Device-bound certificate authentication

US 10,432,609 B2
Filed: 03/08/2013
Issued: 10/01/2019
Est. Priority Date: 01/14/2011
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer readable medium useful in association with a computer which includes one or more processors and a memory, the computer readable medium including computer instructions which are configured to cause the computer, by execution of the computer instructions in the one or more processors from the memory, to bind a digital certificate that can be stored on a computer-readable medium to multiple devices by at least:

receiving at a server computer a request from a remote device through a computer network wherein the request identifies the certificate and identifies the multiple devices,retrieving the certificate;

for each of the multiple devices;

retrieving a digital fingerprint of the device; and

including the digital fingerprint in the certificate;

andsending the certificate with the included digital fingerprints to the remote device through the computer network;

wherein the server computer in response to the request serves a device driver cryptographically signed with the certificate so that any of the devices can install the device driver only upon a condition in which one of the digital fingerprints corresponds to the installing device.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device-bound certificate authority binds a certificate to one or more devices by including digital fingerprints of the devices in the certificate. A device only uses a device-bound certificate if the digital fingerprint of the device is included in the certificate and is verified. Thus, a certificate is only usable by one or more devices to which the certificate is explicitly bound. Such device-bound certificates can be used for various purposes served by certificates generally such as device driver authentication and authorization of access to secure content, for example.

Citations

8 Claims

1. A non-transitory computer readable medium useful in association with a computer which includes one or more processors and a memory, the computer readable medium including computer instructions which are configured to cause the computer, by execution of the computer instructions in the one or more processors from the memory, to bind a digital certificate that can be stored on a computer-readable medium to multiple devices by at least:
- receiving at a server computer a request from a remote device through a computer network wherein the request identifies the certificate and identifies the multiple devices,retrieving the certificate;
  
  for each of the multiple devices;
  
  retrieving a digital fingerprint of the device; and
  
  including the digital fingerprint in the certificate;
  
  andsending the certificate with the included digital fingerprints to the remote device through the computer network;
  
  wherein the server computer in response to the request serves a device driver cryptographically signed with the certificate so that any of the devices can install the device driver only upon a condition in which one of the digital fingerprints corresponds to the installing device.
- View Dependent Claims (2, 3, 4)
- - 2. The computer readable medium of claim 1 whereinthe remote device determines whether the digital fingerprint that is included in the certificate corresponds to the remote device;
    - andupon a condition in which the digital fingerprint corresponds to the remote device, accepts the certificate as legitimate.
  - 3. The computer readable medium of claim 1 wherein the remote device also uses the certificate to verify that a device driver is properly cryptographically signed as a precondition to installing the device driver only upon the condition in which the digital fingerprint corresponds to the remote device.
  - 4. The computer readable medium of claim 1 wherein the remote device determines whether the digital fingerprint that is included in the certificate corresponds to a requesting device from which the remote device has received a request for access to secure content of the remote device and, upon a condition in which the digital fingerprint corresponds to the requesting device and the remote device is preconfigured to recognize the requesting device as authorized to access the secure content, grants the request.

5. A computer system comprising:
- at least one processor;
  
  a non-transitory computer readable medium that is operatively coupled to the processor; and
  
  certificate serving logic (i) that, at least in part, executes in the processor from the computer readable medium and (ii) that, when executed by the processor, causes the computer to bind a digital certificate that can be stored on the computer-readable medium to multiple devices by at least;
  
  receiving at a server computer a request from a remote device through a computer network wherein the request identifies the certificate and identifies the multiple devices;
  
  retrieving the certificate;
  
  for each of the multiple devices;
  
  retrieving a digital fingerprint of the device; and
  
  including the digital fingerprint in the certificate;
  
  andsending the certificate with the included digital fingerprints to the remote device through the computer network;
  
  wherein the server computer in response to the request serves a device driver cryptographically signed with the certificate so that any of the devices can install the device driver only upon a condition in which one of the digital fingerprints corresponds to the installing device.
- View Dependent Claims (6, 7, 8)
- - 6. The computer system of claim 5 wherein the remote device determines whether the digital fingerprint that is included in the certificate corresponds to the remote device and, upon a condition in which the digital fingerprint corresponds to the remote device, accepts the certificate as legitimate.
  - 7. The computer system of claim 6 wherein the remote device also uses the certificate to verify that a device driver is properly cryptographically signed as a precondition to installing the device driver only upon the condition in which the digital fingerprint corresponds to the remote device.
  - 8. The computer system of claim 5 wherein the remote device determines whether the digital fingerprint that is included in the certificate corresponds to a requesting device from which the remote device has received a request for access to secure content of the remote device and, upon a condition in which the digital fingerprint corresponds to the requesting device and the remote device is preconfigured to recognize the requesting device as authorized to access the secure content, grants the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Device Authority Ltd.
Original Assignee
Device Authority Ltd.
Inventors
Etchegoyen, Craig S., Harjanto, Dono
Primary Examiner(s)
Lewis, Lisa C

Application Number

US13/791,006
Publication Number

US 20130212382A1
Time in Patent Office

2,398 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/33   using certificates

G06F 21/572   Secure firmware programming...

H04L 63/0823   using certificates cryptogr...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3263   involving certificates, e.g...

Device-bound certificate authentication

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Device-bound certificate authentication

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links