Methods, mediums, and systems for verifying devices in an encrypted messaging system
US-2024106859-A1 · Mar 28, 2024 · US
User authentication system
US9294279B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9294279-B2 |
| Application number | US-201414270120-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 5, 2014 |
| Priority date | Oct 20, 2004 |
| Publication date | Mar 22, 2016 |
| Grant date | Mar 22, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each secure component to which a user presented credentials.
First claim
Opening claim text (preview).
What is claimed is: 1. An access device comprising: a memory storing a first credential; and a processor configured to: authenticate the access device to an access server using the first credential, receive a first cryptographic key corresponding to the first credential from the access server, and establish a connection, using the first cryptographic key, to a first network of a first subset of devices that are authenticated to the access server, wherein the first subset of devices includes a second access device authenticated to the access server using the first credential, wherein the first network is cryptographically separate from a second network of a second subset of devices that are authenticated to the access server, wherein the second subset of devices includes a third access device authenticated to the access server using a second credential, and wherein the third access device joined the second network by sending the second credential to the access server. 2. The access device of claim 1 , wherein the access device is configured to access a service from a service provider using the first credential. 3. The access device of claim 1 , wherein the second access device is configured to access a service from a service provider using the first credential. 4. The access device of claim 1 , wherein the access device is further configured to bind itself to the second access device using the first credential. 5. The access device of claim 1 , further comprising: an input device, wherein the input device is configured to securely receive the first credential from a user. 6. The access device of claim 1 , further comprising: a trusted platform module (TPM) configured to receive the first credential from a user and enroll the first credential with the TPM. 7. The access device of claim 1 , wherein the memory further stores the second credential, and wherein the access device is further configured to bind itself to the third access device using the second credential. 8. The access device of claim 1 , wherein the access device, the second access device, and the third access device are portable wireless access devices. 9. The access device of claim 1 , wherein the first credential and the second credential are enrolled at the access server. 10. An access server for a service provider, the access server comprising: a memory storing a first credential; and a processor configured to: receive first data from a first access device, wherein the first data includes the first credential, send a first cryptographic key corresponding to the first credential to the first access device in response to determining that the first credential is enrolled in the access server, receive second data from a second access device, wherein the second data includes the first credential, and bind, using the first credential, the first access device to the second access device such that the first access device and the second access device are authorized to join a first network of a first subset of devices that are authenticated to the access server, wherein the first network is cryptographically separate from a second network of a second subset of devices that are authenticated to the access server, wherein the second network includes a third access device authenticated to the access server using a second credential, and wherein the third access device joined the second network by sending the second credential to the access server. 11. The access server of claim 10 , wherein the cryptographic processor is configured to: bind the first access device to the second access device such that the first access device and the second access device are authorized to access a service using the first credential. 12. The access server of claim 10 , wherein the processor is further configured to: authorize the first access device and the second access device to access a service using the first credential. 13. The access server of claim 10 , wherein the processor is further configured to: receive third data from the third access device, wherein the third data includes the second credential; and send a second cryptographic key corresponding to the second credential to the third access device in response to determining that the second credential is enrolled in the access server. 14. The access server of claim 13 , wherein the processor is further configured to: receive fourth data from the first access device, wherein the fourth data includes the second credential; and bind, using the second credential, the first access device to the third access device. 15. The access server of claim 13 , wherein the processor is further configured to: receive fourth data from a fourth access device, wherein the fourth data includes the second credential; and bind, using the second credential, the third access device to the fourth access device. 16. A method, comprising: receiving first data from a first access device, wherein the first data includes a first credential; sending a first cryptographic key corresponding to the first credential to the first access device in response to determining that the first credential is enrolled at an access server; receiving second data from a second access device, wherein the second data includes the first credential; and binding, using the first credential, the first access device to the second access device such that the first access device and the second access device are authorized to join a first network of a first subset of devices that are authenticated to the access server, wherein the first network is cryptographically separate from a second network of a second subset of devices that are authenticated to the access server, wherein the second network includes a third access device authenticated to the access server using a second credential, and wherein the third access device joined the second network by sending the second credential to the access server. 17. The method of claim 16 , wherein binding the first access device to the second access device comprises binding the first access device to the second access device such that the first access device and the second access device are authorized to access a service using the first credential. 18. The method of claim 16 , further comprising: authorizing the first access device and the second access device to access a service using the first credential. 19. The method of claim 16 , further comprising: receiving third data from the third access device, wherein the third data includes the second credential; and sending a second cryptographic key corresponding to the second credential to the third access device in response to determining that the second credential is enrolled in the access server. 20. The method of claim 19 , further comprising: receiving fourth data from the first access device, wherein the fourth data includes the second credential; and binding, using the second credential, the first access device to the third access device.
Assignees
Inventors
Classifications
- H04L63/068Primary
using time-dependent keys, e.g. periodically changing keys (cryptographic mechanisms or cryptographic arrangements for controlling usage of secret information H04L9/088) · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
- H04L9/321Primary
involving a third party or a trusted authority · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9294279B2 cover?
- Techniques are provided for users to authenticate themselves to components in a system. The users may securely and efficiently enter credentials into the components. These credentials may be provided to a server in the system with strong authentication that the credentials originate from secure components. The server may then automatically build a network by securely distributing keys to each s…
- Who is the assignee on this patent?
- Broadcom Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/068. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 22 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).