor matches the encrypted value, wherein the data processing device includes a memory, and the data processor is further programmed to respond to the service request by sending additional random numbers to the host processor, storing the additional random numbers in a list in the memory, and encrypting the additional random numbers in the list as a background process relative to receipt of the encrypted data from the host processor to produce a sequence of encrypted values. - View Dependent Claims (7, 8, 9)
-
-
10. A machine-readable program storage device containing a program that is executable by a data processing device to perform an authentication procedure for authenticating a host linked to the data processing device in a data network, said program being executable to respond to a request for service from the host processor by returning a first random number to the host processor, encrypting the first random number using an encryption procedure preassigned to the host processor to produce an encrypted value, and authenticating the host processor when encrypted data returned from the host processor matches the encrypted value,
wherein the program is executable by the data processing device to respond further to the request for service from the host by sending additional random numbers to the host processor, storing the additional random numbers in a list in memory, and encrypting the additional random numbers in the list as a background process relative to receipt of the encrypted data from the host processor to produce a sequence of encrypted values.
-
14. In a data processing network, a method of operating a data processing device to authenticate a host processor requesting service, said method comprising:
-
a) the data processing device receiving a request for service from the host processor, and the data processing device responding by returning a first random number to the host processor, and encrypting the first random number using an encryption scheme preassigned to the host processor to produce an encrypted value; and
b) the data processing device receiving encrypted data from the host processor, and authenticating the host processor when the encrypted data from the host processor matches the first encrypted value;
c) after the host processor has been authenticated, the data processing device further responding to the request for service by sending a list of additional random numbers to the host processor, and encrypting the additional random numbers in the list to produce a sequence of encrypted values; and
d) the data processing device receiving a sequence of encrypted data in subsequent messages from the host processor, and authenticating that the subsequent messages originate from the host processor by comparing the encrypted data in the sequence of encrypted data to the encrypted values in the sequence of encrypted values;
wherein the encrypting of the additional random numbers by the data processing device to produce a sequence of encrypted values is performed as a background process relative to receipt of the encrypted data in the subsequent messages from the host processor.
-
-
15. A data processing device comprising, in combination:
-
a data processor; and
a data port for linking the data processor to at least one host processor;
wherein the data processor is programmed to respond to a request for service from the host processor by returning a first random number to the host processor, encrypting the first random number using an encryption procedure preassigned to the host processor to produce an encrypted value, authenticating the host processor when encrypted data returned by the host processor matches the encrypted value, and after the host processor has been authenticated, sending a list of additional random numbers to the host processor, and encrypting the additional random numbers in the list to produce a sequence of encrypted values, receiving a sequence of encrypted data in subsequent messages from the host processor, and authenticating that the subsequent messages originate from the host processor by comparing the encrypted data in the sequence of encrypted data to the encrypted values in the sequence of encrypted values;
wherein the data processor is programmed to perform the encrypting of the additional random numbers to produce a sequence of encrypted values is performed as a background process relative to receipt of the encrypted data in the subsequent messages from the host processor.
-
-
16. A machine-readable program storage device containing a program that is executable by a data processing device to perform an authentication procedure for authenticating a host linked to the data processing device in a data network, said program being executable to respond to a request for service from the host processor by returning a first random number to the host processor, encrypting the first random number using an encryption procedure preassigned to the host processor to produce an encrypted value, authenticating the host processor when encrypted data returned by the host processor matches the encrypted value, and after the host processor has been authenticated, sending a list of additional random numbers to the host processor, and encrypting the additional random numbers in the list to produce a sequence of encrypted values, receiving a sequence of encrypted data in subsequent messages from the host processor, and authenticating that the subsequent messages originate from the host processor by comparing the encrypted data in the sequence of encrypted data to the encrypted values in the sequence of encrypted values;
wherein the program is executable by the data processor to perform the encrypting of the additional random numbers to produce a sequence of encrypted values as a background process relative to receipt of the encrypted data in the subsequent messages from the host processor.
Specification