Network mediated multi-device shared authentication

US 9,172,546 B2
Filed: 01/25/2012
Issued: 10/27/2015
Est. Priority Date: 01/25/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a communication interface; and

authentication logic coupled with the communication interface;

wherein the authentication logic authenticates with a first neighboring device belonging to a set of neighboring devices thereby establishing a trust relationship between the apparatus and the set of neighboring devices;

wherein the authentication logic obtains via the communication interface data representative of a user associated with a user device;

wherein the authentication logic sends a challenge to the user device, via the communication interface, the challenge requesting data associated with the user associated with the user device;

wherein the authentication logic receives a response to the challenge via the communication interface;

wherein the response is selectively validated by an associated authentication server associated with the set of neighboring devices;

wherein the authentication logic selectively enables access by the user device to the apparatus in accordance with the authentication server selectively validating the response to the challenge; and

wherein the authentication logic selectively provides data to the first neighboring device in accordance with the authentication server selectively validating the response to the challenge, the data indicating that the user associated with the user device has been authenticated to enable access by the user associated with the user device to the set of neighboring devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described in an example embodiment herein is an apparatus, comprising a communication interface and authentication logic coupled with the wireless interface. The authentication logic authenticates with at least one neighboring device forming a trust relationship with the at least one neighboring device. The authentication logic obtains via the communication interface data representative of a user associated with a user device. The authentication logic sends a challenge to the user device, via the communication interface, the challenge requesting data associated with the user associated with the user device. The authentication logic receives a response to the challenge via the user interface and validates the response to the challenge. The authentication logic provides data to the at least one neighboring device indicating that the user associated with the user device has been authenticated, to enable access to the functionality and/or resources of the at least one neighboring device.

28 Citations

View as Search Results

16 Claims

1. An apparatus, comprising:
- a communication interface; and
  
  authentication logic coupled with the communication interface;
  
  wherein the authentication logic authenticates with a first neighboring device belonging to a set of neighboring devices thereby establishing a trust relationship between the apparatus and the set of neighboring devices;
  
  wherein the authentication logic obtains via the communication interface data representative of a user associated with a user device;
  
  wherein the authentication logic sends a challenge to the user device, via the communication interface, the challenge requesting data associated with the user associated with the user device;
  
  wherein the authentication logic receives a response to the challenge via the communication interface;
  
  wherein the response is selectively validated by an associated authentication server associated with the set of neighboring devices;
  
  wherein the authentication logic selectively enables access by the user device to the apparatus in accordance with the authentication server selectively validating the response to the challenge; and
  
  wherein the authentication logic selectively provides data to the first neighboring device in accordance with the authentication server selectively validating the response to the challenge, the data indicating that the user associated with the user device has been authenticated to enable access by the user associated with the user device to the set of neighboring devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus set forth in claim 1, wherein the authentication logic selectively authenticates with one or more neighboring devices within a predetermined proximity.
  - 3. The apparatus set forth in claim 1, wherein the authentication logic selectively authenticates with one or more neighboring devices within a predefined bounded area.
  - 4. The apparatus set forth in claim 1, wherein the data provided to the first neighboring device of the set of neighboring devices indicating that the user associated with the user device has been authenticated comprises a session key.
  - 5. The apparatus set forth in claim 1, wherein the data provided to the first neighboring device of the set of neighboring devices indicating that the user associated with the user device has been authenticated comprises a telephone number associated with the user device.
  - 6. The apparatus set forth in claim 1, wherein the data provided to the first neighboring device of the set of neighboring devices indicating that the user associated with the user device has been authenticated comprises a media access control (MAC) address associated with the user device.
  - 7. The apparatus set forth in claim 1, wherein the authentication logic receives data representative of a second authenticated user from the first neighboring device belonging to the set of neighboring devices;
    - wherein the second authenticated user is allowed access to the apparatus based on the data representative of the second authenticated user received from the first neighboring device.
  - 8. The apparatus set forth in claim 7, wherein the data representative of the second authenticated user comprises data representative of a user device associated with the second authenticated user;
    - andwherein the second authenticated user is allowed access to the apparatus while the user device associated with the second authenticated user is in communication with the communication interface.

9. An apparatus, comprising:
- a communication interface;
  
  authentication logic coupled with the communication interface; and
  
  a user interface;
  
  wherein the authentication logic provides a username of an associated user of the apparatus to a first neighboring networked device belonging to a set of at least two mutually authenticated neighboring devices;
  
  wherein the authentication logic receives a challenge associated with the username;
  
  wherein the authentication logic provides a response to the challenge;
  
  wherein the challenge is provided to the user interface and the response to the challenge is received via the user interface;
  
  wherein the response to the challenge is selectively validated by an authentication server associated with the set of at least two mutually authenticated neighboring devices;
  
  wherein the authentication logic determines the user has been authenticated with the first neighboring networked device and at least one other networked device of the set of at least two mutually authenticated neighboring devices associated with the first neighboring networked device;
  
  wherein the authentication logic determines other networked devices associated with the networked device requesting authentication;
  
  wherein data representative of the other networked devices associated with the networked device requesting authentication is provided to the user interface;
  
  wherein data representative of a user selection is received via the user interface indicating which of the other networked devices associated with the networked device are allowed to be authenticated; and
  
  wherein the authentication logic limits authentication to devices that the data representative of a user selection indicates are allowed to be authenticated.
- View Dependent Claims (10, 11)
- - 10. The apparatus set forth in claim 9, wherein the response is encrypted using an encryption key associated with an authentication server associated with the networked device.
  - 11. The apparatus set forth in claim 9, wherein the authentication logic obtains a credential for accessing data from one of a group consisting of the networked device and at least one other networked device associated with the networked device.

12. A non-transitory computer-readable storage medium storing authentication logic, which, when executed by a processor on a networked computing device, performs operations to:
- authenticate with a first neighboring device belonging to a set of neighboring devices thereby establishing a trust relationship between the networked computing device and the set of neighboring devices;
  
  obtain via the communication interface data representative of a user associated with a user device;
  
  send a challenge to the user device, via the communication interface, the challenge requesting data associated with the user associated with the user device;
  
  receive a response to the challenge via the communication interface, wherein the response is selectively validated by an associated authentication server associated with the set of neighboring devices;
  
  enable access by the user device to the networked computing device in accordance with the authentication server selectively validating the response to the challenge; and
  
  selectively provide data to the first neighboring device in accordance with the authentication server selectively validating the response to the challenge, the data indicating that the user associated with the user device has been authenticated to enable access by the user associated with the user device to the set of neighboring devices.
- View Dependent Claims (13, 14)
- - 13. The computer-readable storage medium of claim 12, wherein the data provided to the first neighboring device of the set of neighboring devices indicating that the user associated with the user device has been authenticated comprises a session key.
  - 14. The computer-readable storage medium of claim 13, wherein the authentication logic receives data representative of a second authenticated user from the first neighboring device belonging to the set of neighboring devices;
    - wherein the second authenticated user is allowed access to the apparatus based on the data representative of the second authenticated user received from the first neighboring device.

15. A method, comprising:
- authenticating, by a processor executing authentication logic on a networked computing device, with a first neighboring device belonging to a set of neighboring devices thereby establishing a trust relationship between the networked computing device and the set of neighboring devices;
  
  obtaining via a communication interface data representative of a user associated with a user device;
  
  sending a challenge to the user device, via the communication interface, the challenge requesting data associated with the user associated with the user device;
  
  receiving a response to the challenge via the communication interface, wherein the response is selectively validated by an associated authentication server associated with the set of neighboring devices;
  
  enabling access by the user device to the networked computing device in accordance with the authentication server selectively validating the response to the challenge; and
  
  selectively providing data to the first neighboring device in accordance with the authentication server selectively validating the response to the challenge, the data indicating that the user associated with the user device has been authenticated to enable access by the user associated with the user device to the set of neighboring devices.
- View Dependent Claims (16)
- - 16. The method of claim 15, wherein the data provided to the first neighboring device of the set of neighboring devices indicating that the user associated with the user device has been authenticated comprises a session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Friedl, Stephan Edward, Wesselman, Thomas Martin, Chervets, Steven
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Wilcox, James J

Application Number

US13/358,079
Publication Number

US 20130191902A1
Time in Patent Office

1,371 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/35   communicating wirelessly

G06F 21/41   where a single sign-on prov...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 63/08   for authentication of entit...

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 4/80   Services using short range ...

Network mediated multi-device shared authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Network mediated multi-device shared authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links