Communicating an identity to a server

US 9,232,024 B2
Filed: 12/10/2012
Issued: 01/05/2016
Est. Priority Date: 02/29/2012
Status: Active Grant

First Claim

Patent Images

1. A method to be performed by a client device, the method comprising:

receiving, via a hardware-implemented communication interface of the client device, a unique subset of M client-identifying keys from a provisioning server;

upon determining a need to communicate an identity of the client device to a server, calculating for each of the M client-identifying keys a hash of a combination comprising the client-identifying key and a current instance of a modulating value; and

communicating the identity of the client device to the server by communicating to the server, via the communication interface, a message comprising a hash-dependent value for each hash, where each hash-dependent value comprises one of the respective hash, a portion of the respective hash, or a value dependent on the respective hash,wherein the need is determined in response to the client device requesting access to one or more services from the server, the server requiring identification of the client device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identity is communicated by a client device to a server without requiring the identity to be disclosed to eavesdroppers and without requiring the use of symmetric or asymmetric cryptography. In one example, the identity is an identity of the client device, where the identity has been assigned to the client device by the server through the provisioning of a unique subset of client-identifying keys. In another example, the identity is an identity of a group shared secret that has been provisioned by the server to the client device.

21 Citations

View as Search Results

20 Claims

1. A method to be performed by a client device, the method comprising:
- receiving, via a hardware-implemented communication interface of the client device, a unique subset of M client-identifying keys from a provisioning server;
  
  upon determining a need to communicate an identity of the client device to a server, calculating for each of the M client-identifying keys a hash of a combination comprising the client-identifying key and a current instance of a modulating value; and
  
  communicating the identity of the client device to the server by communicating to the server, via the communication interface, a message comprising a hash-dependent value for each hash, where each hash-dependent value comprises one of the respective hash, a portion of the respective hash, or a value dependent on the respective hash,wherein the need is determined in response to the client device requesting access to one or more services from the server, the server requiring identification of the client device.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10)
- - 4. The method as claimed in claim 1, wherein receiving the unique subset of M client-identifying keys from the provisioning server comprises embedding the unique subset of M client-identifying keys in the client device at a time of manufacture of the client device.
  - 5. The method as claimed in claim 1, wherein receiving the unique subset of M client-identifying keys from the provisioning server comprises receiving the unique subset of M client-identifying keys after a time of manufacture of the client device.
  - 6. The method as claimed in claim 1, wherein the comprises a web server which requires identification of the client device as a prerequisite to authentication of the client device.
  - 7. The method as claimed in claim 1, further comprising:
    - receiving the current instance of the modulating value via a broadcast from the provisioning server or from the server.
  - 8. The method as claimed in claim 1, further comprising:
    - receiving an indication of a hash algorithm to calculate the hash via a broadcast from the provisioning server or from the server.
  - 9. The method as claimed in claim 1, further comprising:
    - receiving an indication of the nature of the combination via a broadcast from the provisioning server or from the server.
  - 10. The method as claimed in claim 1, wherein the message further comprises an indication of the number M of client-identifying keys to which the message pertains.

2. A client device operative:
- to receive, via a hardware-implemented communication interface of the client device, a unique subset of M client-identifying keys from a provisioning server;
  
  upon determining a need to communicate an identity of the client device to a server, to calculate for each of the M client-identifying keys a hash of a combination comprising the client-identifying key and a current instance of a modulating value; and
  
  to communicate the identity of the client device to the server by communicating to the server, via the communication interface, a message comprising a hash-dependent value for each hash, where each hash-dependent value comprises one of the respective hash, a portion of the respective hash, or a value dependent on the respective hash,wherein the need is determined in response to the client device requesting access to one or more services from the server the server requiring identification of the client device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The client device as claimed in claim 2, wherein the client device is operative to receive the unique subset of M client-identifying keys from the provisioning server by embedding the unique subset of M client-identifying keys in the client device at a time of manufacture of the client device.
  - 12. The client device as claimed in claim 2, wherein the client device is operative to receive the unique subset of M client-identifying keys from the provisioning server after a time of manufacture of the client device.
  - 13. The client device as claimed in claim 2, wherein the server comprises a web server which requires identification of the client device as a prerequisite to authentication of the client device.
  - 14. The client device as claimed in claim 2, wherein the client device is operative to receive the current instance of the modulating value via a broadcast from the provisioning server or from the server.
  - 15. The client device as claimed in claim 2, wherein the client device is operative to receive an indication of a hash algorithm to calculate the hash via a broadcast from the provisioning server or from the server.
  - 16. The client device as claimed in claim 2, wherein the client device is operative to receive an indication of the nature of the combination via a broadcast from the provisioning server or from the server.
  - 17. The client device as claimed in claim 2, wherein the message further comprises an indication of the number M of client-identifying keys to which the message pertains.

3. A non-transitory computer-readable medium storing code which, when executed by a processor of a client device, causes the client device to:
- upon determining a need to communicate an identity of the client device to a server, calculate for each of a unique subset of M client-identifying keys received from a provisioning server via a communication interface of the client device a hash of a combination comprising the client-identifying key and a current instance of a modulating value; and
  
  communicate the identity of the client device to the server by communicating to the server, via the communication interface, a message comprising a hash-dependent value for each hash, where each hash-dependent value comprises one of the respective hash, a portion of the respective hash, or a value dependent on the respective, hash,wherein the need is determined in response to the client device requesting access to one or more services from the server, the server requiring identification of the client device.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable medium as claimed in claim 3, the unique subset of M client-identifying keys having been embedded in the client device at a time of manufacture of the client device.
  - 19. The non-transitory computer-readable medium as claimed in claim 3, the unique subset of M client-identifying keys having been received after a time of manufacture of the client device.
  - 20. The non-transitory computer-readable medium as claimed in claim 3, wherein the message further comprises an indication of the number M of client-identifying keys to which the message pertains.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Suffling, David Robert
Primary Examiner(s)
BUI, JONATHAN A

Application Number

US13/709,363
Publication Number

US 20130227139A1
Time in Patent Office

1,121 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/0407   wherein the identity of one...

H04L 67/01   Protocols

H04L 9/085   Secret sharing or secret sp...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

H04W 12/02   Protecting privacy or anony...

H04W 12/12   Detection or prevention of ...

Communicating an identity to a server

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Communicating an identity to a server

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links