1. Field of the Invention
The invention relates to the field of authenticating devices, and more particularly relates to authenticating a device with a server over a network.
2. Description of the Related Art
Various systems are known for confirming the identity of a networked device, when establishing communication between that device and another networked device or computer.
For example, in one conventional system, an X.509 certificate may be installed in the device at the time of manufacturing under the control of a trusted administrator. The certificate can be used within a Public Key Infrastructure (PKI), such that other devices can securely identify the device when communicating with the device over a network.
Other conventional systems may not use PKI. For example, these systems may use symmetric keys to authenticate a device. Using this approach, the symmetric keys can be installed by a trusted administrator and also stored in a trusted repository, such that the trusted repository can participate in the authentication and other aspects of securely accessing the device.
However, in conventional systems, there is typically a requirement to install the security credentials used to strongly authenticate the device. This requirement can create a burden in the manufacturing process for the device. For example, this burden can be experienced by the manufacturing operation, service personnel, system administrators, or end-users, depending on the method of installation of the authentication credentials.
Thus, there is a need for systems and methods with improved authentication of a networked device, such that the identity of the networked device may be firmly established in an efficient manner.
Disclosed embodiments describe systems and methods for authenticating a device with a server over a network. Certain disclosed embodiments provide that the device authenticates the server so as to establish a secure connection with the server, and communicates identification information of the device to the server. The identification information uniquely identifies the device to the server. The server determines the credibility of the device using the identification information communicated by the device. In a case where the server determines that the device is credible, the server creates a first authentication token for the device and transfers the first authentication token to the device using the secure connection. The server authenticates the device using the first authentication token.
In one aspect of the disclosure, a method of authenticating a device with a server over a network is provided. The device authenticates the server so as to establish a secure connection with the server, and communicates identification information of the device to the server, wherein the identification information uniquely identifies the device to the server. The server determines the credibility of the device using the identification information communicated by the device. In a case where the server determines that the device is credible, the server creates a first authentication token for the device, stores the first authentication token, and transfers the first authentication token to the device using the secure connection. The device stores the first authentication token. The server authenticates the device using the first authentication token.
In a further aspect of the disclosure, a computer-readable memory medium on which is stored computer-executable process steps for causing a computer to authenticate a device with a server over a network is provided. The process steps include the device authenticating the server so as to establish a secure connection with the server, and communicating identification information of the device to the server, wherein the identification information uniquely identifies the device to the server. The process steps further include the server determining the credibility of the device using the identification information communicated by the device. In addition, the process steps include, in a case where the server determines that the device is credible, the server creating a first authentication token for the device, stores the first authentication token, and transferring the first authentication token to the device using the secure connection. The process steps further include the device storing the first authentication token, and the server authenticating the device using the first authentication token.
In yet a further aspect of the disclosure, a device for authentication by a server over a network is provided. The device includes a computer-readable memory constructed to store computer-executable process steps, and a processor constructed to execute the computer-executable process steps stored in the memory. The computer-executable process steps include authenticating the server so as to establish a secure connection with the server, and communicating identification information of the device to the server, wherein the identification information uniquely identifies the device to the server. The computer-executable process steps further include receiving a first authentication token from the server and storing the first authentication token, in a case where the server determines that the device is credible based on the identification information. The device is authenticated by the server using the first authentication token.
In yet a further aspect of the disclosure, a server for authenticating a device over a network is provided. The server includes a computer-readable memory constructed to store computer-executable process steps, and a processor constructed to execute the computer-executable process steps stored in the memory. The computer-executable process steps include being authenticated by the device, so as to establish a secure connection between the device and the server, and receiving identification information from the device, wherein the identification information uniquely identifies the device to the server. The computer-executable process steps further include determining the credibility of the device using the identification information. The computer-executable process steps further include, in a case where it is determined that the device is credible, creating a first authentication token for the device, storing the first authentication token, and transferring the first authentication token to the device using the secure connection. The computer-executable process steps further include authenticating the device using the first authentication token.
The credibility of the device can be determined by the server accessing a database to determine whether the identification information supplied by the device reasonably and credibly identifies the device. The identification information can include at least one of a device model number, a firmware revision, a Media Access Control (MAC) address, and a device serial number. The authenticating the device can be based on a challenge-response mechanism which employs the first authentication token to authenticate the device with the server. The secure connection can be a Secure Sockets Layer (SSL) connection.
The authenticating the server can include the server creating a second authentication token, storing the second authentication token, transferring the second authentication token to the device using the secure connection, and the device storing the second authentication token, wherein the server is authenticated using the second authentication token.
A user can provide a password to the server out-of-band, prior to the device authenticating the server. The user can provide the password to the server via a browser or other web application.
The device can determine which server to authenticate, prior to authenticating the server. The server can be determined from a predetermined, initial configuration of the device. The server can also be determined from a manual configuration of an administrator. In addition, the server can be determined by connecting to a primary server, which in turn selects the server from one or more secondary servers, and which redirects the device to the selected secondary server.
This brief summary has been provided so that the nature of this disclosure may be understood quickly. A more complete understanding can be obtained by reference to the following detailed description and to the attached drawings.
As shown in
Device 102 is a type of networked device. For example, device 102 can be a computer, printer, scanner, digital camera, or any other type of networked device. Device 102 can include the ability to perform secure communications with other devices (not shown) connected to network 106, as well as to server 104.
As can be seen in
Fixed disk 212 is one example of a computer-readable medium that stores program instruction sequences executable by CPU 202. In server 104, the program instruction sequences may include operating system 214, network interface driver 216, encryption/decryption logic 218, authentication application 220, and other files 222. Operating system 214 can be an operating system such as Windows (e.g., Windows NT, XP or Vista), UNIX, Novell Netware or other such server operating systems. Network interface driver 216 can be a hardware driver application utilized to drive network interface 204 for interfacing server 104 to network 106. Encryption/decryption logic 218 can provide security functionality for server 104 to encrypt transmissions utilizing, for example, encryption keys, and provides functionality for decrypting received transmissions. Other files 222 can contain other files or programs necessary to operate server 104 and/or to provide additional functionality to server 104.
Furthermore, authentication application 220 can be a software application which provides the functionality for authenticating a device (e.g., device 102) over a network (e.g., network 106). Specifically, as will be described in greater detail below, authentication application 220 can provide functionality for being authenticated by device 102, so as to establish a secure connection between device 102 and server 104, and receiving identification information from device 102, wherein the identification information uniquely identifies device 102 to server 104. Authentication application 220 can provide further functionality for determining the credibility of device 102 using the identification information. In addition, authentication application 220 can provide functionality for, in a case where it is determined that device 102 is credible, creating a first authentication token for device 102, storing the first authentication token, and transferring the first authentication token to device 102 using the secure connection. Device 102 can be authenticated by server 104 using the first authentication token.
EEPROM 322, which can be used for containing non-volatile program instructions, random access memory (RAM) 316, device memory 324 and read-only memory (ROM) 318 can also be coupled to device bus 314. RAM 316 can interface to device bus 314 to provide CPU 302 with access to memory storage, thereby acting as the main run-time memory for CPU 302. In particular, when executing stored program instruction sequences, CPU 302 can load those instruction sequences from device memory 324 (or other memory media) into RAM 316 and can execute those stored program instruction sequences out of RAM 316. ROM 318 can store invariant instruction sequences, such as start-up instruction sequences for CPU 302 or BIOS sequences for the operation of various peripheral devices of device 102 (not shown).
Device memory 324 is one example of a computer-readable medium that can store program instruction sequences executable by CPU 302 so as to constitute device engine logic 326, I/O port drivers 328, encryption/decryption logic 330, authentication logic 332, other files 334 and queue 336. Device engine logic 326 can control and drive device engine 304 of device 102 so as to perform a function (e.g., print, capture, scan) for data associated with device 102. For example, such data can be sent to or received from device 102 over network 106. I/O port drivers 328 can be utilized to drive input and output devices such as a barcode scanner (not shown) connected through I/O ports 308. Other files 334 can include files and/or programs for the operation of device 102.
Furthermore, authentication logic 332 can provide functionality for authenticating device 102 over a network (e.g., network 106). Specifically, as will be described in greater detail below, authentication logic 332 can provide functionality for authenticating a server (e.g., server 104) so as to establish a secure connection with server 104, and communicating identification information of device 102 to server 104, wherein the identification information uniquely identifies device 102 to server 104. Authentication logic 332 can further provide functionality for receiving a first authentication token from server 104, in a case where server 104 determines that device 102 is credible based on the identification information and creates the first authentication token, and storing the first authentication token. Authentication logic 332 can further provide functionality for authenticating device 102 using the first authentication token.
To create a unique authentication token, which will be described in greater detail below, device 102 can be manufactured with features that allow it to initiate an SSL connection securely, without the additional installation of credentials in a manufacturing process step, by a service technician, an administrator, or an end-user. Although
Further, device 102 can be manufactured to include logic that can initiate an SSL (or other secure) connection, and at least one root validation certificate. The root validation certificate can be used to authenticate a server (e.g., server 104) possessing an x.509 server certificate that is signed by the certificate authority that issued the root validation certificate possessed by device 102. It should be noted that the root validation certificate can be duplicated in all devices (e.g., device 102) during the manufacturing process, as it is not unique to each device. This can, therefore, be accomplished with typically no additional burden on the manufacturing process.
In a further aspect, server 104 can be contacted by a user engaged in the setup of device 102, the user can indicate to server 104 that a provisioning operation is required, and the provisioning operation can be conducted between device 102 and server 104. The success of the provisioning operation can be dependent upon the proximity in time of the user's indication to server 104 of the need for a provisioning operation and the actual initiation of the provisioning operation.
With reference to
Server 104 can be a trusted provisioning server. The choice of a trusted provisioning server can be predetermined in the initial configuration of device 102, so as to facilitate the process automatically. The choice of a trusted provisioning server can also be configured manually by an administrator (e.g., user 402). In addition, device 102 can first connect to a primary server (not shown), which then selects from one or more provisioning servers that will be used to complete the SSL connect process. Once a provisioning server is selected, the primary server can redirect device 102 to the selected server (e.g., server 104) to complete the SSL connect process. For example, such selection of a provisioning server from a primary server can allow the SSL connect process to be completed using a server that is geographically proximate to device 102.
During the negotiation phase of the SSL connection, device 102 can authenticate server 104. As device 102 has no pre-existing security credentials, server 104 typically cannot securely authenticate device 102 at this stage, with an exception described below with reference to
At sequence step 412, device 102 can communicate identification information that uniquely identifies device 102 to server 104. For example, this identification information can include any of device 102 model number, the firmware revision, the Media Access Control (MAC) address, the device serial number, and other information that, when combined, uniquely describes device 102. As device 102 has not been strongly authenticated by server 106, there is the possibility that a rogue device or computer may supply spoofed (e.g., not credible and/or unreliable) information.
As such, server 104 can evaluate the unique identification information that it received from device 102. In evaluating the received information, server 104 can consult a database 404 or use other means to determine whether the identification information supplied by device 102 is reasonable and credible (sequence steps 416 and 418). If server 104 determines that the received identification information is not reasonable and credible, it may reject the attempt by device 102 to generate a new authentication token.
If server 104 determines that the identification information supplied by device 102 is reasonable and credible, server 104 can create an authentication token for device 102 (sequence step 420). Server 104 can transfer the authentication token securely to device 102, using the existing SSL connection (sequence step 426). Server 104 can also store the authentication token in database 404 for future reference (sequence steps 422 and 424).
Additional measures may be taken to secure the new authentication token, by encrypting it to ensure its security while it is stored in database 404. Further, the authentication token may be implemented in a variety of ways. For example, the authentication token can simply be a random value that is associated with device 102 as, for example, a key. In another example, the authentication token can be an X.509 certificate.
Device 102 can receive the authentication token (sequence step 426) and store it locally for future use (not shown). The token can be stored in non-volatile storage, such as in flash memory or on a disk. Further, device 102 can take additional steps to ensure that the token is stored securely, such as encrypting it prior to storage or storing it in a hardened hardware module, such as a smart chip.
Further for sequence step 426, device 102 can acknowledge successful completion of the token generation and storage process, such that both device 102 and server 104 regard the process as complete. The secure connection can be terminated, and the authentication token can be used by device 102 to authenticate device 102 with server 104.
In this regard, when a reconnect is issued by user 402 (sequence step 428), the same authentication token can be used for establishing connections. As can be seen in
Further, device 102 can request a connection to server 104 (sequence steps 434 and 436). An authentication process can occur between device 102 and server 104 (sequence steps 438 and 440) using the authentication token, where the authentication token is used to authenticate device 102. For example, a challenge-response mechanism employing the authentication token may be used to authenticate device 102 with server 104. The challenge-response algorithm may be one of various algorithms that are well known in the art or may be any other challenge response algorithm. The OATH Challenge Response Algorithm (OCRA) is an example of such an algorithm which may be utilized to authenticate device 102 with server 104.
Although not depicted in
The out-of-band password can be entered into device 102 prior to the provisioning operation, the password can be provided to server 104 prior to the provisioning operation, and the password can be associated with device 102 and stored by server 104 (e.g., in database 404). The password can be used to authenticate device 102 during the provisioning process. Further, the password can be used during the authentication operation in a new session, subsequent to the provisioning process.
Similar to the sequence steps of
More specifically, the authentication of device 102 by server 104 can be supplemented with an out-of band connection to server 104, where user 402 (e.g., an administrator or other user) can use a browser or other web application 502 (hereinafter browser 502) to provide a password to server 104 out-of-band, prior to initial authentication. The password can allow device 102 to be linked to a specific account owner and to the security of the authentication process of device 102, while also permitting the authentication of device 102 (or user 402 of device 102) during the initial provisioning operation.
As can be seen in
It should also be noted that the authentication token may be combined with the out-of-band password and other factors (e.g., real-time clock value, counter, etc.), to enhance the security of the authentication process.
Accordingly, the examples of sequence steps in
The invention has been described above with respect to particular illustrative embodiments. It is understood that the invention is not limited to the above-described embodiments and that various changes and modifications may be made by those skilled in the relevant art without departing from the spirit and scope of the invention.
Number | Name | Date | Kind |
---|---|---|---|
5732137 | Aziz | Mar 1998 | A |
5970147 | Davis | Oct 1999 | A |
6006332 | Rabne et al. | Dec 1999 | A |
6065120 | Laursen et al. | May 2000 | A |
6161139 | Win et al. | Dec 2000 | A |
6647304 | Tsukishima et al. | Nov 2003 | B2 |
6754815 | Ellison et al. | Jun 2004 | B1 |
6769058 | Ellison et al. | Jul 2004 | B1 |
7089208 | Levchin et al. | Aug 2006 | B1 |
7092370 | Jiang et al. | Aug 2006 | B2 |
7167466 | Chowdhury et al. | Jan 2007 | B2 |
7181620 | Hur | Feb 2007 | B1 |
7219154 | Blakley, III et al. | May 2007 | B2 |
7263205 | Lev | Aug 2007 | B2 |
7284233 | Sengodan | Oct 2007 | B2 |
7290249 | Sengodan | Oct 2007 | B2 |
7293262 | Sengodan | Nov 2007 | B2 |
7302634 | Lucovsky et al. | Nov 2007 | B2 |
7305254 | Findikli | Dec 2007 | B2 |
7308261 | Henderson et al. | Dec 2007 | B2 |
7308597 | Bhat et al. | Dec 2007 | B2 |
7310684 | Patrick et al. | Dec 2007 | B2 |
7313690 | Miller | Dec 2007 | B2 |
7313825 | Redlich et al. | Dec 2007 | B2 |
7316027 | Burch et al. | Jan 2008 | B2 |
7316030 | Audebert et al. | Jan 2008 | B2 |
7321969 | Schoen et al. | Jan 2008 | B2 |
7322047 | Redlich et al. | Jan 2008 | B2 |
7325128 | Wood et al. | Jan 2008 | B2 |
7325134 | Fascenda | Jan 2008 | B2 |
7330971 | Kukreja et al. | Feb 2008 | B1 |
7340438 | Nordman et al. | Mar 2008 | B2 |
7340481 | Baer et al. | Mar 2008 | B1 |
7346844 | Baer et al. | Mar 2008 | B1 |
7346930 | Boydstun et al. | Mar 2008 | B1 |
7349913 | Clark et al. | Mar 2008 | B2 |
7349987 | Redlich et al. | Mar 2008 | B2 |
7350201 | Ferri et al. | Mar 2008 | B2 |
7356046 | Harley, Jr. | Apr 2008 | B2 |
7356389 | Holst et al. | Apr 2008 | B2 |
7363486 | Audebert et al. | Apr 2008 | B2 |
7363487 | Venkataramappa et al. | Apr 2008 | B2 |
7366892 | Spaur et al. | Apr 2008 | B2 |
7369677 | Petrovic et al. | May 2008 | B2 |
7370091 | Slaughter et al. | May 2008 | B1 |
7376836 | Graves et al. | May 2008 | B2 |
7376900 | Guido et al. | May 2008 | B2 |
7389393 | Karr et al. | Jun 2008 | B1 |
7391865 | Orsini et al. | Jun 2008 | B2 |
7395243 | Zielke et al. | Jul 2008 | B1 |
7395246 | Brickell et al. | Jul 2008 | B2 |
7395333 | Saulpaugh et al. | Jul 2008 | B1 |
7398261 | Spivack et al. | Jul 2008 | B2 |
7398389 | Teal et al. | Jul 2008 | B2 |
7398533 | Slaughter et al. | Jul 2008 | B1 |
7401036 | Vande Pol | Jul 2008 | B2 |
7409569 | Illowsky et al. | Aug 2008 | B2 |
7412518 | Duigou et al. | Aug 2008 | B1 |
7412598 | Gleichauf | Aug 2008 | B1 |
7415617 | Ginter et al. | Aug 2008 | B2 |
7415725 | Henneberry et al. | Aug 2008 | B2 |
7418474 | Schwab | Aug 2008 | B2 |
7418596 | Carroll et al. | Aug 2008 | B1 |
7421155 | King et al. | Sep 2008 | B2 |
7424438 | Vianello | Sep 2008 | B2 |
7426721 | Saulpaugh et al. | Sep 2008 | B1 |
7428493 | Shkedi | Sep 2008 | B2 |
7428546 | Nori et al. | Sep 2008 | B2 |
7430670 | Horning et al. | Sep 2008 | B1 |
7797532 | Miura et al. | Sep 2010 | B2 |
20030200184 | Dominguez et al. | Oct 2003 | A1 |
20050097362 | Winget et al. | May 2005 | A1 |
20060090197 | Hermann et al. | Apr 2006 | A1 |
20060156385 | Chiviendacz et al. | Jul 2006 | A1 |
20060171537 | Enright | Aug 2006 | A1 |
20060230165 | Zimmer et al. | Oct 2006 | A1 |
20070143831 | Pearson et al. | Jun 2007 | A1 |
20070150420 | Iwamoto et al. | Jun 2007 | A1 |
20070180449 | Croft et al. | Aug 2007 | A1 |
20070289002 | van der Horst et al. | Dec 2007 | A1 |
20070300058 | Takala et al. | Dec 2007 | A1 |
20080028458 | Masuhiro et al. | Jan 2008 | A1 |
Entry |
---|
International Search Report and Written Opinion dated Dec. 1, 2009 in counterpart PCT/US2009/005431. |
“The next evolution in network authentication and security”, U.are.U Pro, 2001. |
“Oath Reference Architecture, Release 2.0”, www.openauthentication.org, 2007. |
Number | Date | Country | |
---|---|---|---|
20100146275 A1 | Jun 2010 | US |