Challenge-response authentication using a masked response value
First Claim
1. A method for a second device to be authenticated by a first device, the method performed by the second device and comprising:
- the second device receiving from the first device a challenge value and a hiding value;
the second device computing a masked response value using the challenge value, the hiding value, and secret information known to the second device;
the second device sending to the first device the masked response value for comparison to an expected masked response value, wherein the secret information is not known to the first device, the expected masked response value is computed by the first device using the hiding value and an expected response value known by the first device and corresponding to the challenge value, the challenge value and the expected response value are loaded into memory of the first device at the time of manufacture of the first device; and
repeating the receiving, computing, and sending, when authentication of the second device is performed again, using a different hiding value received from the first device and the same challenge value received from the first device.
7 Assignments
0 Petitions
Accused Products
Abstract
Challenge-response authentication protocols are disclosed herein, including systems and methods for a first device to authenticate a second device. In one embodiment, the following operations are performed by the first device: (a) sending to the second device: (i) a challenge value corresponding to an expected response value known by the first device, and (ii) a hiding value; (b) receiving from the second device a masked response value; (c) obtaining an expected masked response value from the expected response value and the hiding value; and (d) determining whether the expected masked response value matches the masked response value received from the second device. The operations from the perspective of the second device are also disclosed, which in some embodiments include computing the masked response value using the challenge value, the hiding value, and secret information known to the second device.
97 Citations
14 Claims
-
1. A method for a second device to be authenticated by a first device, the method performed by the second device and comprising:
-
the second device receiving from the first device a challenge value and a hiding value; the second device computing a masked response value using the challenge value, the hiding value, and secret information known to the second device; the second device sending to the first device the masked response value for comparison to an expected masked response value, wherein the secret information is not known to the first device, the expected masked response value is computed by the first device using the hiding value and an expected response value known by the first device and corresponding to the challenge value, the challenge value and the expected response value are loaded into memory of the first device at the time of manufacture of the first device; and repeating the receiving, computing, and sending, when authentication of the second device is performed again, using a different hiding value received from the first device and the same challenge value received from the first device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A device comprising:
-
a memory configured to store secret information; an interface configured to receive from another device a challenge value and a hiding value, and to send to the another device a masked response value for comparison to an expected masked response value, wherein the secret information is not known to the another device, the expected masked response value is computed by the another device using the hiding value and an expected response value known by the another device and corresponding to the challenge value, the challenge value and the expected response value are loaded into memory of the another device at the time of manufacture of the another device; and a processor configured to compute the masked response value using the challenge value, the hiding value, and the secret information; wherein the interface is further configured to receive from the another device different hiding values, such that a subsequent different hiding value and the same challenge value is received from the another device when authentication of the device is performed again, and said processor is configured to compute a subsequent masked response value using the subsequent different hiding value, the same challenge value, and the secret information. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A processor readable medium having stored thereon processor readable instructions for a second device to be authenticated by a first device;
- the processor readable instructions, when executed, cause the second device to perform operations comprising;
receiving from the first device a challenge value and a hiding value; computing a masked response value using the challenge value, the hiding value, and secret information known to the second device; sending to the first device the masked response value for comparison to an expected masked response value, wherein the secret information is not known to the first device, the expected masked response value is computed by the first device using the hiding value and an expected response value known by the first device and corresponding to the challenge value, and the challenge value and the expected response value are loaded into memory of the first device at the time of manufacture of the first device; and repeating the receiving, computing, and sending, when authentication of the second device is performed again, using a different hiding value received from the first device and the same challenge value received from the first device. - View Dependent Claims (14)
- the processor readable instructions, when executed, cause the second device to perform operations comprising;
Specification