Client authentication device and methods thereof

US 8,499,169 B2
Filed: 07/17/2008
Issued: 07/30/2013
Est. Priority Date: 07/20/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

receiving a request to authenticate a client device via a network;

in response to receiving the request;

retrieving an authentication key from a storage module at the client device, the storage module located at a first integrated circuit package;

determining at a tamper detection module whether a memory of the client device has been accessed;

in response to determining the memory of the client device has not been accessed,using the authentication key at an authentication module to determine an authentication result for the client device, the authentication module located at the first integrated circuit package;

communicating the authentication result via the network; and

in response to determining a portion of the memory of the client device has been accessed, fixing a data bus of the memory at a predetermined voltage.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating a data processing device includes receiving a request to authenticate the data processing device. In response, an authentication key is accessed an authenticated at an authentication module. The authentication key is stored at a storage module that is located within the same integrated circuit package as the authentication module, so that the authentication key can be communicated to the module without exposing the key to unauthorized probing. The integrated circuit package also includes a tamper detection module to determine whether a memory of the data processing device has been accessed. In response to determining the memory has been accessed, the tamper detection module instructs the authentication module to not authenticate the data processing device.

60 Citations

View as Search Results

13 Claims

1. A method, comprising:
- receiving a request to authenticate a client device via a network;
  
  in response to receiving the request;
  
  retrieving an authentication key from a storage module at the client device, the storage module located at a first integrated circuit package;
  
  determining at a tamper detection module whether a memory of the client device has been accessed;
  
  in response to determining the memory of the client device has not been accessed,using the authentication key at an authentication module to determine an authentication result for the client device, the authentication module located at the first integrated circuit package;
  
  communicating the authentication result via the network; and
  
  in response to determining a portion of the memory of the client device has been accessed, fixing a data bus of the memory at a predetermined voltage.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein receiving the request to authenticate the client device comprises receiving the request at a processor of the client device, the processor located at a second integrated circuit package different from the first.
  - 3. The method of claim 1, wherein the first integrated circuit package includes a plurality of external connectors, and wherein the storage module is inaccessible via the plurality of external connectors after storage of the authentication key.
  - 4. The method of claim 1, further comprising:
    - wherein authenticating the authentication key comprises setting the authentication result to indicate a denial of authentication in response to determining the memory has been accessed.

5. A method, comprising:
- receiving a request to authenticate a client device via a network;
  
  in response to receiving the request;
  
  retrieving an authentication key from a storage module at the client device via an interconnect that is protected from external probing;
  
  using the authentication key to determine an authentication result; and
  
  communicating the authentication result via the network;
  
  receiving configuration information from a memory;
  
  configuring a processor of the client device based on the configuration information;
  
  fixing a write-enable input of the memory at a defined value so that data cannot be stored at the memory; and
  
  monitoring a voltage of the write-enable input of the memory to detect tampering of the memory.
- View Dependent Claims (6)
- - 6. The method of claim 5, wherein receiving the authentication key to authenticate the client device comprises receiving the request at the processor of the client device, the processor coupled to the storage module via the interconnect.

7. A device, comprising:
- a network interface module configured to receive an authentication request from a network;
  
  a processor;
  
  a memory coupled to the processor via a bus, the memory comprising a write enable input configured to place the memory in a writeable state based on a signal at the write enable input; and
  
  a first integrated circuit package, comprising;
  
  a storage module configured to store an authentication key;
  
  an authentication module configured to access the authentication key and to determine an authentication result based on the authentication key in response to the authentication request; and
  
  a tamper detection module coupled to the authentication module, the tamper detection module configured to;
  
  detect tampering of the memory,provide control information to the authentication module indicating whether the memory has been tampered, andfixing the bus at a predetermined voltage in response to determining the memory has been tampered.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The device of claim 7, wherein the processor comprises a second integrated circuit package different from the first.
  - 9. The device of claim 7, wherein the first integrated circuit package includes a plurality of external connectors, and wherein the storage module is inaccessible via the plurality of external connectors.
  - 10. The device of claim 7, wherein the authentication module is configured to set the authentication result to indicate a denial of authentication in response to determining the control information indicates the memory has been tampered.
  - 11. The device of claim 7, wherein the tamper detection module is configured to detect tampering of the memory by monitoring a voltage of the write enable input of the memory.
  - 12. The device of claim 7, wherein the tamper detection module is configured to detect tampering of the memory by comparing data communicated via the bus with expected values.
  - 13. The device of claim 12, wherein the tamper detection module is configured to compare data communicated via the bus by comparing a hash value based on the data to an expected hash value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Beverly, Harlan T.
Primary Examiner(s)
DADA, BEEMNET W

Application Number

US12/174,709
Publication Number

US 20090025073A1
Time in Patent Office

1,839 Days
Field of Search

713/194, 713/162, 713/164, 713/168, 713/193, 726 2- 5, 726/34, 726/35, 726/27, 726/29, 726/6, 726/7
US Class Current

713/193
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/79   in semiconductor storage me...

G06F 21/86   Secure or tamper-resistant ...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/083   using passwords cryptograph...

H04L 9/32   including means for verifyi...

Client authentication device and methods thereof

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Client authentication device and methods thereof

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links