Secure device authentication

US 7,739,513 B2
Filed: 01/17/2006
Issued: 06/15/2010
Est. Priority Date: 02/22/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating a client device into a network, comprising:

at a server device, generating a multi-digit random secret number;

displaying the random secret number on a server display coupled to the server device;

while the client device is positioned in close enough physical proximity to the server device to permit observation of the displayed random secret number, receiving, at the client device, a signal representing sequential entry of each digit of the random secret number by actuation of a switch coupled to the client device a number of times equivalent to each digit of the random secret number; and

upon correct entry of the random secret number at the client device, completing an authentication and key exchange process using the random secret number in an encryption and decryption process carried out at the server device and the client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a client device into a network consistent with certain embodiments involves at a server device, generating a multi-digit random secret number; displaying the random secret number on a server display coupled to the server device; positioning the client device in close enough physical proximity to the server device to permit observation of the displayed random secret number; at the client device, sequentially entering each digit of the random secret number by actuation of a switch coupled to the client device a number of times equivalent to each digit of the random secret number; and upon correct entry of the random secret number at the client device, completing an authentication and key exchange process using the random secret number in an encryption and decryption process carried out at the server device and the client device. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

Citations

34 Claims

1. A method for authenticating a client device into a network, comprising:
- at a server device, generating a multi-digit random secret number;
  
  displaying the random secret number on a server display coupled to the server device;
  
  while the client device is positioned in close enough physical proximity to the server device to permit observation of the displayed random secret number, receiving, at the client device, a signal representing sequential entry of each digit of the random secret number by actuation of a switch coupled to the client device a number of times equivalent to each digit of the random secret number; and
  
  upon correct entry of the random secret number at the client device, completing an authentication and key exchange process using the random secret number in an encryption and decryption process carried out at the server device and the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, further comprising:
    - hashing the random secret number at the server device using a hashing algorithm to produce a secret key;
      
      hashing the random secret number at the client device using the hashing algorithm to produce the secret key; and
      
      using the secret key to encrypt and decrypt an encryption/decryption key that is exchanged between the client device and the server device.
  - 3. The method according to claim 1, wherein the display comprises a multi-digit display and wherein the random secret number is displayed in its entirety by the server display.
  - 4. The method according to claim 1, wherein the random secret number is displayed by the server display a single digit at a time.
  - 5. The method according to claim 1, wherein the server display comprises a flashing display that represents each digit of the random secret number by a number of flashes.
  - 6. The method according to claim 1, further comprising, at the client device, actuating an enter switch after entry of each digit in order to signify the end of entry of the digit.
  - 7. The method according to claim 1, wherein the network comprises a power line communication (PLC) network.

8. A method for authenticating a client device into a network, comprising:
- at a server device, generating a multi-digit random secret number;
  
  displaying the random secret number on a server display coupled to the server device;
  
  while the client device is positioned in close enough physical proximity to the server device to permit observation of the displayed random secret number, receiving, at the client device, a signal representing sequential entry of each digit of the random secret number by actuation of a switch coupled to the client device a number of times equivalent to each digit of the random secret number;
  
  hashing the random secret number at the server device using a hashing algorithm to produce a secret key;
  
  hashing the random secret number at the client device using the hashing algorithm to produce the secret key; and
  
  using the secret key to encrypt and decrypt an encryption/decryption key that is exchanged between the client device and the server device.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method according to claim 8, wherein the display comprises a multi-digit display and wherein the random secret number is displayed in its entirety by the display.
  - 10. The method according to claim 8, wherein the random secret number is displayed by the display a single digit at a time.
  - 11. The method according to claim 10, wherein the server display comprises a flashing display that represents each digit of the random secret number by a number of flashes.
  - 12. The method according to claim 8, further comprising, at the client device, actuating an enter switch after entry of each digit in order to signify the end of entry of the digit.
  - 13. The method according to claim 8, wherein the network comprises a power line communication (PLC) network.

14. A method for authenticating a client device into a power line communication (PLC) network, comprising:
- at a server device, generating a multi-digit random secret number;
  
  displaying the random secret number on a server display coupled to the server device;
  
  while the client device is positioned in close enough physical proximity to the server device to permit observation of the displayed random secret number, receiving, at the client device, a signal representing sequential entry of each digit of the random secret number by actuation of a switch coupled to the client device a number of times equivalent to each digit of the random secret number;
  
  at the client device, actuating an enter switch after entry of each digit in order to signify the end of entry of the digit;
  
  hashing the random secret number at the server device using a hashing algorithm to produce a secret key;
  
  hashing the random secret number at the client device using the hashing algorithm to produce the secret key; and
  
  using the secret key to encrypt and decrypt an encryption/decryption key that is exchanged between the client device and the server device.
- View Dependent Claims (15, 16, 17)
- - 15. The method according to claim 14, wherein the display comprises a multi-digit display and wherein the random secret number is displayed in its entirety by the display.
  - 16. The method according to claim 14, wherein the random secret number is displayed by the display a single digit at a time.
  - 17. The method according to claim 16, wherein the display comprises a flashing display that represents each digit of the random secret number by a number of flashes.

18. A network client device, comprising:
- a network interface for communication over a communication network;
  
  a switch;
  
  wherein a random secret number can be entered at the client device by sequentially entering each digit of the random secret number by actuation of the switch a number of times equivalent to each digit of the random secret number;
  
  means for hashing the random secret number at the client device using the hashing algorithm to produce a secret key; and
  
  an encryption/decryption engine that uses the secret key in a decryption process for the exchange of an encryption/decryption key with a server device.
- View Dependent Claims (19, 20, 21)
- - 19. The network client device according to claim 18, further comprising, an enter switch, wherein the enter switch can be actuated after entry of each digit in order to signify the end of entry of the digit.
  - 20. The network client device according to claim 18, wherein the network interface comprises a power line communication (PLC) network interface.
  - 21. The network client device according to claim 18, wherein the encryption/decryption engine comprises a programmed processor.

22. A network server device, comprising:
- a network interface for communication over a communication network;
  
  a random number generator that generates a multi-digit random secret number;
  
  a display that displays the random secret number;
  
  means for hashing the random secret number using a hashing algorithm to produce a secret key; and
  
  an encryption/decryption engine that uses the secret key to encrypt an encryption/decryption key that is exchanged between a client device and the server device.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The network server device according to claim 22, wherein the display comprises a multi-digit display and wherein the random secret number is displayed in its entirety by the display.
  - 24. The network server device according to claim 22, wherein the random secret number is displayed by the server display a single digit at a time.
  - 25. The network server device according to claim 24, wherein the server display comprises a flashing display that represents each digit of the random secret number by a number of flashes.
  - 26. The network server device according to claim 22, wherein the network interface comprises a power line communication (PLC) network interface.
  - 27. The network server device according to claim 22, wherein the encryption/decryption engine comprises a programmed processor.

28. A communication network, comprising:
- a server device having;
  
  a server network interface for communication over a communication medium;
  
  a random number generator that generates a multi-digit random secret number;
  
  a display that displays the random secret number;
  
  server hashing means for hashing the random secret number using a hashing algorithm to produce a secret key; and
  
  a server encryption/decryption engine that uses the secret key to exchange an encryption/decryption key between the server device and a client device;
  
  the client device having;
  
  a client network interface for communication over the communication network;
  
  a switch;
  
  wherein a random secret number can be entered at the client device by sequentially entering each digit of the random secret number by actuation of the switch a number of times equivalent to each digit of the random secret number;
  
  client hashing means for hashing the random secret number at the client device using the hashing algorithm to produce a secret key; and
  
  a client encryption/decryption engine that uses the secret key to exchange of the encryption/decryption key with the server device.
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. The communication network according to claim 28, wherein the client device further comprises an enter switch, wherein the enter switch can be actuated after entry of each digit in order to signify the end of entry of the digit.
  - 30. The communication network according to claim 28, wherein the client and server network interfaces comprise power line communication (PLC) network interfaces.
  - 31. The communication network according to claim 28, wherein at least one of the client and server encryption/decryption engines comprise a programmed processor.
  - 32. The communication network according to claim 28, wherein the display comprises a multi-digit display and wherein the random secret number is displayed in its entirety by the display.
  - 33. The communication network according to claim 28, wherein the random secret number is displayed by the display a single digit at a time.
  - 34. The communication network according to claim 28, wherein the display comprises a flashing display that represents each digit of the random secret number by a number of flashes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.), Sony Electronics Inc. (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.), Sony Electronics Inc. (Sony Group Corp.)
Inventors
Iwamura, Ryuichi
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US11/332,899
Publication Number

US 20060190730A1
Time in Patent Office

1,610 Days
Field of Search

726/3, 726/10, 726/12, 726/21, 726/36, 713168-171, 713/161, 713183-184
US Class Current

713/183
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0863   involving passwords or one-...

H04L 9/0869   involving random numbers or...

H04L 9/3228   One-time or temporary data,...

H04L 9/3236   using cryptographic hash fu...

Y04S 40/20   Information technology spec...

Secure device authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Secure device authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links