Device pre-authentication
US-2022294773-A1 · Sep 15, 2022 · US
Device pre-authentication
US12003493B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12003493-B2 |
| Application number | US-202117197616-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 10, 2021 |
| Priority date | Mar 10, 2021 |
| Publication date | Jun 4, 2024 |
| Grant date | Jun 4, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method, a device, and a non-transitory storage medium are described in which an pre-authentication service is provided. The service may support a transport layer security handshake and determine authentication based on the initial message. The service may provide for the generation of a message that initiates a handshake between devices in which the message includes an authentication string used for authentication. The service may provide for the generation of another authentication string for comparison. The service may also support authorization of a device. The service may minimize potential malicious attacks and activities between the devices.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving, by a first device from a second device, a first message that includes a first authentication string including a password or a message authentication code, and initiates a handshaking procedure with the first device; generating, by the first device, a second authentication string based on the first authentication string; comparing, by the first device, the second authentication string and the first authentication string; determining, by the first device based on the comparing, whether the second device is authenticated; and determining, by the first device, whether to establish a connection with the second device based on the determining. 2. The method of claim 1 , wherein the handshaking procedure is a transport layer security (TLS) handshaking procedure, and the first message is a client hello of the TLS that includes the first authentication string in an extension field of the client hello. 3. The method of claim 2 , further comprising: omitting, by the first device, to transmit a message to the second device based on determining that the second device is not authenticated. 4. The method of claim 1 , further comprising: identifying, by the first device, a secret key based on an identifier of the second device included in the first authentication string, and wherein the generating of the second authentication string further comprises: generating, by the first device, the second authentication string based on the secret key and other data included in the first authentication string. 5. The method of claim 1 , further comprising: generating, by the first device, a secret key based on a master key and an identifier of the second device included in the first authentication string, and wherein the generating of the second authentication string further comprises: generating, by the first device, the second authentication string based on the secret key and other data included in the first authentication string. 6. The method of claim 5 , wherein the other data includes at least one of an identifier that identifies the master key or an identifier of an anti-malware component of the second device. 7. The method of claim 1 , further comprising: issuing, by the first device to the second device before the receiving, an identifier of the second device and a secret key. 8. The method of claim 1 , further comprising: determining, by the first device, whether the second device is an authorized device based on the first authentication string. 9. A device comprising: a processor configured to: receive, from a second device, a first message that includes a first authentication string including a password or a message authentication code, and initiates a handshaking procedure with the device; generate a second authentication string based on the first authentication string; compare the second authentication string and the first authentication string; determine, based on the comparison, whether the second device is authenticated; and determine whether to establish a connection with the second device based on the determination. 10. The device of claim 9 , wherein the handshaking procedure is a transport layer security (TLS) handshaking procedure, and the first message is a client hello of the TLS that includes the first authentication string in an extension field of the client hello. 11. The device of claim 9 , wherein the processor is further configured to: omit to transmit a message to the second device based on a determination that the second device is not authenticated. 12. The device of claim 9 , wherein the processor is further configured to: identify a secret key based on an identifier of the second device included in the first authentication string, and wherein for the generation of the second authentication string, the processor is further configured to: generate the second authentication string based on the secret key and other data included in the first authentication string. 13. The device of claim 9 , wherein the processor is further configured to: generate a secret key based on a master key and an identifier of the second device included in the first authentication string, and wherein for the generation of the second authentication string, the processor is further configured to: generate the second authentication string based on the secret key and other data included in the first authentication string. 14. The device of claim 13 , wherein the other data includes at least one of an identifier that identifies the master key or an identifier of an anti-malware component of the second device. 15. The device of claim 9 , wherein the processor is further configured to: issue to the second device before the receipt of the first message, an identifier of the second device and a secret key. 16. The device of claim 9 , wherein the processor is further configured to: determine whether the second device is an authorized device based on the first authentication string. 17. A non-transitory computer-readable storage medium storing instructions executable by a processor of a device, which when executed cause the device to: receive, from a second device, a first message that includes a first authentication string including a password or a message authentication code, and initiates a handshaking procedure with the device; generate a second authentication string based on the first authentication string; compare the second authentication string and the first authentication string; determine, based on the comparison, whether the second device is authenticated; and determine whether to establish a connection with the second device based on the determination. 18. The non-transitory computer-readable storage medium of claim 17 , wherein the handshaking procedure is a transport layer security (TLS) handshaking procedure, and the first message is a client hello of the TLS that includes the first authentication string in an extension field of the client hello. 19. The non-transitory computer-readable storage medium of claim 17 , wherein the instructions further comprise instructions, which when executed cause the device to: omit to transmit a message to the second device based on a determination that the second device is not authenticated. 20. The non-transitory computer-readable storage medium of claim 17 , wherein for the generation of the second authentication string, the instruction further comprise instructions, which when executed cause the device to: generate the second authentication string based on a secret key and other data included in the first authentication string, wherein the other data includes at least one of an identifier that identifies a master key or an identifier of an anti-malware component of the second device.
Assignees
Inventors
Classifications
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Structures or tools for the administration of authentication · CPC title
- H04L9/0866Primary
involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics · CPC title
at the transport layer · CPC title
Pre-authentication · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12003493B2 cover?
- A method, a device, and a non-transitory storage medium are described in which an pre-authentication service is provided. The service may support a transport layer security handshake and determine authentication based on the initial message. The service may provide for the generation of a message that initiates a handshake between devices in which the message includes an authentication string u…
- Who is the assignee on this patent?
- Verizon Patent & Licensing Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 04 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).