×

Computer system for authenticating a computing device

  • US 7,805,606 B2
  • Filed: 02/25/2003
  • Issued: 09/28/2010
  • Est. Priority Date: 07/29/2002
  • Status: Active Grant
First Claim
Patent Images

1. A method for an authentication service to establish a communications session between two computing devices connected to a network, the method comprising:

  • receiving, at the authentication service, a request from a first registered computing device to establish a communications session with a second registered computing device, wherein prior to receiving the request and registering the two computing devices, the authentication service receives an imprinting request for an identity from each of the computing devices, and associates an identity to each of the computing devices, the identity identifying the corresponding computing device and being independent of a network address associated with the computing device, and in response to the imprinting request the authentication service sends to the first registered computing device the identity, and further sends to the first registered computing device a first long-term authentication credential that encapsulates a first secret shared between the authentication service and the first registered computing device and a first short-term authentication credential that encapsulates a second secret shared between the authentication service and the first registered computing device and is valid for a limited duration,wherein the identity comprises a physical identity that is associated with a singular physical entity and a virtual identity that represents a non-physical entity;

    authenticating the first registered computing device; and

    after the first registered computing device is authenticated by the authentication service, sending from the authentication service to the first registered computing device (1) a network address, associated with the identity of the second registered computing device for use in completing establishment of the communications session with the second registered computing device, (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device, and (3) sending policy information to the first registered computing device,wherein the policy information is encrypted using the short-term authentication credential associated with the first computing device and sending the encrypted policy information.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×