Authenticating with an external device by providing a message having message fields arranged in a particular message field order

US 9,747,434 B1
Filed: 09/17/2015
Issued: 08/29/2017
Est. Priority Date: 09/17/2015
Status: Active Grant

First Claim

Patent Images

1. In a user device, a method of performing authentication with an external device, the method comprising:

receiving, by electronic circuitry of the user device, a messaging command;

providing, by the electronic circuitry, a message to the external device in response to the messaging command, the message including message fields which store message operating parameters, the message fields of the message being arranged in a particular message field order to match an expected message field order during a message field order comparison operation performed by the external device to gauge authenticity of the user device;

wherein providing the message includes;

forming a header section of the message, the header section including, as the message fields arranged in the particular message field order, a current sequence of header fields in compliance with a standard protocol;

wherein the method further comprises;

prior to providing the message, provisioning the electronic circuitry with a preconfigured Uniform Resource Locator (URL); and

wherein providing the message further includes receiving, by the electronic circuitry, a destination URL which identifies a destination for the message, the electronic circuitry being constructed and arranged to (i) send the message to the external device when the destination URL matches the preconfigured URL and (ii) block release of the message to the external device when the destination URL does not match the preconfigured URL.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique performs authentication with an external device. The technique involves receiving, by electronic circuitry, a messaging command. The technique further involves providing, by the electronic circuitry, a message to the external device in response to the messaging command. The message includes message fields which store message operating parameters e.g., Hypertext Transfer Protocol (HTTP) header fields containing HTTP operating parameters to form part of an HTTP transaction. The message fields of the message are arranged in a particular order to match an expected order during an order comparison operation performed by the external device to gauge authenticity of the message source. If the particular order matches the expected order, there is lower risk that the message source is fraudulent. However, if the particular order does not match the expected order, there is higher risk that the message source is fraudulent.

27 Citations

View as Search Results

18 Claims

1. In a user device, a method of performing authentication with an external device, the method comprising:
- receiving, by electronic circuitry of the user device, a messaging command;
  
  providing, by the electronic circuitry, a message to the external device in response to the messaging command, the message including message fields which store message operating parameters, the message fields of the message being arranged in a particular message field order to match an expected message field order during a message field order comparison operation performed by the external device to gauge authenticity of the user device;
  
  wherein providing the message includes;
  
  forming a header section of the message, the header section including, as the message fields arranged in the particular message field order, a current sequence of header fields in compliance with a standard protocol;
  
  wherein the method further comprises;
  
  prior to providing the message, provisioning the electronic circuitry with a preconfigured Uniform Resource Locator (URL); and
  
  wherein providing the message further includes receiving, by the electronic circuitry, a destination URL which identifies a destination for the message, the electronic circuitry being constructed and arranged to (i) send the message to the external device when the destination URL matches the preconfigured URL and (ii) block release of the message to the external device when the destination URL does not match the preconfigured URL.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as in claim 1 wherein the message further includes a body section storing a user identifier to uniquely identify a particular user currently using the user device;
    - and wherein forming the header section includes;
      
      performing a sequencing operation to generate the current sequence of header fields from a multitude of possible sequences of header fields based on the user identifier.
  - 3. A method as in claim 1 wherein providing the message further includes:
    - forming a body section of the message, the body section storing an authentication token which is derived by the user device on behalf of the user to corroborate authenticity.
  - 4. A method as in claim 3 wherein the authentication token is a one-time passcode which is derived from a secret that is stored in the user device.
  - 5. A method as in claim 1, further comprising:
    - forming a body section of the message, the body section holding transaction data to be processed by the external device upon successful authentication of the user device to the external device.
  - 6. A method as in claim 1 wherein forming the header section of the message includes:
    - placing Hypertext Transfer Protocol (HTTP) operating parameters in the header fields of the current sequence of header fields, the HTTP operating parameters directing the external device to process the message as at least part of an HTTP transaction.
  - 7. A method as in claim 1 wherein providing the message further includes:
    - replacing, in the header section of the message, an earlier sequence of header fields with the current sequence of header fields.
  - 8. A method as in claim 1, further comprising:
    - receiving, from the external device, a response to the message, the response including response fields which store response operating parameters, the response fields of the response being arranged in a particular response field order, andcomparing the particular response field order to an expected response field order to determine authenticity of the external device.
  - 9. A method as in claim 1, further comprising establishing, by the user device, the current sequence of header fields using a secret shared between the user device and the external device,wherein the user device is authenticated by the external device as a result of a comparison operation performed by the external device which extracts an identification value from a received ordering of the current sequence of header fields and compares the identification value to the secret shared between the user device and the external device.
  - 10. A method as in claim 1 wherein the method further comprises:
    - receiving from the external device, a response to the message, the response having a response body and response headers;
      
      wherein the response to the message includes a header section, the header section of the response including a current sequence of response header fields in compliance with a standard protocol,wherein the current sequence of response header fields is established by the external device using a second secret shared between the user device and the external device;
      
      wherein the user device authenticates the external device as a result of a comparison operation performed by the user device; and
      
      wherein the comparison operation performed by the user device includes;
      
      extracting a response identification value from a received ordering of the current sequence of response header fields; and
      
      comparing the response identification value to the second secret shared between the user device and the external device.

11. An electronic apparatus, comprising:
- a communications interface;
  
  memory; and
  
  processing circuitry coupled to the communications interface and the memory, the memory storing instructions which, when carried out by the processing circuitry, cause the processing circuitry to;
  
  receive a messaging command,provide a message to the external device through the communications interface in response to the messaging command, the message including message fields which store message operating parameters, the message fields of the message being arranged in a particular message field order to match an expected message field order during a message field order comparison operation performed by the external device to gauge authenticity of the user device;
  
  wherein the processing circuitry caused to provide the message is further caused to;
  
  form a header section of the message, the header section including, as the message fields arranged in the particular message field order, a current sequence of header fields in compliance with a standard protocol;
  
  wherein the message further includes a body section storing a user identifier to uniquely identify a particular user currently using the user device; and
  
  wherein the processing circuitry caused to form the header section is further caused to;
  
  perform a sequencing operation to generate the current sequence of header fields from a multitude of possible sequences of header fields based on the user identifier.

12. A computer program product having a non-transitory computer readable medium which stores a set of instructions to perform authentication with an external device, the set of instructions, when carried out by computerized circuitry, causing the computerized circuitry to perform a method of:
- receiving a messaging command;
  
  providing a message to the external device in response to the messaging command, the message including message fields which store message operating parameters, the message fields of the message being arranged in a particular message field order to match an expected message field order during a message field order comparison operation performed by the external device to gauge authenticity of the user device;
  
  wherein providing the message includes;
  
  forming a header section of the message, the header section including, as the message fields arranged in the particular message field order, a current sequence of header fields in compliance with a standard protocol;
  
  wherein the method further comprises;
  
  prior to providing the message, provisioning the electronic circuitry with a preconfigured Uniform Resource Locator (URL); and
  
  wherein providing the message further includes receiving, by the electronic circuitry, a destination URL which identifies a destination for the message, the electronic circuitry being constructed and arranged to (i) send the message to the external device when the destination URL matches the preconfigured URL and (ii) block release of the message to the external device when the destination URL does not match the preconfigured URL.

13. In an authentication server, a method of performing authentication with an external device, the method comprising:
- receiving, by electronic circuitry of the authentication server, a message from an external device, the message including message fields which store message operating parameters, the message fields of the message being arranged in a particular message field order;
  
  performing, by the electronic circuitry, a message field order comparison operation to compare the particular message field order to an expected message field order to gauge authenticity of the external device; and
  
  processing, by the electronic circuitry, the message based on a result of the message field order comparison operation;
  
  wherein the message has a header section which includes, as the message fields arranged in the particular message field order, a current sequence of header fields in compliance with a standard protocol; and
  
  wherein performing the message field order comparison operation includes comparing the current sequence of header fields of the header section of the message to an expected sequence of header fields;
  
  wherein the message further includes a body section storing a user identifier to uniquely identify a particular user currently using the external device; and
  
  wherein the method further comprises;
  
  performing a sequencing operation to generate the expected sequence of header fields from a multitude of possible sequences of header fields based on the user identifier.
- View Dependent Claims (14, 15, 16)
- - 14. A method as in claim 13, further comprising:
    - extracting a current authentication token from a body section of the message, andcomparing the current authentication token to an expected authentication token to corroborate authenticity.
  - 15. A method as in claim 13, wherein the message is a Hypertext Transfer Protocol (HTTP) message;
    - wherein the current sequence of message fields is a series of HTTP header fields; and
      
      wherein processing the message further includes;
      
      reading contents of the series of HTTP header fields to process the message as at least part of an HTTP transaction.
  - 16. A method as in claim 13, further comprising:
    - providing, to the external device, a response to the message, the response including response fields which store response operating parameters, the response fields of the response being arranged in a particular response field order to match an expected response field order during a response field order comparison operation performed by the external device to gauge authenticity of the authentication server.

17. An electronic apparatus, comprising:
- a communications interface;
  
  memory; and
  
  processing circuitry coupled to the communications interface and the memory, the memory storing instructions which, when carried out by the processing circuitry, cause the processing circuitry to;
  
  receive a message from an external device through the communications interface, the message including message fields which store message operating parameters, the message fields of the message being arranged in a particular message field order;
  
  perform a message field order comparison operation to compare the particular message field order to an expected message field order to gauge authenticity of the external device; and
  
  process the message based on a result of the message field order comparison operation;
  
  wherein the message has a header section which includes, as the message fields arranged in the particular message field order, a current sequence of header fields in compliance with a standard protocol; and
  
  wherein the processing circuitry caused to perform the message field order comparison operation is further caused to compare the current sequence of header fields of the header section of the message to an expected sequence of header fields;
  
  wherein the message further includes a body section storing a user identifier to uniquely identify a particular user currently using the external device; and
  
  wherein the processing circuitry is further caused to perform a sequencing operation to generate the expected sequence of header fields from a multitude of possible sequences of header fields based on the user identifier.

18. A computer program product having a non-transitory computer readable medium which stores a set of instructions to perform authentication with an external device, the set of instructions, when carried out by computerized circuitry, causing the computerized circuitry to perform a method of:
- receiving a message from an external device, the message including message fields which store message operating parameters, the message fields of the message being arranged in a particular message field order;
  
  performing a message field order comparison operation to compare the particular message field order to an expected message field order to gauge authenticity of the external device; and
  
  processing the message based on a result of the message field order comparison operation;
  
  wherein the message has a header section which includes, as the message fields arranged in the particular message field order, a current sequence of header fields in compliance with a standard protocol; and
  
  wherein performing the message field order comparison operation includes;
  
  comparing the current sequence of header fields of the header section of the message to an expected sequence of header fields;
  
  wherein the message further includes a body section storing a user identifier to uniquely identify a particular user currently using the external device; and
  
  wherein the method further comprises;
  
  performing a sequencing operation to generate the expected sequence of header fields from a multitude of possible sequences of header fields based on the user identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Avital, Aviv
Primary Examiner(s)
Moorthy, Aravind

Application Number

US14/856,952
Time in Patent Office

712 Days
Field of Search

726 7, 726 4, 713161, 713168, 713182
US Class Current
CPC Class Codes

G06F 21/44   Program or device authentic...

H04L 63/08   for authentication of entit...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04W 12/065   Continuous authentication

H04W 12/068   using credential vaults, e....

Authenticating with an external device by providing a message having message fields arranged in a particular message field order

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating with an external device by providing a message having message fields arranged in a particular message field order

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links