Device authentication

US 7,647,498 B2
Filed: 04/30/2004
Issued: 01/12/2010
Est. Priority Date: 04/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for the authentication of a first and a second device by a third device, the first and the second devices each possessing a shared secret key value h, each of the devices having available to it a public key P selected such that the operation of deriving the secret key value h from the product hP is a computationally difficult operation, the method comprising the steps of:

the first device communicating a product R_Dof a random value r_Dand P to the second device using the third device, the third device retaining a copy of the product R_D;

the second device communicating a product R_Bof a random value r_Band P, and a challenge value e_Dto the first device using the third device, the third device retaining a copy of the product R_Band the challenge value e_D;

the first device calculating a value y_Ddefined by a first expression with a value equivalent to the product hP using the random value r_Dand the challenge value e_D, and communicating the value y_Dand a challenge value e_Bto the second device using the third device, the third device retaining a copy of the value y_Dand a challenge value e_B;

the second device calculating a value y_Bdefined by a second expression with a value equivalent to the product hP using the challenge value e_Band the random value r_Band communicating the value y_Bto the third device; and

the third device authenticating the first device and the second device by comparing values of the first expression, the random value r_D, the challenge value e_Dand the value y_D, with values of the second expression, the random value r_B, the challenge value e_Band the value y_B.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authentication of two devices in communication with a third device is achieved where the first and second devices each possess a shared secret value. The authentication includes communication of authentication values from the first device to the second device using the third device. Similarly, there is communication of values from the second device to the first device using the third device. The third device retains the communicated values. The values are calculated to permit the third device to authenticate the first and second devices without the third device receiving the shared secret value. The authentication may be used to establish a communications channel between the first and the second devices.

25 Citations

View as Search Results

26 Claims

1. A method for the authentication of a first and a second device by a third device, the first and the second devices each possessing a shared secret key value h, each of the devices having available to it a public key P selected such that the operation of deriving the secret key value h from the product hP is a computationally difficult operation, the method comprising the steps of:
- the first device communicating a product R_Dof a random value r_Dand P to the second device using the third device, the third device retaining a copy of the product R_D;
  
  the second device communicating a product R_Bof a random value r_Band P, and a challenge value e_Dto the first device using the third device, the third device retaining a copy of the product R_Band the challenge value e_D;
  
  the first device calculating a value y_Ddefined by a first expression with a value equivalent to the product hP using the random value r_Dand the challenge value e_D, and communicating the value y_Dand a challenge value e_Bto the second device using the third device, the third device retaining a copy of the value y_Dand a challenge value e_B;
  
  the second device calculating a value y_Bdefined by a second expression with a value equivalent to the product hP using the challenge value e_Band the random value r_Band communicating the value y_Bto the third device; and
  
  the third device authenticating the first device and the second device by comparing values of the first expression, the random value r_D, the challenge value e_Dand the value y_D, with values of the second expression, the random value r_B, the challenge value e_Band the value y_B.
- View Dependent Claims (2, 3, 20)
- - 2. The method of claim 1 in which the first device is a wireless handheld device, the second device is an enterprise server, and the third device is a router and in which the step of the third device authenticating the first and second devices comprises the step of establishing a communications channel between the first device and the second device.
  - 3. The method of claim 2 in which the communications channel established includes the third device as part of the channel and the third device having retained the values communicated between the first device and the second device, the method further comprising the step of closing the communication channel between the second device and the third device, the step of closing the said channel comprising the steps of the second device and the third device exchanges sets of closing authentication values to permit the third device to carry out a computation of an expression based on the retained values and the closing authentication values to authenticate the closing the communication channel.
  - 20. A program product comprising a medium having executable program code embodied in said medium, the executable program code being variously executable on a first device, a second device and a third device, the executable program code being operative to cause the method of claim 1 to be carried out.

4. A method for the authentication of a first device and a second device by a third device, the first and second devices each possessing a shared secret key value h, each of the devices being operative to carry out mathematical operations on defined groups E(F_q) and Z_p, where F_qis a finite field of prime order q, including scalar multiplication defined with reference to the group, the method comprising the steps of:
- a) obtaining a public key P, such that P generates a prime subgroup of the group E(F_q) of order p, and making available to each of the devices the public key P,b) the first device obtaining a random value r_Dsuch that 1<
  
  r_D<
  
  p−
  
  1, and calculating a product R_D=r_DP,c) the first device communicating the product R_Dto the third device,d) the third device retaining a copy of the product R_Dand forwarding the product R_Dto the second device,e) the second device obtaining a random value r_Bsuch that 1<
  
  r_B<
  
  p−
  
  1, and calculating a product R_B=r_BP, where R_Bis determined such that it is not equal to R_D, the second device obtaining a random value e_Dsuch that 1<
  
  e_D<
  
  p−
  
  1, the second device communicating e_Dand R_Bto the third device,f) the third device retaining copies of R_Band e_Dforwarding R_Band e_Dto the first device,g) the first device calculating a value y_D=h−
  
  e_Dr_Dmod p, the first device obtaining a random value e_Bsuch that 1<
  
  e_B<
  
  p−
  
  1, the first device communicating values y_Dand e_Bto the third device,h) the third device retaining copies of the values y_Dand e_Bforwarding the said values to the second device,i) the second device calculating a value y_B=h−
  
  e_Br_Bmod p, the second device communicating the value y_Bto the third device, andj) the third device authenticating the first and second devices when the condition y_BP+e_BR_B=y_DP+e_DR_Dis satisfied.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 21)
- - 5. The method of claim 4, further comprising the steps of the third device communicating the value y_Bto the first device and the first device authenticating the second device when the condition y_BP+e_BR_B=hP is satisfied.
  - 6. The method of claim 4, further comprising the step of the second device authenticating the first device when the condition y_DP+e_DR_D=hP is satisfied.
  - 7. The method of claim 4, in which the first device is identified by a non-authenticating identifier and in which the second device retains a set of key values which set includes a key value shared with the secret key value of the first device, the method comprising the step of the first device communicating the non-authenticating identifier to the second device whereby the second device may select the key value shared with the secret key value of the first device from the set of key values.
  - 8. The method of claim 4, further comprising the step of deriving the value h from a shared secret value s.
  - 9. The method of claim 8, in which the step of deriving the value h comprises the step of carrying out a one-way hash function on the shared secret value s.
  - 10. The method of claim 4, further comprising the steps of one or more of the first, second and third devices checking that at least one of the value e_Dand the value e_Bis not zero.
  - 11. The method of claim 4, further comprising the steps of one or more of the first, second and third devices checking that at least one of the product R_Band the product R_Dis not equal to the point at infinity.
  - 12. The method of claim 4, further comprising the steps of one or more of the first, second and third devices checking that the product R_Bis not equal to the product R_D.
  - 13. The method of claim 4 in which the first device is a wireless handheld device, the second device is an enterprise server, and the third device is a router, and in which the step of the third device authenticating the first and second devices comprises the step of establishing a communications channel between the first and second devices.
  - 14. The method of claim 13 in which the communications channel is defined by the assignment of an Internet Protocol address to the first device.
  - 15. The method of claim 13 in which the communications channel is established through the third device, the third device having retained y_D, P, e_D, and R_D, the method further comprising the step of closing the communication channel between the second device and the third device by:
    - a) the second device obtaining a random value r_Csuch that 1<
      
      r_C<
      
      p−
      
      1, and calculating a product R_C=r_CP, whereby R_Cis constrained to have a different value than both R_Band R_D,b) the second device communicating the product R_Cto the third device,c) the third device obtaining a random value e_Csuch that 1<
      
      e_C<
      
      p−
      
      1, the third device communicating the value e_Cto the second device,d) the second device authenticating the close operation when the condition y_CP+e_CR_C=y_DP+e_DR_Dis satisfied by the second device calculating a value y_C=h−
      
      e_Cr_Cmod p, the second device communicating the value y_Cto the third device, and the third device closing the channel if the value y_Creceived by the third device satisfies the condition y_CP+e_CR_C=y_DP+e_DR_D.
  - 16. The method of claim 15, further comprising the steps of the second device checking that the value e_Cis not zero.
  - 17. The method of claim 15, further comprising the steps of the third device checking that the product R_Cis not equal to the point at infinity.
  - 18. The method of claim 15, further comprising the steps of one or both of the second and third devices checking that the product R_Cis not equal to the product R_Band is not equal to the product R_D.
  - 19. The method of claim 15, further comprising the steps of one or both of the second and third devices checking that the value e_Cis not equal to the value e_Dand is not equal to the value e_B.
  - 21. A program product comprising a medium having executable program code embodied in said medium, the executable program code being variously executable on a first device, a second device and a third device, the executable program code being operative to cause the method of claim 4 to be carried out.

22. A system comprising a first device, a second device, and a third device, the first and the second devices each possessing a shared secret key value h, each of the devices having available to it a public key P, selected such that the operation of deriving the secret key value h from the product hP is a computationally difficult operation, the first device, the second device and the third device each comprising memory units and processors for storing and executing program code, the program code being operative to:
- the first device to communicate a product R_Dof a random value r_Dand P to the second device using the third device;
  
  cause the second device to communicate a product R_Bof a random value r_Band P, and a challenge value e_D, to the first device using the third device;
  
  cause the first device to calculate a value y_Ddefined by a first expression with a value equivalent to the product hP using the random value r_Dand the challenge value e_D, and to communicate the value y_Dand a challenge value e_Bto the second device using the third device;
  
  cause the second device to calculate a value y_Bdefined by a second expression with a value equivalent to the product hP using the challenge value e_Band the random value r_Band to communicate the value y_Bto the third device;
  
  cause the third device to retain copies of the values being communicated between the first and the second device using the third device; and
  
  cause the third device to authenticate the first device and the second device by comparing values of the first expression, the random value r_D, the challenge value e_Dand the value y_D, with values of the second expression, the random value r_B, the challenge value e_Band the value y_B.
- View Dependent Claims (23, 24)
- - 23. The system of claim 22 in which the first device is a wireless handheld device, the second device is an enterprise server, and the third device is a router and in which the program code operative to cause the third device to authenticate the first device and the second device comprises program code operative to establish a communications channel between the first device and the second device.
  - 24. The system of claim 23 in which the communications channel established includes the third device as part of the channel and the third device comprises memory to retain the values communicated between the first device and the second device, the program code further comprising the program code operative to close the communication channel between the second device and the third device, the said code comprising program code operative to exchange sets of closing authentication values between the second device and the third device to permit the third device to carry out a computation of an expression based on the retained values and the closing authentication values to authenticate the closing the communication channel.

25. A system comprising a first device, a second device, and a third device, the first and second devices each possessing a shared secret key value h, each of the devices being operative to carry out mathematical operations on defined groups E(F_q) and Z_p, where F_qis a finite field of prime order q, including scalar multiplication defined with reference to the group, the first device, the second device and the third device each comprising memory units and processors for storing and executing program code, the program code being operative to:
- a) obtain a public key P, such that P generates a prime subgroup of the group E(F_q) of order p, and to make available to each of the devices the public key P,b) cause the first device to obtain a random value r_Dsuch that 1<
  
  r_D<
  
  p−
  
  1, and to calculate a product R_D=r_DP,c) cause the first device to communicate the product R_Dto the third device,d) cause the third device to retain a copy of the product R_Dand to forward the product R_Dto the second device,e) cause the second device to obtain a random value r_Bsuch that 1<
  
  r_B<
  
  p−
  
  1, and to calculate a product R_B=r_BP, where R_Bis determined such that it is not equal to R_D, and to cause the second device to obtain a random value e_Dsuch that 1<
  
  e_D<
  
  p−
  
  1, and to communicate e_Dand R_Bto the third device,f) cause the third device to retain copies of the R_Band e_Dand to forward R_Band e_Dto the first device,g) cause the first device to calculate a value y_D=h−
  
  e_Dr_Dmod p, to cause the first device to obtain a random value e_Bsuch that 1<
  
  e_B<
  
  p−
  
  1, and to cause the first device to communicate values y_Dand e_Bto the third device,h) cause the third device to retain copies of the values y_Dand e_Band to forward the said values to the second device,i) cause the second device to calculate a value y_B=h−
  
  e_Br_B, mod p, and to cause the second device to communicate the value y_Bto the third device, andj) cause the third device to authenticate the first and second devices when the condition y_BP+e_BR_B=y_DP+e_DR_Dis satisfied.
- View Dependent Claims (26)
- - 26. The system of claim 25 in which the first device is a wireless handheld device, the second device is an enterprise server, and the third device is a router and in which the program code operative to cause the third device to authenticate the first and second devices comprises program code operative to establish a communications channel between the first and second devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Davis, Dinah L. M., Brown, Michael K., Little, Herbert A.
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
Baum; Ronald

Application Number

US10/836,107
Publication Number

US 20050243619A1
Time in Patent Office

2,083 Days
Field of Search

713/168
US Class Current

713/168
CPC Class Codes

G11C 7/24 Memory cell safety or prote...

Device authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Device authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others