COMPUTER SYSTEM FOR AUTHENTICATING A COMPUTING DEVICE
First Claim
1. A method for establishing a communications session between two computing devices connected to a network, the method comprising:
- receiving a request from a first registered computing device to establish a communications session with a second registered computing device;
receiving from the first registered computing device a first short-term authentication credential of the first registered computing device and a second short-term authentication credential of the second registered computing device;
authenticating the first registered computing device by sending the first registered computing device an authentication challenge, receiving an authentication challenge response from the first registered computing device, and using the received first short-term authentication credential of the first computing device to determine whether the authentication challenge response is a correct response to the authentication challenge; and
when the first registered computing device is authenticated, sending to the first registered computing device a session credential for use in completing establishment of the communications session with the second registered computing device.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device.
162 Citations
39 Claims
-
1. A method for establishing a communications session between two computing devices connected to a network, the method comprising:
-
receiving a request from a first registered computing device to establish a communications session with a second registered computing device; receiving from the first registered computing device a first short-term authentication credential of the first registered computing device and a second short-term authentication credential of the second registered computing device; authenticating the first registered computing device by sending the first registered computing device an authentication challenge, receiving an authentication challenge response from the first registered computing device, and using the received first short-term authentication credential of the first computing device to determine whether the authentication challenge response is a correct response to the authentication challenge; and when the first registered computing device is authenticated, sending to the first registered computing device a session credential for use in completing establishment of the communications session with the second registered computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for establishing a communications session between two computing devices connected to a network, the method comprising:
-
receiving a request from a first registered computing device to establish a communications session with a second registered computing device; receiving from the first registered computing device a first short-term authentication credential of the first registered computing device; authenticating the first registered computing device by sending the first registered computing device an authentication challenge, receiving an authentication challenge response from the first registered computing device, and using the received first short-term authentication credential of the first computing device to determine whether the authentication challenge response is a correct response to the authentication challenge; determining whether the first registered computing device is permitted to establish the communications session with the second registered computing device; and when the first registered computing device is authenticated and permitted to establish the communications session with the second registered computing device; sending to the first registered computing device a network address associated with the second registered computing device for use in completing establishment of the communications session with the second registered computing device, receiving from the first registered computing device a second short-term credential of the second registered computing device, sending to the first registered computing device a session credential for use in completing establishment of the communications session with the second registered computing device, and sending the session credential from the first registered computing device to the second registered computing device for use in completing establishment of the communications session with the second registered computing device. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A computer-readable medium or propagated signal having embodied thereon a computer program configured to establish a communications session between two computing devices connected to a network, the medium or signal comprising one or more code segments configured to:
-
receive a request from a first registered computing device to establish a communications session with a second registered computing device; receive from the first registered computing device a first short-term authentication credential of the first registered computing device and a second short-term authentication credential of the second registered computing device; authenticate the first registered computing device by sending the first registered computing device an authentication challenge, receiving an authentication challenge response from the first registered computing device, and using the received first short-term authentication credential of the first computing device to determine whether the authentication challenge response is a correct response to the authentication challenge; and when the first registered computing device is authenticated, send to the first registered computing device a session credential for use in completing establishment of the communications session with the second registered computing device. - View Dependent Claims (27, 28)
-
-
29. A computer-readable medium or propagated signal having embodied thereon a computer program configured to establish a communications session between two computing devices connected to a network, the medium or signal comprising one or more code segments configured to:
-
receive a request from a first registered computing device to establish a communications session with a second registered computing device; receive from the first registered computing device a first short-term authentication credential of the first registered computing device; authenticate the first registered computing device by sending the first registered computing device an authentication challenge, receiving an authentication challenge response from the first registered computing device, and using the received first short-term authentication credential of the first computing device to determine whether the authentication challenge response is a correct response to the authentication challenge; determine whether the first registered computing device is permitted to establish the communications session with the second registered computing device; and when the first registered computing device is authenticated and permitted to establish the communications session with the second registered computing device; send to the first registered computing device a network address associated with the second registered computing device for use in completing establishment of the communications session with the second registered computing device, receive from the first registered computing device a second short-term credential of the second registered computing device, send to the first registered computing device a session credential for use in completing establishment of the communications session with the second registered computing device, and send the session credential from the first registered computing device to the second registered computing device for use in completing establishment of the communications session with the second registered computing device. - View Dependent Claims (30, 31, 32)
-
-
33. A system for establishing a communications session between two computing devices connected to a network, the system comprising a processor connected to a storage device and one or more input/output devices, wherein the processor is configured to:
-
receive a request from a first registered computing device to establish a communications session with a second registered computing device; receive from the first registered computing device a first short-term authentication credential of the first registered computing device and a second short-term authentication credential of the second registered computing device; authenticate the first registered computing device by sending the first registered computing device an authentication challenge, receiving an authentication challenge response from the first registered computing device, and using the received first short-term authentication credential of the first computing device to determine whether the authentication challenge response is a correct response to the authentication challenge; and when the first registered computing device is authenticated, send to the first registered computing device a session credential for use in completing establishment of the communications session with the second registered computing device. - View Dependent Claims (34, 35)
-
-
36. A system for establishing a communications session between two computing devices connected to a network, the system comprising a processor connected to a storage device and one or more input/output devices, wherein the processor is configured to:
-
receive a request from a first registered computing device to establish a communications session with a second registered computing device; receive from the first registered computing device a first short-term authentication credential of the first registered computing device; authenticate the first registered computing device by sending the first registered computing device an authentication challenge, receiving an authentication challenge response from the first registered computing device, and using the received first short-term authentication credential of the first computing device to determine whether the authentication challenge response is a correct response to the authentication challenge; determine whether the first registered computing device is permitted to establish the communications session with the second registered computing device; and when the first registered computing device is authenticated and permitted to establish the communications session with the second registered computing device; send to the first registered computing device a network address associated with the second registered computing device for use in completing establishment of the communications session with the second registered computing device, receive from the first registered computing device a second short-term credential of the second registered computing device, and send to the first registered computing device a session credential for use in completing establishment of the communications session with the second registered computing device. - View Dependent Claims (37, 38, 39)
-
Specification