`(10) Patent No.:
`(12) United States Patent
`
`Brown et al.
`(45) Date of Patent:
`Oct. 13, 2009
`
`USOO7603556B2
`
`(54) CHALLENGE RESPONSE-BASED DEVICE
`AUTHENTICATION SYSTEM AND METHOD
`
`(75)
`
`Inventors: Michael K. Brown, Kitchener (CA);
`Michael S. Brown, Waterloo (CA);
`Michael G Kirkup Waterloo (CA)
`'
`_
`’
`’
`Herbert A- ”“19: Waterloo (CA)
`
`.
`(73) ASSlgneei Research In Motion Limited, Waterloo,
`Ontario (CA)
`
`5,666,415 A *
`5,721,779 A
`6,064,736 A *
`
`9/1997 Kaufman .................... 713/ 159
`2/ 1998 Funk
`5/2000 Davis et a1.
`
`................. 713/155
`
`42003 me 6? 31'
`6,542,610 B2 *
`6,826,686 B1* 11/;004 Peyrav1an et a1.
`........... 713/168
`
`7,062,490 B2
`6/2006 Adya et a1.
`........
`707/10
`2002/0071566 A1*
`6/2002 Kurn .......................... 380/281
`2003/0065956 A1
`4/2003 Belapurkar et a1.
`........... 713/171
`2004/0158715 A1*
`8/2004 Peyravian et a1.
`zoos/0215233 A1*
`9/2005 Perera et a1.
`................ 455/411
`
`FOREIGN PATENT DOCUMENTS
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 598 days.
`
`W0 03/019856 A2
`W0
`:1: cited by examiner
`
`3/2003
`
`(21) App1.No.: 10/996,369
`
`(22)
`
`Filed:
`
`Nov. 26, 2004
`
`Primary ExamineriPonnoreay Pich
`(74) Attorney, Agent, or Firmilenna L. Wilson; Dimock
`Stratton LLP
`
`(65)
`
`Prior Publication Data
`
`(57)
`
`ABSTRACT
`
`NOV' 10’ 2005
`US 2005/0250473 A1
`Related US. Application Data
`
`(60) Provisional application No. 60/568,119, filed on May
`4, 2004.
`
`(51)
`
`Int. C1-
`(2006-01)
`H04L 932
`(52) US. Cl.
`............................... 713/169; 726/2; 726/3;
`726/4
`(58) Field of Classification Search ................. 713/168,
`713/ 169
`See application file for complete search history.
`_
`References Clted
`US. PATENT DOCUMENTS
`
`(56)
`
`5,418,854 A
`5,434,918 A *
`5,491,752 A *
`
`5/1995 Kaufman et a1.
`
`7/1995 Kung et a1. ........... 713/169
`2/1996 Kaufman et a1.
`.............. 380/30
`
`A challenge response scheme authenticates a requesting
`dev1ce by an authenticating dev1ce. The authenticating dev1ce
`generates and issues a challenge to the requesting dev1ce. The
`requesting device combines the challenge with a hash of a
`password provided by a user, and the combination is further
`hashed in order to generate a requesting encryption key used
`to encrypt the user supplied password. The encrypted user
`supplied password is sent to the authenticating device as a
`response to the issued challenge. The authenticating device
`generates an authenticating encryption key by generating the
`hash of a combination ofthe challenge and a stored hash of an
`authenticating device password. The authenticating encryp-
`tion key is used to decrypt the response in order to retrieve the
`user-supplied password. If the user-supplied password hash
`matches the stored authenticating device password hash, the
`requesting device is authenticated and the authenticating
`device is in possession of the password.
`
`24 Claims, 5 Drawing Sheets
`
`Requesting
`Device
`
`Authenticating
`Device
`
`Requm unryssworu
`from um
`
`Send connection request
`In device
`
`
`
`Delarmlna Incryption key
`k=H(Challanga u HlusarJasswordll
`
`
`
`
`
`naumine Enclypliorl Key
`k=H(Challange u
`
`H(sloredJasswom))
`
`Determine cnallenga
`
`Sena cnanango m
`DesktoP
`
`
`
`Determlna Response
`r=E(usar_password)
`
`Send RESPONSE in
`«via!
`
`
`
`
`Decrypt respmu using
`Encryption Kay k
`
`
` Disallow cannecilon
`
`
`NIDW connection
`
`APPLE 1012
`
`APPLE 1012
`
`1
`
`
`
`U.S. Patent
`
`Oct. 13, 2009
`
`Sheet 1 of5
`
`US 7,603,556 B2
`
`E-Mail Sender
`
`
`lilifliiflilfl
`llllllllfllifl
`
`
`
`
`Message Server System
`
`
`
`
`fl;
`
`Vifireless
`
`Network
`
`100
`
`Mobile
`
`Device
`
`Communication
`
`FIG. 1
`
`2
`
`
`
`U.S. Patent
`
`Oct. 13, 2009
`
`Sheet 2 of5
`
`US 7,603,556 B2
`
`is
`
`Host Location (example : Corporate Office)
`
`E-Mail Sender
`
` Physical
`
`,
`Cradle _'
`X's Certificate
`Device
`
`X's CRLs
`
`
`
`
`Other
`Illlllllflllll
`
`cifli‘n'é‘aet‘és
`nnnnuuu
`
`
`Desktop
` 60
`
`
`System
`
`
`75
`
`
`
`
`Firewall
`:
`\Mreless
`Infrastructu re
`
`
` Vlfireless
`
`
`Device
`
`1°“
`
`0'
`'
`
`Mobile Data
`Communication
`
`Device
`
`Network 1
`
`100
`
`MOblle Data
`Communication
`
`FIG. 2
`
`3
`
`
`
`U.S. Patent
`
`Oct. 13, 2009
`
`Sheet 3 of5
`
`US 7,603,556 B2
`
`Requesting
`Device
`
`Authenticating
`Device
`
`
`
`
`Request password from
`user
`
`
`Does H(user_password)
`match H(stored_password)?
`
`
`Disaliow connection
`
`NO
`
`Determine hash of
`
`password
`
`
`
`H(user_password)
`
`Allow connection
`
`
`Send H(user_password)
`to device
`
`
`FIG. 3
`
`PRIOR ART
`
`4
`
`
`
`U.S. Patent
`
`Oct. 13, 2009
`
`Sheet 4 of5
`
`US 7,603,556 B2
`
`Requesting
`Device
`
`Authenticating
`Device
`
`Request user_password
`from user
`
`
`
`Determine Challenge
`
`
`
`
`
`Send connection request
`to device
`
`
`Determine encryption key
`
`k=H(Cha|lenge || H(user_password))
`
`
`Send Challenge to
`Desktop
`
`Determine Response
`r=E(userJ)assword)
`
`Determine Encryption Key
`
`
`k=H(Cha|lenge ||
`H(stored_password))
`
`
`
`
`
`
`
`Send Response to
`device
`
`Decrypt response using
`Encryption Key k
`
`
`
`
`Does H(decrypted_response
`match H(stored_password)?
`
`
`
`
`
`Allow connection
` Disallow connection
`
`
`FIG. 4
`
`5
`
`
`
`US. Patent
`
`Oct. 13, 2009
`
`Sheet 5 of 5
`
`US 7,603,556 B2
`
`o:>5:23
`
`omm
`
`Nmm
`
`vmm
`
`Emogmx
`
`mmm
`
`mmm
`
`
`
`mcozmscsEEoomEmugmnsm
`
`
`
`wmcmméocm0250$50
`
`m.me
`
`
`
`rlrlul2382
`
`mmmcozmoEzEEooEma
`
`
`:01fitmmm_:m_o>-coz936.22
`
`Microprocessor
`
`32:22
`
`
`
`29.._m
`
`ooméom5:5
`
`3:622
`
`co=mo_::EEoo86>
`
`6
`
`
`
`
`US 7,603,556 B2
`
`1
`CHALLENGE RESPONSE-BASED DEVICE
`AUTHENTICATION SYSTEM AND METHOD
`
`REFERENCE TO PRIOR APPLICATIONS
`
`This application claims priority from US. Application No.
`60/568,119, filed May 4, 2004.
`
`BACKGROUND
`
`1. Technical Field
`
`The present invention relates generally to the field of com-
`munications, and in particular to a challenge response system
`and method.
`
`2. Description of the Related Art
`Mobile devices, such as personal digital assistants (PDAs),
`cellular phones, wireless communication devices and the
`like, are occasionally connected to a user’s desktop system in
`order to synchronize information between the user’s desktop
`system and their mobile device. Information such as a user’s
`calendar, task list and phone book entries are examples of
`information that is routinely synchronized between the desk-
`top system and the mobile device.
`Such information is usually ofa sensitive nature and should
`be secured. The user is thus provided with an option to specify
`a device password on the mobile device in order to secure the
`mobile device and prevent use of the device without knowl-
`edge of the device password.
`When the mobile device is connected to the desktop system
`in order to synchronize information, the mobile device issues
`a challenge to the desktop system in order to determine if the
`desktop system is authorized to initiate a connection with the
`mobile device. The desktop system then provides a response
`to the mobile device. If the response provided by the desktop
`system matches the response expected by the mobile device,
`then the desktop system is allowed to connect to the mobile
`device and proceed to synchronize information.
`Typically, the issued challenge is a request for the hash of
`the user password. A hash function, such as SHA-l, is a
`one-way function that takes an input or varying length and
`converts it into a unique output. The hash of the password
`provided by the user of the desktop system initiating a con-
`nection is sent to the device in response to the challenge by the
`mobile device. If the response matches the stored hash of the
`device password, the desktop system is allowed to connect to
`the mobile device and proceed to synchronize information.
`The device password is typically not stored on the device.
`Only the hash of the device password is stored on the device.
`However, since the device password itself is not stored on the
`device, certain operations requiring use of the device pass-
`word cannot be performed if only the hash of the device
`password is available on the mobile device. For instance, if
`the information on the mobile device is encrypted using the
`device password, then the device password must be supplied
`in order to decrypt the information prior to synchronizing
`with the desktop system.
`
`SUMMARY
`
`In accordance with the teachings provided herein, systems
`and methods are provided for a challenge response scheme
`within which a secret, such as a password, may be securely
`transferred between a requesting device and an authenticating
`device. As an example of a system and method, the authenti-
`cating device generates a challenge that is issued to the
`requesting device. The requesting device combines the chal-
`lenge with a hash of a password provided by a user of the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`
`requesting device, and the combination of the hash of the
`password and the challenge is further hashed in order to
`generate a requesting encryption key that is used to encrypt
`the user supplied password. The encrypted user supplied
`password is sent to the authenticating device as the response
`to the issued challenge. The authenticating device generates
`an authenticating encryption key by generating the hash of a
`combination of the challenge and a stored hash of an authen-
`ticating device password. The authenticating encryption key
`is used to decrypt the response in order to retrieve the user
`supplied password. If a hash of the user supplied password
`matches the stored hash of the authenticating device pass-
`word, then the requesting device has been authenticated and
`the authenticating device is in possession of the password.
`According to an aspect of the invention there is provided a
`method for authentication of a requesting device by an
`authenticating device, the requesting device and the authen-
`ticating device each being operative to carry out a one-way
`hash operation and to carry out a key-based encryption opera-
`tion, the authenticating device storing a hash of a defined
`password generated by applying the hash operation to the
`defined password, the authenticating device being further
`operative to carry out a key-based decryption operation for
`decrypting values obtained from the encryption operation, the
`method including the steps of:
`the requesting device receiving a user password and carry-
`ing out the hash operation on the user password to obtain a
`hash of the user password,
`the authenticating device determining and transmitting a
`challenge to the requesting device;
`the requesting device receiving the challenge and defining
`a requesting encryption key by carrying out the hash opera-
`tion on a combination ofthe challenge and the hash ofthe user
`password,
`the requesting device carrying out the encryption operation
`using the requesting encryption key to encrypt the user pass-
`word,
`the requesting device transmitting a response including the
`encrypted user password to the authenticating device,
`the authenticating device receiving the response and defin-
`ing an authenticating encryption key by carrying out the hash
`operation on a combination of the challenge and the hash of
`the defined password;
`the authenticating device using the authenticating encryp-
`tion key in the decryption operation to decrypt the response to
`obtain a decrypted user password and carrying out the one-
`way hash operation on the decrypted user password;
`the authenticating device comparing the hash of the
`decrypted user password with the hash of the defined pass-
`word to authenticate the requesting device when the compari-
`son indicates a match.
`
`According to a further aspect of the invention there is
`provided the above method further including the step of the
`authenticating device using the decrypted user password to
`carry out operations on the authenticating device.
`According to a further aspect of the invention there is
`provided the above method in which the authenticating
`device is a wireless handheld device and the requesting device
`is a desktop computer and in which the authentication of the
`requesting device is required to establish a connection
`between the wireless handheld device and the requesting
`device, the method further including the step ofthe requesting
`device sending a connection request to the authenticating
`device prior to the authenticating device determining a chal-
`lenge and in which the step of authenticating the requesting
`device includes the step of refusing to establish a connection
`
`7
`
`
`
`US 7,603,556 B2
`
`3
`when the hash of the decrypted user password does not match
`the hash of the defined password.
`According to a further aspect of the invention there is
`provided the a computing device program product including
`code operative to perform the above methods.
`According to a further aspect of the invention there is
`provided a system for an authentication device to authenticate
`a requesting device, including:
`a challenge generator for generating a challenge,
`a communications link for transmitting the challenge to the
`requesting device and receiving a response to the challenge
`from the requesting device, the response including a request-
`ing password encrypted using a requesting encryption key,
`the requesting encryption key including a hash of a combina-
`tion of the challenge and a hash of the requesting password;
`a hash generator for generating an authenticating encryp-
`tion key by hashing a combination ofthe challenge and a hash
`of a predetermined password;
`a decryptor for decrypting the encrypted requesting pass-
`word using the authenticating encryption key to obtain a
`decrypted response; and
`a comparator for comparing a hash of the decrypted
`response with the hash of the predetermined password,
`whereby if the hash of the decrypted requesting password
`matches the hash ofthe predetermined pas sword, the request-
`ing device is authenticated.
`According to a further aspect of the invention there is
`provided a method for securely transmitting information to a
`receiving device, the receiving device being provided with a
`hash of the information, a random number, and a receiving
`encryption key including a hash of the random number and
`the hash of the information, including the steps of:
`receiving a random number from the receiving device;
`encoding the information to produce a hash of the infor-
`mation;
`combining the random number with the hash of the infor-
`mation;
`hashing the combined random number and hash of the
`information to produce a transmitting encryption key;
`encrypting the information using the transmitting encryp-
`tion key;
`transmitting the encrypted information to the receiving
`device for decryption by the receiving device using the
`receiving encryption key.
`According to a further aspect of the invention there is
`provided a method for a requesting device to be authenticated
`by an authenticating device, the requesting device receiving a
`user password, the authenticating device being provided with
`a hash of a predetermined password, a random number, and a
`receiving encryption key including a hash of the random
`number and the hash of the predetermined password, includ-
`ing the steps of the requesting device:
`receiving a random number from the authenticating device;
`encoding the user password to produce a hash of the user
`password;
`combining the random number with the hash of the user
`password;
`hashing the combined random number and hash ofthe user
`password to produce a transmitting encryption key;
`encrypting the user password using the transmitting
`encryption key;
`transmitting the encrypted user password to the authenti-
`cating device for authentication by decryption by the authen-
`ticating device using the receiving encryption key.
`According to a further aspect of the invention there is
`provided a method for authentication of a requesting device
`by an authenticating device, the requesting device and the
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`4
`
`authenticating device each being operative to carry out a
`one-way hash operation and to carry out a key-based encryp-
`tion operation, the authenticating device storing a hash of a
`defined pas sword generated by applying the hash operation to
`the defined pas sword, the authenticating device being further
`operative to carry out a key-based decryption operation for
`decrypting values obtained from the encryption operation, the
`method including the steps of the authenticating device:
`determining and transmitting a challenge to the requesting
`device;
`the
`receiving a response from the requesting device,
`response including a requesting encryption key determined
`by carrying out the hash operation on a combination of the
`challenge and a hash of a received user password, the hash
`being defined by carrying out the hash operation on the
`received user password,
`defining an authenticating encryption key by carrying out
`the hash operation on a combination of the challenge and the
`hash of the defined password;
`using the authenticating encryption key in the decryption
`operation to decrypt the response to obtain a decrypted user
`password and carrying out the one-way hash operation on the
`decrypted user password;
`comparing the hash of the decrypted user password with
`the hash of the defined password to authenticate the request-
`ing device when the comparison indicates a match.
`As will be appreciated, the invention is capable ofother and
`different embodiments, and its several details are capable of
`modifications in various respects, all without departing from
`the spirit of the invention. Accordingly, the drawings and
`description of the preferred embodiments set forth below are
`to be regarded as illustrative in nature and not restrictive.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is a block diagram of a communication system for
`use with a requesting device and authenticating device.
`FIG. 2 is a block diagram of a further communication
`system for use with multiple devices.
`FIG. 3 is a schematic representation of a prior art chal-
`lenge-response method.
`FIG. 4 is a schematic representation of challenge-response
`for a requesting device and authenticating device.
`FIG. 5 is a block diagram of a mobile communication
`device for use with the method illustrated in FIG. 4.
`
`DETAILED DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 is an overview of an example communication sys-
`tem in which a wireless communication device may be used.
`One skilled in the art will appreciate that there may be hun-
`dreds of different topologies, but the system shown in FIG. 1
`helps demonstrate the operation of the encoded message pro-
`cessing systems and methods described in the present appli-
`cation. There may also be many message senders and recipi-
`ents. The simple system shown in FIG. 1 is for illustrative
`purposes only, and shows perhaps the most prevalent Internet
`e-mail environment where security is not generally used.
`FIG. 1 shows an e-mail sender 10, the Internet 20, a mes-
`sage server system 40, a wireless gateway 85, wireless infra-
`structure 90, a wireless network 105 and a mobile commum-
`cation device 100.
`
`An e-mail sender system 10 may, for example, be con-
`nected to an ISP (Internet Service Provider) on which a user
`of the system 10 has an account, located within a company,
`possibly connected to a local area network (LAN), and con-
`nected to the Internet 20, or connected to the Internet 20
`
`8
`
`
`
`US 7,603,556 B2
`
`5
`through a large ASP (application service provider) such as
`AMERICA ONLINE® (AOL). Those skilled in the art will
`appreciate that the systems shown in FIG. 1 may instead be
`connected to a wide area network (WAN) other than the
`Internet, although e-mail transfers are commonly accom-
`plished through Internet-connected arrangements as shown in
`FIG. 1.
`
`The message server 40 may be implemented, for example,
`on a network computer within the firewall of a corporation, a
`computer within an ISP or ASP system or the like, and acts as
`the main interface for e-mail exchange over the Internet 20.
`Although other messaging systems might not require a mes-
`sage server system 40, a mobile device 100 configured for
`receiving and possibly sending e-mail will normally be asso-
`ciated with an account on a message server. Perhaps the two
`most
`common message
`servers
`are MICROSOFT®
`EXCHANGE and LOTUS DOMINO®. These products are
`often used in conjunction with Internet mail routers that route
`and deliver mail. These intermediate components are not
`shown in FIG. 1, as they do not directly play a role in the
`secure message processing described below. Message servers
`such as server 40 typically extend beyondjust e-mail sending
`and receiving; they also include dynamic database storage
`engines that have predefined database formats for data like
`calendars, to-do lists, task lists, e-mail and documentation.
`The wireless gateway 85 and infrastructure 90 provide a
`link between the Internet 20 and wireless network 105. The
`
`wireless infrastructure 90 determines the mo st likely network
`for locating a given user and tracks the user as they roam
`between countries or networks . A mes sage is then delivered to
`the mobile device 100 via wireless transmission, typically at
`a radio frequency (RF), from a base station in the wireless
`network 105 to the mobile device 100. The particular network
`105 may be virtually any wireless network over which mes-
`sages may be exchanged with a mobile communication
`device.
`
`As shown in FIG. 1, a composed e-mail message 15 is sent
`by the e-mail sender 10, located somewhere on the Internet
`20. This message 15 is normally fully in the clear and uses
`traditional Simple Mail Transfer Protocol (SMTP), RFC822
`headers and Multipurpose Internet Mail Extension (MIME)
`body parts to define the format of the mail message. These
`techniques are all well known to those skilled in the art. The
`message 15 arrives at the message server 40 and is normally
`stored in a message store. Most known messaging systems
`support a so-called “pull” message access scheme, wherein
`the mobile device 100 must request that stored messages be
`forwarded by the message server to the mobile device 100.
`Some systems provide for automatic routing of such mes-
`sages which are addressed using a specific e-mail address
`associated with the mobile device 100. In a preferred embodi-
`ment described in further detail below, messages addressed to
`a message server account associated with a host system such
`as a home computer or ofiice computer which belongs to the
`user of a mobile device 100 are redirected from the message
`server 40 to the mobile device 100 as they are received.
`Regardless of the specific mechanism controlling the for-
`warding of messages to the mobile device 100, the message
`15, or possibly a translated or reformatted version thereof, is
`sent to the wireless gateway 85. The wireless infrastructure 90
`includes a series of connections to wireless network 105.
`
`These connections could be Integrated Services Digital Net-
`work (ISDN), Frame Relay or T1 connections using the TCP/
`IP protocol used throughout the Internet. As used herein, the
`term “wireless networ ” is intended to include three different
`types of networks, those being (1) data-centric wireless net-
`works, (2) voice-centric wireless networks and (3) dual-mode
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`6
`networks that can support both voice and data communica-
`tions over the same physical base stations. Combined dual-
`mode networks include, but are not limited to, (1) Code
`Division Multiple Access (CDMA) networks, (2) the Groupe
`Special Mobile or the Global System for Mobile Communi-
`cations (GSM) and the General Packet Radio Service (GPRS)
`networks, and (3) future third-generation (3G) networks like
`Enhanced Data-rates for Global Evolution (EDGE) and Uni-
`versal Mobile Telecommunications Systems (UMTS). Some
`older examples of data-centric network include the Mobi-
`texTM Radio Network and the DataTACTM Radio Network.
`
`Examples of older voice-centric data networks include Per-
`sonal Communication Systems (PCS) networks like GSM,
`and TDMA systems.
`FIG. 2 is a block diagram of a further example communi-
`cation system including multiple networks and multiple
`mobile communication devices. The system of FIG. 2 is sub-
`stantially similar to the FIG. 1 system, but includes a host
`system 30, a redirection program 45, a mobile device cradle
`65, a wireless virtual private network (VPN) router 75, an
`additional wireless network 110 and multiple mobile com-
`munication devices 100. As described above in conjunction
`with FIG. 1, FIG. 2 represents an overview of a sample
`network topology. Although the encoded message processing
`systems and methods described herein may be applied to
`networks having many different topologies, the network of
`FIG. 2 is useful in understanding an automatic e-mail redi-
`rection system mentioned briefly above.
`The central host system 30 will typically be a corporate
`office or other LAN, but may instead be a home office com-
`puter or some other private system where mail messages are
`being exchanged. Within the host system 30 is the message
`server 40, running on some computer within the firewall of
`the host system, that acts as the main interface for the host
`system to exchange e-mail with the Internet 20. In the system
`of FIG. 2, the redirection program 45 enables redirection of
`data items from the server 40 to a mobile communication
`
`device 100. Although the redirection program 45 is shown to
`reside on the same machine as the message server 40 for ease
`of presentation, there is no requirement that it must reside on
`the message server. The redirection program 45 and the mes-
`sage server 40 are designed to co-operate and interact to allow
`the pushing of information to mobile devices 100. In this
`installation, the redirection program 45 takes confidential and
`non-confidential corporate information for a specific user and
`redirects it out through the corporate firewall to mobile
`devices 100. A more detailed description of the redirection
`software 45 may be found in the commonly assignedU.S. Pat.
`No. 6,219,694 (“the ’694 Patent”), entitled “System and
`Method for Pushing Information From A Host System To A
`Mobile Data Communication Device HavingA Shared Elec-
`tronic Address”, and issued to the assignee of the instant
`application on Apr. 17, 2001,which is hereby incorporated
`into the present application by reference. This push technique
`may use a wireless friendly encoding, compression and
`encryption technique to deliver all information to a mobile
`device, thus effectively extending the security firewall to
`include each mobile device 100 associated with the host
`
`system 30.
`As shown in FIG. 2, there may be many alternative paths
`for getting information to the mobile device 100. One method
`for loading information onto the mobile device 100 is through
`a port designated 50, using a device cradle 65. This method
`tends to be useful for bulk information updates often per-
`formed at initialization of a mobile device 100 with the host
`system 30 or a computer 35 within the system 30. The other
`main method for data exchange is over-the-air using wireless
`
`9
`
`
`
`US 7,603,556 B2
`
`7
`networks to deliver the information. As shown in FIG. 2, this
`may be accomplished through a wireless VPN router 75 or
`through a traditional Internet connection 95 to a wireless
`gateway 85 and a wireless infrastructure 90, as described
`above. The concept of a wireless VPN router 75 is new in the
`wireless industry and implies that a VPN connection could be
`established directly through a specific wireless network 110
`to a mobile device 100. The possibility of using a wireless
`VPN router 75 has only recently been available and could be
`used when the new lntemet Protocol (IP) Version 6 (IPV6)
`arrives into IP-based wireless networks. This new protocol
`will provide enough IP addresses to dedicate an IP address to
`every mobile device 100 and thus make it possible to push
`information to a mobile device 100 at any time. A principal
`advantage ofusing this wireless VPN router 75 is that it could
`be an off-the-shelfVPN component, thus it would not require
`a separate wireless gateway 85 and wireless infrastructure 90
`to be used. A VPN connection would preferably be a Trans-
`mission Control Protocol (TCP)/IP or User Datagram Proto-
`col (UDP)/IP connection to deliver the messages directly to
`the mobile device 100. If a wireless VPN 75 is not available
`then a link 95 to the Internet 20 is the most common c01mec-
`tion mechanism available and has been described above.
`
`In the automatic redirection system of FIG. 2, a composed
`e-mail message 15 leaving the e-mail sender 10 arrives at the
`message server 40 and is redirected by the redirection pro-
`gram 45 to the mobile device 100. As this redirection takes
`place the message 15 is re-enveloped, as indicated at 80, and
`a possibly proprietary compression and encryption algorithm
`can then be applied to the original message 15. In this way,
`messages being read on the mobile device 100 are no less
`secure than ifthey were read on a desktop workstation such as
`35 within the firewall. All messages exchanged between the
`redirection program 45 and the mobile device 100 preferably
`use this message repackaging technique. Another goal of this
`outer envelope is to maintain the addressing information of
`the original message except the sender’s and the receiver’s
`address. This allows reply messages to reach the appropriate
`destination, and also allows the “from” field to reflect the
`mobile user’s desktop address. Using the user’s e-mail
`address from the mobile device 100 allows the received mes-
`
`sage to appear as though the message originated from the
`user’s desktop system 35 rather than the mobile device 100.
`With reference back to the port 50 and cradle 65 c01mec-
`tivity to the mobile device 100, this connection path offers
`many advantages for enabling one-time data exchange of
`large items. For those skilled in the art of personal digital
`assistants (PDAs) and synchronization, the most common
`data exchanged over this link is Personal Information Man-
`agement (PIM) data 55. When exchanged for the first time
`this data tends to be large in quantity, bulky in nature and
`requires a large bandwidth to get loaded onto the mobile
`device 100 where it can be used on the road. This serial link
`may also be used for other purposes, including setting up a
`private security key 111 such as an S/MIME or PGP specific
`private key, the Certificate (Cert) of the user and their Certifi-
`cate Revocation Lists (CRLs) 60. The private key is prefer-
`ably exchanged so that the desktop 35 and mobile device 100
`share one personality and one method for accessing all mail.
`The Cert and CRLs are nonnally exchanged over such a link
`because they represent a large amount of the data that is
`required by the device for S/MIME, PGP and other public key
`security methods.
`FIG. 3 shows a typical challenge response scheme used by
`an authenticating device, such as mobile device 10 to authen-
`ticate a requesting device, such as desktop system 35 that may
`be requesting a connection to the device 10. When device 10
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`8
`is connected to the desktop system 35, for instance through a
`serial link such as a universal serial bus (USB) link, the user
`of the desktop system 35 is prompted to enter a password in
`order to authenticate the user to the device 10. The desktop
`system 35 creates a one-way hash of the password provided
`by the user, and transmits the hash of the password to the
`device 10. The device 10 then compares the hash of the
`password to a stored hash of the device password. If the two
`values match, then the user is authenticated and the desktop
`system 35 is allowed to fonn a connection with the device 10.
`In this typical challenge response scheme, only the hash ofthe
`password is transmitted to the device 10. Ifthe password itself
`were sent over the communications link, an attacker would be
`able to intercept the transmission and gain knowledge of the
`password.
`FIG. 4 illustrates a challenge response scheme in accor-
`dance with a preferred embodiment of the present invention.
`In the preferred embodiment, a requesting device, such as the
`desktop system 35, is connected to an authenticating device,
`such as mobile device 10, using a communications link, such
`as a universal serial bus (USB) link, through which the
`requesting device may send a connection request. The con-
`nection request may be in the form of a software request sent
`to the authenticating device, or the detection of a change in a
`hardware state of the communications link. The authenticat-
`
`ing device detects that a connection is being requested, and
`proceeds to authenticate the requesting device in accordance
`with the challenge response scheme described below. It will
`be understood that the authenticating device may only initiate
`the challenge response scheme if the authenticating device
`has been secured by a device password (stored_password). In
`order to determine if a reques