AUTHENTICATION AND BINDING OF MULTIPLE DEVICES

US 20130046990A1
Filed: 08/17/2011
Published: 02/21/2013
Est. Priority Date: 08/17/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a second device with a higher security profile, a first registration request from a first device associated with a lower security profile, wherein the first registration request comprises a request for access to content from a content provider and wherein the first registration request has been digitally signed by the first device with a first digital signature;

determining, by a processor of the second device, when the first device is authorized to receive the content;

when the first device is authorized to receive the content, digitally signing, by the processor, the first registration request with a second digital signature so that the first registration request includes both the first and the second digital signatures; and

transmitting the first registration request with the first and the second digital signatures to the content provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described that relate to authentication and/or binding of multiple devices with varying security profiles. In one aspect, a first device with a higher security profile may vouch for the authenticity of a second device with a lower security profile when the second device requests access for content from a content provider. The vouching process may be implemented by allowing the first device to overlay its digital signature on a registration request that has been signed and transmitted by the second device. The second device with the lower security profile may access content from the content provider or source for a predetermined time period, even when the second device does not access content through the first device.

40 Citations

20 Claims

1. A method comprising:
- receiving, by a second device with a higher security profile, a first registration request from a first device associated with a lower security profile, wherein the first registration request comprises a request for access to content from a content provider and wherein the first registration request has been digitally signed by the first device with a first digital signature;
  
  determining, by a processor of the second device, when the first device is authorized to receive the content;
  
  when the first device is authorized to receive the content, digitally signing, by the processor, the first registration request with a second digital signature so that the first registration request includes both the first and the second digital signatures; and
  
  transmitting the first registration request with the first and the second digital signatures to the content provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the first device is a mobile phone.
  - 3. The method of claim 1, wherein the determining when the first device is authorized to receive the content further comprises determining a time period for which the first device is authorized to receive the content.
  - 4. The method of claim 3, further comprising:
    - at the end of the time period, receiving a second registration request from the first device, wherein the second registration request comprises a request for extending the time period for access to the content from the content provider and wherein the second registration request has been digitally signed by the first device with the first digital signature.
  - 5. The method of claim 4, further comprising:
    - using the processor, determining when the first device is authorized for the extension of the time period.
  - 6. The method of claim 5, wherein the determining when the first device is authorized for the extension of the time period takes less time than the determining when the first device is authorized to receive the content.
  - 7. The method of claim 5, further comprising:
    - using the processor, when the first device is authorized for the extension of the time period, digitally signing the second registration request with a second digital signature so that the second registration request includes both the first and the second digital signatures before transmitting the second registration request to the content provider.
  - 8. The method of claim 7, further comprising:
    - receiving a response to the second registration request from the content provider.
  - 9. The method of claim 8, further comprising:
    - transmitting the response to the first device.
  - 10. The method of claim 1, wherein the second device is associated with a user account.
  - 11. The method of claim 10, further comprising:
    - using the processor, associating the first device with the user account when the first device is authorized to receive the content.

12. An apparatus comprising:
- a processor; and
  
  a memory storing computer-readable instructions that, when executed by the processor, cause the processor to perform a method comprising;
  
  receiving, at a second device with a higher security profile, a first registration request from a first device associated with a lower security profile, wherein the first registration request comprises a request for registering onto a managed network for a predetermined time period and wherein the first registration request has been digitally signed by the first device with a first digital signature;
  
  determining when the first device is authorized to register onto the managed network;
  
  when the first device is authorized to register onto the managed network, vouching for the first device by digitally signing the first registration request with a second digital signature so that the first registration request includes both the first and the second digital signatures; and
  
  transmitting the first registration request with the first and the second digital signatures to the managed network.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The apparatus of claim 12, wherein the processor further performs:
    - receiving a first response to the first registration request from the managed network.
  - 14. The apparatus of claim 13, wherein the processor further performs:
    - transmitting the first response to the first device.
  - 15. The apparatus of claim 14, wherein the processor further performs:
    - at the end of the predetermined time period, receiving a second registration request from the first device, wherein the second registration request comprises a request for re-registering with the managed network and wherein the second registration request has been digitally signed by the first device with the first digital signature.
  - 16. The apparatus of claim 15, wherein the processor further performs:
    - determining when the first device is authorized for the re-registration.

17. A computer-readable storage medium having computer-executable program instructions stored thereon that when executed by a processor, cause the processor to perform steps comprising:
- receiving, at a second device, a registration request that has been signed by a first device with a first digital signature, wherein the registration request requests access to content for a first predetermined time period;
  
  determining when the first device is authorized to access the content;
  
  when the first device is authorized to access the content;
  
  overlaying a second digital signature on the registration request to vouch for authenticity of the first device;
  
  transmitting the registration request to a provider of the content;
  
  receiving a response to the registration request from the provider; and
  
  transmitting the response to the first device.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable storage medium of claim 17, wherein the second device is associated with a user account.
  - 19. The computer-readable storage medium of claim 18, wherein the processor further performs:
    - associating the first device with the user account when the first device is authorized to access the content.
  - 20. The computer-readable storage medium of claim 17, wherein the response includes identity information that ties the first device to the user account and cryptographic keys that serve as access authorization credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Inventors
Fahrny, James W., Park, Kyong

Granted Patent

US 8,732,475 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/126   the source of the received ...

H04L 9/3247   involving digital signatures

AUTHENTICATION AND BINDING OF MULTIPLE DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION AND BINDING OF MULTIPLE DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links