Challenge-based authentication without requiring knowledge of secret authentication data
First Claim
1. In an environment that includes an authenticatee computing entity, a supplemental authenticatee computing entity, an authenticator computing entity, and a supplemental authenticator computing entity, a method for the authenticator computing entity to authenticate to the authenticatee computing entity using challenge based authentication and without requiring the authenticatee and authenticator computing entities be aware of secret data used for the authentication, the method comprising the following:
- an act of the authenticatee computing entity generating secret key data that is not known to the supplemental authenticatee, authenticator or supplemental authenticator computing entities;
an act of the authenticatee computing entity providing the secret key data to the supplemental authenticatee computing entity thereby informing the supplemental authenticatee computing entity of the secret key data;
an act of the supplemental authenticatee computing entity encrypting the secret key data using secret data known to the supplemental authenticatee and supplemental authenticator computing entities, but not known to the authenticatee and authenticator computing entities, the secret data for use in protecting a proper answer to a challenge based on the secret key data;
an act of the authenticatee computing entity acquiring the challenge along with the encrypted secret key data from the supplemental authenticatee computing entity;
an act of the authenticatee computing entity providing the challenge along with the encrypted secret key data to the authenticator computing entity;
an act of the authenticator computing entity providing the challenge along with encrypted secret key data to the supplemental authenticator computing entity;
an act of the supplemental authenticator computing entity decrypting the encrypted secret key data using the secret data known to the supplemental authenticatee and supplemental authenticator computing entities thereby informing the supplemental authenticator computing entity of the secret key data;
an act of the supplemental authenticator computing entity using the secret key data to create a purported answer to the challenge;
an act of the authenticator computing entity acquiring the purported answer to the challenge from the supplemental authenticator computing entity;
an act of the authenticator computing entity providing the purported answer to the authenticatee computing entity; and
an act of the authenticatee computing entity comparing the purported answer to the proper answer to authenticate the authenticator computing entity at the authenticatee computing entity without having to generate an answer to the challenge at the authenticatee computing entity.
2 Assignments
0 Petitions
Accused Products
Abstract
A challenge based authentication mechanism that does not require that the authenticating computing entities be aware of the secret data used for the initial authentication. An authenticator computing entity is to authenticate to the authenticatee computing entity. First, the authenticatee computing entity acquires a challenge from a supplemental authenticatee computing entity. The authenticatee computing entity provides the challenge to the authenticator computing entity, which has a supplemental authenticator computing entity solve the challenge. The authenticator computing entity sends the answer to the authenticatee computing entity, which uses the answer to authenticate the authenticator computing entity.
28 Citations
37 Claims
-
1. In an environment that includes an authenticatee computing entity, a supplemental authenticatee computing entity, an authenticator computing entity, and a supplemental authenticator computing entity, a method for the authenticator computing entity to authenticate to the authenticatee computing entity using challenge based authentication and without requiring the authenticatee and authenticator computing entities be aware of secret data used for the authentication, the method comprising the following:
-
an act of the authenticatee computing entity generating secret key data that is not known to the supplemental authenticatee, authenticator or supplemental authenticator computing entities; an act of the authenticatee computing entity providing the secret key data to the supplemental authenticatee computing entity thereby informing the supplemental authenticatee computing entity of the secret key data; an act of the supplemental authenticatee computing entity encrypting the secret key data using secret data known to the supplemental authenticatee and supplemental authenticator computing entities, but not known to the authenticatee and authenticator computing entities, the secret data for use in protecting a proper answer to a challenge based on the secret key data; an act of the authenticatee computing entity acquiring the challenge along with the encrypted secret key data from the supplemental authenticatee computing entity; an act of the authenticatee computing entity providing the challenge along with the encrypted secret key data to the authenticator computing entity; an act of the authenticator computing entity providing the challenge along with encrypted secret key data to the supplemental authenticator computing entity; an act of the supplemental authenticator computing entity decrypting the encrypted secret key data using the secret data known to the supplemental authenticatee and supplemental authenticator computing entities thereby informing the supplemental authenticator computing entity of the secret key data; an act of the supplemental authenticator computing entity using the secret key data to create a purported answer to the challenge; an act of the authenticator computing entity acquiring the purported answer to the challenge from the supplemental authenticator computing entity; an act of the authenticator computing entity providing the purported answer to the authenticatee computing entity; and an act of the authenticatee computing entity comparing the purported answer to the proper answer to authenticate the authenticator computing entity at the authenticatee computing entity without having to generate an answer to the challenge at the authenticatee computing entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. In an environment that includes an authenticatee computing entity, a supplemental authenticatee computing entity, an authenticator computing entity, and a supplemental authenticator computing entity, a method for the authenticatee computing entity to authenticate the authenticator computing entity using challenge based authentication and without requiring the authenticatee and authenticator computing entities be aware of secret data used for the authentication, the method comprising the following:
-
an act of authenticatee computing entity generating secret key data that is not known to the supplemental authenticatee, authenticator or supplemental authenticator computing entities; an act of providing the secret key data to the supplemental authenticatee computing entity thereby informing the supplemental authenticatee computing entity of the secret key data; an act of the supplemental authenticatee computing entity encrypting the secret key data using secret data to create encrypted secret key data, the secret data known to the supplemental authenticatee and supplemental authenticator computing entities, but not known to the authenticatee and authenticator computing entities, the secret data for use in determining an answer to a challenge; an act of the authenticatee computing entity acquiring the challenge along with the encrypted secret key data from the supplemental authenticatee computing entity; an act of the authenticatee computing entity providing the challenge along with the encrypted secret key data to the authenticator computing entity, wherein the authenticator computing entity acquires purported answer to the challenge from the supplemental authenticator computing entity by providing the encrypted secret key data to the supplemental authenticator computing entity for decryption by the supplemental authenticator computing entity, and receiving back the secret key data; an act of the authenticatee computing entity acquiring the purported answer from the authenticator computing entity; and an act of the using the purported answer to authenticate the authenticator computing entity. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
-
30. A computer program product for use in an environment that includes an authenticatee computing entity, a supplemental computing entity, an authenticator computing entity, and a supplemental authenticator computing entity, the computer program product for implementing a method for the authenticatee computing entity to authenticate the authenticator computing entity using challenge based authentication and without requiring the authenticatee and authenticator computing entities be aware of secret data used for the authentication, the computer program product comprising one or more computer readable storage media having thereon computer-executable instructions, that when executed by the authenticatee computing entity, causes the computing entity to perform the method, the method comprising the following:
-
an act of authenticatee computing entity generating secret key data that is not known to the supplemental authenticatee, authenticator or supplemental authenticator computing entities; an act of providing the secret key data to the supplemental authenticatee computing entity thereby informing the supplemental authenticatee computing entity of the secret key data; an act of the supplemental authenticatee computing entity encrypting the secret key data using secret data to create encrypted secret key data, the secret data known to the supplemental authenticatee and supplemental authenticator computing entities, but not known to the authenticatee and authenticator computing entities, the secret data for use in determining an answer to a challenge; an act of the authenticatee computing entity acquiring the challenge along with the encrypted secret key data from the supplemental authenticatee computing entity; an act of authenticatee computing entity providing the challenge along with the encrypted secret key data to the authenticator computing entity, wherein the authenticator computing entity acquires purported answer to the challenge from the supplemental authenticator computing entity by providing the encrypted secret key data to the supplemental authenticator computing entity for decryption by the supplemental authenticator computing entity, and receiving back the secret key data; an act of the authenticatee computing entity acquiring the purported answer from the authenticator computing entity; and an act of the using the purported answer to authenticate the authenticator computing entity. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
-
Specification