Authentication device and/or method

US 8,151,364 B2
Filed: 10/06/2006
Issued: 04/03/2012
Est. Priority Date: 12/21/2004
Status: Active Grant

First Claim

Patent Images

1. A method of providing to a user information to enable the user to know that a remote service to which the user connects via a communications network is in fact the service that it represents itself to be as opposed to an imitator of such service, the method including:

the remote service obtaining a service authentication code that has been generated, using a code generation algorithm, based on a first secret key;

communicating the service authentication code to the user via the communications network;

entering the service authentication code into an authentication device in the control of the user;

generating in the authentication device, using the same code generation algorithm, an expected code value based on a second secret key, then comparing the expected code value to the service authentication code received from the remote service; and

if the expected code value correlates correctly with the service authentication code, the authentication device generating a response that indicates to the user that the remote service is the remote service that it represents itself to be, as opposed to an imitator of such service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating a remote service (104) to a user (102) via a communications network (106) is disclosed. The remote service (104) obtains a service authentication code that has been generated, using a code generation algorithm, based on a first secret key. The service authentication code is communicated to the user (102) via the communications network (106) and received, or entered, into an authentication device (106) associated with the user (102). The authentication device (106) then generates, using the same code generation algorithm, an expected code value based on a second secret key and compares the expected code value to the service authentication code. Responsive to the comparison, and in the event that the expected code value correlates with the service authentication code, the authentication device (106) generates a response that indicates to the user (102) the authenticity of the remote service (104).

44 Citations

View as Search Results

36 Claims

1. A method of providing to a user information to enable the user to know that a remote service to which the user connects via a communications network is in fact the service that it represents itself to be as opposed to an imitator of such service, the method including:
- the remote service obtaining a service authentication code that has been generated, using a code generation algorithm, based on a first secret key;
  
  communicating the service authentication code to the user via the communications network;
  
  entering the service authentication code into an authentication device in the control of the user;
  
  generating in the authentication device, using the same code generation algorithm, an expected code value based on a second secret key, then comparing the expected code value to the service authentication code received from the remote service; and
  
  if the expected code value correlates correctly with the service authentication code, the authentication device generating a response that indicates to the user that the remote service is the remote service that it represents itself to be, as opposed to an imitator of such service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 34)
- - 2. A method according to claim 1 wherein the remote service includes an electronic commerce service.
  - 3. A method according to claim 1 wherein the electronic commerce service includes an internet commerce service.
  - 4. A method according to claim 1 wherein the service authentication code is generated by an authentication server communicatively coupled to a server hosting the remote service.
  - 5. A method according to claim 1 wherein the first secret key is retrieved by indexing a user provided code into a database containing a code for each authentication device that has been registered for accessing the remote service, and the first secret key associated therewith, so as to retrieve the first secret key associated with the user provided code.
  - 6. A method according to claim 5 wherein the user provided code uniquely identifies the authentication device.
  - 7. A method according to claim 1 wherein the generation of the service authentication code includes encoding the first secret key to provide a one-time usable authentication code.
  - 8. A method according to claim 7 wherein each instance of the code generation algorithm uses a first pseudorandom encoding sequence and a second pseudorandom encoding sequence, the second pseudorandom encoding sequence having the same sequence length as the first pseudorandom encoding sequence.
  - 9. A method according to claim 8 wherein the first pseudorandom encoding sequence includes a sequence of singularly occurring characters forming a character set from which the first secret key is derived so that the first pseudorandom encoding sequence includes the characters of the first secret key.
  - 10. A method according to claim 8 wherein the second pseudorandom encoding sequence includes an arrangement of characters from a different character set to the first secret key.
  - 11. A method according to claim 8 wherein the code generation algorithm for generating the service authentication code or the expected value respectively includes:
    - identifying, in order, the location of characters in the first pseudorandom encoding sequence corresponding to the characters of the first secret key or the second secret key;
      
      mapping the location of the identified characters in the first pseudorandom encoding sequence to characters of the second pseudorandom encoding sequence having the same sequence location to provide a set of characters from the second pseudorandom encoding sequence; and
      
      arranging, in the order of identification, the set of characters of second pseudorandom encoding sequence so as to form the service authentication code.
  - 12. A method according to claim 8 wherein different first and second pseudorandom encoding sequences are used whenever a service authentication code is generated to reduce the likelihood of the same service authentication code being regenerated.
  - 13. A method according to claim 1 wherein the response includes the authentication device activating to generate a user authentication code for authenticating the user to the remote service.
  - 14. A method according to claim 1 wherein the second secret key is stored in memory on-board the authentication device so as to be normally inaccessible to the user.
  - 15. A method according to claim 1 wherein the service authentication code includes an identifier for synchronising the code generation algorithm for generating the service authentication code with the code generation algorithm for generating the expected code value.
  - 16. A method according to claim 1 wherein the code generation algorithm for generating the service authentication code based on the first secret key, and the code generation algorithm for generating the expected code value based on the second secret key, use synchronised encoding sequences for generating the service authentication code and the expected code value based on the first secret key and the second secret key respectively.
  - 17. A method according to claim 16 wherein the encoding sequences are modified each time a service authentication code is generated.
  - 34. A method of confirming the authenticity of a second user to a first user using a remote service via a communications network, the method including:
    - the first user authenticating the remote service using a method according to claim 1;
      
      in the event that remote service is validly authenticated, the first user providing a user authentication code generated by an authentication device of the second user based on a secret key associated with, or provided by, the second user;
      
      communicating the user authentication code to the remote service via the communications network;
      
      the remote service obtaining an expected code value that has been generated based on a secret key and thereafter comparing the expected code value to the user authentication code for a second user; and
      
      responsive to the comparison and in the event that the expected code correlates with the user authentication code, the remote service providing a response to the first user that indicates the authenticity of the second user.

18. A method of authenticating a remote service to a user via a communications network whereby the remote service is able to demonstrate to the user that the remote service is the service it purports to be, the method including:
- the remote service obtaining a service authentication code that has been generated using a code generation algorithm based on a first secret key;
  
  communicating the service authentication code to the user via the communications network;
  
  entering the service authentication code into an authentication device in the possession of the user;
  
  the authentication device generating, using the same code generation algorithm, an expected code value based on a second secret key, the authentication device thereafter comparing the expected code value to the service authentication code; and
  
  if the expected code value correlates correctly with the service authentication code, the authentication device generating a response that indicates to the user that the remote service is the service it purports to be;
  
  wherein the code generation algorithm for generating the service authentication code based on the first secret key, and the code generation algorithm for generating the expected code value based on the second secret key use synchronised encoding sequences for generating the service authentication code and the expected code value, based on the first secret key and the second secret key, respectively.

19. A method of mutually demonstrating over a communications network to a user and to a remote service that each of the remote service and the user are who they purport to be, the method comprising:
- the remote service obtaining a service authentication code that has been generated, using a code generation algorithm, based on a first secret key;
  
  communicating the service authentication code to the user via the communications network;
  
  entering the service authentication code into an authentication device in control of the user;
  
  generating in the authentication device, using the same code generation algorithm as in the remote service, an expected code value based on a second secret key, and thereafter comparing the expected code value to the service authentication code;
  
  if the expected code correlates with the service authentication code, the authentication device generating, using a code generation algorithm, a user authentication code value based on a third secret key;
  
  communicating the user authentication code to the remote service via the communications network;
  
  the remote service obtaining a second expected code value that has been generated based on a fourth secret key and thereafter comparing the second expected code value to the user authentication code; and
  
  if the second expected code value correlates with the user authentication code, the remote service allowing the user further access to the remote service.

20. A software architecture embodied on at least one non-transitory computer-readable media for implementation on a server to enable a service to demonstrate to a user communicating with that service that the service is the service it purports to be, the software architecture including:
- a service authentication code generator for generating a service authentication code, using a code generation algorithm, based on a first secret key, the generation of the service authentication code including encoding the first secret key using a first pseudorandom encoding sequence and a second pseudorandom encoding sequence having the same sequence length as the first pseudorandom encoding sequence, the encoding including;
  
  identifying, in order, the location of characters in the first pseudorandom encoding sequence that correspond to the characters of the first secret key;
  
  mapping the sequence location of the identified characters to characters of the second pseudorandom encoding sequence having the same sequence location to provide a set of characters from the second pseudorandom encoding sequence; and
  
  arranging, in order of identification, the set of characters of the second pseudorandom encoding sequence to form the service authentication code; and
  
  a communication driver for communicating the service authentication code to a remote user via the communications network;
  
  wherein the service authentication code varies according to the first and a second pseudorandom encoding sequences used by the code generation algorithm and wherein a different first and second pseudorandom encoding sequence is used whenever a service authentication code is generated to reduce the likelihood of the same service authentication code being regenerated.

21. A software architecture embodied on at least one non-transitory computer-readable media for implementation on an authentication device, the software architecture including:
- an input driver for receiving or entering a service authentication code provided by a remote service, the service authentication code having been generated using a code generation algorithm, based on a first secret key;
  
  a generator for generating, using the code generation algorithm, an expected code value based on a second secret key;
  
  a comparator for comparing the expected code value to the service authentication code; and
  
  a response generator for generating a response indicative of the authenticity of the remote service according to a comparison of the expected code with the service authentication code.
- View Dependent Claims (35, 36)
- - 35. A method of creating an authenticating device comprising:
    - a user accessing a service hosting a software program for installation on an electronic device to create a software architecture according to claim 21;
      
      the service communicating the software program to the portable electronic device; and
      
      executing, or installing, the software program to create the software architecture on the portable electronic device.
  - 36. A method according to claim 35 wherein the software architecture is communicated via:
    - (a) a short message service;
      
      (b) an electronic mail service;
      
      or(c) a packet based communications service.

22. An authentication device for providing a response that indicates to a user of the device that a remote service with which the user wishes to communicate over a communications network is, in fact, the remote service with which the user desires to interact, as opposed to an imitator of such remote service, the authenticity of a remote service based on an service authentication code provided by the remote service, the authentication device including:
- an input device for receiving or entering the service authentication code, the service authentication code having been generated using a code generation algorithm based on a first secret key;
  
  a code generator circuit for generating, using the same code generation algorithm, an expected code value based on a second secret key;
  
  a comparator circuit for comparing the expected code value to the service authentication code; and
  
  a response generator for generating a response indicative of the authenticity of the remote service according to a comparison matching the expected code with the service authentication code, and thereby indicate to the user that the remote service is, in fact, the remote service with which the user desires to interact, as opposed to an imitator of such remote service.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 23. A device according to claim 22 wherein each code generation algorithm uses a first pseudorandom encoding sequence and a second pseudorandom encoding sequence, the second pseudorandom encoding sequence having the same sequence length as the first pseudorandom encoding sequence.
  - 24. A device according to claim 23 wherein the first pseudorandom encoding sequence includes a sequence of singularly occurring characters forming a character set from which the first secret key is derived so that the first pseudorandom encoding sequence includes the characters of the first secret key.
  - 25. A device according to claim 23 wherein the second pseudorandom encoding sequence includes an arrangement of characters from the same or different character set to the first secret key.
  - 26. A device according to claim 23 wherein the code generation algorithm for generating the expected value respectively includes:
    - identifying, in order, the location of characters in the first pseudorandom encoding sequence corresponding to the characters of the second secret key;
      
      mapping the location of the identified characters in the first pseudorandom encoding sequence to characters of the second pseudorandom encoding sequence having the same sequence location to provide a set of characters from the second pseudorandom encoding sequence; and
      
      arranging, in the order of identification, the set of characters of second pseudorandom encoding sequence so as to form the service authentication code.
  - 27. A device according to claim 23 wherein different first and second pseudorandom encoding sequences are used whenever a service authentication code is generated to reduce the likelihood of the same service authentication code being regenerated.
  - 28. A device according to claim 22 wherein the response includes the authentication device activating for generating a user authentication code for authenticating the user to the remote service.
  - 29. A device according to claim 22 wherein the second secret key is stored in memory on-board the authentication device so as to be normally inaccessible to the user.
  - 30. A device according to claim 22 wherein the service authentication code includes an identifier for synchronising the code generation algorithm for generating the service authentication code with the code generation algorithm for generating the expected code value.
  - 31. A device according to claim 22 wherein the code generation algorithm for generating the service authentication code based on the first secret key, and the code generation algorithm for generating the expected code value based on the second secret key, use synchronised encoding sequences for generating the service authentication code and the expected code value based on the first secret key and the second secret key respectively.
  - 32. A device according to claim 31 wherein the encoding sequences are modified each time a service authentication code is generated.

33. A method of authenticating a remote service to a user via a communications network, the authentication demonstrating to the user that the remote service is actually the remote service with which the user wishes to interact, as opposed to a different remote service, the method including:
- a user operating an authentication device to retrieve, from the device, a unique identification code associated therewith;
  
  the user sending the unique identification code to the remote service via a communications network;
  
  the remote service obtaining a service authentication code that has been generated using a code generation algorithm based on a first secret key, the first secret key being retrieved from a database by indexing the unique identification code into the database, the database including identification codes for authentication devices that have been registered for accessing the remote service;
  
  communicating the service authentication code to the user via the communications network;
  
  entering the service authentication code into an authentication device associated with the user;
  
  the authentication device generating, using the same code generation algorithm, an expected code value based on a second secret key, and thereafter comparing the expected code value to the service authentication code; and
  
  responsive to the comparison, and when the expected code value correctly correlates with the service authentication code, the authentication device generating a response that indicates to the user the authenticity of the remote service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMUE Limited, Richard Jacka, Simon Charles Hughes-Hewitt
Original Assignee
EMUE Holdings Pty Limited
Inventors
Hewitt, Simon Charles Hughes, Bender, Jason Frederick, Lenon, James Evan
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US11/544,378
Publication Number

US 20070088952A1
Time in Patent Office

2,006 Days
Field of Search

None
US Class Current

726/30
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 2463/102   applying security measure f...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

Authentication device and/or method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication device and/or method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links