Challenge response-based device authentication system and method
First Claim
1. A method for authentication of a requesting device by an authenticating device, the requesting device and the authenticating device each being operative to carry out a one-way hash operation and to carry out a key-based encryption operation, the authenticating device storing a hash of a defined password generated by applying the one-way hash operation to the defined password, the authenticating device being further operative to carry out a key-based decryption operation for decrypting values obtained from the key-based encryption operation, the method comprising the steps of:
- the requesting device receiving a user password and carrying out the one-way hash operation on the user password to obtain a hash of the user password,the authenticating device determining and transmitting a challenge to the requesting device;
the requesting device receiving the challenge and defining a requesting encryption key by carrying out the one-way hash operation on a combination of the challenge and the hash of the user password,the requesting device carrying out the key-based encryption operation using the requesting encryption key to encrypt the user password,the requesting device transmitting a response comprising the encrypted user password to the authenticating device,the authenticating device receiving the response and defining an authenticating encryption key by carrying out the one-way hash operation on a combination of the challenge and the hash of the defined password;
the authenticating device using the authenticating encryption key in the key-based decryption operation to decrypt the response to obtain a decrypted user password and carrying out the one-way hash operation on the decrypted user password;
the authenticating device comparing the hash of the decrypted user password with the hash of the defined password to authenticate the requesting device when the comparison indicates a match.
4 Assignments
0 Petitions
Accused Products
Abstract
A challenge response scheme authenticates a requesting device by an authenticating device. The authenticating device generates and issues a challenge to the requesting device. The requesting device combines the challenge with a hash of a password provided by a user, and the combination is further hashed in order to generate a requesting encryption key used to encrypt the user supplied password. The encrypted user supplied password is sent to the authenticating device as a response to the issued challenge. The authenticating device generates an authenticating encryption key by generating the hash of a combination of the challenge and a stored hash of an authenticating device password. The authenticating encryption key is used to decrypt the response in order to retrieve the user-supplied password. If the user-supplied password hash matches the stored authenticating device password hash, the requesting device is authenticated and the authenticating device is in possession of the password.
-
Citations
24 Claims
-
1. A method for authentication of a requesting device by an authenticating device, the requesting device and the authenticating device each being operative to carry out a one-way hash operation and to carry out a key-based encryption operation, the authenticating device storing a hash of a defined password generated by applying the one-way hash operation to the defined password, the authenticating device being further operative to carry out a key-based decryption operation for decrypting values obtained from the key-based encryption operation, the method comprising the steps of:
-
the requesting device receiving a user password and carrying out the one-way hash operation on the user password to obtain a hash of the user password, the authenticating device determining and transmitting a challenge to the requesting device; the requesting device receiving the challenge and defining a requesting encryption key by carrying out the one-way hash operation on a combination of the challenge and the hash of the user password, the requesting device carrying out the key-based encryption operation using the requesting encryption key to encrypt the user password, the requesting device transmitting a response comprising the encrypted user password to the authenticating device, the authenticating device receiving the response and defining an authenticating encryption key by carrying out the one-way hash operation on a combination of the challenge and the hash of the defined password; the authenticating device using the authenticating encryption key in the key-based decryption operation to decrypt the response to obtain a decrypted user password and carrying out the one-way hash operation on the decrypted user password; the authenticating device comparing the hash of the decrypted user password with the hash of the defined password to authenticate the requesting device when the comparison indicates a match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for an authentication device to authenticate a requesting device, comprising:
-
a challenge generator for generating a challenge, a communications link for transmitting the challenge to the requesting device and receiving a response to the challenge from the requesting device, the response comprising a requesting password encrypted using a requesting encryption key, the requesting encryption key comprising a hash of a combination of the challenge and a hash of the requesting password; a hash generator for generating an authenticating encryption key by hashing a combination of the challenge and a hash of a predetermined password; a decryptor for decrypting the encrypted requesting password using the authenticating encryption key to obtain a decrypted response; and a comparator for comparing a hash of the decrypted response with the hash of the predetermined password, whereby if the hash of the decrypted requesting password matches the hash of the predetermined password, the requesting device is authenticated. - View Dependent Claims (12, 13, 14)
-
-
15. A method for securely transmitting a password to a receiving device, the receiving device being provided with a hash of a predetermined password, a random number, and a receiving encryption key comprising a hash of the random number and the hash of the predetermined password, comprising the steps of:
-
receiving a random number from the receiving device; encoding the password to produce a hash of the password; combining the random number with the hash of the password; hashing the combined random number and hash of the password to produce a transmitting encryption key; encrypting the password using the transmitting encryption key; transmitting the encrypted password to the receiving device for decryption by the receiving device using the receiving encryption key. - View Dependent Claims (16)
-
-
17. A method for authentication of a requesting device by an authenticating device, the requesting device and the authenticating device each being operative to carry out a one-way hash operation and to carry out a key-based encryption operation, the authenticating device storing a hash of a defined password generated by applying the one-way hash operation to the defined password, the authenticating device being further operative to carry out a key-based decryption operation for decrypting values obtained from the encryption operation, the method comprising the authenticating device:
-
determining and transmitting a challenge to the requesting device; receiving a response from the requesting device, the response comprising a requesting encryption key determined by carrying out the hash operation on a combination of the challenge and a hash of a received user password, the hash being defined by carrying out the hash operation on the received user password, defining an authenticating encryption key by carrying out the hash operation on a combination of the challenge and the hash of the defined password; using the authenticating encryption key in the decryption operation to decrypt the response to obtain a decrypted user password and carrying out the one-way hash operation on the decrypted user password; comparing the hash of the decrypted user password with the hash of the defined password to authenticate the requesting device when the comparison indicates a match. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification