Automatic centralized authentication challenge response generation
First Claim
1. A method of authenticating a first device to a second device in a computer network comprising at least the first and second devices and an authentication server, the method comprising:
- receiving at the first device a challenge from the second device;
transmitting from the first device to the authentication server a request to generate a response to the received challenge;
receiving from the authentication server a reply to the request; and
terminating the authentication attempt or forwarding at least a portion of the reply containing a response to the second device based on the reply from the authentication server.
2 Assignments
0 Petitions
Accused Products
Abstract
A centralized challenge response verification server such as a RADIUS server is used to generate challenge responses as well as to verify challenge responses. In this way, the requirement for all machines to maintain a set of shared secrets corresponding to all potential peers is eliminated. In an embodiment of the invention, an authentication plug-in extends the RADIUS server to accept a challenge from an authenticatee and to generate a response to that challenge. The RADIUS server also acts to accept a challenge response and to verify that response. In an embodiment of the invention, a name service server maintains information regarding the network, and may also maintain an identification of network zones and storage profiles within which devices may intercommunicate or other network information.
-
Citations
20 Claims
-
1. A method of authenticating a first device to a second device in a computer network comprising at least the first and second devices and an authentication server, the method comprising:
-
receiving at the first device a challenge from the second device;
transmitting from the first device to the authentication server a request to generate a response to the received challenge;
receiving from the authentication server a reply to the request; and
terminating the authentication attempt or forwarding at least a portion of the reply containing a response to the second device based on the reply from the authentication server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable medium having thereon computer-readable instruction for performing a method of authenticating a first device to a second device in a computer network comprising at least the first and second devices and an authentication server, the instructions comprising instructions for:
-
receiving at the first device a challenge from the second device;
transmitting from the first device to the authentication server a request to generate a response to the received challenge;
receiving from the authentication server a reply to the request; and
terminating the authentication attempt or forwarding at least a portion of the reply containing a response to the second device based on the reply from the authentication server. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of mutual authentication of at least two devices in a network, at least one having data storage facilities, so that at least one device is granted access to at least a portion of the storage facilities of the other device, the method comprising:
-
sending a challenge from a first device to a second device based on a secret known to the first device and not to the second device;
at the second device, forwarding the challenge to a first authentication server;
receiving at the second device from the authentication server a response to the challenge;
forwarding from the second device to the first device the response to the challenge;
at the first device forwarding the response to a second authentication server;
at the first device receiving a reply from the second authentication server indicating that the response is valid; and
allowing access to the first device by the second device. - View Dependent Claims (18, 19, 20)
-
Specification