Method and system for hypertext transfer protocol digest authentication

US 9,210,145 B2
Filed: 01/11/2013
Issued: 12/08/2015
Est. Priority Date: 10/02/2012
Status: Active Grant

First Claim

Patent Images

1. A method at a computing device comprising:

receiving a message from a token issuing entity, the message including a token secret, e token secret being in encrypted format;

receiving a challenge from a service provider;

creating a response utilizing information from the challenge and the token secret, said creating utilizing a hash function which hashes the token secret as a shared secret between the computing device and the service provider; and

forwarding the response and token secret to the service provider;

wherein the computing device does not have a decryption key for decrypting the token secret.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for hypertext transfer protocol digest authentication through the use of a token issuing entity trusted by both a client and a service provider. The token issuing entity may issue an encrypted token and a token secret to the client. The client may then use the token secret instead of a password for digest authentication, and provided the encrypted token along with the digest authentication response to the service provider. The service provider may decrypt the encrypted token to obtain the token secret, which may then be used for digest authentication with the client.

6 Citations

42 Claims

1. A method at a computing device comprising:
- receiving a message from a token issuing entity, the message including a token secret, e token secret being in encrypted format;
  
  receiving a challenge from a service provider;
  
  creating a response utilizing information from the challenge and the token secret, said creating utilizing a hash function which hashes the token secret as a shared secret between the computing device and the service provider; and
  
  forwarding the response and token secret to the service provider;
  
  wherein the computing device does not have a decryption key for decrypting the token secret.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the hash function is based on a first hash of a username, realm and the token secret, and a second hash of a method and a digest uniform resource indicator, the first and second hashes being hashed together along with a nonce.
  - 3. The method of claim 1, wherein the hash function is based on a first hash of a username, realm and the token secret, and a second hash of a method, a digest uniform resource indicator and a hash of an entity body, the first and second hashes being hashed together along with a nonce, a nonce count, a client nonce, and a quality of protection value.
  - 4. The method of claim 1, wherein the hash function is an MD5hash function.
  - 5. The method of claim 1, wherein the receiving the challenge occurs after an initial communication between the computing device and the service provider.
  - 6. The method of claim 1, wherein the receiving the token secret occurs after the receiving the challenge.
  - 7. The method of claim 1, wherein the computing device is a mobile device.

8. A computing device comprising:
- a processor, anda communications subsystem,wherein the computing device is configured to;
  
  receive a message from a token issuing entity, the message including atoken secret, the token secret in encrypted format;
  
  receive a challenge from a service provider;
  
  create a response utilizing information from the challenge and the token secret with a hash function which hashes the token secret as a shared secret between the computing device and the service provider; and
  
  forward the response and token secret to the service provider;
  
  wherein the computing device does not have a decryption key for decrypting the token secret.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computing device of claim 8, wherein the hash function is based on a first hash of a username, realm and the token secret, and a second hash of a method and a digest uniform resource indicator, the first and second hashes being hashed together along with a nonce.
  - 10. The computing device of claim 8, wherein the hash function is based on a first hash of a username, realm and the token secret, and a second hash of a method, a digest uniform resource indicator and a hash of an entity body, the first and second hashes being hashed together along with a nonce, a nonce count, a client nonce, and a quality of protection value.
  - 11. The computing device of claim 8, wherein the hash function is an MD5 hash function.
  - 12. The computing device of claim 8, further configured to receive the challenge after an initial communication between the computing device and the service provider.
  - 13. The computing device of claim 8, further configured to receive the token secret after the receiving the challenge .
  - 14. The computing device of claim 8, wherein the computing device is a mobile device.

15. A non-transitory computer readable medium having stored thereon instructions for execution by a processor of a computing device, the instructions including code for:
- receiving a message from a token issuing entity, the message including a token secret, the token secret in encrypted format;
  
  receiving a challenge from a service provider;
  
  creating a response utilizing information from the challenge and the token secret, said creating utilizing a hash function which hashes the token secret as a shared secret between the computing device and the service provider; and
  
  forwarding the response and token secret to the service provider;
  
  wherein the computing device does not have a decryption key for decrypting the token secret.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer readable medium of claim 15, wherein the hash function is based on a first hash of a username, realm and the token secret, and a second hash of a method and a digest uniform resource indicator, the first and second hashes being hashed together along with a nonce.
  - 17. The non-transitory computer readable medium of claim 15, wherein the hash function is based on a first hash of a username, realm and the token secret, and a second hash of a method, a digest uniform resource indicator and a hash of an entity body, the first and second hashes being hashed together along with a nonce, a nonce count, a client nonce, and a quality of protection value.
  - 18. The non-transitory comp eadable medium of claim 15, wherein the hash function is an MD5 hash function.
  - 19. The non-transitory computer readable medium of claim 15, wherein the receiving the challenge occurs after an initial communication between the computing device and the service provider.
  - 20. The non-transitory computer readable medium of claim 15, wherein the receiving the token secret occurs after the receiving the challenge.
  - 21. The non-transitory computer readable medium of claim 15, wherein the computing device is a mobile device.

22. A method at a service provider comprising:
- receiving a service request from an unauthorized client;
  
  providing a challenge to the client;
  
  receiving, from the client, a response, the response including digest information and an encrypted token;
  
  decrypting the token to obtain a token secret, the decrypting utilizing a key obtained from a token issuing entity;
  
  creating a server response utilizing information from the challenge and the token secret with a hash function which hashes the token secret as a shared secret between the client and the service provider; and
  
  authenticating the client if the server response matches the digest information.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The method of claim 22, wherein the key is specific for the client.
  - 24. The method of claim 22, wherein the key is associated with an attribute of the client.
  - 25. The method of claim 24, wherein the attribute is a device type.
  - 26. The method of claim 22, wherein the hash function is based on a first hash of a username, realm and the token secret, and a second hash of a method and a digest uniform resource indicator, the first and second hashes being hashed together along with a nonce.
  - 27. The method of claim 26, wherein the hash function is an MD5 hash function.
  - 28. The method of claim 22, wherein the hash function is based on a first hash of a username, realm and the token secret, and a second hash of a method, a digest uniform resource indicator and a hash of an entity body, the first and second hashes being hashed together along with a nonce, a nonce count, a client nonce, and a quality of protection value.

29. A server comprising:
- a processor; and
  
  a communications subsystem,wherein the server is configured to;
  
  receive a service request from an unauthorized client;
  
  provide a challenge to the client;
  
  receive, from the client, a response, the response including digest information and an encrypted token;
  
  decrypt the token to obtain a token secret utilizing a key obtained from a token issuing entity;
  
  create a server response utilizing information from the challenge and token secret with a hash function which hashes the token secret as a shared secret between the client and the service provider; and
  
  authenticate the client if the server response matches the digest information.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. The server of claim 29, wherein the key is specific for the client.
  - 31. The server of claim 29, wherein the key is associated with an attribute of the client.
  - 32. The server of claim 31, wherein the attribute is a device type.
  - 33. The server of claim 29, wherein the hash function is based on a first hash of a username, realm and the token secret, and a second hash of a method and a digest uniform resource indicator, the first and second hashes being hashed together along with a nonce.
  - 34. The server of claim 33, wherein the hash function is an MD5 hash function.
  - 35. The server of claim 29, wherein the hash function is based on a first hash of a username, realm and the token secret, and a second hash of a method, a digest uniform resource indicator and a hash of an entity body, the first and second hashes being hashed together along with a nonce, a nonce count, a client nonce, and a quality of protection value.

36. A non-transitory computer readable medium having stored thereon instructions for execution by a processor of a service provider, the instructions including code for:
- receiving a service request from an unauthorized client;
  
  providing a challenge to the client;
  
  receiving, from the client, a response, the response including digest information and an encrypted token;
  
  decrypting the token to obtain a token secret, the decrypting utilizing a key obtained from a token issuing entity;
  
  creating a server response utilizing information from the challenge and the token secret with a hash function which hashes the token secret as a shared secret between the client and the service provider; and
  
  authenticating the client if the server response matches the digest information.
- View Dependent Claims (37, 38, 39, 40, 41, 42)
- - 37. The non-transitory computer readable medium of claim 36, wherein the key is specific for the client.
  - 38. The non-transitory computer readable medium of claim 36, wherein the key is associated with an attribute of the client.
  - 39. The non-transitory computer readable medium of claim 38, wherein the attribute is a device type.
  - 40. The non-transitory computer readable medium of claim 36, wherein the hash function is based on a first hash of a username, realm and the token secret, and a second hash of a method and a digest uniform resource indicator, the first and second hashes being hashed together along with a nonce.
  - 41. The non-transitory computer readable medium of claim 40, wherein the hash function is an MD5 hash function.
  - 42. The non-transitory computer readable medium of claim 36, wherein the hash function is based on a. first hash of a username, realm and the token secret, and a second hash of a method, a digest uniform resource indicator and a hash of an entity body, the first and second hashes being hashed together along with a nonce, a nonce count, a client nonce, and a quality of protection value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Mulla, Imtiyaz Ahmed, Petronijevic, Dejan, Hearnden, Jane Ellen
Primary Examiner(s)
Dinh, Minh
Assistant Examiner(s)
An, Wayne

Application Number

US13/739,710
Publication Number

US 20140095873A1
Time in Patent Office

1,061 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 67/02   based on web technology, e....

H04L 9/32   including means for verifyi...

Method and system for hypertext transfer protocol digest authentication

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for hypertext transfer protocol digest authentication

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links