US2009007217A1PendingUtilityA1

Computer system for authenticating a computing device

Assignee: CONNECTERRA INC A WASHINGTON CPriority: Jul 29, 2002Filed: Dec 6, 2006Published: Jan 1, 2009
Est. expiryJul 29, 2022(expired)· nominal 20-yr term from priority
H04L 67/125H04L 61/50H04L 63/0492H04W 12/02H04L 67/52
51
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A computer architecture for enterprise device applications provides a real-time, bi-directional communication layer for device communication. An identity-based communications layer provides for secure, end-to-end telemetry and control communications by enabling mutual authentication and encryption between the devices and the enterprise. A unique identity is assigned to each device, user and application to provide security services. A communications session is established between two devices using an authentication service that authenticates the device that is initiating the establishment of the communications session with another device. After authenticating the initiating device, the authentication service provides to the initiating device the network address of the other device and an authentication credential for use in the communications session between the initiating device and the other device.

Claims

exact text as granted — not AI-modified
1 . A method for establishing a communications session between two computing devices connected to a network, the method comprising:
 receiving a request from a first registered computing device to establish a communications session with a second registered computing device;   authenticating the first registered computing device;   determining policy information for use in the communications session with the second registered computing device; and   when the first registered computing device is authenticated, sending to the first registered computing device (1) the policy information for use in the communications session with the second registered computing device and (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device.   
   
   
       2 . The method of  claim 1  wherein the policy information indicates whether encryption is to be used in the communications session with the second registered computing device. 
   
   
       3 . The method of  claim 2  wherein the policy information indicates an encryption method to be used in the communications session with the second registered computing device. 
   
   
       4 . The method of  claim 3  wherein the policy information identifies a symmetric cryptographic algorithm to be used in the communications session with the second registered computing device. 
   
   
       5 . The method of  claim 3  wherein the policy information identifies an asymmetric cryptographic algorithm to be used in the communications session with the second registered computing device. 
   
   
       6 . The method of  claim 1  wherein the policy information indicates whether a message authentication code is to be used in the communications session with the second registered computing device. 
   
   
       7 . The method of  claim 1  further comprising encrypting the policy information using a short-term authentication credential associated with the second computing device. 
   
   
       8 . The method of  claim 1  further comprising encrypting the policy information using a long-term authentication credential associated with the second computing device. 
   
   
       9 . The method of  claim 1  further comprising encrypting the policy information using a short-term authentication credential associated with the first computing device. 
   
   
       10 . A computer-readable medium or propagated signal having embodied thereon a computer program configured to establish a communications session between two computing devices connected to a network, the medium or signal comprising one or more code segments configured to:
 receive a request from a first registered computing device to establish a communications session with a second registered computing device;   authenticate the first registered computing device;   determine policy information for use in the communications session with the second registered computing device; and   when the first registered computing device is authenticated, send to the first registered computing device (1) the policy information for use in the communications session with the second registered computing device and (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device.   
   
   
       11 . The medium or signal of  claim 10  wherein the policy information indicates an encryption method to be used in the communications session with the second registered computing device. 
   
   
       12 . A system for establishing a communications session between two computing devices connected to a network, the system comprising a processor connected to a storage device and one or more input/output devices, wherein the processor is configured to:
 receive a request from a first registered computing device to establish a communications session with a second registered computing device;   authenticate the first registered computing device;   determine policy information for use in the communications session between the first and second registered computing devices; and   when the first registered computing device is authenticated, send to the first registered computing device (1) the policy information for use in the communications session with the second registered computing device and (2) authentication information for use in mutual authentication of the first registered computing device and the second registered computing device.   
   
   
       13 . The system of  claim 12  wherein the policy information indicates an encryption method to be used in the communications session with the second registered computing device.

Join the waitlist — get patent alerts

Track US2009007217A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.