System and method for authenticating streamed data

US 8,078,867 B2
Filed: 08/12/2005
Issued: 12/13/2011
Est. Priority Date: 08/12/2005
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating data streamed as indexed data packets to a device, in which authentication data is not distributed over the packets, the method comprising:

receiving, at the device, data in a streamed plurality of packets transmitted by a data server;

detecting an interruption in transmission of the streamed plurality of packets from the data server, wherein the streamed plurality of packets comprises a truncated packet;

determining, at the device, a packet preceding the truncated packet within the streamed plurality of packets, and identifying the packet preceding the truncated packet as a last non-truncated packet;

after detecting the interruption in the streamed plurality of packets, submitting a request for a server-computed authentication value to a network-connected data authentication server with an identification of the last non-truncated packet that precedes the truncated packet as determined at the device, the data authentication server connected to the device by a network, the server-computed authentication value based on a subset of the data transmitted by the data server that comprises the last non-truncated packet but does not include the truncated packet, and the network-connected data authentication server having access to the data that was transmitted from the data server to the device;

receiving the server-computed authentication value from the data authentication server, computed in response to the request; and

comparing a device-computed authentication value based on a subset of the data received at the device corresponding to the subset of the data transmitted by the data server with the server-computed authentication value in order to determine if the subset of the data received at the device is authentic.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method that facilitates the authentication of streamed data received at a device, where authentication information is not distributed over the data stream. One embodiment of a method of authenticating data comprises the steps of: receiving, at the device, data in a plurality of packets transmitted by a data server; submitting a request for a server-computed authentication value to a data authentication server, wherein the data authentication server is adapted to compute the server-computed authentication value based on a subset of the data transmitted by the data server; receiving, at the device, the server-computed authentication value from the data authentication server in response to the request; computing a device-computed authentication value based on a subset of the data received at the device corresponding to the subset of the data transmitted by the data server; and determining if the subset of the data received at the device is authentic by comparing the server-computed and device-computed authentication values.

17 Citations

View as Search Results

20 Claims

1. A method of authenticating data streamed as indexed data packets to a device, in which authentication data is not distributed over the packets, the method comprising:
- receiving, at the device, data in a streamed plurality of packets transmitted by a data server;
  
  detecting an interruption in transmission of the streamed plurality of packets from the data server, wherein the streamed plurality of packets comprises a truncated packet;
  
  determining, at the device, a packet preceding the truncated packet within the streamed plurality of packets, and identifying the packet preceding the truncated packet as a last non-truncated packet;
  
  after detecting the interruption in the streamed plurality of packets, submitting a request for a server-computed authentication value to a network-connected data authentication server with an identification of the last non-truncated packet that precedes the truncated packet as determined at the device, the data authentication server connected to the device by a network, the server-computed authentication value based on a subset of the data transmitted by the data server that comprises the last non-truncated packet but does not include the truncated packet, and the network-connected data authentication server having access to the data that was transmitted from the data server to the device;
  
  receiving the server-computed authentication value from the data authentication server, computed in response to the request; and
  
  comparing a device-computed authentication value based on a subset of the data received at the device corresponding to the subset of the data transmitted by the data server with the server-computed authentication value in order to determine if the subset of the data received at the device is authentic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the network-connected data authentication server is adapted to compute the server-computed authentication value by applying an authentication value generating function to the subset of the data transmitted by the data server, and wherein the device-computed authentication value is computed by applying the same authentication value generating function to the subset of the data received at the device corresponding to the subset of the data transmitted by the data server.
  - 3. The method of claim 2, wherein the authentication value generating function is a hash function.
  - 4. The method of claim 1, wherein the identification of the last non-truncated packet comprises an end index, and wherein the end index defines both the subset of the data transmitted by the data server on which the server-computed authentication value is based and the subset of the data received by the device on which the device-computed authentication value is based.
  - 5. The method of claim 1, further comprising submitting a request to the data server to re-transmit data of at least one of the plurality of packets.
  - 6. The method of claim 1, further comprising identifying a start index, wherein the request further comprises the start index, and wherein the start index defines both the subset of the data transmitted by the data server on which the server-computed authentication value is based and the subset of the data received by the device on which the device-computed authentication value is based.
  - 7. The method of claim 1, wherein the subset of the data transmitted by the data server on which the server-computed authentication value is based includes all of the packets in the streamed plurality of packets transmitted by the data server up to and including the last non-truncated packet.
  - 8. The method of claim 1, wherein the network-connected data authentication server is further adapted to sign the server-computed authentication value computed thereby, wherein the server-computed authentication value received at the device is signed, and wherein the method further comprises verifying the signature of the server-computed authentication value.
  - 9. The method of claim 1, wherein the network-connected data authentication server is further adapted to generate a message authentication code for the server-computed authentication value computed thereby, wherein the method further comprises receiving the message authentication code for the server-computed authentication value received at the device, and wherein the method further comprises verifying the message authentication code for the server-computed authentication value.
  - 10. The method of claim 1, wherein the device is a mobile device.
  - 11. The method of claim 1, wherein the data server is adapted to store a copy of data transmitted thereby in a streamed data store, accessible to the network-connected data authentication server.
  - 12. The method of claim 1, wherein the data server and the network-connected data authentication server are the same computing device.

13. A non-transitory computer-readable storage medium upon which a plurality of instructions executable by a processor is stored, the instructions for performing a method of authenticating data streamed as indexed data packets to a device, in which authentication data is not distributed over the packets, the method comprising:
- receiving, at the device, data in a streamed plurality of packets transmitted by a data server;
  
  detecting an interruption in transmission of the streamed plurality of packets from the data server, wherein the streamed plurality of packets comprises a truncated packet;
  
  determining, at the device, a packet preceding the truncated packet within the streamed plurality of packets, and identifying the packet preceding the truncated packet as a last non-truncated packet;
  
  after detecting the interruption in the streamed plurality of packets, submitting a request for a server-computed authentication value to a network-connected data authentication server with an identification of the last non-truncated packet that precedes the truncated packet as determined at the device, the data authentication server connected to the device by a network, the server-computed authentication value based on a subset of the data transmitted by the data server that comprises the last non-truncated packet but does not include the truncated packet, and the network-connected data authentication server having access to the data that was transmitted from the data server to the device;
  
  receiving the server-computed authentication value from the network-connected data authentication server, computed in response to the request; and
  
  comparing a device-computed authentication value based on a subset of the data received at the device corresponding to the subset of the data transmitted by the data server with the server-computed authentication value in order to determine if the subset of the data received at the device is authentic.

14. A mobile device for authenticating data streamed as indexed data packets received at the device, in which authentication data is not distributed over the packets, the mobile device comprising a processor and a memory storing a plurality of instructions, which when executed by the processor, cause the processor to:
- receive data in a streamed plurality of packets transmitted by a data server;
  
  detect an interruption in transmission of the streamed plurality of packets from the data server, wherein the streamed plurality of packets comprises a truncated packet;
  
  determine a packet preceding the truncated packet within the streamed plurality of packets, and identify the packet preceding the truncated packet as a last non-truncated packet;
  
  after detecting the interruption in the streamed plurality of packets, submit a request for a server-computed authentication value to a network-connected data authentication server with an identification of the last non-truncated packet that precedes the truncated packet as determined at the device, the data authentication server connected to the device by a network, the server-computed authentication value based on a subset of the data transmitted by the data server that comprises the last non-truncated packet but does not include the truncated packet, and the network-connected data authentication server having access to the data that was transmitted from the data server to the device;
  
  receive the server-computed authentication value from the network-connected data authentication server, computed in response to the request; and
  
  compare a device-computed authentication value based on a subset of the data received at the device corresponding to the subset of the data transmitted by the data server with the server-computed authentication value in order to determine if the subset of the data received at the device is authentic.

15. A system for authenticating data streamed as indexed data packets, wherein authentication data is not distributed over the packets, the system comprising:
- a data server adapted to transmit data in a streamed plurality of packets;
  
  a device adapted to receive data in the streamed plurality of packets transmitted by the data server;
  
  detect an interruption in transmission of the streamed plurality of packets from the data server, wherein the streamed plurality of packets comprises a truncated packet; and
  
  determine a packet preceding the truncated packet within the streamed plurality of packets, and identify the packet preceding the truncated packet as a last non-truncated packet; and
  
  a network-connected data authentication server adapted to compute a server-computed authentication value based on a subset of the data transmitted by the data server, said network-connected data authentication server being connected to said device by a network and having access to the data that was transmitted from the data server to the device;
  
  wherein the device is further adapted to;
  
  after detecting the interruption in the streamed plurality of packets, submit a request for the server-computed authentication value to the network-connected data authentication server with an identification of the last non-truncated packet that precedes the truncated packet, the server-computed authentication value based on a subset of the data transmitted by the data server that comprises the last non-truncated packet but does not include the truncated packet,receive the server-computed authentication value from the network-connected data authentication server over the network, computed in response to the request;
  
  compute a device-computed authentication value based on a subset of the data received at the device corresponding to the subset of the data transmitted by the data server; and
  
  determine if the subset of the data received at the device is authentic by comparing the server-computed and device-computed authentication values.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the network-connected data authentication server is further adapted to sign the server-computed authentication value computed thereby.
  - 17. The system of claim 15, wherein the network-connected data authentication server is further adapted to generate a message authentication code for the server-computed authentication value computed thereby.
  - 18. The system of claim 15, wherein the device is a mobile device.
  - 19. The system of claim 15, further comprising a streamed data store in which a copy of data transmitted by the data server is stored, wherein the streamed data store is accessible to the network-connected data authentication server.
  - 20. The system of claim 15, wherein the data server and the network-connected data authentication server are the same computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael K., Tapuska, David F., Brown, Michael S.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Nobahar, Abdulhakim

Application Number

US11/202,081
Publication Number

US 20070038855A1
Time in Patent Office

2,314 Days
Field of Search

713/150, 713/160, 713/161, 713/168, 713/170, 713/175, 713/176, 713/179, 713/180, 726 22- 24, 455/3.01, 455/3.06, 455/410, 455/411
US Class Current

713/161
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/123 received data contents, e.g...

System and method for authenticating streamed data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authenticating streamed data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links