Communication protocol for device authentication

US 8,296,565 B2
Filed: 03/06/2007
Issued: 10/23/2012
Est. Priority Date: 03/27/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for a device to authenticate an accessory having at least one communication port connected to the device, the method comprising:

monitoring the at least one communication port;

detecting the accessory attached to the at least one communication port;

driving the at least one communication port to a first voltage level to maintain the accessory in a sleep mode;

transitioning the at least one communication port to a second voltage level to initiate a wake up condition in the accessory;

transmitting a wake up command to the accessory via the at least one communication port;

transmitting from the device to the accessory an authentication command via the at least one communication port, wherein the authentication command comprises a plaintext challenge to the accessory, wherein the device stores multiple challenge/response vectors before transmitting the plaintext challenge, each of the vectors being different from the other vectors and the different vectors being concurrently stored by the device, and each vector including a plaintext challenge associated with a cyphertext response, and wherein the device selects the plaintext challenge included in the authentication command from among the plaintext challenges included in the stored multiple challenge/response vectors;

receiving an information request response via the at least one communication port from the accessory, the received information request response comprising a cyphertext response;

comparing the received cyphertext response with the stored cyphertext response associated with the transmitted plaintext challenge;

permitting use of the accessory when the received cyphertext response matches the stored cyphertext response associated with the transmitted plaintext challenge; and

limiting use of the accessory when the received cyphertext response does not match the stored cyphertext response associated with the transmitted plaintext challenge;

wherein the accessory comprises a secure authentication image file including data in an array of locations, and an accessory processor for receiving the wake up command, generating the cyphertext response using the secure authentication image file, and transmitting the cyphertext response to the device through the at least one communication port.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication protocol between a master device, such as a mobile phone, and a peripheral device facilitates authentication of the peripheral device. When a peripheral device is detected, the master device initiates a wake-up command to the peripheral device, transmits an authentication request command followed by challenge data to the peripheral device, and awaits responses from the peripheral device. The accessory receives the challenge data, performs a hash function on the challenge data, and generates response data. An authentication response type byte is sent to the handset followed by the response data. The handset compares the response data to pre-stored data that is associated with the challenge data. A match indicates that the accessory is authentic. The challenge/response data, also referred to as a plaintext/cyphertext pair, is pre-generated external to the handset using the hash function, then pre-stored in the handset.

57 Citations

View as Search Results

16 Claims

1. A method for a device to authenticate an accessory having at least one communication port connected to the device, the method comprising:
- monitoring the at least one communication port;
  
  detecting the accessory attached to the at least one communication port;
  
  driving the at least one communication port to a first voltage level to maintain the accessory in a sleep mode;
  
  transitioning the at least one communication port to a second voltage level to initiate a wake up condition in the accessory;
  
  transmitting a wake up command to the accessory via the at least one communication port;
  
  transmitting from the device to the accessory an authentication command via the at least one communication port, wherein the authentication command comprises a plaintext challenge to the accessory, wherein the device stores multiple challenge/response vectors before transmitting the plaintext challenge, each of the vectors being different from the other vectors and the different vectors being concurrently stored by the device, and each vector including a plaintext challenge associated with a cyphertext response, and wherein the device selects the plaintext challenge included in the authentication command from among the plaintext challenges included in the stored multiple challenge/response vectors;
  
  receiving an information request response via the at least one communication port from the accessory, the received information request response comprising a cyphertext response;
  
  comparing the received cyphertext response with the stored cyphertext response associated with the transmitted plaintext challenge;
  
  permitting use of the accessory when the received cyphertext response matches the stored cyphertext response associated with the transmitted plaintext challenge; and
  
  limiting use of the accessory when the received cyphertext response does not match the stored cyphertext response associated with the transmitted plaintext challenge;
  
  wherein the accessory comprises a secure authentication image file including data in an array of locations, and an accessory processor for receiving the wake up command, generating the cyphertext response using the secure authentication image file, and transmitting the cyphertext response to the device through the at least one communication port.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - monitoring the at least one communication port for a voltage level transition at the accessory;
      
      detecting the voltage level transition at the accessory;
      
      entering a command listen mode at the accessory;
      
      detecting the wake up command at the accessory;
      
      receiving the authentication command from the device;
      
      receiving the plaintext challenge from the device;
      
      performing a hash function on the received plaintext challenge utilizing a secure authentication image file to generate a cyphertext response, the image file including data for a two-dimensional array of regularly spaced locations;
      
      sending an authentication response type byte to the device; and
      
      sending the generated cyphertext response to the device.
  - 3. The method claim 1, further comprising:
    - transmitting an information request command via the at least one communication port to the accessory.
  - 4. The method of claim 3, wherein the information request command is a timing command, and wherein the information request response comprises a timing response and a timing byte.
  - 5. The method of claim 3, wherein the information request command is a temperature command, and wherein the information request response comprises a temperature response and temperature data.
  - 6. The method of claim 3, wherein the information request command is an identification command, and wherein the information request response comprises an identification response and identification data.
  - 7. The method of claim 1, wherein the transmitting and the receiving steps between the device and the accessory are half duplex communications.
  - 8. The method of claim 1, wherein the device is a wireless communication device, and the accessory is a battery.

9. A system for authenticating an accessory, comprising:
- a device comprising;
  
  at least one communication port for connection to the accessory;
  
  a memory for storing at least one information request command and at least one expected information request response; and
  
  a processor coupled to the memory and the at least one communication port, the processor monitoring the at least one communication port, detecting the accessory attached to the at least one communication port, driving the at least one communication port to a first voltage level to maintain the accessory in a sleep mode, transitioning the at least one communication port to a second voltage level to initiate a wake up condition in the accessory, transmitting a wake up command to the accessory via the at least one communication port, transmitting from the device to the accessory an authentication command via the at least one communication port to the accessory, receiving an information request response via the at least one communication port from the accessory, comparing the received information request response with the at least one expected information request response, permitting use of the accessory when at least a portion of the received information request response matches the at least one expected information request response, and limiting use of the accessory when the at least a portion of the received information request response does not match the at least one expected information request response,wherein the authentication command comprises a plaintext challenge to the accessory,wherein the device stores multiple challenge/response vectors before transmitting the plaintext challenge,each of the vectors being different from the other vectors and the different vectors being concurrently stored by the device, andeach vector including a plaintext challenge associated with a cyphertext response, andwherein the device selects the plaintext challenge included in the authentication command from among the plaintext challenges included in the stored challenge/response vectors; and
  
  wherein the pre-stored expected information request response is the cyphertext response that the device associates with the selected plaintext challenge; and
  
  the accessory for attachment to the device through the at least one communication port, the accessory comprising;
  
  a secure authentication image file, the image file including data for an array of regularly spaced locations; and
  
  a accessory processor for detecting a voltage level transition, entering a command listen mode, detecting the first and second voltage levels, receiving the transmitted authentication command, generating an information request response, and transmitting the information request response to the device through the at least one communication port.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the at least one information request command comprises an authentication command and a plaintext challenge;
    - wherein at least a portion of the information request response is a cyphertext response;
      
      wherein the accessory processor performs a hash function on the received plaintext challenge utilizing the secure authentication image file to generate the cyphertext response.
  - 11. The system of claim 9, wherein the information request command is a timing command, and wherein the information request response comprises a timing response and a timing byte.
  - 12. The system of claim 9, wherein the information request command is a temperature command, and wherein the information request response comprises a temperature response and temperature data.
  - 13. The system of claim 9, wherein the information request command is an identification command, and wherein the information request response comprises an identification response and identification data.
  - 14. The system of claim 9, wherein the transmitting and the receiving steps between the device and the accessory are half duplex communications.
  - 15. The system of claim 9, wherein the device is a wireless communication device and the accessory is a battery for supplying power to the wireless communication device.

16. A method for a device to authenticate an accessory having at least one communication port connected to the device, the method comprising:
- monitoring the at least one communication port;
  
  detecting the accessory attached to the at least one communication port;
  
  driving the at least one communication port to a first voltage level to maintain the accessory in a sleep mode;
  
  transitioning the at least one communication port to a second voltage level to initiate a wake up condition in the accessory;
  
  transmitting a wake up command to the accessory via the at least one communication port;
  
  transmitting to the accessory a plaintext challenge via the at least one communication port,wherein the device stores multiple challenge/response vectors before transmitting the plaintext challenge,each of the multiple challenge/response vectors being different from the other vectors and the different vectors being concurrently stored by the device, andeach vector including a plaintext challenge associated with a cyphertext response, andwherein the device selects the plaintext challenge from among the plaintext challenges included in the stored challenge/response vectors;
  
  receiving, in response to the transmitted plaintext challenge a cyphertext response via the at least one communication port from the accessory;
  
  comparing the received cyphertext response with a stored cyphertext response associated with the transmitted plaintext challenge;
  
  permitting use of the accessory when the received cyphertext response matches the stored cyphertext response that the device associated with the transmitted plaintext challenge selected by the device; and
  
  limiting use of the accessory when the received cyphertext response does not match the stored cyphertext response;
  
  wherein the accessory comprises a secure authentication image file including data in an array of locations, and an accessory processor for receiving the wake up command, generating the cyphertext response using the secure authentication image file, and transmitting the cyphertext response to the device through the at least one communication port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intertrust Technologies Corporation (Fidelio Acquisition Co LLC)
Original Assignee
Kyocera Corporation
Inventors
Taylor, John P.
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Holder, Bradley

Application Number

US11/682,840
Publication Number

US 20070226497A1
Time in Patent Office

2,058 Days
Field of Search

713/168, 713/169, 713/170, 380/247
US Class Current

713/169
CPC Class Codes

G06F 21/31   User authentication

G06F 21/81   by operating on the power s...

G06F 2221/2129   Authenticate client device ...

H04L 2209/80   Wireless network architectu...

H04L 9/3271   using challenge-response

H04M 1/0262   for a battery compartment

H04M 1/72409   by interfacing with externa...

H04M 1/72412   using two-way short-range w...

Communication protocol for device authentication

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Communication protocol for device authentication

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links