Network communication authentication

US 7,275,109 B1
Filed: 04/02/2002
Issued: 09/25/2007
Est. Priority Date: 04/02/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A communication system, for use with a communications network, comprising:

a client configured to communicate with a server via the network and comprising;

an input configured to receive a communication from the server via the network;

memory that includes a data set with identifiable portions, wherein the data set comprises executable code stored in the client prior to receipt of the communication; and

an apparatus coupled to the memory and the input and coupled and configured to select a portion of the executable code of the data set identified by information received at the input, the apparatus being further configured to use the selected portion of the executable code of the data set and a portion of the communication as inputs to an authentication function to produce an authentication result;

wherein the apparatus is further configured to compare the authentication result with an authentication portion of the communication; and

wherein the selected portion of the executable code of the data set is configured to be executed to serve a function independent of being used in accordance with the authentication function.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication system, for use with a communications network, includes a client configured to communicate with the server via the network. The client includes an input configured to receive a communication from a server via the network, a data set with identifiable portions, and an apparatus coupled to the interface and coupled and configured to select a portion of the data set, the apparatus being further configured to process the selected portion of the data set and a portion of the communication in accordance with an authentication function to produce an authentication result, where the selected portion of the data set is configured to serve a function independent of being used in accordance with the authentication function.

42 Citations

View as Search Results

24 Claims

1. A communication system, for use with a communications network, comprising:
- a client configured to communicate with a server via the network and comprising;
  
  an input configured to receive a communication from the server via the network;
  
  memory that includes a data set with identifiable portions, wherein the data set comprises executable code stored in the client prior to receipt of the communication; and
  
  an apparatus coupled to the memory and the input and coupled and configured to select a portion of the executable code of the data set identified by information received at the input, the apparatus being further configured to use the selected portion of the executable code of the data set and a portion of the communication as inputs to an authentication function to produce an authentication result;
  
  wherein the apparatus is further configured to compare the authentication result with an authentication portion of the communication; and
  
  wherein the selected portion of the executable code of the data set is configured to be executed to serve a function independent of being used in accordance with the authentication function.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1 wherein the data set is DSP code data associated with a DSP of the apparatus.
  - 3. The system of claim 2 wherein the apparatus is configured to determine the selected portion of the executable code of the data set by analyzing a range portion of the communication specifying a range of addresses associated with the DSP code data.
  - 4. The system of claim 1 wherein the data set is common to at least one other similarly-configured client.
  - 5. The system of claim 1 wherein the portion of the communication includes at least one of a command and a replay protector.
  - 6. The system of claim 5 wherein the portion of the communication includes both the command and the replay protector, and wherein the replay protector is a counter.
  - 7. The system of claim 1 wherein the apparatus is further configured to process a command portion of the communication only if the authentication result meets at least one predetermined criterion.
  - 8. The system of claim 7 wherein the apparatus is configured to process the command portion of the communication only if the authentication portion of the communication and the authentication result match.
  - 9. The system of claim 1 wherein the portion of the communication includes a counter value, and wherein the apparatus is further configured to process a command portion of the communication only if the counter value meets at least one predetermined counter criterion.
  - 10. The system of claim 9 wherein the at least one predetermined counter criterion is that the counter value is one increment different from a last-received counter value.
  - 11. The system of claim 1 wherein the authentication function is a hashing algorithm.
  - 12. The system of claim 1 wherein the algorithm includes software instructions and a processor that operates in accordance with the software instructions.
  - 13. The system of claim 1 wherein the client is a telephone that further comprises a microphone and a speaker.
  - 14. The system of claim 1 further comprising a communications server configured to select the selected portion of the executable code of the data set, to provide a command, to provide a counter value, and to apply the authentication function to the selected portion of the data set, the command, and the counter value to produce an expected authentication result and to transmit an indication of the selected portion of the executable code of the data set, the command, the counter value, and the expected authentication result to the communications client via the network.

15. A communication server, for use with a communication network and a communication client, comprising:
- a memory that stores shared information, including executable code, that is also stored by the client, the shared information being stored in addressed portions;
  
  a server processor coupled to the memory and configured to select a portion of the executable code of the shared information, to obtain communication data for a communication, to apply an authentication function to the selected portion of the executable code of the shared information and the communication data to produce an expected authentication result, and to issue the communication, including an indication of the selected portion of the executable code of the shared information, the communication data, and the expected authentication result; and
  
  an output coupled to the server processor and configured to convey the communication from the server processor to the network;
  
  wherein the selected portion of the executable code of the shared information is disposed at the client prior to the issuance of the communication and is configured to be executed to serve a function independent of being used in accordance with the authentication function.
- View Dependent Claims (16, 17, 18)
- - 16. The server of claim 15 wherein the communication data includes a command and a replay protection value, and wherein the server processor is configured to effect the replay protection value.
  - 17. The server of claim 16 wherein the replay protection value is a counter value.
  - 18. The server of claim 15 wherein the authentication function is a hashing algorithm.

19. A method of communicating sensitive commands over a communications network, the method comprising:
- accessing first authenticating data, including executable code, in a first device coupled to the communications network;
  
  obtaining the sensitive command in the first device;
  
  effecting a replay protection value in the first device;
  
  processing the first authenticating data, the sensitive command, and the replay protection value in the first device to obtain a first authentication check code;
  
  transmitting the sensitive command, the replay protection value, the first authentication check code, and an indication of the first authenticating data from the first device over the network to a second device;
  
  accessing second authenticating data, including executable code stored prior to transmission in the second device, in accordance with the indication of the first authenticating data, wherein the executable code is configured to be executed to serve a function independent of being used in accordance with the authenticating;
  
  processing, in the second device, the second authenticating data, the sensitive command, and the replay protection value to obtain a second authentication check code;
  
  comparing, in the second device, the second authentication check code to the first authentication check code; and
  
  implementing, by the second device, the sensitive command only if the second authentication check code satisfies at least one authentication criterion.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The method of claim 19 wherein the first and second authenticating data are identical portions of data intrinsic to at least one of the first and second devices.
  - 21. The method of claim 19 wherein the first and second authenticating data are DSP code of at least one of the first and second devices.
  - 22. The method of claim 19 further comprising selecting the first authenticating data from a set of data larger than the first authenticating data.
  - 23. The method of claim 19 further comprising setting an authenticated-communication indicator, transmitting the authenticated-communication indicator from the first device to the second device, and processing, in the second device, to obtain the second authentication check code only if the authenticated-communication indicator indicates that the command is sensitive.
  - 24. The method of claim 19 wherein the implementing comprises implementing the sensitive command only if the first authentication check code and the second authentication check code match.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Clearinghouse LLC (RPX Corporation)
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Lee, Michael G.
Primary Examiner(s)
Won, Michael

Application Number

US10/114,100
Time in Patent Office

2,002 Days
Field of Search

709/203, 709/204, 709/217, 709/225, 709/229, 709/224, 709/219, 713/156, 713/161, 713/168, 713/173, 726/16, 726/22, 726/26, 726/3, 726/27, 726/30
US Class Current

709/229
CPC Class Codes

H04L 63/08 for authentication of entit...

Network communication authentication

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Network communication authentication

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links