Systems and methods for verifying the authenticity of a remote device

US 9,043,597 B2
Filed: 04/20/2012
Issued: 05/26/2015
Est. Priority Date: 06/09/2007
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a client device with a system having a first server and a second server, the method comprising:

at the client device;

performing a verification procedure, comprising;

generating a first sequence of bytes;

sending the first sequence of bytes to the first server;

receiving a second sequence of bytes from the first server;

sending the first sequence of bytes and the second sequence of bytes to the second server different than the first server, wherein the second server verifies the client device based on the first sequence of bytes and the second sequence of bytes; and

receiving a token from the second server, wherein the token is used to authenticate the client device when the client device requests media data from the system.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments of the invention are directed to, among other things, systems, computer readable media, methods and any other means for verifying the authenticity of a client device. In some embodiments, a token is issued by one or more remote media servers that allows the client device to download video, media or other data from one or more remote media servers.

14 Citations

25 Claims

1. A method for authenticating a client device with a system having a first server and a second server, the method comprising:
- at the client device;
  
  performing a verification procedure, comprising;
  
  generating a first sequence of bytes;
  
  sending the first sequence of bytes to the first server;
  
  receiving a second sequence of bytes from the first server;
  
  sending the first sequence of bytes and the second sequence of bytes to the second server different than the first server, wherein the second server verifies the client device based on the first sequence of bytes and the second sequence of bytes; and
  
  receiving a token from the second server, wherein the token is used to authenticate the client device when the client device requests media data from the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as recited in claim 1, further comprising:
    - subsequent to performing the verification procedure;
      
      receiving a request to access the media data;
      
      in response to receiving the request to access the media data, issuing a request to the system to access the media data, wherein the request to the system includes the token; and
      
      receiving the media data from the system.
  - 3. The method as recited in claim 2, wherein, when the token is provided with the request to the system, it is not necessary to re-perform a portion of the verification procedure with the system.
  - 4. The method as recited in claim 3, wherein performing the verification procedure further comprises:
    - generating a value based on a function that is performed on the first sequence of bytes; and
      
      sending the value to the second server, wherein the sent value is verified by the second server.
  - 5. The method as recited in claim 1, wherein performing the verification procedure further comprises:
    - receiving a keyed-hash message authentication code from the first server; and
      
      sending the keyed-hash message authentication code to the second server, wherein the sent keyed-hash message authentication code is verified by the second server.
  - 6. The method as recited in claim 1, wherein performing the verification procedure further comprises:
    - generating a digital signature based on an identifier associated with the client device; and
      
      sending the digital signature to the second server, wherein the sent digital signature is verified by the second server.
  - 7. The method as recited in claim 1, wherein performing the verification procedure further comprises:
    - generating a value, wherein the value is based on a function that is performed on a concatenation of both the first sequence of bytes and the second sequence of bytes; and
      
      sending the value to the second server, wherein the sent value is verified by the second server.
  - 8. The method of claim 3, wherein the first sequence of bytes is randomly generated at the client device.
  - 9. The method of claim 1, wherein the token is valid for a finite period of time.
  - 10. The method of claim 9, wherein the verification procedure is performed in response to determining, prior to performing the verification procedure, that the client device is not in possession of a valid token.

11. A method for authenticating a client device with a system having a first server and a second server, the method comprising:
- performing a verification procedure comprising;
  
  at the first server;
  
  receiving a first sequence of bytes from the client device, the first sequence of bytes generated at the client device,generating a second sequence of bytes based on the first sequence of bytes, andsending the second sequence of bytes to the client device; and
  
  at the second server;
  
  receiving the first sequence of bytes and the second sequence of bytes from the client device,verifying the client device based on the first sequence of bytes and the second sequence of bytes, andsending a token to the client device, wherein the token is used to authenticate the client device when the client device requests media data from the system.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method as recited in claim 11, further comprising:
    - at the second server;
      
      receiving a request for media data from the client device;
      
      determining whether the client device is in possession of a valid token; and
      
      providing the media data to the client device in response to determining the client device is in possession of the valid token.
  - 13. The method as recited in claim 11, wherein performing the verification procedure is in response to determining, prior to performing the verification procedure that, the client device is not in possession of a valid token.
  - 14. The method as recited in claim 11, wherein performing the verification procedure further comprises:
    - at the first server;
      
      sending a keyed-hash message authentication code to the client device; and
      
      at the second server;
      
      receiving the keyed-hash message authentication code from the client device, andverifying the client device is further based on the received keyed-hash message authentication code.
  - 15. The method as recited in claim 11, wherein performing the verification procedure further comprises:
    - at the second server;
      
      receiving a value based on both the first sequence of bytes and the second sequence of bytes from the client device and verifying the client device is further based on the received value.

16. A non-transitory computer readable medium configured to store instructions that, when executed by a processor of a client device, cause the client device to perform the steps of:
- generating a first sequence of bytes;
  
  sending the first sequence of bytes to a first server;
  
  receiving a second sequence of bytes from the first server;
  
  sending the first sequence of bytes and the second sequence of bytes to a second server, wherein second server verifies the client device based on the first sequence of bytes and the second sequence of bytes; and
  
  when the client device is verified by the second server;
  
  receiving a token from the second server;
  
  requesting media data from a system;
  
  providing the token to the system; and
  
  receiving the media data from the system.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The non-transitory computer readable medium of claim 16, wherein the steps include:
    - receiving a keyed-hash message authentication code from the first server.
  - 18. The non-transitory computer readable medium of claim 16, wherein the steps include:
    - generating a value, wherein the value is based on a function that is performed on a concatenation of both the first sequence of bytes and the second sequence of bytes.
  - 19. The non-transitory computer readable medium of claim 16, wherein the steps include:
    - generating a digital signature based on an identifier associated with the client device,and sending the digital signature to the second server.
  - 20. The non-transitory computer readable medium of claim 16, wherein the steps include:
    - generating verification data based on a result of a function performed on both the first sequence of bytes and the second sequence of bytes.
  - 21. The non-transitory computer readable medium of claim 16, wherein the steps include:
    - generating verification data using a cryptographic function performed on both the first sequence of bytes and the second sequence of bytes.

22. A system for authenticating a client device using a verification procedure, the system comprising:
- a first server configured to perform the steps of;
  
  receiving a first sequence of bytes from the client device, the first sequence of bytes generated at the client device,generating a second sequence of bytes based on the first sequence of bytes, andsending the second sequence of bytes to the client device; and
  
  a second server configured to perform the steps of;
  
  receiving the second sequence of bytes from the client device,verifying the client device based on the first sequence of bytes and the second sequence of bytes, andsending a token to the client device, wherein the token is used to authenticate the client device when the client device requests media data from the system.
- View Dependent Claims (23, 24, 25)
- - 23. The system as recited in claim 22, further comprising:
    - at the second server;
      
      receiving a request for media data from the client device;
      
      determining whether the client device is in possession of a valid token; and
      
      providing the media data to the client device in response to determining the client device is in possession of the valid token.
  - 24. The system as recited in claim 22, further comprising:
    - at the first server;
      
      sending a keyed-hash message authentication code to the client device; and
      
      at the second server;
      
      receiving the keyed-hash message authentication code from the client device, and verifying the client device is further based on the received keyed-hash message authentication code.
  - 25. The system as recited in claim 22, further comprising:
    - at the second server;
      
      receiving a value based on both the first sequence of bytes and the second sequence of bytes from the client device and verifying the client device is further based on the received value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Omernick, Timothy P., Brouwer, Michael
Primary Examiner(s)
Hailu, Teshome

Application Number

US13/452,367
Publication Number

US 20120210445A1
Time in Patent Office

1,131 Days
Field of Search

713/168
US Class Current

713/168
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/3242   involving keyed hash functi...

H04W 12/108   Source integrity

Systems and methods for verifying the authenticity of a remote device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for verifying the authenticity of a remote device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links