Challenge response-based device authentication system and method

US 8,515,068 B2
Filed: 10/26/2011
Issued: 08/20/2013
Est. Priority Date: 05/04/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

defining, at a first electronic device, a first key comprising a hash generated using both a first value and a hash of a second value, the second value being input at the first electronic device;

encrypting the second value using said first key; and

transmitting the second value thus encrypted to a second electronic device for decryption by the second electronic device using a second key, the second key comprising a hash generated using both a copy of the first value stored at the second electronic device and a hash of a third value stored at the second electronic device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A challenge response scheme authenticates a requesting device by an authenticating device. The authenticating device generates and issues a challenge to the requesting device. The requesting device combines the challenge with a hash of a password provided by a user, and the combination is further hashed in order to generate a requesting encryption key used to encrypt the user supplied password. The encrypted user supplied password is sent to the authenticating device as a response to the issued challenge. The authenticating device generates an authenticating encryption key by generating the hash of a combination of the challenge and a stored hash of an authenticating device password. The authenticating encryption key is used to decrypt the response in order to retrieve the user-supplied password. If the user-supplied password hash matches the stored authenticating device password hash, the requesting device is authenticated and the authenticating device is in possession of the password.

20 Citations

View as Search Results

20 Claims

1. A method comprising:
- defining, at a first electronic device, a first key comprising a hash generated using both a first value and a hash of a second value, the second value being input at the first electronic device;
  
  encrypting the second value using said first key; and
  
  transmitting the second value thus encrypted to a second electronic device for decryption by the second electronic device using a second key, the second key comprising a hash generated using both a copy of the first value stored at the second electronic device and a hash of a third value stored at the second electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the first value is received by the first electronic device from the second electronic device prior to said defining.
  - 3. The method of claim 1, wherein encrypting the second value using said first key comprises applying the first key to the second value in a block cipher algorithm.
  - 4. The method of claim 1, wherein encrypting the second value using said first key comprises XORing the second value and first key.
  - 5. The method of claim 1, wherein the second electronic device is a mobile device.
  - 6. The method of claim 1, wherein the first electronic device is a personal computing device.
  - 7. The method of claim 1, further comprising the second electronic device:
    - receiving the second value thus encrypted from the first electronic device;
      
      decrypting the second value thus encrypted using the second key to obtain a decrypted value; and
      
      authenticating the first electronic device when a hash of the decrypted value matches the hash of the third value.
  - 8. The method of claim 7, further comprising the second electronic device using the decrypted value to decrypt data stored at the second electronic device.
  - 9. The method of claim 7, further comprising the second electronic device granting the first electronic device access to data stored at the second electronic device when the first electronic device is authenticated.
  - 10. The method of claim 7, further comprising the second electronic device granting the first electronic device access to synchronize data stored at the second electronic device with the first electronic device.
  - 11. The method of claim 1, further comprising the second electronic device:
    - receiving the second value thus encrypted from the first electronic device;
      
      decrypting the second value thus encrypted using the second key to obtain a decrypted value; and
      
      using the decrypted value to decrypt data stored at the second electronic device.

12. An electronic device, comprising:
- a key generator processor configured to generate a first key comprising a hash generated using both a first value and a hash of an input second value;
  
  an input interface for receiving the second value;
  
  an encryptor configured to encrypt the second value using said first key; and
  
  a communication module configured to transmit the second value thus encrypted to another electronic device for decryption by the other electronic device using a second key, the second key comprising a hash generated using both a copy of the first value stored at the other electronic device and a hash of a third value stored at the other electronic device.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The electronic device of claim 12, wherein the communication module is further configured to receive the first value from the other electronic device prior to the key generator generating the first key.
  - 14. The electronic device of claim 12, wherein the encryptor is configured to encrypt the second value using said first key by applying the first key to the second value in a block cipher algorithm.
  - 15. The electronic device of claim 12, wherein the encryptor is configured to encrypt the second value using said first key by XORing the second value and first key.
  - 16. The electronic device of claim 12, wherein the electronic device is a personal computing device.
  - 17. The electronic device of claim 12, further comprising a synchronization module configured to synchronize a data store with the other electronic device upon the other electronic device authenticating the electronic device by verifying a hash of the second value obtained by the other electronic device, said second value being obtained by the other electronic device decrypting the encrypted second value transmitted by the electronic device to the other electronic device using the second key.

18. A system, comprising:
- a requesting system, comprising;
  
  a communication interface; and
  
  a microprocessor in communication with the communication interface, the microprocessor being configured to;
  
  define a first key comprising a hash generated using both a first value and a hash of a second value, the second value being received via an input interface of the electronic device;
  
  encrypt the second value using said first key; and
  
  initiate transmission of the second value thus encrypted via its communication interface to an authenticating system for decryption by the authenticating system using a second key, the second key comprising a hash generated using both a copy of the first value stored at the authenticating system and a hash of a third value stored at the authenticating system; and
  
  the authenticating system, comprising;
  
  a communication interface adapted to receive the second value thus encrypted from the requesting system; and
  
  a processor in communication with the communication interface, the processor being configured to;
  
  decrypt the second value thus encrypted using the second key to obtain a decrypted value.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the processor of the authenticating system is further configured to authenticate the requesting system when a hash of the decrypted value matches the hash of the third value.
  - 20. The system of claim 18, wherein the authenticating system is configured to grant the requesting system access to data stored at the authenticating system when the requesting system is authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael Kenneth, Brown, Michael Stephen, Little, Herbert Anthony, Kirkup, Michael Grant
Primary Examiner(s)
LEWIS, LISA C

Application Number

US13/281,789
Publication Number

US 20120045057A1
Time in Patent Office

664 Days
Field of Search

380/255, 380/259, 726 2- 6, 726/21, 726 26- 28, 713/150, 713/168, 713/182, 713/183, 709/223, 709/225, 455/410, 455/411
US Class Current

380/255
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3271   using challenge-response

Challenge response-based device authentication system and method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Challenge response-based device authentication system and method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others