Method for amortizing authentication overhead

US 7,080,046 B1
Filed: 10/06/2000
Issued: 07/18/2006
Est. Priority Date: 09/06/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating transferred data between a sender computer and a receiver computer over an open network, the method comprising the steps of:

establishing a first secure transmission of data between the sender computer and the receiver computer;

assigning a value to a variable N where the value of N is a positive number and defines a selected number of additional transmissions;

transmitting selected authentication information including N number of tokens and a checksum value from the sender computer to the receiver computer during the first secure transmission so as to allow the sender computer to authenticate itself, each of the N number of tokens being a unique identifier;

transmitting an acknowledgment from the receiver computer to the sender computer, upon successful receipt and processing of the first transmission by the receiver computer;

establishing at least one additional transmission of data between the sender computer and the receiver computer;

transmitting the data and at least one of the N tokens from the sender computer to the receiver computer during the at least one additional transmission;

comparing the at least one of the N tokens transmitted from the sender computer during the additional transmission to each of the tokens transmitted from the sender computer during the one or more previous transmissions to determine whether the most recent additional transmission is authentic;

establishing a second secure transmission between the sender computer and the receiver computer;

assigning a second value to the variable N where the second value of N is a positive number and defines a second selected number of additional transmissions; and

transmitting the second value of N, a second value of N number of tokens, and a second checksum value to be used to authenticate the sender computer, from the sender computer to the receiver computer, each of the second N number of tokens being a unique identifier.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for amortizing the authentication overhead of data transmissions. The method comprises establishing a first secure transmission of data between a transmitter and a receiver by transmitting at least one token to the receiver during the first secure transmission. There may be any number of senders and receivers, and any receivers may be a sender and vice versa. The method also comprises establishing at least one additional transmission of data between the sender and the receiver and transmitting the data and at least one token during the at least one additional transmission. In addition, the method compares the at least one token transmitted during the at least one additional transmission to the token transmitted during the first secure transmission to guarantee the authenticity of that at least one additional transmission.

The method may also include transmitting a preselected number of tokens during the first secure transmission. The number of additional transmissions may or may not correspond to the preselected number of tokens. The at least one additional transmission may be conducted over an unsecure connection using open communication. The first secure transmission may be protected or encrypted.

Citations

21 Claims

1. A method for authenticating transferred data between a sender computer and a receiver computer over an open network, the method comprising the steps of:
- establishing a first secure transmission of data between the sender computer and the receiver computer;
  
  assigning a value to a variable N where the value of N is a positive number and defines a selected number of additional transmissions;
  
  transmitting selected authentication information including N number of tokens and a checksum value from the sender computer to the receiver computer during the first secure transmission so as to allow the sender computer to authenticate itself, each of the N number of tokens being a unique identifier;
  
  transmitting an acknowledgment from the receiver computer to the sender computer, upon successful receipt and processing of the first transmission by the receiver computer;
  
  establishing at least one additional transmission of data between the sender computer and the receiver computer;
  
  transmitting the data and at least one of the N tokens from the sender computer to the receiver computer during the at least one additional transmission;
  
  comparing the at least one of the N tokens transmitted from the sender computer during the additional transmission to each of the tokens transmitted from the sender computer during the one or more previous transmissions to determine whether the most recent additional transmission is authentic;
  
  establishing a second secure transmission between the sender computer and the receiver computer;
  
  assigning a second value to the variable N where the second value of N is a positive number and defines a second selected number of additional transmissions; and
  
  transmitting the second value of N, a second value of N number of tokens, and a second checksum value to be used to authenticate the sender computer, from the sender computer to the receiver computer, each of the second N number of tokens being a unique identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 20)
- - 2. The method set forth in claim 1, wherein the at least one token comprises a preselected number of tokens.
  - 3. The method set forth in claim 2, wherein the number of at least one transmissions corresponds to the preselected number of tokens.
  - 4. The method set forth in claim 3, wherein the at least one additional transmission is sent in plaintext.
  - 5. The method set forth in claim 2, wherein the number of at least one transmissions is greater than the preselected number of tokens.
  - 6. The method set forth in claim 2, wherein the number of at least one transmissions is less than the preselected number of tokens.
  - 7. The method set forth in claim 6, wherein the at least one additional transmission is sent in plaintext.
  - 8. The method set forth in claim 2, wherein the first secure transmission is encrypted.
  - 9. The method set forth in claim 8, wherein the transmitted checksum value is based upon checksum values transmitted during previous transmissions.
  - 10. The method set forth in claim 1, wherein the at least one additional transmission is conducted over an unsecure or open connection.
  - 11. The method set forth in claim 1, wherein the first secure transmission is encrypted.
  - 12. The method set forth in claim 1, wherein the at least one additional transmission is sent in plaintext.
  - 13. The method set forth in claim 1, further comprising the steps of transmitting a checksum value during the first transmission and having the receiver verify that the checksum value is accurate by comparing the transmitted value to a equivalent value generated using a similar checksum algorithm.
  - 14. The method set forth in claim 1, wherein the additional transmissions are variable and adaptively selected, at least in part, based upon the performance overhead of the system.
  - 15. The method set forth in claim 1, wherein the additional transmissions are variable and adaptively selected, at least in part, based upon monitored conditions.
  - 20. The method set forth in claim 14, wherein the algorithm is a statistical averaging algorithm.

16. A method for securely transferring data between a client computer and a server over an open network, the method comprising the steps of:
- establishing a first secure transmission between the client computer and the server which is encrypted;
  
  assigning a preselected value to a variable N where the preselected value of N is a positive number and defines a selected number of additional transmissions;
  
  transmitting selected authentication information including the preselected value of N number of tokens and a checksum value from the client computer to the server during the first secure transmission so as to allow the sender computer to authenticate itself, each of the N number of tokens being a unique identifier;
  
  transmitting an acknowledgment from the server to the client computer, upon successful receipt and processing of the first transmission by the client computer;
  
  establishing additional transmissions between the client computer and the server corresponding to the preselected number of tokens N;
  
  transmitting the data, one of the preselected value of N number of tokens and the checksum value from the client computer to the server during each additional transmission;
  
  during each additional transmission, comparing the token transmitted from the client computer to the server during such additional transmission to the corresponding token transmitted during the first secure transmission to determine whether the additional transmission is authentic;
  
  establishing a second secure transmission between the client computer and the server;
  
  assigning a second value to the variable N where the second value of N is a positive number and defines a second selected number of additional transmissions; and
  
  transmitting the second value of N, a second value of N number of tokens, and a second checksum value to be used to authenticate the client computer, from the client computer to the server, each of the second N number of tokens being a unique identifier.
- View Dependent Claims (17, 18, 19)
- - 17. The method set forth in claim 16, wherein the additional transmissions are sent in plaintext.
  - 18. The method set forth in claim 16, further comprising the steps of transmitting a checksum value during the first transmission and having the receiver computer verify that the checksum value is accurate by comparing the transmitted checksum value to a checksum value generated using an equivalent algorithm.
  - 19. The method set forth in claim 16, wherein the transmitted checksum value is based upon checksum values transmitted during previous transmissions during this transaction.

21. A method for authenticating transferred data between a sender computer and a receiver computer over an open network, the method comprising the steps of:
- establishing a first secure transmission of data between the sender computer and the receiver computer;
  
  assigning a value to a variable N where the value of N is a positive number and defines a selected number of additional transmissions;
  
  transmitting selected authentication information including N number of tokens and a checksum value from the sender computer to the receiver computer during the first secure transmission so as to allow the sender computer to authenticate itself, each of the N number of tokens being a unique identifier;
  
  transmitting an acknowledgement from the receiver computer to the sender computer, upon successful receipt and processing of the first transmission by the receiver computer;
  
  establishing at least one additional transmission of data between the sender computer and the receiver computer;
  
  transmitting the data and at least one of the N tokens from the sender computer to the receiver computer during the at least one additional transmission;
  
  comparing the at least one of the N tokens transmitted from the sender computer during the additional transmission to each of the tokens transmitted from the the sender computer during the one or more previous transmission(s) to determine whether the most recent additional transmission is authentic; and
  
  establishing a second secure transmission between the sender computer and the receiver computer;
  
  assigning a second value to the variable N where the second value of N is a positive number and defines a second selected number of additional transmissions;
  
  transmitting the second value of N, a second value of N number of tokens, and a second checksum value to be used to authenticate the sender computer, from the sender computer to the receiver computer, each of the second N number of tokens being a unique identifier; and
  
  each of the additional transmissions being variable and adaptively selected, at least in part, based upon a set of criteria used in an algorithm to determine the number of additional transmissions, the criteria being selected from a group consisting of the frequency of transmissions between the sender computer and the receiver computer, the closeness of the sender computer to the source of the transactions, and the usage patterns of the sender computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Digital Life, Inc. (AT&T, Inc.)
Original Assignee
Xanboo Inc (AT&T, Inc.)
Inventors
Rezvani, Babak, Chen, Jack L.
Primary Examiner(s)
HEWITT II, CALVIN L

Application Number

US09/684,012
Time in Patent Office

2,111 Days
Field of Search

705/1, 705/50, 705/51, 705/64, 705/26, 705/75
US Class Current

705/64
CPC Class Codes

G06F 21/31   User authentication

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

G06Q 30/0601   Electronic shopping [e-shop...

H04L 41/00   Arrangements for maintenanc...

H04L 63/08   for authentication of entit...

H04L 63/123   received data contents, e.g...

H04L 63/18   using different networks or...

Method for amortizing authentication overhead

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method for amortizing authentication overhead

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links