This invention relates to a method of performing a challenge-response process with pre-computed challenge-response pairs. The invention also relates to a computer program product, a system for performing such challenge-response processes and a combination of the system and a telecommunications cabinet.
In a challenge-response process, a challenging device sends a challenge message to a responding device, which sends a response message back to the challenging device. In the digital world, challenge-response processes are widely used in communication between digital devices. Often, one device performs a challenge-response process with another device in order to authenticate that other device.
Challenge-response processes can also be used in cryptographic applications. In some cryptographic applications of challenge-response processes, the challenging device holds a secret encryption key, which it uses to compute the “correct” response that it expects to receive from an authentic responding device upon sending a specific challenge to the responding device. If the challenging device is kept in a secured space, there is little risk that the encryption key might get compromised. However, if the challenging device is freely accessible, an attacker may have sufficient time to extract the encryption key from the challenging device, and abuse it.
In an effort to protect the secret key, the key is often not stored on the challenging device, but on a separate device, a source device, which may be located in a secured space, and which is at least temporarily operationally connected to the challenging device, for example, through a network. The source device generates challenge messages and computes for each challenge message the expected response message, using the secret key. It then provides the challenging device with these pairs of challenge messages and corresponding expected response messages, so-called challenge-response pairs or CRPs, which are stored on the challenging device. These CRPs enable the challenging device to perform a challenge-response process with a responding device and to verify the response it receives from the responding device, although the challenging device does not have the secret key. In a secure challenge-response process, CRPs are normally used only one single time, so that an attacker can not derive the expected response to a challenge from a previous challenge-response process.
Such a system is described in U.S. Patent Publication 2008/0159534, where an apparatus is used by devices to authenticate an accessory, and where a challenge and response memory stores challenges and pre-computed responses. An accessory receives a challenge from a device and generates a response thereto. An enabling circuit in the device compares the received response to the stored response.
In the International Patent Publication WO2007/041866, a mobile communication device is described that authenticates a smart battery prior to use. The device includes a main processor and device memory. The main processor sends an authentication request to the battery processor, which generates a response and sends it to the main processor. The smart battery is authenticated if the generated response matches security information stored on the device memory.
The security of challenge-response processes may be further enhanced by assigning a pre-computed challenge-response pair to certain responding devices, so that it can be used exclusively with these responding devices. In certain environments, a challenge-response pair is assigned to one single responding device. In this latter case, at least one challenge-response pair, assigned to this one responding device, must be present on the challenging device, before a challenge-response process can be performed between that specific responding device and the challenging device.
U.S. Patent Publication 2003/0233546A1 describes a challenge-response authentication procedure in which the overall authentication is initiated by a user transmitting a user ID to an intermediate party, which forwards the user ID to an associated authentication center in request for authentication data. Based on the received user ID, the authentication center identifies a secret key associated with the particular user.
Challenging devices are known that comprise challenge-response pairs for performing challenge-response processes with responding devices with which they have performed challenge-response processes before. An example may be a mobile phone network, in which an intermediate device holds challenge-response pairs for mobile phones that have been authenticated before. However, when a newly established responding device sends information, for example its digital identification or ID, to a challenging device in order to start a challenge-response process with that challenging device, a traditional challenging device had no pre-computed challenge-response pairs available that were assigned to that newly established responding device, so that the challenging device had to request loading of CRPs from a source device to the challenging device. While this loading of CRPs “on request” may be appropriate where the challenging device is permanently operationally connected to a source device, it does not allow for performing a challenge-response process with a newly established responding device when the challenging device is not operationally connected to the source device. A newly established responding device might thus, for example, remain unauthenticated and may not be allowed to perform its proper function, as long as the challenging device is not operationally connected to a source device, which might provide fresh CRPs to the challenging device. The present invention is addressing this problem.