Trusted network transfer of content using off network input code

US 8,473,612 B2
Filed: 01/26/2010
Issued: 06/25/2013
Est. Priority Date: 11/14/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method implemented in a computing system for transmitting content from a first computing device to a second computing device in a network communicatively coupling the first computing device to the second computing device, comprising:

the first computing device generating a trust code;

the first computing device storing the generated trust code;

transporting without use of the network the generated trust code from the first computing device to the second computing device, said transporting comprising displaying, by the first computing device, the generated trust code, and receiving without use of the network, at the second computing device via a user interface, a trust code;

performing an authentication exchange between the first computing device and the second computing device across the network, comprising;

receiving from the network at the first computing device the trust code received at the second computing device via the user interface,at the first computing device comparing the received trust code to the generated trust code, the generated trust code generated by the first computing device prior to receiving the trust code from the network and previously stored on the first computing device and,upon determining the received trust code does not have a pre-defined relationship with the generated trust code, determining at the first computing device the content is not trusted for delivery to the second computing device, andupon determining the received trust code has a pre-defined relationship with the generated trust code, determining at the first computing device the content is trusted for delivery to the second computing device; and

invalidating for future use a public key and a private key associated with the public key when said trust code received at the first computing device does not have the pre-defined relationship with said generated trust code, and said content is the public key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for use in connection with the trusted transmission and reception of content, such as encryption key information, from one computing device in a network to a second computing device are provided. In one embodiment, the invention provides a way to trust or validate the transfer of a public key using a very short code entered out of band of the network that is easy for end-users to remember, or write down.

Citations

20 Claims

1. A method implemented in a computing system for transmitting content from a first computing device to a second computing device in a network communicatively coupling the first computing device to the second computing device, comprising:
- the first computing device generating a trust code;
  
  the first computing device storing the generated trust code;
  
  transporting without use of the network the generated trust code from the first computing device to the second computing device, said transporting comprising displaying, by the first computing device, the generated trust code, and receiving without use of the network, at the second computing device via a user interface, a trust code;
  
  performing an authentication exchange between the first computing device and the second computing device across the network, comprising;
  
  receiving from the network at the first computing device the trust code received at the second computing device via the user interface,at the first computing device comparing the received trust code to the generated trust code, the generated trust code generated by the first computing device prior to receiving the trust code from the network and previously stored on the first computing device and,upon determining the received trust code does not have a pre-defined relationship with the generated trust code, determining at the first computing device the content is not trusted for delivery to the second computing device, andupon determining the received trust code has a pre-defined relationship with the generated trust code, determining at the first computing device the content is trusted for delivery to the second computing device; and
  
  invalidating for future use a public key and a private key associated with the public key when said trust code received at the first computing device does not have the pre-defined relationship with said generated trust code, and said content is the public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A method according to claim 1, further comprising:
    - at the first computing device, upon determining the received trust code does not have a pre-defined relationship with the generated trust code, transmitting an error message to the second computing device via the network; and
      
      at the first computing device, upon determining the received trust code has a pre-defined relationship with the generated trust code, transmitting the content for delivery to the second computing device via the network.
  - 3. A method according to claim 2, further comprising:
    - receiving from the network at the second computing device a hash value generated by the first device with a hashing algorithm based on at least the generated trust code and content to be transmitted from the first computing device to the second computing device;
      
      at the second computing device, storing the hash value;
      
      at the second computing device, receiving content via the network;
      
      at the second computing device, computing a hash value based on the received content and the inputted trust code;
      
      at the second computing device, determining if the computed hash value has a predefined relationship to the stored hash value; and
      
      at the second computing device, trusting the received content upon determining the computed hash value has a predefined relationship to the stored hash value.
  - 4. A method according to claim 1, wherein the content is a credential of the first computing device.
  - 5. A method according to claim 4, wherein the credential is a public key.
  - 6. A method according to claim 1, wherein said receiving at the second computing device via a user interface, a trust code, comprises allowing the inputted trust code to be entered at most once to the second computing device.
  - 7. A method according to claim 1, wherein said comparing the received trust code comprises calculating a security code, the security code comprising the inputted trust code, a fixed code assigned to the computing device performing the comparison, and at least one check digit computed based on the inputted trust code and the fixed code.
  - 8. A method according to claim 1, wherein said transporting comprises:
    - receiving a component into the first computing device;
      
      transmitting the trust code onto the component from the first computing device;
      
      receiving the component into the second computing device; and
      
      retrieving the trust code from the component at the second computing device.
  - 9. A method according to claim 8, wherein the component is a memory component adapted to be inserted into at least one data port of the respective first and second computing devices.
  - 10. A method according to claim 1, wherein when said trust code received at the first computing device does not have the pre-defined relationship with said generated trust code, determining not to deliver content to the second computing device.
  - 11. A method according to claim 1, wherein when said trust code received at the first computing device does not have the pre-defined relationship with said generated trust code, invalidating the trust code for future use unless independently randomly generated in the future.

12. A computer readable storage device comprising computer executable instructions for carrying out the method comprising of:
- a first computing device generating a trust code;
  
  the first computing device storing the generated trust code;
  
  transporting without use of a network the generated trust code from the first computing device to a second computing device, said transporting comprising displaying, by the first computing device, the generated trust code, and receiving without use of the network, at the second computing device via a user interface, a trust code;
  
  performing an authentication exchange between the first computing device and the second computing device across the network, comprising;
  
  receiving from the network at the first computing device the trust code received at the second computing device via the user interface,at the first computing device comparing the received trust code to the generated trust code, the generated trust code generated by the first computing device prior to receiving the trust code from the network and previously stored on the first computing device and,upon determining the received trust code does not have a pre-defined relationship with the generated trust code, determining at the first computing device the content is not trusted for delivery to the second computing device, andupon determining the received trust code has a pre-defined relationship with the generated trust code, determining at the first computing device the content is trusted for delivery to the second computing device; and
  
  invalidating for future use a public key and a private key associated with the public key when said trust code received at the first computing device does not have the pre-defined relationship with said generated trust code, and said content is the public key.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. A computer readable storage device according to claim 12, further comprising:
    - at the first computing device, upon determining the received trust code does not have a pre-defined relationship with the generated trust code, transmitting an error message to the second computing device via the network; and
      
      at the first computing device, upon determining the received trust code has a pre-defined relationship with the generated trust code, transmitting the content for delivery to the second computing device via the network.
  - 14. A computer readable storage device according to claim 12, wherein the content is a credential of the first computing device.
  - 15. A computer readable storage device according to claim 12, wherein said receiving at the second computing device via a user interface, a trust code, comprises allowing the inputted trust code to be entered at most once to the second computing device.
  - 16. A computer readable storage device according to claim 12, wherein said comparing the received trust code comprises calculating a security code, the security code comprising the inputted trust code, a fixed code assigned to the computing device performing the comparison, and at least one check digit computed based on the inputted trust code and the fixed code.
  - 17. A computer readable storage device according to claim 12, wherein when said trust code received at the first computing device does not have the pre-defined relationship with said generated trust code, determining not to deliver content to the second computing device.

18. A system comprising:
- a second computing device;
  
  a first computing device communicatively connected with the second computing device, the first computing device comprising;
  
  a processor; and
  
  a memory coupled to the processor, the memory having stored thereon executable instructions that when executed by the processor cause the processor to effectuate operations comprising;
  
  generating a trust code;
  
  storing the generated trust code;
  
  participating in an authentication exchange with the second computing device across a network, comprising;
  
  receiving from the network a trust code received at the second computing device via a user interface of the second computing device, wherein the trust code was received at the second computing device without the use of the network;
  
  comparing the received trust code to the generated trust code, the generated trust code generated by the first computing device prior to receiving the trust code from the network and previously stored on the first computing device; and
  
  ,upon determining the received trust code does not have a pre-defined relationship with the generated trust code, determining the content is not trusted for delivery to the second computing device, andupon determining the received trust code has a pre-defined relationship with the generated trust code, determining the content is trusted for delivery to the second computing device; and
  
  providing instructions that cause invalidation for future use a public key and a private key associated with the public key when said received trust code does not have the pre-defined relationship with said generated trust code, and said content is the public key.
- View Dependent Claims (19, 20)
- - 19. A system according to claim 18, further comprising executable instructions that when executed by the processor cause the processor to effectuate operations comprising:
    - upon determining the received trust code does not have a pre-defined relationship with the generated trust code, transmitting an error message to the second computing device via the network; and
      
      upon determining the received trust code has a pre-defined relationship with the generated trust code, transmitting the content for delivery to the second computing device via the network.
  - 20. A system according to claim 18, further comprising executable instructions that when executed by the processor cause the processor to effectuate operations comprising:
    - upon determination said received trust code does not have the pre-defined relationship with said generated trust code, providing instructions that cause invalidation for future use the trust code unless independently randomly generated in the future.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Lehew, Christian R., Pyle, Harry S., Fang, Nicholas Jie
Primary Examiner(s)
Moise, Emmanuel L
Assistant Examiner(s)
KIM, EDWARD J

Application Number

US12/693,755
Publication Number

US 20100125896A1
Time in Patent Office

1,246 Days
Field of Search

709/225, 709/229, 709/232, 709/237, 709/210, 709/219, 709/227, 709/228, 709/230
US Class Current

709/225
CPC Class Codes

H04L 63/061 for key exchange, e.g. in p...

Trusted network transfer of content using off network input code

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted network transfer of content using off network input code

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links