Challenge response-based device authentication system and method
First Claim
1. A method comprising:
- defining, at a first electronic device, a first key comprising a hash generated using both a first value and a hash of a second value, the second value being input at the first electronic device;
encrypting the second value using said first key; and
transmitting the second value thus encrypted to a second electronic device for decryption by the second electronic device using a second key, the second key comprising a hash generated using both a copy of the first value stored at the second electronic device and a hash of a third value stored at the second electronic device.
4 Assignments
0 Petitions
Accused Products
Abstract
A challenge response scheme authenticates a requesting device by an authenticating device. The authenticating device generates and issues a challenge to the requesting device. The requesting device combines the challenge with a hash of a password provided by a user, and the combination is further hashed in order to generate a requesting encryption key used to encrypt the user supplied password. The encrypted user supplied password is sent to the authenticating device as a response to the issued challenge. The authenticating device generates an authenticating encryption key by generating the hash of a combination of the challenge and a stored hash of an authenticating device password. The authenticating encryption key is used to decrypt the response in order to retrieve the user-supplied password. If the user-supplied password hash matches the stored authenticating device password hash, the requesting device is authenticated and the authenticating device is in possession of the password.
20 Citations
20 Claims
-
1. A method comprising:
-
defining, at a first electronic device, a first key comprising a hash generated using both a first value and a hash of a second value, the second value being input at the first electronic device; encrypting the second value using said first key; and transmitting the second value thus encrypted to a second electronic device for decryption by the second electronic device using a second key, the second key comprising a hash generated using both a copy of the first value stored at the second electronic device and a hash of a third value stored at the second electronic device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An electronic device, comprising:
-
a key generator processor configured to generate a first key comprising a hash generated using both a first value and a hash of an input second value; an input interface for receiving the second value; an encryptor configured to encrypt the second value using said first key; and a communication module configured to transmit the second value thus encrypted to another electronic device for decryption by the other electronic device using a second key, the second key comprising a hash generated using both a copy of the first value stored at the other electronic device and a hash of a third value stored at the other electronic device. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
a requesting system, comprising; a communication interface; and a microprocessor in communication with the communication interface, the microprocessor being configured to; define a first key comprising a hash generated using both a first value and a hash of a second value, the second value being received via an input interface of the electronic device; encrypt the second value using said first key; and initiate transmission of the second value thus encrypted via its communication interface to an authenticating system for decryption by the authenticating system using a second key, the second key comprising a hash generated using both a copy of the first value stored at the authenticating system and a hash of a third value stored at the authenticating system; and the authenticating system, comprising; a communication interface adapted to receive the second value thus encrypted from the requesting system; and a processor in communication with the communication interface, the processor being configured to; decrypt the second value thus encrypted using the second key to obtain a decrypted value. - View Dependent Claims (19, 20)
-
Specification