Authenticating a device with a server over a network

US 8,447,977 B2
Filed: 12/09/2008
Issued: 05/21/2013
Est. Priority Date: 12/09/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method of authenticating a device with a server over a network, the method comprising the steps of:

establishing, by the device, a secure connection with the server;

communicating, by the device, identification information of the device to the server, wherein the identification information uniquely identifies the device to the server and is pre-stored in the device;

determining, by the server, the credibility of the device using the identification information communicated by the device; and

in a case where the server determines that the device is credible;

creating, by the server, a first authentication token for the device, the first authentication token indicating that the device is credible;

storing, by the server, the first authentication token;

transferring, by the server, the first authentication token to the device using the secure connection; and

storing, by the device, the first authentication token;

wherein the method further comprises the steps of;

establishing, by the device, a secure re-connection with the server; and

authenticating, by the server and over the secure re-connection, the device using the first authentication token stored by the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The authentication of a device with a server over a network includes authenticating, by the device, the server so as to establish a secure connection with the server. The device communicates identification information of the device to the server, wherein the identification information uniquely identifies the device to the server. The server determines the credibility of the device using the identification information communicated by the device. In a case where the server determines that the device is credible, the server creates a first authentication token for the device, stores the first authentication token, and transfers the first authentication token to the device using the secure connection, and the device stores the first authentication token. The server authenticates the device using the first authentication token.

Citations

28 Claims

1. A method of authenticating a device with a server over a network, the method comprising the steps of:
- establishing, by the device, a secure connection with the server;
  
  communicating, by the device, identification information of the device to the server, wherein the identification information uniquely identifies the device to the server and is pre-stored in the device;
  
  determining, by the server, the credibility of the device using the identification information communicated by the device; and
  
  in a case where the server determines that the device is credible;
  
  creating, by the server, a first authentication token for the device, the first authentication token indicating that the device is credible;
  
  storing, by the server, the first authentication token;
  
  transferring, by the server, the first authentication token to the device using the secure connection; and
  
  storing, by the device, the first authentication token;
  
  wherein the method further comprises the steps of;
  
  establishing, by the device, a secure re-connection with the server; and
  
  authenticating, by the server and over the secure re-connection, the device using the first authentication token stored by the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method according to claim 1, wherein the determining the credibility of the device comprises accessing, by the server, a database to determine whether the identification information supplied by the device reasonably and credibly identifies the device.
  - 3. A method according to claim 1, wherein the identification information comprises at least one of a device model number, a firmware revision, a Media Access Control (MAC) address, and a device serial number.
  - 4. A method according to claim 1, wherein the authenticating the device is based on a challenge response mechanism which employs the first authentication token to authenticate the device with the server.
  - 5. A method according to claim 1, wherein the secure connection is a Secure Sockets Layer (SSL) connection.
  - 6. A method according to claim 1, wherein the authenticating the server comprises:
    - creating, by the server, a second authentication token;
      
      storing, by the server, the second authentication token;
      
      transferring, by the server, the second authentication token to the device using the secure connection; and
      
      storing, by the device, the second authentication token,wherein the server is authenticated using the second authentication token.
  - 7. A method according to claim 1, further comprising:
    - providing, by a user, a password to the server out of band, prior to the device authenticating the server.
  - 8. A method according to claim 7, wherein the user provides the password to the server via a browser or other web application.
  - 9. A method according to claim 1, further comprising:
    - determining, by the device, which server to authenticate, prior to the device authenticating the server.
  - 10. A method according to claim 9, wherein the server is determined from a predetermined, initial configuration of the device.
  - 11. A method according to claim 9, wherein the server is determined from a manual configuration of an administrator.
  - 12. A method according to claim 9, wherein the server is determined by connecting to a primary server, which in turn selects the server from one or more secondary servers, and which redirects the device to the selected secondary server.
  - 13. A method according to claim 1, wherein the identification information uniquely identifies the device to the server and includes a combination of plural identification data pre-stored in the device including device model number, a firmware revision, a Media Access Control (MAC) address, and a device serial number.

14. A non-transitory computer readable memory medium on which is stored computer executable process steps for causing a computer to authenticate a device with a server over a network, the process steps comprising:
- establishing, by the device, a secure connection with the server;
  
  communicating, by the device, identification information of the device to the server, wherein the identification information uniquely identifies the device to the server and is pre-stored in the device;
  
  determining, by the server, the credibility of the device using the identification information communicated by the device; and
  
  in a case where the server determines that the device is credible;
  
  creating, by the server, a first authentication token for the device, the first authentication token indicating that the device is credible;
  
  storing, by the server, the first authentication token;
  
  transferring, by the server, the first authentication token to the device using the secure connection; and
  
  storing, by the device, the first authentication token;
  
  wherein the process steps further comprise;
  
  establishing, by the device, a secure re-connection with the server; and
  
  authenticating, by the server and over the secure re-connection, the device using the first authentication token stored by the devices.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. A non-transitory computer readable memory medium according to claim 14, wherein the determining the credibility of the device comprises accessing, by the server, a database to determine whether the identification information supplied by the device reasonably and credibly identifies the device.
  - 16. A non-transitory computer readable memory medium according to claim 14, wherein the identification information comprises at least one of a device model number, a firmware revision, a MAC address, and a device serial number.
  - 17. A non-transitory computer readable memory medium according to claim 14, wherein the authenticating the device is based on a challenge response mechanism which employs the first authentication token to authenticate the device with the server.
  - 18. A non-transitory computer readable memory medium according to claim 14, wherein the secure connection is an SSL connection.
  - 19. A non-transitory computer readable memory medium according to claim 14, wherein the authenticating the server comprises:
    - creating, by the server, a second authentication token;
      
      storing, by the server, the second authentication token;
      
      transferring, by the server, the second authentication token to the device using the secure connection; and
      
      storing, by the device, the second authentication token,wherein the server is authenticated using the second authentication token.

20. A device for authentication by a server over a network, the device comprising:
- a computer readable memory which stores computer executable process steps; and
  
  a processor constructed to execute the computer executable process steps stored in the memory;
  
  wherein the computer executable process steps comprise;
  
  establishing by the device a secure connection with the server;
  
  communicating identification information of the device to the server, wherein the identification information uniquely identifies the device to the server and is pre-stored in the device;
  
  receiving a first authentication token from the server, the first authentication token indicating that the device is credible;
  
  storing the first authentication token;
  
  establishing by the device a secure re-connection with the server; and
  
  authenticating the device to the server over the secure re-connection using the first authentication token stored by the device.
- View Dependent Claims (21)
- - 21. A device according to claim 20, wherein the identification information uniquely identifies the device to the server and includes a combination of plural identification data pre-stored in the device including device model number, a firmware revision, a Media Access Control (MAC) address, and a device serial number.

22. A server for authenticating a device over a network, the server comprising:
- a computer readable memory which stores computer executable process steps; and
  
  a processor constructed to execute the computer executable process steps stored in the memory;
  
  wherein the computer executable process steps comprise;
  
  establishing a secure connection between the device and the server;
  
  receiving identification information from the device, wherein the identification information uniquely identifies the device to the server and is pre-stored in the device;
  
  determining the credibility of the device using the identification information; and
  
  in a case where it is determined that the device is credible;
  
  creating a first authentication token for the device, the first authentication token indicating that the device is credible;
  
  storing the first authentication token; and
  
  transferring the first authentication token to the device using the secure connection;
  
  wherein the process steps further comprise;
  
  establishing a secure re-connection between the device and the server; and
  
  authenticating the device over the secure re-connection using the first authentication token stored by the device.

23. A method of authenticating a device with a server over a network, the method comprising the steps of:
- establishing, by the device, a secure connection with the server;
  
  communicating, by the device, identification information of the device to the server, wherein the identification information uniquely identifies the device to the server and is pre-stored in the device;
  
  determining, by the server, the credibility of the device using the identification information communicated by the device; and
  
  in a case where the server determines that the device is credible;
  
  creating, by the server, a first authentication token for the device, the first authentication token indicating that the device is credible;
  
  storing, by the server, the first authentication token;
  
  transferring, by the server, the first authentication token to the device using the secure connection; and
  
  storing, by the device, the first authentication token;
  
  wherein the method further comprises the steps of;
  
  establishing, by the device, a re-connection with the server; and
  
  authenticating, by the server and over the re-connection, the device using the first authentication token stored by the device.
- View Dependent Claims (24)
- - 24. A method according to claim 23, wherein the identification information comprises at least one of a device model number, a firmware revision, a Media Access Control (MAC) address, and a device serial number.

25. A non-transitory computer readable memory medium on which is stored computer executable process steps for causing a computer to authenticate a device with a server over a network, the process steps comprising:
- establishing, by the device, a secure connection with the server;
  
  communicating, by the device, identification information of the device to the server, wherein the identification information uniquely identifies the device to the server and is pre-stored in the device;
  
  determining, by the server, the credibility of the device using the identification information communicated by the device; and
  
  in a case where the server determines that the device is credible;
  
  creating, by the server, a first authentication token for the device, the first authentication token indicating that the device is credible;
  
  storing, by the server, the first authentication token;
  
  transferring, by the server, the first authentication token to the device using the secure connection; and
  
  storing, by the device, the first authentication token;
  
  wherein the process steps further comprise;
  
  establishing, by the device, a re-connection with the server; and
  
  authenticating, by the server and over the re-connection, the device using the first authentication token stored by the devices.
- View Dependent Claims (26)
- - 26. A non-transitory computer readable memory medium according to claim 25, wherein the identification information comprises at least one of a device model number, a firmware revision, a MAC address, and a device serial number.

27. A device for authentication by a server over a network, the device comprising:
- a computer readable memory which stores computer executable process steps; and
  
  a processor constructed to execute the computer executable process steps stored in the memory;
  
  wherein the computer executable process steps comprise;
  
  establishing by the device a secure connection with the server;
  
  communicating identification information of the device to the server, wherein the identification information uniquely identifies the device to the server and is pre-stored in the device;
  
  receiving a first authentication token from the server, the first authentication token indicating that the device is credible;
  
  storing the first authentication token;
  
  establishing by the device a re-connection with the server; and
  
  authenticating the device to the server over the re-connection using the first authentication token stored by the device.
- View Dependent Claims (28)
- - 28. A device according to claim 27, wherein the identification information uniquely identifies the device to the server and includes a combination of plural identification data pre-stored in the device including device model number, a firmware revision, a Media Access Control (MAC) address, and a device serial number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Slick, Royce, Matsubayashi, Don, Piazza, Kevin, Dusberger, Dariusz, Iwamoto, Neil
Primary Examiner(s)
POWERS, WILLIAM S

Application Number

US12/331,287
Publication Number

US 20100146275A1
Time in Patent Office

1,624 Days
Field of Search

None
US Class Current

713/169
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/166   at the transport layer

H04L 9/3215   using a plurality of channe...

H04L 9/3234   involving additional secure...

H04L 9/3271   using challenge-response

Authenticating a device with a server over a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating a device with a server over a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links