| US 7,519,815 B2 | ||
| Challenge-based authentication without requiring knowledge of secret authentication data | ||
| Max G. Morris, Seattle, Wash. (US); and Christopher G. Kaler, Sammamish, Wash. (US) | ||
| Assigned to Microsoft Corporation, Redmond, Wash. (US) | ||
| Filed on Aug. 13, 2004, as Appl. No. 10/917,786. | ||
| Claims priority of provisional application 60/515461, filed on Oct. 29, 2003. | ||
| Prior Publication US 2005/0097325 A1, May 05, 2005 | ||
| Int. Cl. H04L 9/00 (2006.01); G06F 15/16 (2006.01); H04K 1/00 (2006.01) | ||
| U.S. Cl. 713—168 [726/3; 380/278] | 37 Claims |
| 1. In an environment that includes an authenticatee computing entity, a supplemental authenticatee computing entity, an authenticator
computing entity, and a supplemental authenticator computing entity, a method for the authenticator computing entity to authenticate
to the authenticatee computing entity using challenge based authentication and without requiring the authenticatee and authenticator
computing entities be aware of secret data used for the authentication, the method comprising the following:
an act of the authenticatee computing entity generating secret key data that is not known to the supplemental authenticatee,
authenticator or supplemental authenticator computing entities;
an act of the authenticatee computing entity providing the secret key data to the supplemental authenticatee computing entity
thereby informing the supplemental authenticatee computing entity of the secret key data;
an act of the supplemental authenticatee computing entity encrypting the secret key data using secret data known to the supplemental
authenticatee and supplemental authenticator computing entities, but not known to the authenticatee and authenticator computing
entities, the secret data for use in protecting a proper answer to a challenge based on the secret key data;
an act of the authenticatee computing entity acquiring the challenge along with the encrypted secret key data from the supplemental
authenticatee computing entity;
an act of the authenticatee computing entity providing the challenge along with the encrypted secret key data to the authenticator
computing entity;
an act of the authenticator computing entity providing the challenge along with encrypted secret key data to the supplemental
authenticator computing entity;
an act of the supplemental authenticator computing entity decrypting the encrypted secret key data using the secret data known
to the supplemental authenticatee and supplemental authenticator computing entities thereby informing the supplemental authenticator
computing entity of the secret key data;
an act of the supplemental authenticator computing entity using the secret key data to create a purported answer to the challenge;
an act of the authenticator computing entity acquiring the purported answer to the challenge from the supplemental authenticator
computing entity;
an act of the authenticator computing entity providing the purported answer to the authenticatee computing entity; and
an act of the authenticatee computing entity comparing the purported answer to the proper answer to authenticate the authenticator
computing entity at the authenticatee computing entity without having to generate an answer to the challenge at the authenticatee
computing entity.
|