Trusted network transfer of content using off network input code

US 7,673,046 B2
Filed: 07/09/2004
Issued: 03/02/2010
Est. Priority Date: 11/14/2003
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a computing system for transmitting content from a first computing device to a second computing device in a network, comprising:

generating, by the first computing device without receiving user input, a trust code;

transporting the generated trust code from the first computing device to the second computing device, said transporting comprising displaying, by the first computing device, the generated trust code, and receiving, at the second computing device via a user interface, a trust code; and

performing an authentication exchange between the first computing device and the second computing device across the network comprising at the first computing device comparing the received trust code to the generated trust code, and when the received trust code does not have a pre-defined relationship with the generated trust code, determining the content is not trusted for delivery to the second computing device,wherein performing an authentication exchange between the first computing device and the second computing device further comprises;

the first computing device polling the second computing device as to whether the second computing device has a code;

the second computing device communicating to the first computing device that the second computing device has a code;

the first computing device creating a hash based on the generated trusted code and content to be delivered, and delivering the hash from the first computing device to the second computing device;

the second computing device storing the hash;

the second computing device transmitting the inputted trust code to the first computing device;

the first computing device determining whether or not the inputted trust code has a pre-defined relationship to the generated trust code, determining whether or not the inputted trust code has a pre-defined relationship comprising comparing the inputted trust code to the generated trust code;

transmitting an error from the first computing device to the second computing device if the inputted trust code does not have a pre-defined relationship to the generated trust code;

transmitting the content from the first computing device to the second computing device if the inputted trust code does have a pre-defined relationship to the generated trust code; and

computing a hash value at the second computing device based on the inputted trust code and the content and determining if the computed value matches the stored hash value.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for use in connection with the trusted transmission and reception of content, such as encryption key information, from one computing device in a network to a second computing device are provided. In one embodiment, the invention provides a way to trust or validate the transfer of a public key using a very short code entered out of band of the network that is easy for end-users to remember, or write down.

25 Citations

View as Search Results

40 Claims

1. A method implemented in a computing system for transmitting content from a first computing device to a second computing device in a network, comprising:
- generating, by the first computing device without receiving user input, a trust code;
  
  transporting the generated trust code from the first computing device to the second computing device, said transporting comprising displaying, by the first computing device, the generated trust code, and receiving, at the second computing device via a user interface, a trust code; and
  
  performing an authentication exchange between the first computing device and the second computing device across the network comprising at the first computing device comparing the received trust code to the generated trust code, and when the received trust code does not have a pre-defined relationship with the generated trust code, determining the content is not trusted for delivery to the second computing device,wherein performing an authentication exchange between the first computing device and the second computing device further comprises;
  
  the first computing device polling the second computing device as to whether the second computing device has a code;
  
  the second computing device communicating to the first computing device that the second computing device has a code;
  
  the first computing device creating a hash based on the generated trusted code and content to be delivered, and delivering the hash from the first computing device to the second computing device;
  
  the second computing device storing the hash;
  
  the second computing device transmitting the inputted trust code to the first computing device;
  
  the first computing device determining whether or not the inputted trust code has a pre-defined relationship to the generated trust code, determining whether or not the inputted trust code has a pre-defined relationship comprising comparing the inputted trust code to the generated trust code;
  
  transmitting an error from the first computing device to the second computing device if the inputted trust code does not have a pre-defined relationship to the generated trust code;
  
  transmitting the content from the first computing device to the second computing device if the inputted trust code does have a pre-defined relationship to the generated trust code; and
  
  computing a hash value at the second computing device based on the inputted trust code and the content and determining if the computed value matches the stored hash value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, wherein the content is a credential of the first computing device.
  - 3. A method according to claim 2, wherein the credential is a public key.
  - 4. A method according to claim 1, wherein said receiving an inputted trust code includes allowing the inputted trust code to be entered at most once to the second computing device, so that there are no second tries with respect to comparing said inputted code and said generated code.
  - 5. A method according to claim 1, wherein said comparing comprises calculating a security code, the security code comprising the inputted trust code, a fixed code assigned to the computing device performing the comparison, and at least one check digit computed based on the inputted trust code and the fixed code.
  - 6. A method according to claim 1, wherein said transporting includes:
    - receiving a component into the first computing device;
      
      transmitting the trust code onto the component from the first computing device;
      
      receiving the component into the second computing device;
      
      retrieving the trust code from the component at the second computing device.
  - 7. A method according to claim 6, wherein the component is a memory component inserted into at least one data port of the respective first and second computing devices.
  - 8. A method according to claim 1, wherein if said inputted trust code does not have the pre-defined relationship with said generated trust code, the content is not delivered to the second device.
  - 9. A method according to claim 1, wherein if said inputted trust code does not have the pre-defined relationship with said generated trust code, and said content is a public key, a private key associated with the public key and the public key of the first computing device are invalidated for future use.
  - 10. A method according to claim 1, wherein if said inputted trust code does not have the pre-defined relationship with said generated trust code, the trust code is invalidated for future use, unless independently randomly generated in the future.

11. A computer readable storage medium comprising computer executable instructions for carrying out the method comprising of:
- generating, by the first computing device without receiving user input, a trust code;
  
  transporting the generated trust code from the first computing device to the second computing device, said transporting comprising displaying, by the first computing device, the generated trust code, and receiving, at the second computing device via a user interface, a trust code; and
  
  performing an authentication exchange between the first computing device and the second computing device across the network comprising;
  
  at the first computing device comparing the received trust code to the generated trust code, and when the received trust code does not have a pre-defined relationship with the generated trust code, determining the content is not trusted for delivery to the second computing device,wherein performing an authentication exchange between the first computing device and the second computing device further comprises;
  
  the first computing device polling the second computing device as to whether the second computing device has a code;
  
  the second computing device communicating to the first computing device that the second computing device has a code;
  
  the first computing device creating a hash based on the generated trusted code and content to be delivered, and delivering the hash from the first computing device to the second computing device;
  
  the second computing device storing the hash;
  
  the second computing device transmitting the inputted trust code to the first computing device;
  
  the first computing device determining whether or not the inputted trust code has a pre-defined relationship to the generated trust code, determining whether or not the inputted trust code has a pre-defined relationship comprising comparing the inputted trust code to the generated trust code;
  
  transmitting an error from the first computing device to the second computing device if the inputted trust code does not have a pre-defined relationship to the generated trust code;
  
  transmitting the content from the first computing device to the second computing device if the inputted trust code does have a pre-defined relationship to the generated trust code; and
  
  computing a hash value at the second computing device based on the inputted trust code and the content and determining if the computed value matches the stored hash value.

12. A method implemented in a computing system for transmitting content from a first computing device to a second computing device in a network, comprising:
- generating, by the second computing device without receiving user input, a trust code;
  
  transporting the generated trust code from the second computing device to the first computing device, said transporting comprising displaying, by the second computing device, the generated trust code, and receiving, at the first computing device via a user interface, a trust code; and
  
  performing an authentication exchange between the first computing device and the second computing device across the network, comprising at the first computing device comparing the received trust code to the generated trust code, and when the received trust code does not have a pre-defined relationship with the generated trust code, determining the content is not trusted for delivery to the second computing device,wherein performing an authentication exchange between the first computing device and the second computing device further comprises;
  
  the first computing device polling the second computing device as to whether the second computing device has a code;
  
  the second computing device communicating to the first computing device that the second computing device has a code;
  
  the first computing device creating a hash based on the generated trusted code and content to be delivered, and delivering the hash from the first computing device to the second computing device;
  
  the second computing device storing the hash;
  
  the second computing device transmitting the inputted trust code to the first computing device;
  
  the first computing device determining whether or not the inputted trust code has a pre-defined relationship to the generated trust code, determining whether or not the inputted trust code has a pre-defined relationship comprising comparing the inputted trust code to the generated trust code;
  
  transmitting an error from the first computing device to the second computing device if the inputted trust code does not have a pre-defined relationship to the generated trust code;
  
  transmitting the content from the first computing device to the second computing device if the inputted trust code does have a pre-defined relationship to the generated trust code; and
  
  computing a hash value at the second computing device based on the inputted trust code and the content and determining if the computed value matches the stored hash value.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. A method according to claim 12, wherein the content is a credential of the second computing device.
  - 14. A method according to claim 13, wherein the credential is a public key.
  - 15. A method according to claim 12, wherein said receiving includes specifying the inputted trust code at most once to the first computing device, so that there are no second tries with respect to comparing said comparison code.
  - 16. A method according to claim 12, wherein said comparing comprises calculating a security code, the security code comprising the inputted trust code, a fixed code assigned to the computing device performing the comparison, and at least one check digit computed based on the inputted trust code and the fixed code.
  - 17. A method according to claim 12, wherein said transporting includes:
    - inserting a component into the second computing device to receive the generated trust code; and
      
      inserting the component into the first computing device to deliver the inputted trust code.
  - 18. A method according to claim 17, wherein the component is a memory component inserted into at least one data port of the respective second and first computing devices.
  - 19. A method according to claim 12, wherein if said inputted trust code does not have the pre-defined relationship with said generated trust code, the content is not delivered to the first device.
  - 20. A method according to claim 12, wherein if said inputted trust code does not have the pre-defined relationship with said generated trust code, and said content is a public key, a private key associated with the public key and the public key of the second computing device are invalidated for future use.
  - 21. A method according to claim 12, wherein if said inputted trust does not have the pre-defined relationship with said generated trust code, the trust code is invalidated for future use, unless independently randomly generated in the future.

22. A computer readable storage medium comprising computer executable instructions for carrying out the method comprising of,generating, by the second computing device without receiving user input, a trust code;
- transporting the generated trust code from the second computing device to the first computing device, said transporting comprising displaying, by the second computing device, the generated trust code, and receiving, at the first computing device via a user interface, a trust code; and
  
  performing an authentication exchange between the first computing device and the second computing device across the network, comprising;
  
  at the first computing device comparing the received trust code to the generated trust code, and when the received trust code does not have a pre-defined relationship with the generated trust code, determining the content is not trusted for delivery to the second computing device,wherein performing an authentication exchange between the first computing device and the second computing device further comprises;
  
  the first computing device polling the second computing device as to whether the second computing device has a code;
  
  the second computing device communicating to the first computing device that the second computing device has a code;
  
  the first computing device creating a hash based on the generated trusted code and content to be delivered, and delivering the hash from the first computing device to the second computing device;
  
  the second computing device storing the hash;
  
  the second computing device transmitting the inputted trust code to the first computing device;
  
  the first computing device determining whether or not the inputted trust code has a pre-defined relationship to the generated trust code, determining whether or not the inputted trust code has a pre-defined relationship comprising comparing the inputted trust code to the generated trust code;
  
  transmitting an error from the first computing device to the second computing device if the inputted trust code does not have a pre-defined relationship to the generated trust code;
  
  transmitting the content from the first computing device to the second computing device if the inputted trust code does have a pre-defined relationship to the generated trust code; and
  
  computing a hash value at the second computing device based on the inputted trust code and the content and determining if the computed value matches the stored hash value.

23. A method implemented in a computing system for transmitting content from a first computing device to a second computing device in a network, comprising:
- generating, by the first computing device without receiving user input, a trust code;
  
  transporting the generated trust code from the first computing device to the second computing device, said transporting comprising displaying, by the first computing device, the generated trust code, and receiving, at the second computing device via the user interface, an inputted trust code;
  
  performing an authentication exchange between the first computing device and the second computing device, comprising;
  
  the first computing device polling the second computing device as to whether the second computing device has a code;
  
  the second computing device communicating to the first computing device that the second computing device has a code;
  
  the first computing device creating a hash based on the generated trusted code and content to be delivered, and delivering the hash from the first computing device to the second computing device;
  
  the second computing device storing the hash;
  
  the second computing device transmitting the inputted trust code to the first computing device;
  
  the first computing device determining whether or not the inputted trust code has a pre-defined relationship to the generated trust code, determining whether or not the inputted trust code has a pre-defined relationship comprising comparing the inputted trust code to the generated trust code;
  
  transmitting an error from the first computing device to the second computing device if the inputted trust code does not have a pre-defined relationship to the generated trust code;
  
  transmitting the content from the first computing device to the second computing device if the inputted trust code does have a pre-defined relationship to the generated trust code; and
  
  computing a hash value at the second computing device based on the inputted trust code and the content and determining if the computed value matches the stored hash value.
- View Dependent Claims (24, 25)
- - 24. A method according to claim 23, wherein said content is a public key.
  - 25. A method according to claim 24, wherein said hashing algorithm is based on said public key and said trust code.

26. A device for use in connection with establishing trust for the delivery of content from a first computing device to a second computing device over a network, comprising:
- computing memory;
  
  an input communicatively coupled to the computing memory, the input for receiving a generated trust code generated by a first computing device in response to being inserted in the first computing device; and
  
  an output communicatively coupled to the computing memory, the output for outputting the generated trust code, off the network, in response to being inserted in the second computing device, the trust code once delivered off the network being an inputted trust code;
  
  wherein, in response to said second computing device receiving the trust code, an authentication exchange occurs between the first computing device and the second computing device on the network, and when the inputted trust code does not have a pre-defined relationship with the generated trust code, determining the content is not trusted for delivery to the second computing device,wherein an authentication exchange occurring between the first computing device and the second computing device, comprising;
  
  the first computing device polling the second computing device as to whether the second computing device has a code;
  
  the second computing device communicating to the first computing device that the second computing device has a code;
  
  the first computing device creating a hash based on the generated trusted code and content to be delivered, and delivering the hash from the first computing device to the second computing device;
  
  the second computing device storing the hash;
  
  the second computing device transmitting the inputted trust code to the first computing device; and
  
  the first computing device determining whether or not the inputted trust code has a pre-defined relationship to the generated trust code, determining whether or not the inputted trust code has a pre-defined relationship comprising comparing the inputted trust code to the generated trust code;
  
  transmitting an error from the first computing device to the second computing device if the inputted trust code does not have a pre-defined relationship to the generated trust code;
  
  transmitting the content from the first computing device to the second computing device if the inputted trust code does have a pre-defined relationship to the generated trust code; and
  
  computing a hash value at the second computing device based on the inputted trust code and the content and determining if the computed value matches the stored hash value.
- View Dependent Claims (27)
- - 27. A device according to claim 26, wherein the device is inserted into at least one data port of the respective first and second computing devices.

28. A computer system adapted to transmit content between a first device and a second device in a trusted manner in a network, comprising:
- means for generating, without user input, a trust code on the first computing device;
  
  means for transporting the generated trust code, off the network, from the first computing device to the second computing device, said transporting comprising displaying, by the first computing device, the generated trust code, and receiving, by the second computing device, the transported trust code inputted via a user interface into the second computing device; and
  
  means for performing an authentication exchange between the first computing device and the second computing device on the network comprising at the first computing device comparing the inputted transported trust code to the generated trust code, and when the inputted transported trust code does not have a pre-defined relationship with the generated trust code, determining the content is not trusted for delivery to the second computing device,wherein performing an authentication exchange between the first computing device and the second computing device, comprising;
  
  the first computing device polling the second computing device as to whether the second computing device has a code;
  
  the second computing device communicating to the first computing device that the second computing device has a code;
  
  the first computing device creating a hash based on the generated trusted code and content to be delivered, and delivering the hash from the first computing device to the second computing device;
  
  the second computing device storing the hash;
  
  the second computing device transmitting the inputted trust code to the first computing device;
  
  the first computing device determining whether or not the inputted trust code has a pre-defined relationship to the generated trust code, determining whether or not the inputted trust code has a pre-defined relationship comprising comparing the inputted trust code to the generated trust code;
  
  transmitting an error from the first computing device to the second computing device if the inputted trust code does not have a pre-defined relationship to the generated trust code;
  
  transmitting the content from the first computing device to the second computing device if the inputted trust code does have a pre-defined relationship to the generated trust code; and
  
  computing a hash value at the second computing device based on the inputted trust code and the content and determining if the computed value matches the stored hash value.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 29. A system according to claim 28, wherein the content is a public key.
  - 30. A system according to claim 28, wherein said means for transporting includes:
    - means for displaying the generated trust code via the first computing device; and
      
      means for inputting the inputted trust code to the second computing device as said inputted trust code.
  - 31. A system according to claim 30, wherein said means for inputting includes specifying the inputted trust code at most once to the second computing device, so that there are no second tries by said means for comparing said inputted trust code and said generated trust code.
  - 32. A system according to claim 28, wherein said means for comparing comprises calculating a security code, the security code comprising the inputted trust code, a fixed code assigned to the computing device performing the comparison, and at least one check digit computed based on the inputted trust code and the fixed code.
  - 33. A system according to claim 28, wherein said means for transporting includes:
    - means for inserting a component into the first computing device to receive the generated trust code; and
      
      means for inserting the component into the second computing device to deliver the inputted trust code.
  - 34. A system according to claim 33, wherein the component is a memory component inserted into at least one data port of the respective first and second computing devices.
  - 35. A system according to claim 28, wherein if said inputted trust code does not have the pre-defined relationship with said generated trust code, the content is not delivered to the second device.
  - 36. A system according to claim 28, wherein if said inputted trust code does not have the pre-defined relationship with said generated trust code, and said content is a public key, a private key associated with the public key and the public key of the first computing device are invalidated for future use.
  - 37. A system according to claim 28, wherein if said inputted trust code does not have the pre-defined relationship with said generated trust code, the generated trust code is invalidated for future use, unless independently randomly generated in the future.

38. A computer readable storage medium comprising computer executable instructions which when executed by a computer processor transmit content between a first device and a second device in a trusted manner in a network, the instructions comprising:
- instructions for generating a trust code by the second computing device without receiving user input;
  
  instructions for transporting the trust code, off the network, from the second computing device to the first computing device, said transporting comprising displaying the generated trust code at the second computing device and receiving an inputted trust code via a user interface into the first computing device; and
  
  instructions for performing an authentication exchange between the second computing device and the first computing device on the network, including comparing the inputted trust code to the generated trust code, wherein if the inputted trust code does not have a pre-defined relationship with the generated trust code, the content is not trusted for delivery to the second computing device,wherein said instructions for performing an authentication exchange between the second computing device and the first computing device further comprise;
  
  instructions for the second computing device to poll the first computing device as to whether the first computing device has a code;
  
  instructions for the first computing device to communicate to the second computing device that the first computing device has a code;
  
  instructions for the second computing device to create a hash based on the generated trusted code and content to be delivered, and delivering the hash from the second computing device to the first computing device;
  
  instructions for the first computing device to store the hash;
  
  instructions for the first computing device to transmit the inputted trust code to the second computing device; and
  
  instructions for the first computing device to determine whether or not the inputted trust code has a pre-defined relationship to the generated trust code, determining whether or not the inputted trust code has a pre-defined relationship comprising comparing the inputted trust code to the generated trust code;
  
  instructions for transmitting an error from the second computing device to the first computing device if the inputted trust code does not have a pre-defined relationship to the generated trust code;
  
  instructions for transmitting the content from the second computing device to the first computing device if the inputted trust code does have a pre-defined relationship to the generated trust code; and
  
  instructions for computing a hash value at the first computing device based on the inputted trust code and the content and determining if the computed value matches the stored hash value.
- View Dependent Claims (39, 40)
- - 39. A computer readable storage medium according to claim 38, wherein the content is a public key.
  - 40. A computer readable storage medium according to claim 38, wherein said instructions for transporting includes:
    - instructions for inserting a component into the second computing device to receive the generated trust code; and
      
      instructions for inserting the component into the first computing device to deliver the transported trust code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Pyle, Harry S., Lehew, Christian R., Fang, Nicholas Jie
Primary Examiner(s)
Najjar; Saleh
Assistant Examiner(s)
Kim; Edward J

Application Number

US10/888,132
Publication Number

US 20050120215A1
Time in Patent Office

2,062 Days
Field of Search

709/225, 709/229, 709/232, 709/237, 713150-194
US Class Current

709/225
CPC Class Codes

H04L 63/061 for key exchange, e.g. in p...

Trusted network transfer of content using off network input code

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

40 Claims

Specification

Use Cases

Quick Links

Others

Trusted network transfer of content using off network input code

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

40 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others