Generating cryptographic challenges to communication requests

US 9,992,018 B1
Filed: 03/24/2016
Issued: 06/05/2018
Est. Priority Date: 03/24/2016
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a memory configured to store computer-executable instructions;

a communication component circuitry for communicating over a communication network with a client computing device; and

at least one processor, wherein the computer-executable instructions, when executed, configure the at least one processor to;

receive a request from the client computing device through the communication network;

assign a confidence level to the client computing device based at least in part on identification information associated with at least one of the client computing device or a user account associated with the request;

determine a target amount of computations for the client computing device to compute a response based at least in part on the confidence level assigned to the client computing device, and wherein the system selects parameters used to generate a cryptographic challenge based at least in part on the target amount of computations for the client computing device;

generate an ordered plurality of secret keys;

generate an ordered plurality of messages;

generate a first ordered plurality of message authentication codes, wherein each message authentication code is generated from a corresponding key of the ordered plurality of secret keys and a corresponding message of the ordered plurality of messages, wherein each message after a first message of the ordered plurality of messages is generated based at least in part on a secret key of the ordered plurality of secret keys used to generate a previous message authentication code of the ordered plurality of message authentication codes;

generate the cryptographic challenge, wherein the cryptographic challenge comprises the first message and the ordered plurality of message authentication codes;

transmit the cryptographic challenge to the client computing device through the communication network;

receive a challenge response to the cryptographic challenge from the client computing device through the communication network;

determine whether the challenge response includes at least a determined secret key of the ordered plurality of secret keys used to generate a determined message authentication code of the ordered plurality of message authentication codes; and

transmit a request response to the request to the client computing device through the communication network based, at least in part, on a result of the determination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a system or method useful in forcing a computing system to perform a target amount of computations is disclosed. The actual amount of computations may vary from the target amount to within a selected maximum variation. Embodiments of the system or method involve generating a cryptographic challenge to which the computing system needs to compute a response to validate a request from the computing system.

38 Citations

View as Search Results

15 Claims

1. A system comprising:
- a memory configured to store computer-executable instructions;
  
  a communication component circuitry for communicating over a communication network with a client computing device; and
  
  at least one processor, wherein the computer-executable instructions, when executed, configure the at least one processor to;
  
  receive a request from the client computing device through the communication network;
  
  assign a confidence level to the client computing device based at least in part on identification information associated with at least one of the client computing device or a user account associated with the request;
  
  determine a target amount of computations for the client computing device to compute a response based at least in part on the confidence level assigned to the client computing device, and wherein the system selects parameters used to generate a cryptographic challenge based at least in part on the target amount of computations for the client computing device;
  
  generate an ordered plurality of secret keys;
  
  generate an ordered plurality of messages;
  
  generate a first ordered plurality of message authentication codes, wherein each message authentication code is generated from a corresponding key of the ordered plurality of secret keys and a corresponding message of the ordered plurality of messages, wherein each message after a first message of the ordered plurality of messages is generated based at least in part on a secret key of the ordered plurality of secret keys used to generate a previous message authentication code of the ordered plurality of message authentication codes;
  
  generate the cryptographic challenge, wherein the cryptographic challenge comprises the first message and the ordered plurality of message authentication codes;
  
  transmit the cryptographic challenge to the client computing device through the communication network;
  
  receive a challenge response to the cryptographic challenge from the client computing device through the communication network;
  
  determine whether the challenge response includes at least a determined secret key of the ordered plurality of secret keys used to generate a determined message authentication code of the ordered plurality of message authentication codes; and
  
  transmit a request response to the request to the client computing device through the communication network based, at least in part, on a result of the determination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein each of the message authentication codes is a hash-based message authentication code (HMAC).
  - 3. The system of claim 1, wherein a message after the first message from which a message authentication code in the first ordered plurality of message authentication codes after the first message authentication code is further generated based at least in part on a message used to generate a previous message authentication code in the first ordered plurality of message authentication codes.
  - 4. The system of claim 1, wherein the system generates random or pseudorandom secret keys.
  - 5. The system of claim 1, wherein a number of message authentication codes in the first ordered plurality of message authentication codes is a variable number within a determined range.
  - 6. The system of claim 5, wherein the cryptographic challenge sent from the system has a length independent of the configurable number of message authentication codes in the first ordered plurality of message authentication codes.
  - 7. The system of claim 6, wherein the cryptographic challenge comprises a fixed length of data to contain the first ordered plurality of message authentication codes, and wherein a portion of the data with the fixed length unoccupied by the first ordered plurality of message authentication codes is filled with random or pseudorandom numbers.
  - 8. The system of claim 1, wherein each message authentication code in the first ordered plurality of message authentication codes after the first message authentication code is generated from a secret key of the ordered plurality of secret keys and a message of the ordered plurality of messages wherein the message is generated based at least in part on the secret key used to generate an immediately previous message authentication code in the first ordered plurality of message authentication codes.
  - 9. The system of claim 1, wherein the message from which the first ordered plurality of message authentication codes is generated after the first message is further generated based at least in part on a message of the ordered plurality of messages used to generate an immediately previous message authentication code in the first ordered plurality of message authentication codes.
  - 10. The system of claim 1, wherein the cryptographic challenge further comprises a final message authentication code in a second ordered plurality of message authentication codes, and wherein:
    - a first message authentication code in the second ordered plurality of message authentication codes is generated from a first secret key and a first message; and
      
      each message authentication code in the second ordered plurality of message authentication codes after the first message authentication code in the second ordered plurality of message authentication codes is generated from a secret key and a message, wherein the secret key is generated based at least in part on a secret key used to generate a current or a previous message authentication code in the first ordered plurality of message authentication codes.
  - 11. The system of claim 10, wherein the client computing device terminates computations of a response to the cryptographic challenge when the client computing device computes a value which matches the final message authentication code in the second ordered plurality of message authentication codes.
  - 12. The system of claim 10, wherein a key after the first key from which a message authentication code in the second ordered plurality of message authentication codes after the first message authentication code is generated is further generated based at least in part on a key of the ordered plurality of secret keys used to generate a previous message authentication code in the second ordered plurality of message authentication codes.

13. A computer-implemented method comprising:
- receiving a request from a client computing device through a communication network;
  
  assigning a confidence level to the client computing device based at least in part on identification information associated with at least one of the client computing device or a user account associated with the request;
  
  determining a target amount of computations for the client computing device to compute the response based at least in part on the confidence level assigned to the client computing device, and wherein the system selects parameters used to generate a cryptographic challenge based at least in part on the target amount of computations for the client computing device;
  
  generating an ordered plurality of secret keys;
  
  generating an ordered plurality of messages;
  
  generating an ordered plurality of message authentication codes, wherein each message authentication code is generated from a corresponding key of the ordered plurality of secret keys and a corresponding message of the ordered plurality of messages, wherein each message after a first message of the ordered plurality of messages is generated based at least in part on a secret key of the ordered plurality of secret keys used to generate a previous message authentication code of the ordered plurality of message authentication codes;
  
  generating the cryptographic challenge, wherein the cryptographic challenge comprises the first message and the ordered plurality of message authentication codes;
  
  transmitting the cryptographic challenge to the client computing device through the communication network;
  
  receiving a challenge response to the cryptographic challenge from the client computing device through the communication network;
  
  determining whether the challenge response includes at least a determined secret key of the ordered plurality of secret keys used to generate a determined message authentication code of the ordered plurality of message authentication codes; and
  
  transmitting a request response to the request to the client computing device through the communication network based, at least in part, on a result of the determination.

14. A non-transitory computer readable medium comprising computer-executable instructions that, when executed by a computing system, cause the computing system to:
- receive a request from a client computing device through a communication network;
  
  assign a confidence level to the client computing device based at least in part on identification information associated with at least one of the client computing device or a user account associated with the request;
  
  determine a target amount of computations for the client computing device to compute a response based at least in part on the confidence level assigned to the client computing device, and wherein the system selects parameters used to generate a cryptographic challenge based at least in part on the target amount of computations for the client computing device;
  
  generate the cryptographic challenge, wherein the cryptographic challenge comprises a first message and an ordered plurality of message authentication codes, wherein each message authentication code is generated from a corresponding secret key of an ordered plurality of secret keys and a corresponding message of an ordered plurality of messages, wherein each message after the first message is generated based at least in part on a secret key of the ordered plurality of secret keys used to generate a previous message authentication code of the ordered plurality of message authentication codes;
  
  transmit the cryptographic challenge to the client computing device through the communication network;
  
  receive a challenge response to the cryptographic challenge from the client computing device through the communication network;
  
  determine whether the challenge response includes at least a determined secret key of the ordered plurality of secret keys used to generate a determined message authentication code of the ordered plurality of message authentication codes; and
  
  transmit a request response to the request to the client computing device through the communication network based, at least in part, on a result of the determination.
- View Dependent Claims (15)
- - 15. The computer readable medium of claim 14, wherein the cryptographic challenge comprises a fixed length of data to contain the plurality of message authentication codes, and wherein a portion of the data with the fixed length unoccupied by the plurality of message authentication codes is filled with random or pseudorandom numbers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Electronic Arts Incorporated
Original Assignee
Electronic Arts Incorporated
Inventors
Tjew, Kat Fung
Primary Examiner(s)
Armouche, Hadi S
Assistant Examiner(s)
Khan, Sher A

Application Number

US15/080,408
Time in Patent Office

803 Days
Field of Search
US Class Current
CPC Class Codes

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0861   Generation of secret inform...

H04L 9/3242   involving keyed hash functi...

H04L 9/3271   using challenge-response

Generating cryptographic challenges to communication requests

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

38 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Generating cryptographic challenges to communication requests

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links