Split channel authenticity queries in multi-party dialog

US 9,503,307 B2
Filed: 07/05/2013
Issued: 11/22/2016
Est. Priority Date: 09/01/2004
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a challenged party, the method comprising:

receiving at a communication device a request for an authenticity challenge;

in response to receiving the request, the communication device sending an authenticity challenge query data string to the challenged party using n authentication information parts, each part sent using one of n different communication channels, wherein the authenticity challenge query data string comprises a question that is answerable by the challenged party if the challenged party is authentic, wherein n is an integer greater than or equal to two, and wherein the question cannot be derived from any one of the n authentication information parts;

receiving at the communication device an answer to the question from the challenged party; and

responsive to determining using a processor of the communication device that the answer is correct, authenticating the challenged party and allowing the challenged party to participate in or to continue participating in a multi-party dialog.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authenticity of a proposed future or current participant in a multi-party dialog is checked by splitting an authenticity challenge query into at least two portions wherein none of the portions individually contains sufficient information to fully define the challenge query. These separated portions are then sent to another dialog participant over at least two different communication channels thus enhancing the probability that a successive challenge response is authentic. The authenticity challenge query and splitting thereof into plural portions may include formation of a logical combination (e.g., exclusive-OR) of first and second data strings (one of which may be a challenge question) to produce a resultant third data string where the separated and separately communicated portions include the first and third data strings as separate portions as being sent over respectively different communication channels.

Citations

27 Claims

1. A method of authenticating a challenged party, the method comprising:
- receiving at a communication device a request for an authenticity challenge;
  
  in response to receiving the request, the communication device sending an authenticity challenge query data string to the challenged party using n authentication information parts, each part sent using one of n different communication channels, wherein the authenticity challenge query data string comprises a question that is answerable by the challenged party if the challenged party is authentic, wherein n is an integer greater than or equal to two, and wherein the question cannot be derived from any one of the n authentication information parts;
  
  receiving at the communication device an answer to the question from the challenged party; and
  
  responsive to determining using a processor of the communication device that the answer is correct, authenticating the challenged party and allowing the challenged party to participate in or to continue participating in a multi-party dialog.
- View Dependent Claims (2, 3, 4, 5, 9)
- - 2. The method as claimed in claim 1, further comprising splitting the authenticity challenge query data string into the n authentication information parts.
  - 3. The method as claimed in claim 1, further comprising using orthogonal hashes to generate the n authentication information parts from the authenticity challenge query data string.
  - 4. The method as claimed in claim 1, wherein each of the n authentication information parts comprise successively displaced nth digits.
  - 5. The method as claimed in claim 1, wherein the n different communication channels comprise wireless communication channels.
  - 9. The method as claimed in claim 1, wherein the n different communication channels comprise at least two communication channels selected from the group consisting of an e-mail protocol, a Short Messaging Service, a Multimedia Messaging Service, a Hypertext Transport Protocol, and an Instant Messaging Service.

6. The method as claimed in 1, further comprising forming, using the authenticity challenge query data string and a first data string, at least a second data string, wherein the n authentication information parts comprise the first and second data strings.
- View Dependent Claims (7, 8)
- - 7. The method as claimed in claim 6, wherein the forming the second data string comprises producing a logical combination of the first data string and the authenticity challenge query data string.
  - 8. The method as claimed in claim 7, wherein the producing the logical combination comprises performing an exclusive-OR operation with the first data string and the authenticity challenge query data string as input.

10. A method of authenticating a challenged party, the method comprising:
- receiving, by the challenged party, n authentication information parts, each part received via one of n different communication channels;
  
  using a processor to reconstruct an authenticity challenge query data string from the n authentication information parts, wherein the authenticity challenge query data string comprises a question that is answerable by the challenged party if the challenged party is authentic, wherein n is an integer greater than or equal to two, and wherein the question cannot be derived from any one of the n authentication information parts;
  
  using the processor to formulate the answer to the question of the authenticity challenge query data string;
  
  sending the answer to an entity to authenticate the challenged party; and
  
  participating in or continuing participation in a multi-party dialog if the answer is correct.
- View Dependent Claims (11, 12)
- - 11. The method as claimed in claim 10, wherein the n authentication information parts comprise a first data string and at least a second data string, wherein the at least a second data string is formed using the authenticity challenge query data string and the first data string, and wherein the method further comprises:
    - receiving the first and second data strings; and
      
      reconstructing the authenticity challenge query data string by producing a logical combination of the first data string and the second data string.
  - 12. The method as claimed in claim 11, wherein the producing the logical combination comprises performing an exclusive-OR operation with the first data string and the second data string as input.

13. A system of authenticating a challenged party, the system comprising:
- a first communication device comprising a processor configured to;
  
  receive a request for an authenticity challenge;
  
  in response to receiving the request, send an authenticity challenge query data string to the challenged party using n authentication information parts, each part sent using one of n different communication channels, wherein the authenticity challenge query data string comprises a question that is answerable by the challenged party if the challenged party is authentic, wherein n is an integer greater than or equal to two, and wherein the question cannot be derived from any one of the n authentication information parts;
  
  receive an answer to the question from the challenged party; and
  
  responsive to determining that the answer is correct, authenticate the challenged party and allow the challenged party to participate in or to continue participating in a multi-party dialog.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. The system as claimed in claim 13, wherein the processor is further configured to split the authenticity challenge query data string into the n authentication information parts.
  - 15. The system as claimed in claim 13, wherein the processor is further configured to use orthogonal hashes to generate the n authentication information parts from the authenticity challenge query data string.
  - 16. The system as claimed in claim 13, wherein each of the n authentication information parts comprise successively displaced nth digits.
  - 17. The system as claimed in claim 13, wherein the n different communication channels comprise wireless communication channels.
  - 18. The system as claimed in claim 13, wherein the processor is further configured to form, using the authenticity challenge query data string and a first data string, at least a second data string, wherein the n authentication information parts comprise the first and second data strings.
  - 19. The system as claimed in claim 18, wherein the processor is further configured to form the second data string by producing a logical combination of the first data string and the authenticity challenge query data string.
  - 20. The system as claimed in claim 19, wherein the processor is further configured to the produce the logical combination by performing an exclusive-OR operation with the first data string and the authenticity challenge query data string as input.
  - 21. The system as claimed in claim 13, further comprising a second communication device, the second communication device comprising a processor configured to:
    - receive the n authentication information parts; and
      
      reconstruct the authenticity challenge query data string from the n authentication information parts.
  - 22. The system as claimed in claim 21, wherein the processor of the second communication device is further configured to formulate the answer to the question of the authenticity challenge query data string;
    - and send the answer to an entity to authenticate the challenged party.
  - 23. The system as claimed in claim 18, further comprising a second communication device, the second communication device comprising a processor configured to:
    - receive the first and second data strings; and
      
      reconstruct the authenticity challenge query data string by producing a logical combination of the first data string and the second data string.
  - 24. The system as claimed in claim 23, wherein the processor of the second communication device is further configured to produce the logical combination by performing an exclusive-OR operation with the first data string and the second data string as input.
  - 25. The system as claimed in claim 13, wherein the n different communication channels comprise at least two communication channels selected from the group consisting of an e-mail protocol, a Short Messaging Service, a Multimedia Messaging Service, a Hypertext Transport Protocol, and an Instant Messaging Service.

26. A non-transitory computer-readable storage medium comprising instructions, which, when executed by a processor, cause the processor to:
- receive a request for an authenticity challenge;
  
  in response to receiving the request, send an authenticity challenge query data string to a challenged party using n authentication information parts, each part sent using one of n different communication channels, wherein the authenticity challenge query data string comprises a question that is answerable by the challenged party if the challenged party is authentic, wherein n is an integer greater than or equal to two, and wherein the question cannot be derived from any one of the n authentication information parts;
  
  receive an answer to the question from the challenged party; and
  
  responsive to determining that the answer is correct, authenticate the challenged party.

27. A non-transitory computer-readable storage medium comprising instructions, which, when executed by a processor, cause the processor to:
- receive, by a challenged party, n authentication information parts, each part received via one of n different communication channels;
  
  reconstruct an authenticity challenge query data string from the n authentication information parts, wherein the authenticity challenge query data string comprises a question that is answerable by the challenged party if the challenged party is authentic, wherein n is an integer greater than or equal to two, and wherein the question cannot be derived from any one of the n authentication information parts;
  
  formulate the answer to the question of the authenticity challenge query data string;
  
  send the answer to an entity to authenticate the challenged party; and
  
  participate in or continue participation in a multi-party dialog if the answer is correct.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Yach, David P., Little, Herbert Anthony, Klassen, Gerhard Dietrich
Primary Examiner(s)
Nigh, James D

Application Number

US13/935,775
Publication Number

US 20130297794A1
Time in Patent Office

1,236 Days
Field of Search

705/50
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/42   using separate channels for...

G06F 21/43   wireless channels

G06Q 20/1235   with control of digital rig...

G06Q 20/3821   Electronic credentials

G06Q 20/386   using messaging services or...

H04L 2209/80   Wireless

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

H04L 63/18   using different networks or...

H04L 65/40   Support for services or app...

H04L 9/3215   using a plurality of channe...

H04L 9/3271   using challenge-response

Split channel authenticity queries in multi-party dialog

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Split channel authenticity queries in multi-party dialog

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links