Secure Remote Authentication of Local Machine Services Using Secret Sharing
First Claim
1. A method for authentication of a computing device so that shares of a secret may be delivered, over a network that uses a communications protocol which does not require use of an address, and on which an authentication server is listening, comprising the steps of:
- a. dividing the secret into a first share and a second share;
b. destroying the secret;
c. transmitting the second share, together with a unique identifier, out of band to a pre-designated location;
d. erasing the second share from the computing device;
e. storing the first share at the computing device;
f. broadcasting the unique identifier over the network;
g. accepting a request over the network from an authentication server to initiate an authentication protocol;
f. responding to the request;
g. receiving the second share from the authentication server; and
h. reconstructing the secret using the received second share and the stored first share.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for authentication of a computing device so that shares of a secret may be delivered, over a network that uses a communications protocol which does not require use of an address, and on which an authentication server is listening, comprising the steps of dividing the secret into a first share and a second share, or more; destroying the secret; transmitting the second share, together with a unique identifier, out of band to a pre-designated location; erasing the second share from the computing device; storing the first share at the computing device; broadcasting the unique identifier over the network; accepting a request over the network from an authentication server to initiate an authentication protocol; responding to the request; receiving the second share from the authentication server; and reconstructing the secret using the received second share and the stored first share.
-
Citations
7 Claims
-
1. A method for authentication of a computing device so that shares of a secret may be delivered, over a network that uses a communications protocol which does not require use of an address, and on which an authentication server is listening, comprising the steps of:
-
a. dividing the secret into a first share and a second share; b. destroying the secret; c. transmitting the second share, together with a unique identifier, out of band to a pre-designated location; d. erasing the second share from the computing device; e. storing the first share at the computing device; f. broadcasting the unique identifier over the network; g. accepting a request over the network from an authentication server to initiate an authentication protocol; f. responding to the request; g. receiving the second share from the authentication server; and h. reconstructing the secret using the received second share and the stored first share. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification