Automatic centralized authentication challenge response generation
First Claim
1. A method of authenticating a first device to a second device in a computer network comprising at least the first and second devices and an authentication server, the method comprising:
- receiving at the first device a challenge from the second device;
transmitting from the first device to the authentication server a request to generate a response to the received challenge;
receiving from the authentication server a reply to the request; and
terminating the authentication attempt or forwarding at least a portion of the reply containing a response to the second device based on the reply from the authentication server.
2 Assignments
0 Petitions
Accused Products
Abstract
A centralized challenge response verification server such as a RADIUS server is used to generate challenge responses as well as to verify challenge responses. In this way, the requirement for all machines to maintain a set of shared secrets corresponding to all potential peers is eliminated. In an embodiment of the invention, an authentication plug-in extends the RADIUS server to accept a challenge from an authenticatee and to generate a response to that challenge. The RADIUS server also acts to accept a challenge response and to verify that response. In an embodiment of the invention, a name service server maintains information regarding the network, and may also maintain an identification of network zones and storage profiles within which devices may intercommunicate or other network information.
45 Citations
20 Claims
-
1. A method of authenticating a first device to a second device in a computer network comprising at least the first and second devices and an authentication server, the method comprising:
-
receiving at the first device a challenge from the second device;
transmitting from the first device to the authentication server a request to generate a response to the received challenge;
receiving from the authentication server a reply to the request; and
terminating the authentication attempt or forwarding at least a portion of the reply containing a response to the second device based on the reply from the authentication server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable medium having thereon computer-readable instruction for performing a method of authenticating a first device to a second device in a computer network comprising at least the first and second devices and an authentication server, the instructions comprising instructions for:
-
receiving at the first device a challenge from the second device;
transmitting from the first device to the authentication server a request to generate a response to the received challenge;
receiving from the authentication server a reply to the request; and
terminating the authentication attempt or forwarding at least a portion of the reply containing a response to the second device based on the reply from the authentication server. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of mutual authentication of at least two devices in a network, at least one having data storage facilities, so that at least one device is granted access to at least a portion of the storage facilities of the other device, the method comprising:
-
sending a challenge from a first device to a second device based on a secret known to the first device and not to the second device;
at the second device, forwarding the challenge to a first authentication server;
receiving at the second device from the authentication server a response to the challenge;
forwarding from the second device to the first device the response to the challenge;
at the first device forwarding the response to a second authentication server;
at the first device receiving a reply from the second authentication server indicating that the response is valid; and
allowing access to the first device by the second device. - View Dependent Claims (18, 19, 20)
-
Specification