METHOD, SYSTEM, AND COMPUTER-READABLE STORAGE MEDIUM FOR AUTHENTICATING A COMPUTING DEVICE

US 20120167169A1
Filed: 12/22/2010
Published: 06/28/2012
Est. Priority Date: 12/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a first computing device to one or more other computing devices, the method comprising:

at a first computing device, generating a message using first secret data and second secret data, the first secret data for authenticating to a second computing device, the second secret data for authenticating to a third computing device; and

sending from the first computing device to the second computing device the message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer-readable storage medium for authenticating a computing device are provided. According to embodiments of the invention, a first computing device generates a message using first secret data and second secret data, the first secret data for authenticating to a second computing device, the second secret data for authenticating to a third computing device. The first computing device sends the message to the second computing device. In some embodiments, challenge-response authentication is implemented. For example, the first computing device receives a challenge from the second computing device and generates the message based at least in part on the challenge. The second computing device compares local information with information received from the first computing device. The first computing device can thereby be authenticated to the second computing device. Furthermore, the first computing device can be authenticated to the third computing device by a similar process.

Citations

27 Claims

1. A method for authenticating a first computing device to one or more other computing devices, the method comprising:
- at a first computing device, generating a message using first secret data and second secret data, the first secret data for authenticating to a second computing device, the second secret data for authenticating to a third computing device; and
  
  sending from the first computing device to the second computing device the message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the message comprises the first secret data and the second secret data.
  - 3. The method of claim 2, wherein the message further comprises first identification data paired with the first secret data, the first identification data for use in conjunction with the first secret data for authenticating to the second computing device, andwherein the message further comprises second identification data paired with the second secret data, the second identification data for use in conjunction with the second secret data for authenticating to the third computing device.
  - 4. The method of claim 1, further comprising:
    - sending from the first computing device to the third computing device the first secret data and the second secret data.
  - 5. The method of claim 1, wherein the sending the message comprises sending the message using a secure connection.
  - 6. The method of claim 1, further comprising:
    - receiving at the first computing device from the second computing device a message indicating the first computing device is authenticated to the second computing device.
  - 7. The method of claim 1, further comprising:
    - sending from the first computing device to the second computing device configuration information in a case that the first computing device is authenticated to the second computing device.
  - 8. The method of claim 1, wherein the first computing device and the second computing device are peers.
  - 9. The method of claim 1, further comprising:
    - receiving at the first computing device from the second computing device a challenge, wherein the message is a response to the challenge, andwherein the message comprises a first value and a second value, the first value corresponding to the first secret data, the second value corresponding to the second secret data.
  - 10. The method of claim 9, wherein the generating the message comprises:
    - generating the first value using the challenge and the first secret data; and
      
      generating the second value using the challenge and the second secret data.
  - 11. The method of claim 10, wherein the challenge comprises a random number,wherein the generating the first value comprises applying a one-way function to the challenge and the first secret data to generate the first value, andwherein the generating the second value comprises applying the one-way function to the challenge and the second secret data to generate the second value.
  - 12. The method of claim 9, wherein the message further comprises a third value paired with the first value, the third value corresponding to first identification data for use in conjunction with the first secret data for authenticating to the second computing device, andwherein the message further comprises a fourth value paired with the second value, the fourth value corresponding to second identification data for use in conjunction with the second secret data for authenticating to the third computing device.
  - 13. The method of claim 12, wherein the generating the message comprises:
    - generating the first value using the challenge and the first secret data;
      
      generating the second value using the challenge and the second secret data;
      
      generating the third value using the challenge and the first identification data; and
      
      generating the fourth value using the challenge and the second identification data.
  - 14. The method of claim 9, further comprising:
    - receiving at the first computing device from the third computing device a second challenge;
      
      generating at the first computing device a second message, the second message comprising a third value and a fourth value, the third value corresponding to the first secret data, the fourth value corresponding to the second secret data; and
      
      sending from the first computing device to the third computing device the second message,wherein the second message is a response to the second challenge.
  - 15. The method of claim 14, wherein the generating the message comprises:
    - generating the first value using the challenge and the first secret data; and
      
      generating the second value using the challenge and the second secret data, andwherein the generating the second message comprises;
      
      generating the third value using the second challenge and the first secret data; and
      
      generating the fourth value using the second challenge and the second secret data.
  - 16. The method of claim 9, further comprising:
    - sending an access request from the first computing device to the second computing device prior to the receiving the challenge.
  - 17. A computer-readable storage medium storing computer-executable instructions for causing a computer to execute the method of claim 1.

18. A method for authenticating a computing device, the method comprising:
- receiving a message from a first computing device at a second computing device, the message comprising first information and second information;
  
  comparing at the second computing device local information with the first information, the comparing the local information with the first information for the purpose of authenticating the first computing device to the second computing device;
  
  based on the comparing the local information with the first information, determining at the second computing device that the local information does not match the first information;
  
  comparing at the second computing device the local information with the second information; and
  
  based on the comparing the local information with the second information, determining at the second computing device that the first computing device is authenticated to the second computing device in a case that the local information matches the second information.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The method of claim 18, wherein the local information comprises local secret data for authenticating to the second computing device.
  - 20. The method of claim 19, wherein the local information further comprises local identification data paired with the local secret data, the local identification data for use in conjunction with the local secret data for authenticating to the second computing device.
  - 21. The method of claim 18, further comprising:
    - generating at the second computing device a challenge;
      
      sending from the second computing device to the first computing device the challenge, wherein the message is a response to the challenge; and
      
      generating at the second computing device the local information using the challenge and local secret data, the local secret data for authenticating to the second computing device.
  - 22. The method of claim 21, wherein the challenge comprises a random number, andwherein the generating the local information comprises applying a one-way function to the challenge and the local secret data to generate the local information.
  - 23. The method of claim 18, further comprising:
    - in the case that the local information matches the second information, sending from the second computing device to the first computing device a message indicating the first computing device is authenticated to the second computing device.
  - 24. The method of claim 18, wherein the determining that the local information does not match the first information occurs prior to the comparing the local information with the second information, andwherein, during a period from the determining that the local information does not match the first information to the comparing the local information with the second information, the second computing device does not send a message indicating the local information does not match the first information.
  - 25. The method of claim 18, wherein the message further comprises third information, and further comprising:
    - based on the comparing the local information with the second information, determining at the second computing device that the local information does not match the second information; and
      
      determining at the second computing device whether to compare the local information with the third information based on whether a predetermined condition is satisfied.
  - 26. A computer-readable storage medium storing computer-executable instructions for causing a computer to execute the method of claim 18.

27. A method for authenticating a computing device, the method comprising:
- at a first computing device, generating a message using first secret data and second secret data, the first secret data for authenticating to a second computing device, the second secret data for authenticating to a third computing device;
  
  sending from the first computing device to the second computing device the message;
  
  receiving at the second computing device from the first computing device the message, the message comprising first information and second information, the first information comprising or corresponding to the first secret data, the second information comprising or corresponding to the second secret data;
  
  comparing at the second computing device local information with the second information;
  
  based on the comparing the local information with the second information, determining at the second computing device that the local information does not match the second information;
  
  comparing at the second computing device the local information with the first information; and
  
  based on the comparing the local information with the first information, determining at the second computing device that the first computing device is authenticated to the second computing device based on the local information matching the first information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon USA, Inc. (Canon Inc.)
Original Assignee
Canon USA, Inc. (Canon Inc.)
Inventors
Ge, Jiuyuan

Granted Patent

US 8,839,357 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

H04L 9/321 involving a third party or ...

H04L 9/3271 using challenge-response

METHOD, SYSTEM, AND COMPUTER-READABLE STORAGE MEDIUM FOR AUTHENTICATING A COMPUTING DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, SYSTEM, AND COMPUTER-READABLE STORAGE MEDIUM FOR AUTHENTICATING A COMPUTING DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links