Computer system for authenticating a computing device

US 7,805,606 B2
Filed: 02/25/2003
Issued: 09/28/2010
Est. Priority Date: 07/29/2002
Status: Active Grant

First Claim

Patent Images

1. A method for an authentication service to establish a communications session between two computing devices connected to a network, the method comprising:

receiving, at the authentication service, a request from a first registered computing device to establish a communications session with a second registered computing device, wherein prior to receiving the request and registering the two computing devices, the authentication service receives an imprinting request for an identity from each of the computing devices, and associates an identity to each of the computing devices, the identity identifying the corresponding computing device and being independent of a network address associated with the computing device, and in response to the imprinting request the authentication service sends to the first registered computing device the identity, and further sends to the first registered computing device a first long-term authentication credential that encapsulates a first secret shared between the authentication service and the first registered computing device and a first short-term authentication credential that encapsulates a second secret shared between the authentication service and the first registered computing device and is valid for a limited duration,wherein the identity comprises a physical identity that is associated with a singular physical entity and a virtual identity that represents a non-physical entity;

authenticating the first registered computing device; and

after the first registered computing device is authenticated by the authentication service, sending from the authentication service to the first registered computing device (1) a network address, associated with the identity of the second registered computing device for use in completing establishment of the communications session with the second registered computing device, (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device, and (3) sending policy information to the first registered computing device,wherein the policy information is encrypted using the short-term authentication credential associated with the first computing device and sending the encrypted policy information.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device.

Citations

72 Claims

1. A method for an authentication service to establish a communications session between two computing devices connected to a network, the method comprising:
- receiving, at the authentication service, a request from a first registered computing device to establish a communications session with a second registered computing device, wherein prior to receiving the request and registering the two computing devices, the authentication service receives an imprinting request for an identity from each of the computing devices, and associates an identity to each of the computing devices, the identity identifying the corresponding computing device and being independent of a network address associated with the computing device, and in response to the imprinting request the authentication service sends to the first registered computing device the identity, and further sends to the first registered computing device a first long-term authentication credential that encapsulates a first secret shared between the authentication service and the first registered computing device and a first short-term authentication credential that encapsulates a second secret shared between the authentication service and the first registered computing device and is valid for a limited duration,wherein the identity comprises a physical identity that is associated with a singular physical entity and a virtual identity that represents a non-physical entity;
  
  authenticating the first registered computing device; and
  
  after the first registered computing device is authenticated by the authentication service, sending from the authentication service to the first registered computing device (1) a network address, associated with the identity of the second registered computing device for use in completing establishment of the communications session with the second registered computing device, (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device, and (3) sending policy information to the first registered computing device,wherein the policy information is encrypted using the short-term authentication credential associated with the first computing device and sending the encrypted policy information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 2. The method of claim 1 further comprising:
    - performing a mutual authentication of the first registered computing device and the second registered computing device, andonly when a result of the mutual authentication is successful, sending data from one of the first registered computing device and the second registered computing device to the other of the first registered computing device and the second registered computing device.
  - 3. The method of claim 1 further comprising:
    - performing a mutual authentication of the authentication service and the first registered computing device, andonly when a result of the mutual authentication is successful, sending data from one of the authentication service and the first registered computing device to the other of the authentication service and the first registered computing device.
  - 4. The method of claim 3 wherein sending data comprises sending the network address and the authentication information from the authentication service to the first computing device.
  - 5. The method of claim 3 further comprising:
    - performing a mutual authentication of the authentication service and the second registered computing device, andonly when a result of the mutual authentication is successful, sending data from one of the authentication service and the second registered computing device to the other of the authentication service and the second registered computing device.
  - 6. The method of claim 1 further comprising associating the network address with the second registered computing device using a secure procedure that employs a long-term authentication credential of the second registered computing device.
  - 7. The method of claim 1 further comprising associating a long-term authentication credential with the second registered computing device.
  - 8. The method of claim 1 wherein authenticating the first registered computing device comprises:
    - receiving from the first registered computing device the first short-term authentication credential of the first registered computing device;
      
      sending the first registered computing device an authentication challenge;
      
      receiving an authentication challenge response from the first registered computing device; and
      
      using the received first short-term authentication credential of the first computing device to determine whether the authentication challenge response is a correct response to the authentication challenge.
  - 9. The method of claim 8 further comprising receiving from the first registered computing device a second short-term authentication credential of the second registered computing device.
  - 10. The method of claim 8 further comprising:
    - sending a request for the second short-term authentication credential from the first registered computing device to the second registered computing device; and
      
      receiving at the first registered computing device the second short-term authentication credential of the second registered computing device from the second registered computing device.
  - 11. The method of claim 10 wherein the authentication information for use in mutual authentication of the first registered computing device and the second registered computing device includes session information encrypted with the second short-term authentication credential of the second registered computing device.
  - 12. The method of claim 8 wherein the authentication information for use in mutual authentication of the first registered computing device and the second registered computing device includes session information encrypted with the first short-term authentication credential of the first registered computing device.
  - 13. The method of claim 8 wherein the authentication information for use in mutual authentication of the first registered computing device and the second registered computing device includes policy settings for use in the communications session between the first registered computing device and the second registered computing device.
  - 14. The method of claim 8 wherein the first short-term authentication credential is invalid after a registration expires.
  - 15. The method of claim of 14 wherein the registration of the first registered computing device or the second registered computing device comprises a registration that expires when a predetermined amount of time has elapsed since the short-term authentication credential was created.
  - 16. The method of claim 14 wherein the registration of the first registered computing device or the second registered computing device comprises a registration that expires when the computing device powers off.
  - 17. The method of claim 14 further comprising registering the second computing device by:
    - using a long-term authentication credential to authenticate the second computing device; and
      
      when the second computing device is authenticated, associating the short-term authentication credential with the second computing device.
  - 18. The method of claim 17 further comprising associating the network address with the second computing device when the second computing device is authenticated.
  - 19. The method of claim 17 further comprising associating a predetermined amount of time with the short-term authentication credential.
  - 20. The method of claim 8 wherein the short-term authentication credential comprises a cryptographic key, the authentication challenge comprises a non-repeatable number, the authentication challenge response comprises the non-repeatable number encrypted using the cryptographic key, and using the received short-term authentication credential to determine whether the authentication challenge response is a correct response comprises:
    - encrypting the non-repeatable number using the cryptographic key;
      
      comparing the encrypted non-repeatable number with the received encrypted non-repeatable number of the authentication challenge response; and
      
      determining that the authentication challenge response is a correct response when the encrypted non-repeatable number matches the encrypted non-repeatable number of the authentication challenge response.
  - 21. The method of claim 20 wherein encrypting the non-repeatable number comprises encrypting the non-repeatable number using a symmetric cryptographic algorithm.
  - 22. The method of claim 20 wherein encrypting the non-repeatable number comprises encrypting the non-repeatable number using an asymmetric cryptographic algorithm.
  - 23. The method of claim 20 wherein the non-repeatable number comprises a sequence number.
  - 24. The method of claim 20 wherein the non-repeatable number comprises a randomly generated number.
  - 25. The method of claim 20 wherein the non-repeatable number comprises a time-stamp derived from a date and a time.
  - 26. The method of claim 1 further comprising:
    - determining whether the first registered computing device is permitted to establish the communications session with the second registered computing device; and
      
      only when the first registered computing device is authenticated and permitted to establish the communications session with the second registered computing device, sending to the first registered computing device (1) the network address associated with the second registered computing device for use in completing establishment of the communications session with the second registered computing device and (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device.
  - 27. The method of claim 26 wherein determining whether the first registered computing device is permitted to establish the communications session comprises accessing policy information that indicates whether the first registered computing device is permitted to establish the communications session with the second registered computing device.
  - 28. The method of claim 26, wherein the authentication information comprises a session key that is encrypted using a short-term authentication credential associated with the first computing device, the method further comprising sending a second session key that is encrypted using a short-term authentication credential associated with the second computing device.
  - 29. The method of claim 26, wherein the authentication information comprises a session key that is encrypted using a short-term authentication credential associated with the first computing device, the method further comprising sending a second session key that is encrypted using a long-term authentication credential associated with the second computing device.
  - 30. The method of claim 1 further comprising:
    - determining policy information for use in the communications session between the first registered computing device and the second registered computing device; and
      
      when the first registered computing device is authenticated, sending the policy information to the first registered computing device.
  - 31. The method of claim 30 wherein the policy information indicates whether encryption is to be used in the communications session between the first registered computing device and the second registered computing device.
  - 32. The method of claim 31 wherein the policy information indicates an encryption method to be used in the communications session between the first registered computing device and the second registered computing device.
  - 33. The method of claim 31 wherein the policy information identifies a symmetric cryptographic algorithm to be used in the communications session between the first registered computing device and the second registered computing device.
  - 34. The method of claim 31 wherein the policy information identifies an asymmetric cryptographic algorithm to be used in the communications session between the first registered computing device and the second registered communications device.
  - 35. The method of claim 30 wherein the policy information indicates whether a message authentication code is to be used in the communications session between the first registered computing device and the second registered computing device.
  - 36. The method of claim 30 further comprising encrypting the policy information using a short-term authentication credential associated with the second computing device and sending the encrypted policy information.
  - 37. The method of claim 30 further comprising encrypting the policy information using a long-term authentication credential associated with the second computing device and sending the encrypted policy information.
  - 38. The method of claim 1 further comprising sending the authentication information from the first registered computing device to the second registered computing device.
  - 39. The method of claim 1 further comprising having the first registered computing device authenticate the authentication service.
  - 40. The method of claim 1 further comprising having the second registered computing device authenticate the authentication service.
  - 41. The method of claim 1 further comprising registering the first and second registered computing devices with the authentication service, wherein each computing device receives a short-term authentication credential from the authentication service.
  - 42. The method of claim 41 further comprising only registering a computing device with the authentication service when the computing device is eligible to be registered.
  - 43. The method of claim 41 further comprising announcing a network address associated with at least one of the computing devices.

44. A method for an authentication service to establish a communications session between two computing devices connected to a network, the method comprising:
- receiving, at the authentication service, a request from a first registered computing device to establish a communications session with a second registered computing device, wherein prior to receiving the request and registering the two computing devices, the authentication service receives an imprinting request for an identity from each of the computing devices, and associates an identity to each of the computing devices, the identity identifying the corresponding computing device and being independent of a network address associated with the computing device, and in response to the imprinting request the authentication service sends to the first registered computing device the identity, and further sends to the first registered computing device a first long-term authentication credential that encapsulates a first secret shared between the authentication service and the first registered computing device and a first short-term authentication credential that encapsulates a second secret shared between the authentication service and the first registered computing device and is valid for a limited duration,wherein the identity comprises a physical identity that is associated with a singular physical entity and a virtual identity that represents a non-physical entity;
  
  authenticating the first registered computing device;
  
  determining whether the first registered computing device is permitted to establish a communications session with the second registered computing device; and
  
  after the first registered computing device is authenticated by the authentication service and is permitted to establish communications session with the second registered computing device, sending from the authentication service to the first registered computing device (1) a network address associated with an identity of the second registered computing device for use in completing establishment of the communications session with the second registered computing device, (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device, and (3) sending policy information to the first registered computing device,wherein the policy information is encrypted using the short-term authentication credential associated with the first computing device and sending the encrypted policy information.
- View Dependent Claims (45, 46, 47, 48, 49, 50)
- - 45. The method of claim 44 wherein determining whether the first registered computing device is permitted to establish the communications session comprises accessing policy information that indicates whether the first registered computing device is permitted to establish the communications session with the second registered computing device.
  - 46. The method of claim 44 wherein the authentication information comprises a session key that is encrypted using a short-term authentication credential associated with the second computing device.
  - 47. The method of claim 44 wherein the authentication information comprises a session key that is encrypted using a long-term authentication credential associated with the second computing device.
  - 48. The method of claim 44 wherein the authentication information comprises a session key that is encrypted using a short-term authentication credential associated with the first computing device.
  - 49. The method of claim 44, wherein the authentication information comprises a session key that is encrypted using a short-term authentication credential associated with the first computing device, the method further comprising sending to the first registered computing device a second session key that is encrypted using a short-term authentication credential associated with the second computing device.
  - 50. The method of claim 44, wherein the authentication information comprises a session key that is encrypted using a short-term authentication credential associated with the first computing device, the method further comprising sending to the first registered computing device a second session key that is encrypted using a long-term authentication credential associated with the second computing device.

51. A non-transitory computer-readable medium having embodied thereon a computer program configured to establish a communications session between two computing devices connected to a network by an authentication service, the medium comprising one or more code segments configured to:
- receive, at the authentication service, a request from a first registered computing device to establish a communications session with a second registered computing device, wherein prior to receiving the request and registering the two computing devices, the authentication service receives an imprinting request for an identity from each of the computing devices, and associates an identity to each of the computing devices, the identity identifying the corresponding computing device and being independent of a network address associated with the computing device, and in response to the imprinting request the authentication service sends to the first registered computing device the identity, and further sends to the first registered computing device a first long-term authentication credential that encapsulates a first secret shared between the authentication service and the first registered computing device and a first short-term authentication credential that encapsulates a second secret shared between the authentication service and the first registered computing device and is valid for a limited duration,wherein the identity comprises a physical identity that is associated with a singular physical entity and a virtual identity that represents a non-physical entity;
  
  authenticate the first registered computing device; and
  
  after the first registered computing device is authenticated by the authentication service, send from the authentication service to the first registered computing device (1) a network address associated with an identify of the second registered computing device for use in completing establishment of the communications session with the second registered computing device, (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device, and (3) sending policy information to the first registered computing device,wherein the policy information is encrypted using the short-term authentication credential associated with the first computing device and sending the encrypted policy information.
- View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59)
- - 52. The medium of claim 51 wherein the one or more code segments are further configured to:
    - perform a mutual authentication of the first registered computing device and the second registered computing device, and only when a result of the mutual authentication is successful, send data from one of the first registered computing device and the second registered computing device to the other of the first registered computing device and the second registered computing device.
  - 53. The medium of claim 51 wherein the one or more code segments are further configured to:
    - perform a mutual authentication of the authentication service and the first registered computing device, andonly when a result of the mutual authentication is successful, send data from one of the authentication service and the first registered computing device to the other of the authentication service and the first registered computing device.
  - 54. The medium of claim 51 wherein the one or more code segments are further configured to:
    - perform a mutual authentication of the authentication service and the second registered computing device, and only when a result of the mutual authentication is successful, send data from one of the authentication service and the second registered computing device to the other of the authentication service and the second registered computing device.
  - 55. The medium of claim 51 wherein the one ormore code segments configured authenticate the first registered computing device comprise one or more code segments configured to:
    - receive from the first registered computing device a first short-term authentication credential of the first registered computing device;
      
      send the first registered computing device an authentication challenge;
      
      receive an authentication challenge response from the first registered computing device; and
      
      use the received first short-term authentication credential of the first computing device to determine whether the authentication challenge response is a correct response to the authentication challenge.
  - 56. The medium of claim 55 wherein the one or more code segments are further configured to receive from the first registered computing device a second short-term authentication credential of the second registered computing device.
  - 57. The medium of claim 56 wherein the one or more code segments are further configured to:
    - send a request for the second short-term authentication credential from the first registered computing device to the second registered computing device; and
      
      receive at the first registered computing device the second short-term authentication credential of the second registered computing device from the second registered computing device.
  - 58. The medium of claim 55 wherein the short-term authentication credential comprises a cryptographic key, the authentication challenge comprises a non-repeatable number, the authentication challenge response comprises the non-repeatable number encrypted using the cryptographic key, and the one or more code segments configured to use the received short-term authentication credential to determine whether the authentication challenge response is a correct response comprise one or more code segments configured to:
    - encrypt the non-repeatable number using the cryptographic key;
      
      compare the encrypted non-repeatable number with the received encrypted non-repeatable number of the authentication challenge response; and
      
      determine that the authentication challenge response is a correct response when the encrypted non-repeatable number matches the encrypted non-repeatable number matches the encrypted non-repeatable number of the authentication challenge response.
  - 59. The medium of claim 51 wherein the one or more code segments are further configured to:
    - determine whether the first registered computing device is permitted to establish the communications session with the second registered computing device; and
      
      only when the first registered computing device is authenticated and permitted to establish the communications session with the second registered computing device, send to the first registered computing device (1) a network address associated with the second registered computing device for use in completing establishment of the communications session with the second registered computing device and (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device.

60. A non-transitory computer-readable medium having embodied thereon a computer program configured to establish a communications session between two computing devices connected to a network by an authentication service, the medium comprising one or more code segments configured to:
- receive a request from a first registered computing device to establish a communications session with a second registered computing device, wherein prior to receiving the request and registering the two computing devices, the authentication service receives an imprinting request for an identity from each of the computing devices, and associates an identity to each of the computing devices, the identity identifying the corresponding computing device and being independent of a network address associated with the computing device, and in response to the imprinting request the authentication service sends to the first registered computing device the identity, and further sends to the first registered computing device a first long-term authentication credential that encapsulates a first secret shared between the authentication service and the first registered computing device and a first short-term authentication credential that encapsulates a second secret shared between the authentication service and the first registered computing device and is valid for a limited duration,wherein the identity comprises a physical identity that is associated with a singular physical entity and a virtual identity that represents a non-physical entity;
  
  authenticate the first registered computing device;
  
  determine whether the first registered computing device is permitted to establish a communications session with the second registered computing device, andafter the first registered computing device is authenticated by the authentication service and is permitted to establish a communication session with the second registered computing device, send from the authentication service to the first registered computing device (1) a network address associated with an identity of the second registered computing device for use in completing establishment of the communications session with the second registered computing device and (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device, and (3) sending policy information to the first registered computing device,wherein the policy information is encrypted using the short-term authentication credential associated with the first computing device and sending the encrypted policy information.
- View Dependent Claims (61)
- - 61. The medium of claim 60 wherein the one or more code segments configured to determine whether the first registered computing device is permitted to establish the communications session comprise one or more code segments configured to access policy information that indicates whether the first registered computing device is permitted to establish the communications session with the second registered computing device.

62. A system for establishing a communications session between two computing devices connected to a network, the system comprising a processor connected to a storage device and one or more input/output devices, wherein the processor is configured to:
- receive, at an authentication service, a request from a first registered computing device to establish a communications session with a second registered computing device, wherein prior to receiving the request and registering the two computing devices, the authentication service receives an imprinting request for an identity from each of the computing devices, and associates an identity to each of the computing devices, the identity identifying the corresponding computing device and being independent of a network address associated with the computing device, and in response to the imprinting request the authentication service sends to the first registered computing device the identity, and further sends to the first registered computing device a first long-term authentication credential that encapsulates a first secret shared between the authentication service and the first registered computing device and a first short-term authentication credential that encapsulates a second secret shared between the authentication service and the first registered computing device and is valid for a limited duration,wherein the identity comprises a physical identity that is associated with a singular physical entity and a virtual identity that represents a non-physical entity;
  
  authenticate the first registered computing device; and
  
  after the first registered computing device is authenticated by the authentication service, send from the authentication service to the first registered computing device (1) a network address associated with an identity of the second registered computing device for use in completing establishment of the communications session with the second registered computing device and (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device, and (3) sending policy information to the first registered computing device,wherein the policy information is encrypted using the short-term authentication credential associated with the first computing device and sending the encrypted policy information.
- View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70)
- - 63. The system of claim 62 wherein the processor is further configured to:
    - perform a mutual authentication of the first registered computing device and the second registered computing device, andonly when a result of the mutual authentication is successful, send data from one of the first registered computing device and the second registered computing device to the other of the first registered computing device and the second registered computing device.
  - 64. The system of claim 62 wherein the processor is further configured to:
    - perform a mutual authentication of the authentication service and the first registered computing device, and only when a result of the mutual authentication is successful, send data from one of the authentication service and the first registered computing device to the other of the authentication service and the first registered computing device.
  - 65. The system of claim 62 wherein the processor is further configured to:
    - perform a mutual authentication of the authentication service and the second registered computing device, andonly when a result of the mutual authentication is successful, send data from one of the authentication service and the second registered computing device to the other of the authentication service and the second registered computing device.
  - 66. The system of claim 62 wherein the processor is further configured to authenticate the first registered computing device comprises a processor configured to:
    - receive from the first registered computing device a first short-term authentication credential of the first registered computing device;
      
      send the first registered computing device an authentication challenge;
      
      receive an authentication challenge response from the first registered computing device; and
      
      use the received first short-term authentication credential of the first computing device to determine whether the authentication challenge response is a correct response to the authentication challenge.
  - 67. The system of claim 66 wherein the processor is further configured to receive from the first registered computing device a second short-term authentication credential of the second registered computing device.
  - 68. The system of claim 67 wherein the first registered computing device is further configured to:
    - send a request for the second short-term authentication credential to the second registered computing device; and
      
      receive the second short-term authentication credential of the second registered computing device from the second registered computing device.
  - 69. The system of claim 66 wherein the short-term authentication credential comprises a cryptographic key, the authentication challenge comprises a non-repeatable number, the authentication challenge response comprises the non-repeatable number encrypted using the cryptographic key, and the processor is further configured to:
    - encrypt the non-repeatable number using the cryptographic key;
      
      compare the encrypted non-repeatable number with the received encrypted non-repeatable number of the authentication challenge response; and
      
      determine that the authentication challenge response is a correct response when the encrypted non-repeatable number matches the encrypted non-repeatable number of the authentication challenge response.
  - 70. The system of claim 62 wherein the processor is further configured to:
    - determine whether the first registered computing device is permitted to establish the communications session with the second registered computing device; and
      
      only when the first registered computing device is authenticated and permitted to establish the communications session with the second registered computing device (1) the network address associated with the second registered computing device for use in completing establishment of the communications session with the second registered computing device and (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device.

71. A system for establishing a communications session between two computing devices connected to a network, the system comprising a processor connected to a storage device and one or more input/output devices, wherein the processor is configured to:
- receive, at an authentication service, a request from a first registered computing device to establish a communications session with a second registered computing device, wherein prior to receiving the request and registering the two computing devices, the authentication service receives an imprinting request for an identity from each of the computing devices, and associates an identity to each of the computing devices, the identity identifying the corresponding computing device and being independent of a network address associated with the computing device, and in response to the imprinting request the authentication service sends to the first registered computing device the identity, and further sends to the first registered computing device a first long-term authentication credential that encapsulates a first secret shared between the authentication service and the first registered computing device and a first short-term authentication credential that encapsulates a second secret shared between the authentication service and the first registered computing device and is valid for a limited duration,wherein the identity comprises a physical identity that is associated with a singular physical entity and a virtual identity that represents a non-physical entity;
  
  determine whether the first registered computing device is permitted to establish a communications session with the second registered computing device, andafter the first registered computing device is authenticated by the authentication service and is permitted to establish a communications session with the second registered computing device, send from the authentication service to the first registered computing device (1) a network address associated with an identity of the second registered computing device for use in completing establishment of the communications session with the second registered computing device and (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device, and (3) sending policy information to the first registered computing device,wherein the policy information is encrypted using the short-term authentication credential associated with the first computing device and sending the encrypted policy information.
- View Dependent Claims (72)
- - 72. The system of claim 71 wherein the processor is configured to access policy information that indicates whether the first registered computing device is permitted to establish the communications session with the second registered computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
BEA Systems Incorporated (Oracle Corporation)
Inventors
Douglas, David C., Traub, Kenneth R., Birger, Chet, Rosenthal, Steven
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
SHAW, YIN CHEN

Application Number

US10/372,397
Publication Number

US 20090006850A1
Time in Patent Office

2,772 Days
Field of Search

713168-171, 713/150, 713/172, 726 1- 6, 726 9- 10, 705/67, 709223-225
US Class Current

713/168
CPC Class Codes

H04L 61/50   Address allocation

H04L 63/0492   by using a location-limited...

H04L 67/125   involving control of end-de...

H04L 67/52   specially adapted for the l...

H04W 12/02   Protecting privacy or anony...

Computer system for authenticating a computing device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

72 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system for authenticating a computing device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

72 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links