AUTHENTICATING A DEVICE WITH A SERVER OVER A NETWORK

US 20100146275A1
Filed: 12/09/2008
Published: 06/10/2010
Est. Priority Date: 12/09/2008
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a device with a server over a network, the method comprising the steps of:

authenticating, by the device, the server so as to establish a secure connection with the server;

communicating, by the device, identification information of the device to the server, wherein the identification information uniquely identifies the device to the server;

determining, by the server, the credibility of the device using the identification information communicated by the device; and

in a case where the server determines that the device is credible;

creating, by the server, a first authentication token for the device;

storing, by the server, the first authentication token;

transferring, by the server, the first authentication token to the device using the secure connection;

storing, by the device, the first authentication token; and

authenticating, by the server, the device using the first authentication token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The authentication of a device with a server over a network includes authenticating, by the device, the server so as to establish a secure connection with the server. The device communicates identification information of the device to the server, wherein the identification information uniquely identifies the device to the server. The server determines the credibility of the device using the identification information communicated by the device. In a case where the server determines that the device is credible, the server creates a first authentication token for the device, stores the first authentication token, and transfers the first authentication token to the device using the secure connection, and the device stores the first authentication token. The server authenticates the device using the first authentication token.

99 Citations

View as Search Results

20 Claims

1. A method of authenticating a device with a server over a network, the method comprising the steps of:
- authenticating, by the device, the server so as to establish a secure connection with the server;
  
  communicating, by the device, identification information of the device to the server, wherein the identification information uniquely identifies the device to the server;
  
  determining, by the server, the credibility of the device using the identification information communicated by the device; and
  
  in a case where the server determines that the device is credible;
  
  creating, by the server, a first authentication token for the device;
  
  storing, by the server, the first authentication token;
  
  transferring, by the server, the first authentication token to the device using the secure connection;
  
  storing, by the device, the first authentication token; and
  
  authenticating, by the server, the device using the first authentication token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method according to claim 1, wherein the determining the credibility of the device comprises accessing, by the server, a database to determine whether the identification information supplied by the device reasonably and credibly identifies the device.
  - 3. A method according to claim 1, wherein the identification information comprises at least one of a device model number, a firmware revision, a Media Access Control (MAC) address, and a device serial number.
  - 4. A method according to claim 1, wherein the authenticating the device is based on a challenge-response mechanism which employs the first authentication token to authenticate the device with the server.
  - 5. A method according to claim 1, wherein the secure connection is a Secure Sockets Layer (SSL) connection.
  - 6. A method according to claim 1, wherein the authenticating the server comprises:
    - creating, by the server, a second authentication token;
      
      storing, by the server, the second authentication token;
      
      transferring, by the server, the second authentication token to the device using the secure connection; and
      
      storing, by the device, the second authentication token,wherein the server is authenticated using the second authentication token.
  - 7. A method according to claim 1, further comprising:
    - providing, by a user, a password to the server out-of-band, prior to the device authenticating the server.
  - 8. A method according to claim 7, wherein the user provides the password to the server via a browser or other web application.
  - 9. A method according to claim 1, further comprising:
    - determining, by the device, which server to authenticate, prior to the device authenticating the server.
  - 10. A method according to claim 9, wherein the server is determined from a predetermined, initial configuration of the device.
  - 11. A method according to claim 9, wherein the server is determined from a manual configuration of an administrator.
  - 12. A method according to claim 9, wherein the server is determined by connecting to a primary server, which in turn selects the server from one or more secondary servers, and which redirects the device to the selected secondary server.

13. A computer-readable memory medium on which is stored computer-executable process steps for causing a computer to authenticate a device with a server over a network, the process steps comprising:
- authenticating, by the device, the server so as to establish a secure connection with the server;
  
  communicating, by the device, identification information of the device to the server, wherein the identification information uniquely identifies the device to the server;
  
  determining, by the server, the credibility of the device using the identification information communicated by the device; and
  
  in a case where the server determines that the device is credible;
  
  creating, by the server, a first authentication token for the device;
  
  storing, by the server, the first authentication token;
  
  transferring, by the server, the first authentication token to the device using the secure connection;
  
  storing, by the device, the first authentication token; and
  
  authenticating, by the server, the device using the first authentication token.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A computer-readable memory medium according to claim 13, wherein the determining the credibility of the device comprises accessing, by the server, a database to determine whether the identification information supplied by the device reasonably and credibly identifies the device.
  - 15. A computer-readable memory medium according to claim 13, wherein the identification information comprises at least one of a device model number, a firmware revision, a MAC address, and a device serial number.
  - 16. A computer-readable memory medium according to claim 13, wherein the authenticating the device is based on a challenge-response mechanism which employs the first authentication token to authenticate the device with the server.
  - 17. A computer-readable memory medium according to claim 13, wherein the secure connection is an SSL connection.
  - 18. A computer-readable memory medium according to claim 13, wherein the authenticating the server comprises:
    - creating, by the server, a second authentication token;
      
      storing, by the server, the second authentication token;
      
      transferring, by the server, the second authentication token to the device using the secure connection; and
      
      storing, by the device, the second authentication token,wherein the server is authenticated using the second authentication token.

19. A device for authentication by a server over a network, the device comprising:
- a computer-readable memory constructed to store computer-executable process steps; and
  
  a processor constructed to execute the computer-executable process steps stored in the memory;
  
  wherein the computer-executable process steps comprise;
  
  authenticating the server so as to establish a secure connection with the server;
  
  communicating identification information of the device to the server, wherein the identification information uniquely identifies the device to the server; and
  
  in a case where the server determines that the device is credible based on the identification information,receiving a first authentication token from the server; and
  
  storing the first authentication token,wherein the device is authenticated by the server using the first authentication token.

20. A server for authenticating a device over a network, the server comprising:
- a computer-readable memory constructed to store computer-executable process steps; and
  
  a processor constructed to execute the computer-executable process steps stored in the memory;
  
  wherein the computer-executable process steps comprise;
  
  being authenticated by the device, so as to establish a secure connection between the device and the server;
  
  receiving identification information from the device, wherein the identification information uniquely identifies the device to the server;
  
  determining the credibility of the device using the identification information; and
  
  in a case where it is determined that the device is credible;
  
  creating a first authentication token for the device;
  
  storing the first authentication token;
  
  transferring the first authentication token to the device using the secure connection; and
  
  authenticating the device using the first authentication token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Slick, Royce, Iwamoto, Neil, Dusberger, Dariusz, Piazza, Kevin, Matsubayashi, Don

Granted Patent

US 8,447,977 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/166   at the transport layer

H04L 9/3215   using a plurality of channe...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

AUTHENTICATING A DEVICE WITH A SERVER OVER A NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

99 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATING A DEVICE WITH A SERVER OVER A NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links