Secure authentication of remote equipment
First Claim
1. A method comprising:
- receiving, by an authentication system, from a content server, a request to authenticate a network device;
sending, by the authentication system and to the network device, an encrypted challenge message;
receiving, by the authentication system and from the network device, an encrypted response to the encrypted challenge message, wherein the encrypted response comprises a digital signature of the network device, and wherein the encrypted response comprises an identifier of an unauthorized user device requesting to exchange data with the content server via the network device;
verifying, by the authentication system based on the encrypted response, an authenticity of the network device; and
authorizing, by the authentication system and based on successful verification of the authenticity of the network device, the content server to exchange unencrypted data with the unauthorized user device via the network device.
1 Assignment
0 Petitions
Accused Products
Abstract
An authentication server may use secure messaging with a remote device prior to authorizing non-secure communications between the remote device and a content server, thereby preventing unauthorized access to the content server. The secure messaging uses such security features as encryption, signatures with authentication certificates, a realm, and/or a nonce. Once non-secure communication is authorized, the remote device may act as a proxy between the content server and a user device connected to the remote device. The authentication server sends timeout notices to the remote device containing an interval and a key. To continue non-secure communications with the content server, the remote device must respond prior to the expiration of the interval by sending a keep-alive message containing the key to the authentication server.
-
Citations
19 Claims
-
1. A method comprising:
-
receiving, by an authentication system, from a content server, a request to authenticate a network device; sending, by the authentication system and to the network device, an encrypted challenge message; receiving, by the authentication system and from the network device, an encrypted response to the encrypted challenge message, wherein the encrypted response comprises a digital signature of the network device, and wherein the encrypted response comprises an identifier of an unauthorized user device requesting to exchange data with the content server via the network device; verifying, by the authentication system based on the encrypted response, an authenticity of the network device; and authorizing, by the authentication system and based on successful verification of the authenticity of the network device, the content server to exchange unencrypted data with the unauthorized user device via the network device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising:
-
one or more processors; and a memory, the memory storing computer-executable instructions that, when executed by the one or more processors, cause the apparatus to; receive, from a content server, a request to authenticate a network device; send, to the network device, an encrypted challenge message; receive, from the network device, an encrypted response to the encrypted challenge message, the encrypted response comprising a digital signature of the network device, the encrypted response further comprising an identifier of an unauthorized user device requesting to exchange data with the content server; verify, based on the encrypted response, an authenticity of the network device; and authorize, based on successful verification of the authenticity of the network device, the content server to exchange unencrypted data with the unauthorized user device via the network device. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a network device configured to provide network access to one or more user devices; a content server configured to communicate with the one or more user devices via the network device; and an authentication server configured to; receive, from the content server, a request to authenticate the network device; send, to the network device, an encrypted challenge message; receive, from the network device, an encrypted response to the encrypted challenge message, wherein the encrypted response comprises a digital signature of the network device, and wherein the encrypted response further comprises an identifier of an unauthorized one of the one or more user devices requesting to exchange data with the content server via the network device; and verify, based on the encrypted response, an authenticity of the network device; and authorize, based on successful verification of the authenticity of the network device, the content server to exchange unencrypted data with the unauthorized one of the one or more user devices via the network device. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification