Security mechanism within a local area network

US 9,281,947 B2
Filed: 01/23/2008
Issued: 03/08/2016
Est. Priority Date: 01/23/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

sending, from a client device, a first request to a server, the first request comprising a request for a server public key associated with the server;

in response to sending the first request, receiving, at the client device, the server public key from the server;

using the received server public key to establish a secure communication channel for the client device with the server within a local area network, wherein establishing the secure communication channel includes encrypting, at the client device, a second request to the server for a client security certificate using the received server public key from the server;

sending, from the client device, the encrypted second request to the server for the client security certificate using the secure communication channel;

in response to sending the encrypted second request and without providing any further authentication in addition to sending the encrypted second request using the secure communication channel within the local area network established for the client device with the server, receiving, at the client device, the client security certificate from the server wherein the security certificate is a self-signed certificate; and

installing the received security certificate on the client device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A local area network server may issue security certificates to client devices on the network for two-way authentication across the network. The certificates may be issued through a transaction performed over the network and, in some cases, may be automated. The server may have a self signed or a trusted security certificate which may serve as a basis for issuing certificates to various clients. After a certificate is issued, future communications on the network may be authenticated by both the server and client, and the communications may be encrypted using the certificates.

27 Citations

15 Claims

1. A method, comprising:
- sending, from a client device, a first request to a server, the first request comprising a request for a server public key associated with the server;
  
  in response to sending the first request, receiving, at the client device, the server public key from the server;
  
  using the received server public key to establish a secure communication channel for the client device with the server within a local area network, wherein establishing the secure communication channel includes encrypting, at the client device, a second request to the server for a client security certificate using the received server public key from the server;
  
  sending, from the client device, the encrypted second request to the server for the client security certificate using the secure communication channel;
  
  in response to sending the encrypted second request and without providing any further authentication in addition to sending the encrypted second request using the secure communication channel within the local area network established for the client device with the server, receiving, at the client device, the client security certificate from the server wherein the security certificate is a self-signed certificate; and
  
  installing the received security certificate on the client device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 wherein the server public key is issued based on a server security certificate, and wherein the server security certificate is used to generate the client security certificate.
  - 3. The method of claim 1, further comprising:
    - using the client security certificate for authenticating the client device with the server.
  - 4. The method of claim 1, further comprising:
    - using the client security certificate for encrypting a communication with the server.
  - 5. The method of claim 1 wherein installing the security certificate on the client device includes installing the security certificate on the client device without user interaction.

6. A method, comprising:
- receiving, from a client device, a first request to a server, the first request comprising a request by the client device for a server public key associated with the server;
  
  in response to receiving the first request, sending the requested server public key from the server to the client device;
  
  receiving, from the client device, a second request to the server for a client security certificate, the received second request being encrypted at the client device using the server public key sent from the server to the client device;
  
  in response to receiving the encrypted second request and without providing any further authentication in addition to the client device sending the encrypted second request, encrypting the requested client security certificate and sending the encrypted client security certificate from the server to the client device to be installed on the client device;
  
  receiving a communication from the client device, the communication being encrypted using the client security certificate; and
  
  using the client security certificate for decrypting the received communication.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The method of claim 6 wherein the server public key is issued based on a server security certificate, and wherein the server security certificate is used to generate the client security certificate.
  - 8. The method of claim 7 wherein the server security certificate is a self-signed certificate.
  - 9. The method of claim 6, further comprising authenticating the client device using the client security certificate.
  - 10. The method of claim 6 wherein the requested client security certificate from the server to the client device is to be installed on the client device without user interaction.
  - 11. The method of claim 6, further comprising in response to receiving the encrypted second request, decrypting the received second request using a server private key and sending the requested client security certificate from the server to the client device to be installed on the client device based on the decrypted second request.

12. A computing server, comprising:
- a processor and a memory containing instructions that when executed by the processor, cause the processor to perform a process comprising;
  
  receiving, from a client device, a first request comprising a request by the client device for a server public key associated with the computing server;
  
  in response to receiving the first request, transmitting the requested server public key to the client device;
  
  receiving, from the client device, a second request to the computing server for a client security certificate, the received second request being encrypted at the client device using the server public key transmitted from the computing server to the client device;
  
  in response to receiving the encrypted second request and without providing any further authentication in addition to the client device sending the encrypted second request, encrypting the requested client security certificate and transmitting the encrypted client security certificate to the client device to be installed on the client device;
  
  receiving a communication from the client device, the communication being encrypted using the client security certificate; and
  
  using the client security certificate for decrypting the received communication.
- View Dependent Claims (13, 14, 15)
- - 13. The computing server of claim 12 wherein the server public key is issued based on a server security certificate, and wherein the server security certificate is used to generate the client security certificate.
  - 14. The computing server of claim 12 wherein the requested client security certificate from the server to the client device is to be installed on the client device without user interaction.
  - 15. The computing server of claim 12 wherein the process performed by the processor further comprises in response to receiving the encrypted second request, decrypting the received second request using a server private key and sending the requested client security certificate from the server to the client device to be installed on the client device based on the decrypted second request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Elizarov, Michael, Musayev, Eldar, Fishman, Neil
Primary Examiner(s)
SCHMIDT, KARI L

Application Number

US12/018,783
Publication Number

US 20090187760A1
Time in Patent Office

2,967 Days
Field of Search

713156-158, 713/168, 713/175, 380/277, 380/282
US Class Current

1/1
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

Security mechanism within a local area network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Security mechanism within a local area network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links