Two-way authentication using a combined code

US 8,171,534 B2
Filed: 08/30/2010
Issued: 05/01/2012
Est. Priority Date: 12/13/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

receiving a combined code comprising a combined code hash of at least two sets of data from which an encoding scheme of the at least two sets of data can be determined, the at least two sets of data comprising;

a first set of data that includes a first hash of a public key associated with a certificate used to establish a secure channel with a target service, anda second set of data that includes a credential for authentication;

validating the certificate with the first set of data included in the combined code; and

responsive to successful validation of the certificate, providing the credential from the second set of data to the target service for authentication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication process for a client and a target service to perform mutual authentication. A combined code is received that comprises a combined code hash of at least two sets of data from which an encoding scheme of the at least two sets of data can be determined. The two sets of data comprise a first set of data that includes a first hash of a public key associated with a certificate used to establish a secure channel with a target service, and a second set of data that includes a credential for authentication. The certificate can be validated with the first set of data included in the combined code. In response to a successful validation of the certificate, the credential from the second set of data can be provided to the target service for authentication.

29 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving a combined code comprising a combined code hash of at least two sets of data from which an encoding scheme of the at least two sets of data can be determined, the at least two sets of data comprising;
  
  a first set of data that includes a first hash of a public key associated with a certificate used to establish a secure channel with a target service, anda second set of data that includes a credential for authentication;
  
  validating the certificate with the first set of data included in the combined code; and
  
  responsive to successful validation of the certificate, providing the credential from the second set of data to the target service for authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as recited in claim 1, further comprising:
    - computing a second hash of the public key that is associated with the certificate; and
      
      determining the certificate is valid when the first hash and second hash match.
  - 3. The method as recited in claim 2, further comprising establishing the secure channel with the target service responsive to determining the certificate is valid.
  - 4. The method as recited in claim 3, further comprising receiving an authentication challenge and providing a response to the authentication challenge that includes the credential in a header field of the response.
  - 5. The method as recited in claim 1, further comprising receiving the combined code out-of-band via at least one of a user-interface, a bar code scanner, a radio frequency identification (RFID) reader, a wired data connection, a wireless data connection, or as an optical data communication.
  - 6. The method as recited in claim 1, further comprising:
    - determining an indicator in the combined code; and
      
      parsing the combined code to identify the at least two sets of data based, at least in part, on the indicator.
  - 7. The method as recited in claim 1, wherein the target service is included in at least one of a network device, a computer device, a network appliance, a wireless access point, a printer, a router, a scanner, a phone, or a camera.

8. A method comprising:
- communicating a combined code and a certificate to a client, the combined code containing data for the client to authenticate a server device and the certificate including information to establish a secure channel with the client, the data comprising a hash of a public key included in the certificate, the combined code including a first credential and a combined code hash of the combined code to enable the client to determine an encoding scheme of at least the hash of the public key;
  
  receiving a second credential from the client via an established secure channel; and
  
  authenticating the client by comparing the second credential with the first credential.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method as recited in claim 8, wherein the combined code is communicated to the client as at least one of a label on a device, a message, an email, a radio frequency identification (RFID) tag, a magnetic data strip, an optical communication, or via a data connection.
  - 10. The method as recited in claim 9, wherein the combined code is displayed on the label as at least one of plain text, readable symbols, machine-readable data, a bar code, or in Braille.
  - 11. The method as recited in claim 8, wherein the first credential in the combined code is valid for a limited number of uses.
  - 12. The method as recited in claim 8, further comprising requiring the client to provide a valid credential within a limited number of attempts.
  - 13. The method as recited in claim 8, wherein the certificate is communicated to the client using Hyper-Text Transport Protocol (HTTP) communications.
  - 14. The method as recited in claim 8, further comprising establishing the secure channel using Transport Layer Security (TLS) protocols.
  - 15. The method as recited in claim 8, wherein the server device is at least one of a network device, a computer device, a network appliance, a wireless access point, a printer, a router, a scanner, a phone, or a camera.

16. A method comprising:
- receiving a combined code out-of-band that includes a first hash of a public key associated with a target service and a combined code hash of the combined code usable to determine an encoding format of the first hash of the public key;
  
  authenticating the target service using the first hash of the public key;
  
  identifying a credential in the combined code; and
  
  providing the credential to the target service for authentication.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method as recited in claim 16, further comprising:
    - receiving a certificate to establish a secure channel with the target service;
      
      identifying the public key in the certificate;
      
      computing a second hash of the public key in the certificate; and
      
      authenticating the target service by comparing the first hash and the second hash.
  - 18. The method as recited in claim 17, further comprising marking the certificate as trusted and storing the certificate in a trusted certificate store when the target service is authenticated.
  - 19. The method as recited in claim 16, further comprising identifying a typographical error in a user input of the combined code.
  - 20. The method as recited in claim 16, further comprising determining a coding format based on a first character of the combined code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Chan, Shannon J., Kuehnel, Thomas W.
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
SIMS, JING F

Application Number

US12/871,802
Publication Number

US 20100333186A1
Time in Patent Office

610 Days
Field of Search

726/20, 726/2, 726 3- 5, 726 9- 10, 713/159, 713/172, 713/156, 713/150, 713/168, 713/169, 380/277, 380/44
US Class Current

726/9
CPC Class Codes

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0869   for achieving mutual authen...

H04L 63/1466   Active attacks involving in...

H04L 63/18   using different networks or...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3263   involving certificates, e.g...

Two-way authentication using a combined code

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Two-way authentication using a combined code

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others