System and method for authenticating streamed data

US 8,407,468 B2
Filed: 11/18/2011
Issued: 03/26/2013
Est. Priority Date: 08/12/2005
Status: Active Grant

First Claim

Patent Images

1. A device for authenticating data, the device comprising a processor and a memory, the memory storing a plurality of instructions that, when executed by the processor, configure the processor to:

receive data in a plurality of indexed packets transmitted by a data server, the data of the indexed packets being at least a portion of a larger data stream that is processed as the data is received at the device;

wherein authentication data for the data stream is absent from the plurality of indexed packets;

submit a request for a server-computed authentication value, to a data authentication server, over a network, wherein if the data stream is interrupted, the request submitted by the device identifies a point in the data stream where the data stream is interrupted, and wherein the data authentication server has access to the data that was transmitted from the data server to the device and computes the server-computed authentication value based on a subset of the data transmitted by the data server up to the point where the data stream is interrupted;

receive, from the data authentication server, the server-computed authentication value; and

compare a device-computed authentication value, based on a subset of the received data corresponding to the subset of the data transmitted by the data server, with the server-computed authentication value in order to determine whether the subset of the data received at the device is authentic.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of a method of authenticating data comprises: receiving, at a device, data in a plurality of indexed packets transmitted by a data server, the data of the indexed packets being at least a portion of a larger data stream; receiving, at the device, from a data authentication server connected to the device by a network, a server-computed authentication value based on a subset of the data transmitted by the data server, the data authentication server having access to the data that was transmitted from the data server to the device; and comparing a device-computed authentication value based on a subset of the received data, corresponding to the subset of the data transmitted by the data server, with the server-computed authentication value in order to determine whether the subset of the data received at the device is authentic.

Citations

27 Claims

1. A device for authenticating data, the device comprising a processor and a memory, the memory storing a plurality of instructions that, when executed by the processor, configure the processor to:
- receive data in a plurality of indexed packets transmitted by a data server, the data of the indexed packets being at least a portion of a larger data stream that is processed as the data is received at the device;
  
  wherein authentication data for the data stream is absent from the plurality of indexed packets;
  
  submit a request for a server-computed authentication value, to a data authentication server, over a network, wherein if the data stream is interrupted, the request submitted by the device identifies a point in the data stream where the data stream is interrupted, and wherein the data authentication server has access to the data that was transmitted from the data server to the device and computes the server-computed authentication value based on a subset of the data transmitted by the data server up to the point where the data stream is interrupted;
  
  receive, from the data authentication server, the server-computed authentication value; and
  
  compare a device-computed authentication value, based on a subset of the received data corresponding to the subset of the data transmitted by the data server, with the server-computed authentication value in order to determine whether the subset of the data received at the device is authentic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The device of claim 1, wherein the server-computed authentication value and the device-computed authentication value are each computed by applying a same generating function to the subset of the data transmitted by the data server and to the subset of the received data corresponding to the subset of the data transmitted by the data server, respectively.
  - 3. The device of claim 2, wherein the generating function comprises a hash function.
  - 4. The device of claim 1, wherein the processor is further configured to identify an end index, wherein the request comprises the end index, and wherein the end index defines both the subset of the data, transmitted by the data server, on which the server-computed authentication value is based and the subset of the data, received by the device, on which the device-computed authentication value is based.
  - 5. The device of claim 4, wherein the end index is associated with a last non-truncated packet of data received at the device.
  - 6. The device of claim 1, wherein the processor is further configured to submit a request to the data server to re-transmit data of at least one of the plurality of indexed packets.
  - 7. The device of claim 1, wherein the processor is further configured to identify a start index, wherein the request further comprises the start index, and wherein the start index defines both the subset of the data, transmitted by the data server, on which the server-computed authentication value is based and the subset of the data, received by the device, on which the device-computed authentication value is based.
  - 8. The device of claim 1, wherein the subset of the data, transmitted by the data server, on which the server-computed authentication value is based includes all of the packets in the plurality of indexed packets transmitted by the data server.
  - 9. The device of claim 1, wherein the processor is further configured to verify a signature, generated by the data authentication server, of the server-computed authentication value.
  - 10. The device of claim 1, wherein the processor is further configured to receive a message authentication code, generated by the data authentication server, for the server-computed authentication value received at the device and to verify the message authentication code.
  - 11. The device of claim 1, wherein the device comprises a mobile device.
  - 12. The device of claim 1, wherein the data server stores a copy of data transmitted by the data server in a streamed data store accessible to the data authentication server.
  - 13. The device of claim 1, wherein the data server and the data authentication server are the same computing device.

14. A method of authenticating data, the method comprising:
- receiving, at a device, data in a plurality of indexed packets transmitted by a data server, the data of the indexed packets being at least a portion of a larger data stream that is processed as the data is received at the device;
  
  wherein authentication data for the data stream is absent from the plurality of indexed packets;
  
  submitting a request for a server-computed authentication value, to a data authentication server, over a network, wherein if the data stream is interrupted, the request submitted by the device identifies a point in the data stream where the data stream was interrupted, and wherein the data authentication server has access to the data that was transmitted from the data server to the device and computes the server-computed authentication value based on a subset of the data transmitted by the data server up to the point where the data stream is interrupted;
  
  receiving, at the device, from the data authentication server, the server-computed authentication value; and
  
  comparing a device-computed authentication value, based on a subset of the received data corresponding to the subset of the data transmitted by the data server, with the server-computed authentication value in order to determine whether the subset of the data received at the device is authentic.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The method of claim 14, wherein the server-computed authentication value and the device-computed authentication value are each computed by applying a same generating function to the subset of the data transmitted by the data server and to the subset of the received data corresponding to the subset of the data transmitted by the data server, respectively.
  - 16. The method of claim 15, wherein the generating function comprises a hash function.
  - 17. The method of claim 14, further comprising identifying an end index, wherein the request comprises the end index, and wherein the end index defines both the subset of the data, transmitted by the data server, on which the server-computed authentication value is based and the subset of the data, received by the device, on which the device-computed authentication value is based.
  - 18. The method of claim 17, wherein the end index is associated with a last non-truncated packet of data received at the device.
  - 19. The method of claim 14, further comprising submitting a request to the data server to re-transmit data of at least one of the plurality of indexed packets.
  - 20. The method of claim 14, further comprising identifying a start index, wherein the request further comprises the start index, and wherein the start index defines both the subset of the data, transmitted by the data server, on which the server-computed authentication value is based and the subset of the data, received by the device, on which the device-computed authentication value is based.
  - 21. The method of claim 14, wherein the subset of the data, transmitted by the data server, on which the server-computed authentication value is based includes all of the packets in the plurality of indexed packets transmitted by the data server.
  - 22. The method of claim 14, wherein the method further comprises verifying a signature, generated by the data authentication server, of the server-computed authentication value.
  - 23. The method of claim 14, wherein the method further comprises receiving a message authentication code, generated by the data authentication server, for the server-computed authentication value received at the device;
    - and verifying the message authentication code.
  - 24. The method of claim 14, wherein the device comprises a mobile device.
  - 25. The method of claim 14, wherein the data server stores a copy of data transmitted by the data server in a streamed data store accessible to the data authentication server.
  - 26. The method of claim 14, wherein the data server and the data authentication server are the same computing device.

27. A non-transitory computer-readable storage medium upon which a plurality of instructions executable by a processor is stored, the instructions for performing a method of authenticating data, the method comprising:
- receiving, at a device, data in a plurality of indexed packets transmitted by a data server, the data of the indexed packets being at least a portion of a larger data stream that is processed as the data is received at the device;
  
  wherein authentication data for the data stream is absent from the plurality of indexed packets;
  
  submitting a request for a server-computed authentication value, to a data authentication server, over a network, wherein if the data stream is interrupted, the request submitted by the device identifies a point in the data stream where the data stream is interrupted, and wherein the data authentication server has access to the data that was transmitted from the data server to the device and computes the server-computed authentication value based on a subset of the data transmitted by the data server up to the point where the data stream is interrupted;
  
  receiving, at the device, from the data authentication server, the server-computed authentication value; and
  
  comparing a device-computed authentication value based on a subset of the received data corresponding to the subset of the data transmitted by the data server, with the server-computed authentication value in order to determine whether the subset of the data received at the device is authentic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Brown, Michael Kenneth, Tapuska, David Francis, Brown, Michael Stephen
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Nobahar, Abdulhakim

Application Number

US13/299,520
Publication Number

US 20120124371A1
Time in Patent Office

494 Days
Field of Search

713/150, 713/160, 713/161, 713/168, 380/210, 726/26, 726/27, 726/30
US Class Current

713/161
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/123 received data contents, e.g...

System and method for authenticating streamed data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authenticating streamed data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links