Authentication method, system, server, and client

US 8,245,048 B2
Filed: 10/11/2011
Issued: 08/14/2012
Est. Priority Date: 11/08/2007
Status: Active Grant

First Claim

Patent Images

1. An authentication method based on the Data Synchronization (DS) protocol, comprising:

receiving, by a client device, a trigger message sent from a server, wherein the trigger message includes;

a session ID identifying a session to be triggered, and a first digest;

authenticating, by the client device, the first digest of the trigger message using a server nonce stored in the client device;

re-authenticating, by the client device, the first digest of the trigger message using the session ID if the authentication fails; and

sending, by the client device, a session request, wherein the session request includes the session ID and a second digest generated using a client nonce, to the server.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication method is disclosed herein. The method includes: by a server, using a Trigger message nonce to generate a Trigger message, and sending the generated Trigger message to a client so that the client can extract the Trigger message nonce; after determining that the Trigger message nonce is valid, using the Trigger message nonce to generate a digest, and authenticating the Trigger message generated by using the Trigger message nonce; after the authentication succeeds, sending a session request to the server indicated by the Trigger message, where the session request carries a session ID. The corresponding system, server and client are disclosed herein. The present invention makes the authentication process more secure through the client and the server based on the DS or DM protocol.

Citations

10 Claims

1. An authentication method based on the Data Synchronization (DS) protocol, comprising:
- receiving, by a client device, a trigger message sent from a server, wherein the trigger message includes;
  
  a session ID identifying a session to be triggered, and a first digest;
  
  authenticating, by the client device, the first digest of the trigger message using a server nonce stored in the client device;
  
  re-authenticating, by the client device, the first digest of the trigger message using the session ID if the authentication fails; and
  
  sending, by the client device, a session request, wherein the session request includes the session ID and a second digest generated using a client nonce, to the server.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - sending, by the client device, a new server nonce to the server so that the server updates a stored server nonce using the new server nonce.
  - 3. The method of claim 2, wherein the new server nonce is carried in the session request.
  - 4. The method of claim 2, wherein the new server nonce is carried in a response message to the server.
  - 5. The method of claim 1, further comprising:
    - updating, by the client device, a server password.

6. A client device, comprising:
- a receiving unit, configured to receive a trigger message sent from a server, wherein the trigger message includes;
  
  a session ID identifying a session to be triggered, and a first digest; and
  
  a generating unit, configured to authenticate the first digest of the trigger message using a server nonce stored in the client device, re-authenticate the first digest of the trigger message using the session ID if the authentication fails, and send a session request, wherein the session request includes the session ID and a second digest generated using a client nonce, to the server.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The client device of claim 6, wherein the generating unit is further configured to send a new server nonce to the server so that the server updates a stored server nonce using the new server nonce.
  - 8. The client device of claim 7, wherein the generating unit is further configured to carry the new server nonce in the session request.
  - 9. The client device of claim 7, wherein the generating unit is further configured to carry the new server nonce in a response message to the server.
  - 10. The client device of claim 6, further comprising:
    - a password changing unit, configured to change a server password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Chai, Xiaoqian, Gao, Hongtao, Li, Kepeng, Tian, Linyi
Primary Examiner(s)
Davis, Zachary A
Assistant Examiner(s)
Pan, Joseph

Application Number

US13/270,579
Publication Number

US 20120030472A1
Time in Patent Office

308 Days
Field of Search

713168-170, 713/176, 713/181, 713/171, 726/2, 726/3, 380/229, 380/232
US Class Current

713/181
CPC Class Codes

H04L 41/082   the condition being updates...

H04L 63/08   for authentication of entit...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3271   using challenge-response

Authentication method, system, server, and client

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method, system, server, and client

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links