Peer-to-peer authentication and authorization
First Claim
1. A computer storage medium having computer-executable instructions for authenticating a first computing device at a second computing device, the computer-readable instructions performing steps comprising:
- creating a root store and a trusted people store on the second computing device wherein the trusted people store comprises certificates different from certificates in the root store;
receiving one or more certificates from the first computing device at the second computing device;
determining if any of the certificates of the one or more certificates contains an identifier corresponding to a certificate contained in the trusted people store;
authenticating the first computing device if any of the certificates of the trusted people store identifies the first computing device, otherwisedetermining if a last certificate of the one or more certificates is signed by a trusted root store entity, wherein the trusted root store entity is identified by a signed certificate placed in a trusted root store of the second computing device;
determining if a first certificate of the one or more certificates identifies the first computing device;
determining if each certificate of the one or more certificates is authenticated by a preceding certificate of the one or more certificates; and
authenticating the first computing device if the last certificate of the one or more certificates is signed by the trusted root store entity, if the first certificate of the one or more certificates identifies the first computing device, and if each certificate of the one or more certificates is authenticated by the preceding certificate of the one or more certificates.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication mechanism uses a trusted people store that can be populated on an individual basis by users of computing devices, and can comprise certificates of entities that the user wishes to allow to act as certification authorities. Consequently, peer-to-peer connections can be made even if neither device presents a certificate or certificate chain signed by a third-party certificate authority, so long as each device present a certificate or certificate chain signed by a device present in the trusted people store. Once authenticated, a remote user can access trusted resources on a host device by having local processes mimic the user and create an appropriate token by changing the user'"'"'s password or password type to a hash of the user'"'"'s certificate and then logging the user on. The token can be referenced in a standard manner to determine whether the remote user is authorized to access the trusted resource.
63 Citations
20 Claims
-
1. A computer storage medium having computer-executable instructions for authenticating a first computing device at a second computing device, the computer-readable instructions performing steps comprising:
-
creating a root store and a trusted people store on the second computing device wherein the trusted people store comprises certificates different from certificates in the root store; receiving one or more certificates from the first computing device at the second computing device; determining if any of the certificates of the one or more certificates contains an identifier corresponding to a certificate contained in the trusted people store; authenticating the first computing device if any of the certificates of the trusted people store identifies the first computing device, otherwise determining if a last certificate of the one or more certificates is signed by a trusted root store entity, wherein the trusted root store entity is identified by a signed certificate placed in a trusted root store of the second computing device; determining if a first certificate of the one or more certificates identifies the first computing device; determining if each certificate of the one or more certificates is authenticated by a preceding certificate of the one or more certificates; and authenticating the first computing device if the last certificate of the one or more certificates is signed by the trusted root store entity, if the first certificate of the one or more certificates identifies the first computing device, and if each certificate of the one or more certificates is authenticated by the preceding certificate of the one or more certificates. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer storage medium having computer-executable instructions for authorizing a user at a first computing device to access a trusted resource at a second computing device, the computer-readable instructions performing steps comprising:
-
receiving, from the user, a request to access the trusted resource on the second computing device; changing a password element of a user account on the second computing device based on a certificate of the first computing device stored in a trusted people store of the second computing device; logging into the user account using the changed password element, thereby generating a token; accessing the trusted resource with the token; and providing the results of the accessing to the user at the first computing device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computing device comprising:
-
a trusted root store comprising signed certificates different from certificates in a trusted people store; the trusted people store comprising signed certificates of entities deemed by a user of the computing device to be trustworthy, the signed certificates having been placed in the trusted people store under the direction of the user; a network interface, the network interface performing steps comprising;
receiving one or more certificates from another computing device; anda processing unit, the processing unit performing steps comprising;
determining if any of the certificates of the one or more certificates contains an identifier corresponding to a certificate contained in the trusted people store, authenticating the first computing device if any of the certificates of the trusted people store identifies the first computing device, and otherwise authenticating the other computing device if a last certificate of the one or more certificates is signed by a trusted root store entity, wherein the trusted root store entity is identified by a signed certificate in the trusted root store, if a first certificate of the one or more certificates identifies the other computing device, and if each certificate of the one or more certificates is authenticated by a preceding certificate of the one or more certificates. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification