SECURE AUTHENTICATION OF REMOTE EQUIPMENT

US 20160261414A1
Filed: 03/06/2015
Published: 09/08/2016
Est. Priority Date: 03/06/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a network device, an encrypted challenge from an authentication server, the challenge comprising a token known by the network device;

sending, from the network device, a response to the authentication server, the response comprising an internet protocol source address; and

exchanging unencrypted data between the network device and a content server affiliated with the authentication server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication server may use secure messaging with a remote device prior to authorizing non-secure communications between the remote device and a content server, thereby preventing unauthorized access to the content server. The secure messaging uses such security features as encryption, signatures with authentication certificates, a realm, and/or a nonce. Once non-secure communication is authorized, the remote device may act as a proxy between the content server and a user device connected to the remote device. The authentication server sends timeout notices to the remote device containing an interval and a key. To continue non-secure communications with the content server, the remote device must respond prior to the expiration of the interval by sending a keep-alive message containing the key to the authentication server.

18 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a network device, an encrypted challenge from an authentication server, the challenge comprising a token known by the network device;
  
  sending, from the network device, a response to the authentication server, the response comprising an internet protocol source address; and
  
  exchanging unencrypted data between the network device and a content server affiliated with the authentication server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - receiving, by the network device, an encrypted timeout notice from the authentication server, the encrypted timeout notice comprising an indication of a time interval;
      
      sending, from the network device, a keep-alive message to the authentication server prior to the expiration of the indicated time interval.
  - 3. The method of claim 2, further comprising:
    - relaying, via the network device, unencrypted data between an end-user device and the content server.
  - 4. The method of claim 3, wherein:
    - the encrypted challenge comprises a realm and a nonce; and
      
      the response comprises the realm and the nonce.
  - 5. The method of claim 4, further comprising:
    - encrypting, by the network device, the response and the keep-alive message.
  - 6. The method of claim 5, further wherein:
    - the challenge and the timeout notice are signed using a first authentication certificate.
  - 7. The method of claim 6 further comprising:
    - signing, by the network device using a second authentication certificate, the response and the keep-alive message.
  - 8. The method of claim 7 wherein:
    - the timeout notice comprises a random key; and
      
      the keep-alive message comprises the random key.
  - 9. The method of claim 8 wherein:
    - the challenge, the response, the timeout notice, and the keep-alive message are MD5 hash encrypted.

10. A method comprising:
- receiving, by a network device, an encrypted challenge from an authentication server, the challenge comprising a token known by the network device;
  
  sending, from the network device, an encrypted response to the authentication server, the response comprising an internet protocol source address;
  
  exchanging unencrypted data between the network device and a content server affiliated with the authentication server;
  
  receiving, by the network device, an encrypted timeout notice from the authentication server, the timeout notice comprising an indication of a time interval;
  
  sending, from the network device, an encrypted keep-alive message to the authentication server prior to the expiration of the indicated time interval.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, further comprising:
    - relaying, via the network device, unencrypted data between an end-user device and the content server.
  - 12. The method of claim 11, wherein:
    - the challenge comprises a realm and a nonce;
      
      the response comprises the realm and the nonce;
      
      the timeout notice comprises a random key; and
      
      the keep-alive message comprises the random key.
  - 13. The method of claim 12 further comprising:
    - signing, by the network device using an authentication certificate the response and the keep-alive message.
  - 14. The method of claim 13 wherein:
    - the challenge, the response, the timeout notice, and the keep-alive message are MD5 hash encrypted.

15. A method comprising:
- sending, from an authentication system, an encrypted challenge to a network device, the challenge comprising a token known by the network device;
  
  receiving, by the authentication system, an encrypted response from the network device, the response being signed using a device-based authentication, and comprising an internet protocol source address;
  
  authorizing, by the authentication system, a content server affiliated with the authentication system to exchange unencrypted data with the network device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 further comprising:
    - sending, from the authentication system, an encrypted timeout notice to the network device, the timeout notice comprising an indication of a time interval;
      
      receiving, by the authentication system, an encrypted keep-alive message from the network device prior to the expiration of the indicated time interval; and
      
      reauthorizing, by the authentication system, the content server to exchange unencrypted data with the network device.
  - 17. The method of claim 16 wherein:
    - the challenge comprises a realm and a nonce; and
      
      the response comprises the realm and the nonce.
  - 18. The method of claim 17 further comprising:
    - signing, by the authentication system using a first authentication certificate, the challenge and the timeout notice.
  - 19. The method of claim 18 further wherein:
    - the response and the keep-alive message are signed using a second authentication certificate.
  - 20. The method of claim 19 wherein:
    - the timeout notice comprises a random key; and
      
      the keep-alive message comprises the random key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Original Assignee
Comcast Cable Communications LLC (Comcast Corporation)
Inventors
Lee, Liu Leung

Granted Patent

US 9,998,287 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/0823   using certificates cryptogr...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04L 9/3297   involving time stamps, e.g....

SECURE AUTHENTICATION OF REMOTE EQUIPMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE AUTHENTICATION OF REMOTE EQUIPMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links