US 7,603,556 B2
`(10) Patent No.:
`a2) United States Patent
`Brownetal.
`(45) Date of Patent:
`Oct. 13, 2009
`
`
`US007603556B2
`
`(54) CHALLENGE RESPONSE-BASED DEVICE
`AUTHENTICATION SYSTEM AND METHOD
`
`(75)
`
`Inventors: Michael K. Brown, Kitchener (CA);
`Michael S. Brown, Waterloo (CA):
`Michael G. Kirkup, Waterloo (CA):
`.
`:
`Herbert A.Little, Waterloo (CA)
`
`.
`(73) Assignee: Research In Motion Limited, Waterloo,
`Ontario (CA)
`
`9/1997 Kaufman oe 713/159
`5,666,415 A *
`2/1998 Funk
`5,721,779 A
`5/2000 Daviset al... 713/155
`6,064,736 A *
`al2003 Traw et al.
`6,542,610 B2
`......0.... 713/168
`6,826,686 Bl . Le Peyravian et al.
`7,062,490 B2
`6/2006 Adyaet al.
`........
`w 707/10
`
`2002/0071566 AL*
`6/2002 Kurn wo... cee cece 380/281
`2003/0065956 Al
`4/2003 Belapurkar etal.
`........... TAB/L71
`2004/0158715 Al*
`8/2004 Peyravian etal.
`2005/0215233 AL*
`9/2005 Pereraet al. v..ccssecee 455/411
`
`FOREIGN PATENT DOCUMENTS
`
`(*) Notice:
`
`Subject to any disclaimer, the term ofthis
`patent is extended or adjusted under 35
`US.C. 154(b) by 598 days.
`
`WO OSIOES6 AZ
`wo
`* cited by examiner
`
`B/2008
`
`(21) Appl. No.: 10/996,369
`
`(22)
`
`Filed:
`
`Nov. 26, 2004
`
`(65)
`
`Prior Publication Data
`WS 2MSSIS al
`Nox: 10; 2005
`Related U.S. Application Data
`(60) Provisional application No. 60/568,119,filed on May
`4, 2004.
`
`(51)
`
`Int. Cl.
`(2006.01)
`HOAL 9/32
`(52) US. CM cceeceeeteeeeteee 713/169; 726/2; 726/3;
`726/4
`(58) Field of Classification Search ................. 713/168,
`713/169
`See application file for complete searchhistory.
`,
`References Cited
`U.S. PATENT DOCUMENTS
`
`(56)
`
`5,418,854 A
`5,434,918 A *
`5,491,752 A *
`
`5/1995 Kaufman et al.
`
`7/1995 Kungetal. we 713/169
`2/1996 Kaufman etal. 0... 380/30
`
`Primary Examiner—Ponnoreay Pich
`(74) Attorney, Agent, or Firm—Jenna L. Wilson; Dimock
`Stratton LLP
`
`(57)
`ABSTRACT
`A challenge response scheme authenticates a requesting
`device by an authenticating device. The authenticating device
`generates and issues a challenge to the requesting device. The
`requesting device combines the challenge with a hash of a
`password provided by a user, and the combination is further
`hashedin order to generate a requesting encryption key used
`to encrypt the user supplied password. The encrypted user
`supplied password is sent to the authenticating device as a
`response to the issued challenge. The authenticating device
`generates an authenticating encryption key by generating the
`hash ofa combination ofthe challenge and a stored hash of an
`authenticating device password. The authenticating encryp-
`tion key is used to decrypt the responsein orderto retrieve the
`user-supplied password.If the user-supplied password hash
`matches the stored authenticating device password hash, the
`requesting device is authenticated and the authenticating
`device is in possession of the password.
`
`24 Claims, 5 Drawing Sheets
`
`Requesting
`Device
`
`Authenticating
`Device
`
`Determine Chaltengs
`
`
`
`Request user_password
`from user
`
`
`‘Send connection requast
`to device
`
`
`
`Send Challange ta
`Determine encryption key
`
`Desktop
`
`k=H(Chaflange || H(user_password))
`
`
`Datermine Encryption Key
`Determine Response
`k=H(Challenge|
`
`T=E(usar_password)
`
`
`Histored_password))
`Send Response to
`Decrypt response using
`device
`Encryption Key k
`
`
`
`
` YES
`
`Goes Hidecrypted_response)
`match Historedpassword)?
`
`
`Disallow connection
`
`Allow connection
`
`APPLE 1012
`
`APPLE 1012
`
`1
`
`

`

`U.S. Patent
`
`Oct. 13, 2009
`
`Sheet 1 of 5
`
`US 7,603,556 B2
`
`E-Mail Sender
`
`aC 10
`20 Y/
`
`
`15
`
`4
`
`wa
`
`J
`25
`
`85
`
`90
`Wireléss
`Gatewa
`
`
`Wirelegs
`Infrastructure
`
`|
`105 !
`
`f\ “Wireless
`K\ Network
`
`
`a
`
`25
`
`40
`
`
`
`Message Server System
`
`100
`
`Mobile
`Communication
`
`Device
`
`FIG. 1
`
`2
`
`

`

`U.S. Patent
`
`Oct. 13, 2009
`
`Sheet 2 of 5
`
`US 7,603,556 B2
`
`Is
`
`Host Location (example : Corporate Office)
`
`100
`
`:
`
`Network 1
`
`E-Mail Sender
`
`20
`
`0
`
`\ I
`
`f)
`A
`
`
`
` Physical |§
`
`
`Cradle °
`Device
`X's Certificate
`X's CRLs
`7
`
`
`ee
`Redirection
`
`
`
`Other
`Software .
`8
`
`ms,
`Chained
`
`
`Certificates Pre . ma aE|Host or
`
`
`
`
`Desktop
`
`Wireless
`
`
`Mobile
`Wireless 1
`
`
`Gateway|90
`Device
`VPN Router
`
`
`
`
`Wireless
`Infrastructu re
`
`
`105 i... Wireless
`Network 2
` Wireless
`
`Device
`
`Mobile Data
`Communication
`Device
`
`Mobile Data
`Communication
`
`FIG. 2
`
`3
`
`

`

`U.S. Patent
`
`Oct. 13, 2009
`
`Sheet 3 of 5
`
`US 7,603,556 B2
`
`Requesting
`Device
`
`Authenticating
`Device
`
`
`
`
`Request password from
`user
`
`
`Does H(user_password)
`
`
`match H(stored_password)?
`
`NO
`
`Disallow connection
`
`
`Determine hashof
`
`password
`
`
`H(user_password)
`
`Allow connection
`
`Send H(user_password)
`to device
`
`
`
`
`FIG.3
`
`PRIOR ART
`
`4
`
`

`

`U.S. Patent
`
`Oct. 13, 2009
`
`Sheet 4 of 5
`
`US 7,603,556 B2
`
`Requesting
`Device
`
`Authenticating
`Device
`
` Request user_password
`
`from user
`
`
`Send Challenge to
`Determine encryption key
`k=H(Chailenge|| H(user_password))
`
`
`
`
`Desktop
`
`
`
`Determine Encryption Key
`k=H(Challenge||
`
`H(stored_password))
`
`
` Determine Challenge
`
`
`Encryption Key k
`
`
`Send connection request
`to device
`
`Determine Response
`r=E(user_password)
`
`Send Responseto
`device
`
`
` Decrypt response using
`
`
`
`Does H(decrypted_response
`
`match H(stored_password)?
`
`
`
`
`
`Allow connection Disallow connection
`
`
`FIG. 4
`
`5
`
`

`

`U.S. Patent
`
`Oct. 13, 2009
`
`Sheet 5 of 5
`
`US 7,603,556 B2
`
`
`
`
`
`abuey-HOUSBdIAEQJAUIO
`
`$‘OLA
`
`
`
`
`BeuoeounWWoDeyed
`
`
`
`[OdJBLEas|WasajIye|OA-UONainpow
`
`oSArowayi
`
`SUOIEIIUNWIWODsuua}sASQns
` sinpow
`
`ra
`
`vee
`
`Oe
`
`pseoghsy
`
`geeSee
`
`Microprocessor
`
`
`
`UOIJEDIUNWIWWOD910A,
`
`sjeuBis
`
`
`
`BIEMYOSJBUIO
`
`sa|Nnpo;
`
`6
`
`
`

`

`US 7,603,556 B2
`
`1
`CHALLENGE RESPONSE-BASED DEVICE
`AUTHENTICATION SYSTEM AND METHOD
`
`REFERENCE TO PRIOR APPLICATIONS
`
`10
`
`15
`
`20
`
`40
`
`45
`
`This application claimspriority from U.S. Application No.
`60/568,119, filed May 4, 2004.
`
`BACKGROUND
`
`1. Technical Field
`
`The present invention relates generally to the field of com-
`munications, andin particular to a challenge response system
`and method.
`
`2. Description of the Related Art
`Mobile devices, such as personal digital assistants (PDAs),
`cellular phones, wireless communication devices and the
`like, are occasionally connected to a user’s desktop system in
`order to synchronize information between the user’s desktop
`system and their mobile device. Information such as a user’s
`calendar, task list and phone book entries are examples of
`information that is routinely synchronized between the desk-
`top system and the mobile device.
`Such information is usually ofa sensitive nature and should
`be secured. The useris thus provided with an option to specify
`a device password on the mobile device in order to secure the
`mobile device and prevent use of the device without knowl-
`edge of the device password.
`Whenthe mobile device is connected to the desktop system
`in order to synchronize information, the mobile device issues
`a challenge to the desktop system in order to determine if the
`desktop system is authorizedto initiate a connection with the
`mobile device. The desktop system then provides a response
`to the mobile device. If the response provided by the desktop
`system matches the response expected by the mobile device,
`then the desktop system is allowed to connect to the mobile
`device and proceed to synchronize information.
`Typically, the issued challenge is a request for the hash of
`the user password. A hash function, such as SHA-1, is a
`one-way function that takes an input or varying length and
`converts it into a unique output. The hash of the password
`provided by the user of the desktop system initiating a con-
`nection is sent to the device in responseto the challenge by the
`mobile device. If the response matches the stored hash of the
`device password, the desktop system is allowed to connectto
`the mobile device and proceed to synchronize information.
`The device passwordis typically not stored on the device.
`Only the hash of the device passwordis stored on the device.
`However, since the device passworditself is not stored on the
`device, certain operations requiring use of the device pass-
`word cannot be performed if only the hash of the device
`passwordis available on the mobile device. For instance, if
`the information on the mobile device is encrypted using the
`device password, then the device password must be supplied
`in order to decrypt the information prior to synchronizing
`with the desktop system.
`
`SUMMARY
`
`In accordance withthe teachings provided herein, systems
`and methods are provided for a challenge response scheme
`within which a secret, such as a password, maybe securely
`transferred between a requesting device and an authenticating
`device. As an example of a system and method,the authenti-
`cating device generates a challenge that is issued to the
`requesting device. The requesting device combinesthe chal-
`lenge with a hash of a password provided by a user of the
`
`2
`requesting device, and the combination of the hash of the
`password and the challenge is further hashed in order to
`generate a requesting encryption key that is used to encrypt
`the user supplied password. The encrypted user supplied
`passwordis sent to the authenticating device as the response
`to the issued challenge. The authenticating device generates
`an authenticating encryption key by generating the hash of a
`combination of the challenge and a stored hash of an authen-
`ticating device password. The authenticating encryption key
`is used to decrypt the response in order to retrieve the user
`supplied password. If a hash of the user supplied password
`matches the stored hash of the authenticating device pass-
`word, then the requesting device has been authenticated and
`the authenticating device is in possession of the password.
`Accordingto an aspect of the invention there is provided a
`method for authentication of a requesting device by an
`authenticating device, the requesting device and the authen-
`ticating device each being operative to carry out a one-way
`hash operation and to carry out a key-based encryption opera-
`tion, the authenticating device storing a hash of a defined
`password generated by applying the hash operation to the
`defined password, the authenticating device being further
`operative to carry out a key-based decryption operation for
`decrypting values obtained from the encryption operation,the
`method including the steps of:
`the requesting device receiving a user password andcarry-
`ing out the hash operation on the user password to obtain a
`hash of the user password,
`the authenticating device determining and transmitting a
`challenge to the requesting device;
`the requesting device receiving the challenge and defining
`a requesting encryption key by carrying out the hash opera-
`tion ona combination ofthe challenge and the hash ofthe user
`password,
`the requesting device carrying out the encryption operation
`using the requesting encryption key to encrypt the user pass-
`word,
`the requesting device transmitting a response including the
`encrypted user passwordto the authenticating device,
`the authenticating device receiving the response anddefin-
`ing an authenticating encryption key by carrying out the hash
`operation on a combination of the challenge and the hash of
`the defined password;
`the authenticating device using the authenticating encryp-
`tion key in the decryption operation to decrypt the responseto
`obtain a decrypted user password and carrying out the one-
`way hash operation on the decrypted user password;
`the authenticating device comparing the hash of the
`decrypted user password with the hash of the defined pass-
`wordto authenticate the requesting device when the compari-
`son indicates a match.
`
`According to a further aspect of the invention there is
`provided the above method further including the step of the
`authenticating device using the decrypted user password to
`carry out operations on the authenticating device.
`According to a further aspect of the invention there is
`provided the above method in which the authenticating
`device is a wireless handheld device and the requesting device
`is a desktop computer and in whichthe authentication of the
`requesting device is required to establish a connection
`between the wireless handheld device and the requesting
`device, the methodfurther includingthestep ofthe requesting
`device sending a connection request to the authenticating
`deviceprior to the authenticating device determining a chal-
`lenge and in which the step of authenticating the requesting
`device includes the step of refusing to establish a connection
`
`7
`
`

`

`US 7,603,556 B2
`
`3
`whenthe hash of the decrypted user password does not match
`the hash of the defined password.
`According to a further aspect of the invention there is
`provided the a computing device program product including
`code operative to perform the above methods.
`According to a further aspect of the invention there is
`provided a system for an authentication device to authenticate
`a requesting device, including:
`a challenge generator for generating a challenge,
`acommunicationslink for transmitting the challenge to the
`requesting device and receiving a responseto the challenge
`from the requesting device, the response including a request-
`ing password encrypted using a requesting encryption key,
`the requesting encryption key including a hash of a combina-
`tion of the challenge and a hash of the requesting password;
`a hash generator for generating an authenticating encryp-
`tion key by hashing a combinationofthe challenge anda hash
`of a predetermined password;
`a decryptor for decrypting the encrypted requesting pass-
`word using the authenticating encryption key to obtain a
`decrypted response; and
`a comparator for comparing a hash of the decrypted
`response with the hash of the predetermined password,
`whereby if the hash of the decrypted requesting password
`matches the hash ofthe predetermined password,the request-
`ing device is authenticated.
`According to a further aspect of the invention there is
`provided a methodfor securely transmitting information to a
`receiving device, the receiving device being provided with a
`hash of the information, a random number, and a receiving
`encryption key including a hash of the random number and
`the hash of the information, includingthesteps of:
`receiving a random numberfrom the receiving device;
`encoding the information to produce a hash of the infor-
`mation;
`combining the random numberwith the hash ofthe infor-
`mation;
`hashing the combined random number and hash of the
`information to produce a transmitting encryption key;
`encrypting the information using the transmitting encryp-
`tion key;
`transmitting the encrypted information to the receiving
`device for decryption by the receiving device using the
`receiving encryption key.
`According to a further aspect of the invention there is
`provided a methodfor a requesting device to be authenticated
`by an authenticating device, the requesting device receiving a
`user password,the authenticating device being provided with
`a hash of a predetermined password, a random number, and a
`receiving encryption key including a hash of the random
`numberandthe hash of the predetermined password,includ-
`ing the steps of the requesting device:
`receiving a random numberfrom the authenticating device;
`encoding the user password to produce a hash of the user
`password;
`combining the random number with the hash of the user
`password;
`hashing the combined random numberand hash ofthe user
`passwordto producea transmitting encryption key;
`encrypting the user password using the transmitting
`encryption key;
`transmitting the encrypted user password to the authenti-
`cating device for authentication by decryption by the authen-
`ticating device using the receiving encryption key.
`According to a further aspect of the invention there is
`provided a method for authentication of a requesting device
`by an authenticating device, the requesting device and the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`authenticating device each being operative to carry out a
`one-way hash operation andto carry out a key-based encryp-
`tion operation, the authenticating device storing a hash of a
`defined password generated by applying the hash operation to
`the defined password,the authenticating device being further
`operative to carry out a key-based decryption operation for
`decrypting values obtained from the encryption operation,the
`method including the steps of the authenticating device:
`determining and transmitting a challenge to the requesting
`device;
`the
`receiving a response from the requesting device,
`response including a requesting encryption key determined
`by carrying out the hash operation on a combination of the
`challenge and a hash of a received user password, the hash
`being defined by carrying out the hash operation on the
`received user password,
`defining an authenticating encryption key by carrying out
`the hash operation on a combination of the challenge and the
`hash of the defined password;
`using the authenticating encryption key in the decryption
`operation to decrypt the response to obtain a decrypted user
`passwordandcarrying out the one-way hash operation on the
`decrypted user password;
`comparing the hash of the decrypted user password with
`the hash of the defined passwordto authenticate the request-
`ing device when the comparison indicates a match.
`Aswill be appreciated,the invention is capable ofother and
`different embodiments, and its several details are capable of
`modifications in various respects, all without departing from
`the spirit of the invention. Accordingly, the drawings and
`description of the preferred embodiments set forth below are
`to be regardedasillustrative in nature andnotrestrictive.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a block diagram of a communication system for
`use with a requesting device and authenticating device.
`FIG. 2 is a block diagram of a further communication
`system for use with multiple devices.
`FIG. 3 is a schematic representation of a prior art chal-
`lenge-response method.
`FIG.4 is a schematic representation of challenge-response
`for a requesting device and authenticating device.
`FIG. 5 is a block diagram of a mobile communication
`device for use with the methodillustrated in FIG.4.
`
`DETAILED DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is an overview of an example communication sys-
`tem in which a wireless communication device may be used.
`Oneskilled in the art will appreciate that there may be hun-
`dreds of different topologies, but the system shown in FIG. 1
`helps demonstrate the operation of the encoded messagepro-
`cessing systems and methods described in the present appli-
`cation. There may also be many message senders andrecipi-
`ents. The simple system shown in FIG.1 is for illustrative
`purposes only, and showsperhaps the mostprevalent Internet
`e-mail environment wheresecurity is not generally used.
`FIG. 1 showsan e-mail sender 10, the Internet 20, a mes-
`sage server system 40, a wireless gateway 85, wireless infra-
`structure 90, a wireless network 105 and a mobile communi-
`cation device 100.
`
`An e-mail sender system 10 may, for example, be con-
`nected to an ISP (Internet Service Provider) on which a user
`of the system 10 has an account, located within a company,
`possibly connected to a local area network (LAN), and con-
`nected to the Internet 20, or connected to the Internet 20
`
`8
`
`

`

`US 7,603,556 B2
`
`5
`through a large ASP (application service provider) such as
`AMERICA ONLINE® (AOL). Those skilled in the art will
`appreciate that the systems shown in FIG. 1 mayinstead be
`connected to a wide area network (WAN) other than the
`Internet, although e-mail transfers are commonly accom-
`plished throughInternet-connected arrangements as shown in
`FIG. 1.
`
`The message server 40 may be implemented, for example,
`on a network computer within the firewall of a corporation, a
`computer within an ISP or ASP systemorthe like, and acts as
`the main interface for e-mail exchange overthe Internet 20.
`Although other messaging systems might not require a mes-
`sage server system 40, a mobile device 100 configured for
`receiving and possibly sending e-mail will normally be asso-
`ciated with an account on a messageserver. Perhaps the two
`most
`common message
`servers
`are MICROSOFT®
`EXCHANGEand LOTUS DOMINO®. These products are
`often used in conjunction with Internet mail routersthat route
`and deliver mail. These intermediate components are not
`shown in FIG. 1, as they do not directly play a role in the
`secure message processing described below. Message servers
`suchas server 40 typically extend beyondjust e-mail sending
`and receiving; they also include dynamic database storage
`engines that have predefined database formats for data like
`calendars, to-dolists, task lists, e-mail and documentation.
`The wireless gateway 85 andinfrastructure 90 provide a
`link between the Internet 20 and wireless network 105. The
`wireless infrastructure 90 determines the most likely network
`for locating a given user and tracks the user as they roam
`between countries or networks. A messageis then delivered to
`the mobile device 100 via wireless transmission, typically at
`a radio frequency (RF), from a base station in the wireless
`network 105 to the mobile device 100. The particular network
`105 may be virtually any wireless network over which mes-
`sages may be exchanged with a mobile communication
`device.
`
`As shown in FIG. 1, a composed e-mail message 15is sent
`by the e-mail sender 10, located somewhere on the Internet
`20. This message 15 is normally fully in the clear and uses
`traditional Simple Mail Transfer Protocol (SMTP), RFC822
`headers and Multipurpose Internet Mail Extension (MIME)
`body parts to define the format of the mail message. These
`techniquesare all well knownto those skilled in the art. The
`message 15 arrives at the message server 40 and is normally
`stored in a message store. Most known messaging systems
`support a so-called “pull” message access scheme, wherein
`the mobile device 100 must request that stored messages be
`forwarded by the message server to the mobile device 100.
`Some systems provide for automatic routing of such mes-
`sages which are addressed using a specific e-mail address
`associated with the mobile device 100. In a preferred embodi-
`mentdescribed in further detail below, messages addressed to
`a message server account associated with a host system such
`as a home computeror office computer which belongsto the
`user of a mobile device 100 are redirected from the message
`server 40 to the mobile device 100 as they are received.
`Regardless of the specific mechanism controlling the for-
`warding of messages to the mobile device 100, the message
`15, or possibly a translated or reformatted version thereof, is
`sent to the wireless gateway 85. The wireless infrastructure 90
`includes a series of connections to wireless network 105.
`
`These connections could be Integrated Services Digital Net-
`work (ISDN), Frame Relay or T1 connections using the TCP/
`IP protocol used throughout the Internet. As used herein, the
`term “wireless network”is intended to includethree different
`types of networks, those being (1) data-centric wireless net-
`works, (2) voice-centric wireless networks and (3) dual-mode
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`networks that can support both voice and data communica-
`tions over the same physical base stations. Combined dual-
`mode networks include, but are not limited to, (1) Code
`Division Multiple Access (CDMA)networks, (2) the Groupe
`Special Mobile or the Global System for Mobile Communi-
`cations (GSM) and the General Packet Radio Service (GPRS)
`networks, and (3) future third-generation (3G) networkslike
`Enhanced Data-rates for Global Evolution (EDGE) and Uni-
`versal Mobile Telecommunications Systems (UMTS). Some
`older examples of data-centric network include the Mobi-
`tex™ Radio Network and the DataTAC™ Radio Network.
`Examples of older voice-centric data networks include Per-
`sonal Communication Systems (PCS) networks like GSM,
`and TDMA systems.
`FIG.2 is a block diagram of a further example communi-
`cation system including multiple networks and multiple
`mobile communication devices. The system of FIG.2 is sub-
`stantially similar to the FIG. 1 system, but includes a host
`system 30, a redirection program 45, a mobile device cradle
`65, a wireless virtual private network (VPN) router 75, an
`additional wireless network 110 and multiple mobile com-
`munication devices 100. As described above in conjunction
`with FIG. 1, FIG. 2 represents an overview of a sample
`network topology. Although the encoded message processing
`systems and methods described herein may be applied to
`networks having many different topologies, the network of
`FIG.2 is useful in understanding an automatic e-mail redi-
`rection system mentioned briefly above.
`The central host system 30 will typically be a corporate
`office or other LAN,but may instead be a homeoffice com-
`puter or some other private system where mail messages are
`being exchanged. Within the host system 30 is the message
`server 40, running on some computer within the firewall of
`the host system, that acts as the main interface for the host
`system to exchange e-mail with the Internet 20. In the system
`of FIG.2, the redirection program 45 enables redirection of
`data items from the server 40 to a mobile communication
`device 100. Although the redirection program 45 is shown to
`reside on the same machineas the messageserver 40 for ease
`of presentation, there is no requirement that it must reside on
`the message server. The redirection program 45 and the mes-
`sage server 40 are designed to co-operate andinteract to allow
`the pushing of information to mobile devices 100. In this
`installation, the redirection program 45 takes confidential and
`non-confidential corporate information fora specific user and
`redirects it out through the corporate firewall to mobile
`devices 100. A more detailed description of the redirection
`software 45 may be found in the commonlyassigned U.S. Pat.
`No. 6,219,694 (“the 694 Patent’), entitled “System and
`Method for Pushing Information From A Host System To A
`Mobile Data Communication Device Having A Shared Elec-
`tronic Address”, and issued to the assignee of the instant
`application on Apr. 17, 2001,which is hereby incorporated
`into the present application by reference. This push technique
`may use a wireless friendly encoding, compression and
`encryption technique to deliver all information to a mobile
`device, thus effectively extending the security firewall to
`include each mobile device 100 associated with the host
`
`system 30.
`As shownin FIG. 2, there may be manyalternative paths
`for getting information to the mobile device 100. One method
`for loading information onto the mobile device 100 is through
`a port designated 50, using a device cradle 65. This method
`tends to be useful for bulk information updates often per-
`formedat initialization of a mobile device 100 with the host
`system 30 or a computer 35 within the system 30. The other
`main method for data exchangeis over-the-air using wireless
`
`9
`
`

`

`US 7,603,556 B2
`
`7
`networksto deliver the information. As shown in FIG.2, this
`may be accomplished through a wireless VPN router 75 or
`through a traditional Internet connection 95 to a wireless
`gateway 85 and a wireless infrastructure 90, as described
`above. The concept of a wireless VPN router 75 is new in the
`wireless industry and implies that a VPN connection could be
`established directly through a specific wireless network 110
`to a mobile device 100. The possibility of using a wireless
`VPNrouter 75 has only recently been available and could be
`used when the new Internet Protocol (IP) Version 6 (IPV6)
`arrives into IP-based wireless networks. This new protocol
`will provide enough IP addresses to dedicate an IP address to
`every mobile device 100 and thus make it possible to push
`information to a mobile device 100 at any time. A principal
`advantage ofusing this wireless VPN router 75is thatit could
`be an off-the-shelfVPN component, thus it would not require
`a separate wireless gateway 85 and wireless infrastructure 90
`to be used. A VPN connection would preferably be a Trans-
`mission Control Protocol (TCP/IP or User Datagram Proto-
`col (UDP)/IP connection to deliver the messages directly to
`the mobile device 100. If a wireless VPN 75is not available
`thena link 95to the Internet 20 is the most common connec-
`tion mechanism available and has been described above.
`
`8
`is connected to the desktop system 35, for instance through a
`serial link such as a universal serial bus (USB)link, the user
`of the desktop system 35 is prompted to enter a password in
`order to authenticate the user to the device 10. The desktop
`system 35 creates a one-way hash of the password provided
`by the user, and transmits the hash of the password to the
`device 10. The device 10 then compares the hash of the
`passwordto a stored hash of the device password.If the two
`values match, then the user is authenticated and the desktop
`system35 is allowed to form a connectionwiththe device 10.
`In this typical challenge response scheme,only the hash ofthe
`passwordis transmitted to the device 10. Ifthe passworditself
`weresent over the communicationslink, an attacker would be
`able to intercept the transmission and gain knowledgeof the
`password.
`FIG. 4 illustrates a challenge response schemein accor-
`dance with a preferred embodimentof the present invention.
`In the preferred embodiment, a requesting device, such asthe
`desktop system 35, is connected to an authenticating device,
`such as mobile device 10, using a communicationslink, such
`as a universal serial bus (USB) link, through which the
`requesting device may send a connection request. The con-
`nection request may be in the form of a software request sent
`to the authenticating device, or the detection of a change in a
`In the automatic redirection system of FIG. 2, a composed
`hardware state of the communications link. The authenticat-
`e-mail message 15 leaving the e-mail sender 10 arrivesat the
`ing device detects that a connection is being requested, and
`message server 40 andis redirected by the redirection pro-
`proceeds to authenticate the requesting device in accordance
`gram 45 to the mobile device 100. As this redirection takes
`with the challenge response scheme described below.It will
`place the message 15 is re-enveloped,as indicated at 80, and
`be understoodthat the authenticating device may only initiate
`a possibly proprietary compression and encryption algorithm
`the challenge response scheme if the authenticating device
`can then be applied to the original message 15. In this way,
`has been secured by a device password(stored_password). In
`messages being read on the mobile device 100 are no less
`order to determineif a requesting device needs to be authen-
`secure than ifthey were read on a desktop workstation such as
`ticated, the authenticating device may check for the presence
`35 within the firewall. All messages exchanged between the
`of a hash of the device password H(stored_password) in a
`redirection program 45 and the mobile device 100 preferably
`memory of the authenticating device. In other implementa-
`use this message repackaging technique. Anothergoalof this
`tions, the authentication device may checkfora flag indicat-
`outer envelope is to maintain the addressing information of
`ing whether the device has been secured.
`the original message except the sender’s and the receiver’s
`When the authenticating device detects a connection
`address. This allows reply messagesto reach the appropriate
`destination, and also allows the “from”field to reflect the
`request, it generates a Challenge c to issue to the requesting
`40
`
`mobile user’s desktop address. Using the user’s e-mail device. The Challenge c may beagroup ofbits that have been
`address from the mobile device 100 allows the received mes-
`randomly generated by the authenticating device. Alterna-
`tively, the numbersofbits used in the Challenge c mayalso be
`randomized. The authenticating device may use a hardware-
`based random number generator or a software-based random
`numbergenerator to generate the random Challenge c.
`The requesting device prompts the user of the requesting
`device for a password user_password. This password is
`hashed, using known hashing functions such as SHA-1, to
`create H(user_password) which is then combined with the
`Challenge c received from the authenticating device. In the
`preferred embodiment, the Challenge c and the hash of the
`password H(user_password) are concatenated together.It is
`understoodthat there are different ways in which to combine
`the two values. This combination of the Challenge c and the
`hash of the password H(user_password)is further hashed in
`order to generate a requesting encryption key k,=H(c|[H
`(user_password)) that is used in creating a responser to the
`challenge issued by the authenticating device. The responser
`is generated by en