Device-level authentication with unique device identifiers
First Claim
1. A method comprising:
- transmitting, by a client device, a manufacturer security certificate to a provisioning server device, wherein the manufacturer security certificate is associated with a manufacturer of the client device;
establishing, between the client device and the provisioning server device, a secure connection, wherein the secure connection is established based on the manufacturer security certificate;
receiving, by the client device over the secure connection, a server security certificate, wherein the server security certificate identifies secure communication parameters of a pre-validated server device, wherein the pre-validated server device is not the provisioning server device;
obtaining, by the client device, a unique client device identifier, wherein the unique client device identifier is configured to support secure access to the pre-validated server device; and
based on the unique client device identifier, accessing, by the client device, protected information available to the pre-validated server device, wherein accessing the protected information occurs without the client device transmitting security credentials that identify a user of the client device to the pre-validated server device, wherein the client device stores a plurality of unique tokens, each token limited to use once per an epoch defined by a pre-established number of seconds, and wherein accessing the protected information comprises transmitting a message to establish a second secure connection with the pre-validated server device, wherein the message contains a particular token, from the plurality of unique tokens, that has not been used in a current epoch.
1 Assignment
0 Petitions
Accused Products
Abstract
An embodiment may include transmitting a manufacturer security certificate to a provisioning server device, and establishing, with the provisioning server device, a secure connection based on the manufacturer security certificate. The embodiment may also involve transmitting, over the secure connection, device data that characterizes the client device, and receiving, over the secure connection, a server security certificate. The embodiment may further include obtaining a unique client device identifier. The embodiment may additionally include, possibly based on the server security certificate and the unique client device identifier, accessing protected information available to a particular pre-validated server device.
-
Citations
19 Claims
-
1. A method comprising:
-
transmitting, by a client device, a manufacturer security certificate to a provisioning server device, wherein the manufacturer security certificate is associated with a manufacturer of the client device; establishing, between the client device and the provisioning server device, a secure connection, wherein the secure connection is established based on the manufacturer security certificate; receiving, by the client device over the secure connection, a server security certificate, wherein the server security certificate identifies secure communication parameters of a pre-validated server device, wherein the pre-validated server device is not the provisioning server device; obtaining, by the client device, a unique client device identifier, wherein the unique client device identifier is configured to support secure access to the pre-validated server device; and based on the unique client device identifier, accessing, by the client device, protected information available to the pre-validated server device, wherein accessing the protected information occurs without the client device transmitting security credentials that identify a user of the client device to the pre-validated server device, wherein the client device stores a plurality of unique tokens, each token limited to use once per an epoch defined by a pre-established number of seconds, and wherein accessing the protected information comprises transmitting a message to establish a second secure connection with the pre-validated server device, wherein the message contains a particular token, from the plurality of unique tokens, that has not been used in a current epoch. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. An article of manufacture including a non-transitory computer-readable medium, having stored thereon program instructions that, upon execution by a client device, cause the client device to perform operations comprising:
-
transmitting a manufacturer security certificate to a provisioning server device, wherein the manufacturer security certificate is associated with a manufacturer of the client device; establishing, between the client device and the provisioning server device, a secure connection, wherein the secure connection is established based on the manufacturer security certificate; receiving, over the secure connection, a server security certificate, wherein the server security certificate identifies secure communication parameters of a pre-validated server device, wherein the pre-validated server device is not the provisioning server device; obtaining a unique client device identifier, wherein the unique client device identifier is configured to support secure access to the pre-validated server device; and based on the unique client device identifier, accessing protected information available to the pre-validated server device, wherein accessing the protected information occurs without the client device transmitting security credentials that identify a user of the client device to the pre-validated server device, wherein the client device stores a plurality of unique tokens, each token limited to use once per an epoch defined by a pre-established number of seconds, and wherein accessing the protected information comprises transmitting a message to establish a second secure connection with the pre-validated server device, wherein the message contains a particular token, from the plurality of unique tokens, that has not been used in a current epoch. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A client device comprising:
-
a processor; memory; and program instructions, stored in the memory, that upon execution by the processor cause the client device to perform operations comprising; transmitting a manufacturer security certificate to a provisioning server device, wherein the manufacturer security certificate is associated with a manufacturer of the client device; establishing, between the client device and the provisioning server device, a secure connection, wherein the secure connection is established based on the manufacturer security certificate; receiving, over the secure connection, a server security certificate, wherein the server security certificate identifies secure communication parameters of a pre-validated server device, wherein the pre-validated server device is not the provisioning server device; obtaining a unique client device identifier, wherein the unique client device identifier is configured to support secure access to the pre-validated server device; and based on the unique client device identifier, accessing protected information available to the pre-validated server device, wherein accessing the protected information occurs without the client device transmitting security credentials that identify a user of the client device to the pre-validated server device, wherein the client device stores a plurality of unique tokens, each token limited to use once per an epoch defined by a pre-established number of seconds, and wherein accessing the protected information comprises transmitting a message to establish a second secure connection with the pre-validated server device, wherein the message contains a particular token, from the plurality of unique tokens, that has not been used in a current epoch.
-
Specification