Method, system, and computer-readable storage medium for authenticating a computing device

US 8,839,357 B2
Filed: 12/22/2010
Issued: 09/16/2014
Est. Priority Date: 12/22/2010
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a first computing device to one or more other computing devices, the method comprising:

receiving, at a first computing device, a first credential and a second credential, the first credential for authenticating to a second computing device, the second credential for authenticating to a third computing device, the first credential different from the second credential;

sending, from the first computing device to the second computing device, a first message that includes the first credential and the second credential;

sending, from the first computing device to the third computing device, a second message that includes the first credential and the second credential;

receiving, at the first computing device from the second computing device, a response to the first message, the response to the first message comprising information indicating whether the first computing device is authenticated to the second computing device; and

receiving, at the first computing device from the third computing device, a response to the second message, the response to the second message comprising information indicating whether the first computing device is authenticated to the third computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer-readable storage medium for authenticating a computing device are provided. According to embodiments of the invention, a first computing device generates a message using first secret data and second secret data, the first secret data for authenticating to a second computing device, the second secret data for authenticating to a third computing device. The first computing device sends the message to the second computing device. In some embodiments, challenge-response authentication is implemented. For example, the first computing device receives a challenge from the second computing device and generates the message based at least in part on the challenge. The second computing device compares local information with information received from the first computing device. The first computing device can thereby be authenticated to the second computing device. Furthermore, the first computing device can be authenticated to the third computing device by a similar process.

74 Citations

28 Claims

1. A method for authenticating a first computing device to one or more other computing devices, the method comprising:
- receiving, at a first computing device, a first credential and a second credential, the first credential for authenticating to a second computing device, the second credential for authenticating to a third computing device, the first credential different from the second credential;
  
  sending, from the first computing device to the second computing device, a first message that includes the first credential and the second credential;
  
  sending, from the first computing device to the third computing device, a second message that includes the first credential and the second credential;
  
  receiving, at the first computing device from the second computing device, a response to the first message, the response to the first message comprising information indicating whether the first computing device is authenticated to the second computing device; and
  
  receiving, at the first computing device from the third computing device, a response to the second message, the response to the second message comprising information indicating whether the first computing device is authenticated to the third computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 9)
- - 2. The method of claim 1, wherein the first message further includes first identification data paired with the first credential, the first identification data for use in conjunction with the first credential for authenticating to the second computing device,wherein the first message further includes second identification data paired with the second credential, the second identification data for use in conjunction with the second credential for authenticating to the third computing device,wherein the second message further includes the first identification data paired with the first credential, andwherein the second message further includes the second identification data paired with the second credential.
  - 3. The method of claim 1, wherein the first credential is a first password and the second credential is a second password, the first password different from the second password.
  - 4. The method of claim 1, wherein the sending the first message comprises sending the first message using a secure connection.
  - 5. The method of claim 1, wherein the receiving the response to the first message comprises receiving, at the first computing device from the second computing device, a message indicating the first computing device is authenticated to the second computing device.
  - 6. The method of claim 5, further comprising:
    - in response to the receiving the message indicating the first computing device is authenticated to the second computing device, sending, from the first computing device to the second computing device, configuration information.
  - 7. The method of claim 1, wherein the first computing device and the second computing device are peers.
  - 9. The method of claim 1, wherein the receiving the first credential and the second credential comprises receiving, at the first computing device, the first credential and the second credential without an indication that the first credential is for authenticating to the second computing device and without an indication that the second credential is for authenticating to the third computing device.

8. A computer-readable storage medium storing computer-executable instructions for causing a computer to execute operations comprising:
- receiving, at a first computing device, a first credential and a second credential, the first credential for authenticating to a second computing device, the second credential for authenticating to a third computing device, the first credential different from the second credential;
  
  sending, from the first computing device to the second computing device, a first message that includes the first credential and the second credential;
  
  sending, from the first computing device to the third computing device, a second message that includes the first credential and the second credential;
  
  receiving, at the first computing device from the second computing device, a response to the first message, the response to the first message comprising information indicating whether the first computing device is authenticated to the second computing device; and
  
  receiving, at the first computing device from the third computing device, a response to the second message, the response to the second message comprising information indicating whether the first computing device is authenticated to the third computing device.

10. A method for authenticating a first computing device to one or more other computing devices, the method comprising:
- receiving, at a first computing device, a first credential and a second credential, the first credential for authenticating to a second computing device, the second credential for authenticating to a third computing device, the first credential different from the second credential;
  
  sending, from the first computing device to the second computing device, a first message that includes a first hash value and a second hash value, the first hash value generated based on the first credential, the second hash value generated based on the second credential;
  
  sending, from the first computing device to the third computing device, a second message that includes a third hash value and a fourth hash value, the third hash value generated based on the first credential, the fourth hash value generated based on the second credential;
  
  receiving, at the first computing device from the second computing device, a response to the first message, the response to the first message comprising information indicating whether the first computing device is authenticated to the second computing device; and
  
  receiving, at the first computing device from the third computing device, a response to the second message, the response to the second message comprising information indicating whether the first computing device is authenticated to the third computing device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 20, 21, 22)
- - 11. The method of claim 10, further comprising:
    - receiving, at the first computing device from the second computing device, a challenge, wherein the first message is a response to the challenge.
  - 12. The method of claim 11, further comprising:
    - generating, at the first computing device, the first hash value based on the challenge and the first credential; and
      
      generating, at the first computing device, the second hash value based on the challenge and the second credential.
  - 13. The method of claim 12, wherein the challenge comprises a random number,wherein the generating the first hash value comprises applying a one-way function to the challenge and the first credential to generate the first hash value, andwherein the generating the second hash value comprises applying the one-way function to the challenge and the second credential to generate the second hash value.
  - 14. The method of claim 11, further comprising:
    - receiving, at the first computing device from the third computing device, a second challenge, wherein the second message is a response to the second challenge.
  - 15. The method of claim 14, further comprising:
    - generating, at the first computing device, the first hash value based on the challenge and the first credential;
      
      generating, at the first computing device, the second hash value based on the challenge and the second credential;
      
      generating, at the first computing device, the third hash value based on the second challenge and the first credential; and
      
      generating, at the first computing device, the fourth hash value using based on the second challenge and the second credential.
  - 16. The method of claim 14, further comprising:
    - sending, from the first computing device to the second computing device, a first access request prior to the receiving the challenge; and
      
      sending, from the first computing device to the third computing device, a second access request prior to the receiving the second challenge.
  - 17. The method of claim 10, wherein the first message further includes a fifth hash value paired with the first hash value, the fifth hash value generated based on first identification data for use in conjunction with the first credential for authenticating to the second computing device, andwherein the first message further includes a sixth hash value paired with the second hash value, the sixth hash value generated based on second identification data for use in conjunction with the second credential for authenticating to the third computing device.
  - 18. The method of claim 17, further comprising:
    - receiving, at the first computing device from the second computing device, a challenge, wherein the first message is a response to the challenge;
      
      generating, at the first computing device, the first hash value using based on the challenge and the first credential;
      
      generating, at the first computing device, the second hash value using based on the challenge and the second credential;
      
      generating, at the first computing device, the fifth hash value based on the challenge and the first identification data; and
      
      generating, at the first computing device, the sixth hash value based on the challenge and the second identification data.
  - 20. The method of claim 10, wherein the receiving the response to the first message comprises receiving, at the first computing device from the second computing device, a message indicating the first computing device is authenticated to the second computing device.
  - 21. The method of claim 20, further comprising:
    - in response to the receiving the message indicating the first computing device is authenticated to the second computing device, sending, from the first computing device to the second computing device, configuration information.
  - 22. The method of claim 10, wherein the receiving the first credential and the second credential comprises receiving, at the first computing device, the first credential and the second credential without an indication that the first credential is for authenticating to the second computing device and without an indication that the second credential is for authenticating to the third computing device.

19. A computer-readable storage medium storing computer-executable instructions for causing a computer to execute operations comprising:
- receiving, at a first computing device, a first credential and a second credential, the first credential for authenticating to a second computing device, the second credential for authenticating to a third computing device, the first credential different from the second credential;
  
  sending, from the first computing device to the second computing device, a first message that includes a first hash value and a second hash value, the first hash value generated based on the first credential, the second hash value generated based on the second credential;
  
  sending, from the first computing device to the third computing device, a second message that includes a third hash value and a fourth hash value, the third hash value generated based on the first credential, the fourth hash value generated based on the second credential;
  
  receiving, at the first computing device from the second computing device, a response to the first message, the response to the first message comprising information indicating whether the first computing device is authenticated to the second computing device; and
  
  receiving, at the first computing device from the third computing device, a response to the second message, the response to the second message comprising information indicating whether the first computing device is authenticated to the third computing device.

23. A computing device comprising:
- one or more processors; and
  
  one or more computer-readable media coupled to the one or more processors, the one or more computer-readable media storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving, at a first computing device, a first credential and a second credential, the first credential for authenticating to a second computing device, the second credential for authenticating to a third computing device, the first credential different from the second credential;
  
  sending, from the first computing device to the second computing device, a first message that includes the first credential and the second credential;
  
  sending, from the first computing device to the third computing device, a second message that includes the first credential and the second credential;
  
  receiving, at the first computing device from the second computing device, a response to the first message, the response to the first message comprising information indicating whether the first computing device is authenticated to the second computing device; and
  
  receiving, at the first computing device from the third computing device, a response to the second message, the response to the second message comprising information indicating whether the first computing device is authenticated to the third computing device.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The computing device of claim 23, wherein the first message further includes first identification data paired with the first credential, the first identification data for use in conjunction with the first credential for authenticating to the second computing device,wherein the first message further includes second identification data paired with the second credential, the second identification data for use in conjunction with the second credential for authenticating to the third computing device,wherein the second message further includes the first identification data paired with the first credential, andwherein the second message further includes the second identification data paired with the second credential.
  - 25. The computing device of claim 23, wherein the receiving the response to the first message comprises receiving, at the first computing device from the second computing device, a message indicating the first computing device is authenticated to the second computing device.
  - 26. The computing device of claim 25, the operations further comprising:
    - in response to the receiving the message indicating the first computing device is authenticated to the second computing device, sending, from the first computing device to the second computing device, configuration information.
  - 27. The computing device of claim 23, wherein the receiving the first credential and the second credential comprises receiving, at the first computing device, the first credential and the second credential without an indication that the first credential is for authenticating to the second computing device and without an indication that the second credential is for authenticating to the third computing device.

28. A computing device comprising:
- one or more processors; and
  
  one or more computer-readable media coupled to the one or more processors, the one or more computer-readable media storing instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving, at a first computing device, a first credential and a second credential, the first credential for authenticating to a second computing device, the second credential for authenticating to a third computing device, the first credential different from the second credential;
  
  sending, from the first computing device to the second computing device, a first message that includes a first hash value and a second hash value, the first hash value generated based on the first credential, the second hash value generated based on the second credential;
  
  sending, from the first computing device to the third computing device, a second message that includes a third hash value and a fourth hash value, the third hash value generated based on the first credential, the fourth hash value generated based on the second credential;
  
  receiving, at the first computing device from the second computing device, a response to the first message, the response to the first message comprising information indicating whether the first computing device is authenticated to the second computing device; and
  
  receiving, at the first computing device from the third computing device, a response to the second message, the response to the second message comprising information indicating whether the first computing device is authenticated to the third computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon USA, Inc. (Canon Inc.)
Original Assignee
Canon USA, Inc. (Canon Inc.)
Inventors
Ge, Jiuyuan
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US12/976,991
Publication Number

US 20120167169A1
Time in Patent Office

1,364 Days
Field of Search

726/2, 380/44, 380/272, 380/273, 713/155, 713/165
US Class Current

726/2
CPC Class Codes

H04L 9/321 involving a third party or ...

H04L 9/3271 using challenge-response

Method, system, and computer-readable storage medium for authenticating a computing device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

74 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system, and computer-readable storage medium for authenticating a computing device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

74 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links