1. Technical Field
The present invention relates generally to the field of communications, and in particular to a challenge response system and method.
2. Description of the Related Art
Mobile devices, such as personal digital assistants (PDAs), cellular phones, wireless communication devices and the like, are occasionally connected to a user's desktop system in order to synchronize information between the user's desktop system and their mobile device. Information such as a user's calendar, task list and phone book entries are examples of information that is routinely synchronized between the desktop system and the mobile device.
Such information is usually of a sensitive nature and should be secured. The user is thus provided with an option to specify a device password on the mobile device in order to secure the mobile device and prevent use of the device without knowledge of the device password.
When the mobile device is connected to the desktop system in order to synchronize information, the mobile device issues a challenge to the desktop system in order to determine if the desktop system is authorized to initiate a connection with the mobile device. The desktop system then provides a response to the mobile device. If the response provided by the desktop system matches the response expected by the mobile device, then the desktop system is allowed to connect to the mobile device and proceed to synchronize information.
Typically, the issued challenge is a request for the hash of the user password. A hash function, such as SHA-1, is a one-way function that takes an input or varying length and converts it into a unique output. The hash of the password provided by the user of the desktop system initiating a connection is sent to the device in response to the challenge by the mobile device. If the response matches the stored hash of the device password, the desktop system is allowed to connect to the mobile device and proceed to synchronize information.
The device password is typically not stored on the device. Only the hash of the device password is stored on the device. However, since the device password itself is not stored on the device, certain operations requiring use of the device password cannot be performed if only the hash of the device password is available on the mobile device. For instance, if the information on the mobile device is encrypted using the device password, then the device password must be supplied in order to decrypt the information prior to synchronizing with the desktop system.