	US 12,218,939 B2
	Authentication method
Sebastian Fach, Schwalbach a. Ts. (DE); Gilles Yvars, Schwalbach a. Ts. (DE); and Ahmad Sabouri, Schwalbach a. Ts. (DE)
Assigned to Continental Teves AG & Co. OHG, Frankfurt am Main (DE)
Filed by Continental Teves AG & Co. OHG, Frankfurt am Main (DE)
Filed on Nov. 17, 2022, as Appl. No. 17/989,390.
Application 17/989,390 is a division of application No. 17/168,455, filed on Feb. 5, 2021, granted, now 11,533,310.
Claims priority of application No. 20315016 (EP), filed on Feb. 7, 2020.
Prior Publication US 2023/0108770 A1, Apr. 6, 2023
Int. Cl. H04L 9/40 (2022.01); B60R 25/24 (2013.01)

CPC H04L 63/0884 (2013.01) [B60R 25/24 (2013.01); H04L 63/0442 (2013.01); H04L 63/0869 (2013.01)]

5 Claims

1. A method to perform a mutual authentication between a first entity and a third entity via a second entity, based on an authentication protocol used by the first entity and the third entity, wherein the second entity forwards mutual authentication messages between the first entity and the third entity, the method comprising:

a) starting mutual authentication by frontloading, by the third entity, a first part of an authentication protocol to the second entity and keeping at least a missing part of the authentication protocol at the third entity, the frontloaded first part of the authentication protocol comprising a first encrypted number and generating a second encrypted number by the first entity, the second encrypted number comprising content of the first encrypted number;

b) receiving, by the third entity from the second entity, a wake-up signal to the third entity and an indication to continue the mutual authentication between the first entity and the second entity and rerouting, by the second entity, the mutual authentication messages, when the third entity woke up from Low Power Mode, the rerouting comprising transmitting the second encrypted number from the second entity to the third entity; and

c) continuing, by the third entity, the mutual authentication between the first entity and the third entity based on the missing part of the authentication protocol, continuing after receiving the second encrypted number from the second entity, the missing part of the authentication protocol comprising instructions for the third entity to derive a session key based on the second encrypted number and instructions for the first entity to derive a session key based on a third encrypted number generated and transmitted by the third entity, the third encrypted number comprising content of the second encrypted number, and using the respective session keys by the first entity and the third entity to exchange authenticated messages between the first entity and the third entity.