What technology area does this patent fall under?

Primary CPC classification H04L9/3242. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Feb 12 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Methods and apparatus to authenticate and differentiate virtually identical resources using session chaining

US10205595B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10205595-B2
Application number	US-201615243673-A
Country	US
Kind code	B2
Filing date	Aug 22, 2016
Priority date	Jun 22, 2016
Publication date	Feb 12, 2019
Grant date	Feb 12, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Methods and apparatus to authenticate and differentiate virtually identical resources using session chaining are disclosed. In response to a session request from at least one of a management device or a resource, example methods and apparatus locate a session chain stack associated with an identifier of the at least one of the management device or the resource, and determine whether a first nonce at a top of the session chain stack associated with the identifier of the at least one of the management device or the resource is equal to a second nonce associated with the session request from the at least one of the management device or the resource. Upon determining that the nonce at the top of the session chain stack associated with the identifier of the at least one of the management device or the resource is equal to the second nonce, example methods and apparatus initiate a session between the management device and the resource, and re-negotiate the second nonce between the management device and the resource to generate a third nonce.

First claim

Opening claim text (preview).

What is claimed is: 1. A management device comprising: a communicator to conduct a session between the management device and a resource; an authenticator to: in response to a session request from the resource, locate in a database, a session chain stack associated with an identifier of the resource; and determine whether a first nonce at a top of the session chain stack associated with the identifier of the resource matches a second nonce associated with the session request from the resource; and a nonce manager to re-negotiate the second nonce between the management device and the resource to generate a third nonce. 2. An apparatus as defined in claim 1 , wherein the nonce manager is to push the third nonce onto the top of the session chain stack. 3. An apparatus as defined in claim 1 , further including, in response to the nonce manager re-negotiating the second nonce between the management device and the resource, the communicator is to initiate a series of communication transactions between the management device and the resource without further re-negotiation of the third nonce. 4. An apparatus as defined in claim 1 , wherein the communicator is to conduct the session via an integrity protecting protocol. 5. A management device comprising: a communicator to conduct a session between the management device and a resource; an authenticator to: in response to a session request from the resource, locate in a database, a session chain stack associated with an identifier of the resource; and determine whether a first nonce at a top of the session chain stack associated with the identifier of the resource matches a second nonce associated with the session request from the resource; a random number generator to generate a first random value; and a nonce manager to: exponentiate a resource key based on a second random value with the first random value; and perform a keyed hash function on the exponentiated resource key and the second nonce to generate a third nonce. 6. An apparatus as defined in claim 1 , wherein the resource is a first resource, the session request is a first session request, and the authenticator is to reject a second session request from a second resource during the session. 7. A management device comprising: a communicator to conduct a session between the management device and a resource; an authenticator to: in response to a session request from the resource, locate in a database, a session chain stack associated with an identifier of the resource; and determine whether a first nonce at a top of the session chain stack associated with the identifier of the resource matches a second nonce associated with the session request from the resource; and a nonce manager to re-negotiate the second nonce between the management device and the resource to generate a third nonce; wherein the resource is a first resource, the session request is a first session request, and the authenticator is to reject a second session request from a second resource during the session; the nonce manager to, in response to the authenticator rejecting the second session request: re-negotiate the third nonce between the management device and the first resource to generate a fourth nonce; and push the fourth nonce onto the session chain stack. 8. A method comprising: in response to a session request from a resource, locating, by executing an instruction with a processor of a management device, a session chain stack associated with an identifier of the resource; and in response to a first nonce at a top of the session chain stack associated with the identifier of the resource matching a second nonce associated with the session request from the resource: initiating, by executing an instruction with the processor, a session between the management device and the resource; and re-negotiating, by executing an instruction with the processor, the second nonce between the management device and the resource to generate a third nonce. 9. A method as defined in claim 8 , further including pushing the third nonce onto the top of the session chain stack. 10. A method as defined in claim 8 , further including, in response to re-negotiating the second nonce between the management device and the resource, initiating a series of communication transactions between the management device and the resource without further re-negotiation of the third nonce. 11. A method as defined in claim 8 , wherein the session employs an integrity protecting protocol. 12. A method comprising: in response to a session request from a resource, locating, by executing an instruction with a processor of a management device, a session chain stack associated with an identifier of the resource; and in response to a first nonce at a top of the session chain stack associated with the identifier of the resource matching a second nonce associated with the session request from the resource: initiating, by executing an instruction with the processor, a session between the management device and the resource; exponentiating a resource key based on a first random value with a second random value generated by the management device; and performing a keyed hash function on the exponentiated resource key and the second nonce to create a third nonce. 13. A method as defined in claim 8 , wherein the resource is a first resource and the session request is a first session request, further including, upon receiving a second session request from a second resource during the session, rejecting the second session request. 14. A method comprising: in response to a session request from a resource, locating, by executing an instruction with a processor of a management device, a session chain stack associated with an identifier of the resource: in response to a first nonce at a top of the session chain stack associated with the identifier of the resource matching a second nonce associated with the session request from the resource: initiating, by executing an instruction with the processor, a session between the management device and the resource; and re-negotiating, by executing an instruction with the processor, the second nonce between the management device and the resource to generate a third nonce, wherein the resource is a first resource and the session request is a first session request, further including, upon receiving a second session request from a second resource during the session, rejecting the second session request; wherein the second session request is associated with the identifier and the session chain stack; and in response to rejecting the second session request: re-negotiating the third nonce between the management device and the first resource to generate a fourth nonce; and pushing the fourth nonce onto the session chain stack. 15. A non-transitory computer readable storage medium comprising instructions that, when executed, cause a machine to at least: in response to a session request from at least one of a management device or a resource: locate a session chain stack associated with an identifier of the at least one of the management device or the resource; and determine whether a first nonce at a top of the session chain stack associated with the identifier of the at least one of the management device or the resource is equal to a second nonce associated with the session request from the at least one of the management device or the resource; and upon determining that the first nonce at the top of the session chain stack associated with the identifier of the at least one of the management device or the resource is eq

Assignees

Vmware Inc

Inventors

Frascadore Gregory A

Classifications

H04L9/0643
Hash functions, e.g. MD5, SHA, HMAC or f9 MAC · CPC title
H04L9/0662
with particular pseudorandom sequence generator · CPC title
H04L63/0823
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
H04L41/048
mobile agents · CPC title
H04L63/061
for key exchange, e.g. in peer-to-peer networks (cryptographic mechanisms or cryptographic arrangements for key agreement H04L9/0838) · CPC title

Patent family

Related publications grouped by family.

View patent family 60678069

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10205595B2 cover?: Methods and apparatus to authenticate and differentiate virtually identical resources using session chaining are disclosed. In response to a session request from at least one of a management device or a resource, example methods and apparatus locate a session chain stack associated with an identifier of the at least one of the management device or the resource, and determine whether a first non…
Who is the assignee on this patent?: Vmware Inc
What technology area does this patent fall under?: Primary CPC classification H04L9/3242. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Feb 12 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).