Confirming authenticity of a user to a third-party system
US-2020092287-A1 · Mar 19, 2020 · US
System and method for authenticating devices in distributed environment
US12267315B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12267315-B2 |
| Application number | US-202117526279-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 15, 2021 |
| Priority date | Nov 15, 2021 |
| Publication date | Apr 1, 2025 |
| Grant date | Apr 1, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods, systems, and devices for providing for trust in a distributed environment are disclosed. In a distributed environment, various devices may be remote to one another and may interact with one another via one or more operable connections. Through the operable connections, various communications may be exchanged. However, the operable connections may not natively support authentication of any particular device in the distributed system. Consequently, entities in the distributed system may not intrinsically trust that the communications received through the distributed environment are authentic. The entities of the system may mutually authenticate one another prior to trusting communications from the other entities. For example, in a scenario where a client wishes to access data hosted by a data source, the client and data source may go through a process of mutually authenticating one another. By doing so, a trusted environment may be established.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for securing data in a data source using tokens, the method comprising: performing, by the data source and a client that desires access to secured data stored in the data source, a mutual authentication process to establish a trusted environment between only the data source and the client, performance of the mutual authentication process comprising at least both of: performing, by the data source, a first authentication to authenticate the client to the data source by using, at least: a copy of a service tag of the client that is stored in the data source, and a copy of a first portion of a startup data of the client, the startup data causes a predetermined entity to be started up when the startup data is executed by the client during a startup of the client and is stored in a startup data storage of the client, the copy of the first portion of the startup data is stored in the data source and the service tag is used to identify the copy of the first portion of the startup data for use during the authentication; and performing, by the client, a second authentication to authenticate the data source to the client by using at least: the copy of the service tag of the client stored in the data source, and a copy of a second portion of the startup data, the copy of the second portion of the startup data is stored in the data source and the service tag is used to identify the copy of the second portion of the startup data for use during the authentication, wherein the first authentication and the second authentication are performed concurrently in an overlapping in time manner, wherein the mutual authentication process is successful and the trusted environment is established when the first authentication indicates to the data source that the client is authentic and the second authentication indicates to the client that the data source is authentic, and wherein the mutual authentication process is unsuccessful and the client is denied access to the secured data stored in the data source when either the first authentication or the second authentication indicates that one of the client and the data source are not authentic; providing, by the data source and only after the mutual authentication process is successful, a token to the client, the token provided by the data source grants the client access to secured data. 2. The computer-implemented method of claim 1 , wherein the client is a computing device, the startup data comprises computer code executed during the startup of the client, and the first portion of the startup data is provided to verify a portion of the computer code executed during the startup of the client. 3. The computer-implemented method of claim 2 , wherein the second portion of the startup data is provided to verify all of the computer code executed during the startup of the client. 4. The computer-implemented method of claim 1 , wherein the first portion comprises a signature of computer code of a startup entity of the client that executes the startup data at the startup of the client, the signature and computer code being stored in a secure storage device of the client. 5. The computer implemented method of claim 1 , wherein performing the first authentication further comprises: providing, by the client, a hash of the service tag to the data source; making a determination, by the data source, that the hash indicates that the client may be a known entity; in response to the determination, and by the data source: generating a challenge based on the copy of the first portion of the startup data; and presenting the challenge to the client; receiving a response to the presented challenge from the client; and using the challenge response to determine whether the client is authentic. 6. The computer implemented method of claim 1 , wherein performing the second authentication comprises: performing a key exchange between the client and the data source to provide the data source with a public key; generating an authentication package with the public key and the copy of the second portion of startup data stored in the startup data storage of the client; and providing the generated authentication package to the client. 7. The computer implemented method of claim 1 , wherein the first authentication and the second authentication are performed concurrently in the overlapping in time manner such that the client does not have to be fully authenticated by the data source first before the second authentication is initiated. 8. The computer implemented method of claim 1 , wherein copy of the service tag of the client is stored in an authentication data repository hosted by the data source within a storage device of the data source, the authentication data repository being separate from a secured data repository within the storage device that stores the secured data. 9. The computer implemented method of claim 1 , wherein the mutual authentication process is initiated between the client and the data source when the data source receives a hash of the service tag of the client from the client. 10. The computer implemented method of claim 9 , wherein, after receiving the hash of the service tag of the client of the client, the data source automatically presumes the client as not authentic if the data source determines that the hash of the service tag has previously been obtained from another entity different from the client. 11. A client for providing computer implemented services using secured data stored in a data source, comprising: startup storage for storing: startup data, and verification data that verifies that a predetermined entity will be started up when the startup data is executed by the client during a startup of the client; memory; and a processor adapted to execute computer instructions that cause the processor to: perform, with the data source, a mutual authentication process to establish a trusted environment between only the data source and the client, the mutual authentication process comprising at least both of: performing a first authentication to authenticate the client to the data source using: a service tag of the client, and a portion of the verification data; performing a second authentication to authenticate the data source to the client using all of the verification data, wherein the mutual authentication process is successful and the trusted environment is established when the first authentication indicates to the data source that the client is authentic and the second authentication indicates to the client that the data source is authentic, and wherein the mutual authentication process is unsuccessful and the client aborts attempts to access the secured data when the second authentication indicates to the client that the data source is not authentic; and obtain, only after the mutual authentication process is successful, a token from the data source, the token granting the client access to the secured data. 12. The client of claim 11 , wherein the portion of the verification data comprises a signature of a portion of the startup data. 13. The client of claim 11 , wherein performing the first authentication further comprises, by the client: providing a hash of the service tag to the data source; after providing the hash: obtaining, from the data source, a challenge based on the portion of the verification data; generating a response to the challenge, the response being based on the portion of the verification data; and providing the response to the data source, the response being used by data source to authenticate the client to
Assignees
Inventors
Classifications
using cryptographic hash functions · CPC title
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
for mutual authentication (network architectures or network communication protocols for achieving mutual authentication in a packet data network H04L63/0869) · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
- H04L63/083Primary
using passwords (cryptographic mechanisms or cryptographic arrangements for entity authentication using a predetermined code H04L9/3226) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12267315B2 cover?
- Methods, systems, and devices for providing for trust in a distributed environment are disclosed. In a distributed environment, various devices may be remote to one another and may interact with one another via one or more operable connections. Through the operable connections, various communications may be exchanged. However, the operable connections may not natively support authentication of …
- Who is the assignee on this patent?
- Dell Products Lp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/083. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 01 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).