Authentication method, client, server and system

US 8,239,679 B2
Filed: 11/19/2009
Issued: 08/07/2012
Est. Priority Date: 06/28/2007
Status: Active Grant

First Claim

Patent Images

1. An authentication method, wherein a server stores a second key, the method comprising:

sending a challenge to a client by the server;

obtaining a first key by the client;

performing a transformation on the first key utilizing a local hash function to obtain a third key by the client;

encrypting the first key and the challenge utilizing the third key to obtain a ciphertext by the client; and

sending the ciphertext to the server by the client;

decrypting the ciphertext utilizing the second key stored locally by the server;

obtaining decrypted first key and decrypted challenge after decrypting the ciphertext, if the second key is the same as the third key by the server;

performing a transformation on the decrypted first key utilizing a local hash function to obtain a fourth key by the server;

passing an authentication of the client, if the decrypted challenge and the fourth key are respectively the same as the challenge sent by the server and the second key stored by the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication method, which includes: a server sends a challenge to a client; the client obtains a first key performs a transformation on the first key utilizing a local hash function to obtain a third key, encrypts the first key and the challenge utilizing the third key to obtain a ciphertext, and sends the ciphertext to the server; the server decrypts the ciphertext utilizing a second key stored locally, obtains a decrypted first key and a decrypted challenge if the second key is the same as the third key, performs a transformation on the decrypted first key utilizing a local hash function to obtain a fourth key, the client passes the authentication if the decrypted challenge and the fourth key are respectively the same as the challenge sent by the server and the second key stored locally by the server.

Citations

15 Claims

1. An authentication method, wherein a server stores a second key, the method comprising:
- sending a challenge to a client by the server;
  
  obtaining a first key by the client;
  
  performing a transformation on the first key utilizing a local hash function to obtain a third key by the client;
  
  encrypting the first key and the challenge utilizing the third key to obtain a ciphertext by the client; and
  
  sending the ciphertext to the server by the client;
  
  decrypting the ciphertext utilizing the second key stored locally by the server;
  
  obtaining decrypted first key and decrypted challenge after decrypting the ciphertext, if the second key is the same as the third key by the server;
  
  performing a transformation on the decrypted first key utilizing a local hash function to obtain a fourth key by the server;
  
  passing an authentication of the client, if the decrypted challenge and the fourth key are respectively the same as the challenge sent by the server and the second key stored by the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein obtaining the first key by the client comprises:
    - storing an initial key by the client;
      
      performing a transformation on the initial key utilizing a general transformation function to obtain the first key by the client.
  - 3. The method according to claim 1, wherein obtaining the first key by the client comprises:
    - storing the first key locally in advance by the client.
  - 4. The method according to claim 1, wherein the challenge sent by the server to the client comprises at least one of:
    - time, a SESSION-ID, random numbers.
  - 5. The method according to claim 1, wherein the hash function is a message digest algorithm (MD5) or a secure hash algorithm (SHA1).
  - 6. The method according to claim 1, wherein the server stores the second key comprises:
    - the server stores the second key locally corresponding to an identifier of the client.
  - 7. The method according to claim 6, wherein decrypting the ciphertext utilizing the second key stored locally comprises:
    - searching for the second key stored locally according to the identifier of the client;
      
      decrypting the ciphertext utilizing the second key.

8. A client which is configured for authentication, comprising:
- a first module, including a processor and a memory, configured to receive a challenge sent by a server, and send a ciphertext coming from a third module to the server;
  
  a second module, including a processor and a memory, configured to store a hash function;
  
  a third module, including a processor and a memory, configured to obtain a first key, perform a transformation on the first key utilizing the hash function coming from the second module to obtain a second key, and encrypt the first key and the challenge received by the first module utilizing the second key to obtain the ciphertext.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The client according to claim 8, wherein the second module is further configured to store an initial key, andthe third module is further configured to perform a transformation on the initial key coming from the second module utilizing a general transformation function to obtain the first key.
  - 10. The client according to claim 8, wherein the second module is further configured to store the first key;
    - andthe third module is further configured to obtain the first key from the second module.
  - 11. The client according to any one of claims 8, wherein the client comprises a USB-KEY device.
  - 12. The client according to claim 9, wherein the client comprises a USB-KEY device.
  - 13. The client according to claim 10, wherein the client comprises a USB-KEY device.

14. A server which is configured for authentication, comprising:
- a first module, including a processor and a memory, configured to send a challenge to a client, and receive a ciphertext sent by the client;
  
  a second module, including a processor and a memory, configured to store a first key and a hash function;
  
  a third module, including a processor and a memory, configured to decrypt the ciphertext received by the first module utilizing the first key stored by the second module, obtain a decrypted third key and a decrypted challenge if the first key is the same as a second key adopted to encrypt the ciphertext in the client, perform a transformation on the third key utilizing the hash function to obtain a fourth key, determine the client has passed the authentication if the decrypted challenge and the fourth key are respectively the same as the challenge sent by the first module and the first key stored by the second module.

15. An authentication system, comprising a server and a client, whereinthe client obtaining a first key, performing a transformation on the first key utilizing a locally stored hash function to obtain a second key after receiving a challenge sent by the server, encrypting the first key and the challenge utilizing the second key to obtain a ciphertext, and send the ciphertext to the server;
- the server is configured to store a third key, send the challenge to the client, decrypt the ciphertext utilizing the third key stored locally after receiving the ciphertext from the client, obtain a decrypted first key and a decrypted challenge if the third key is the same as the second key, perform a transformation on the decrypted first key utilizing a local hash function to obtain a fourth key, determine the client has passed an authentication if the decrypted challenge and the fourth key are respectively the same as the challenge sent by the server and the third key stored locally by the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tencent Technology Shenzhen Company Limited (Tencent Holdings Limited)
Original Assignee
Tencent Technology Shenzhen Company Limited (Tencent Holdings Limited)
Inventors
Lu, Shan
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
David, Dorianne Alvarado

Application Number

US12/621,625
Publication Number

US 20100070766A1
Time in Patent Office

992 Days
Field of Search

713168-171
US Class Current

713/168
CPC Class Codes

H04L 9/0822   using key encryption key

H04L 9/14   using a plurality of keys o...

H04L 9/3271   using challenge-response

Authentication method, client, server and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method, client, server and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links