Enabling dynamic authentication with different protocols on the same port for a switch
US-2017019427-A1 · Jan 19, 2017 · US
Method of establishing a trusted identity for an agent device
US9860235B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9860235-B2 |
| Application number | US-201314056468-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 17, 2013 |
| Priority date | Oct 17, 2013 |
| Publication date | Jan 2, 2018 |
| Grant date | Jan 2, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A trusted identity may be established for an agent device for performing trusted communication with one or more application providing apparatuses. The method of establishing the trusted identity includes determining which of a number of authentication models is a selected authentication model to be used for uniquely authenticating the agent device. First and second authentication information is generated according to the selected model. The first authentication information is for uniquely authenticating the identity of the device and the second authentication information is for verifying that the agent device has the first authentication information. The first authentication information is embedded in the agent device while the second authentication information is transmitted to a registry apparatus for maintaining a device of agent devices. Authentication model information identifying which is the selected authentication model is also sent to the registry.
First claim
Opening claim text (preview).
We claim: 1. A method of establishing a trusted identity for an agent device for performing trusted communication with one or more application providing apparatuses, the method comprising steps of: (a) determining which of a plurality of authentication models is a selected authentication model to be used for uniquely authenticating the agent device, wherein the selected authentication model is selected based on the agent device's resources, and wherein the authentication model for uniquely authenticating the agent device indicates a degree of trust for said agent device; (b) generating first authentication information and second authentication information according to the selected authentication model, the first authentication information for uniquely authenticating the identity of the agent device and the second authentication information for verifying that the agent device has the first authentication information; (c) embedding the first authentication information in the agent device; (d) transmitting, to a registry apparatus for maintaining a device registry of agent devices, the second authentication information and authentication model information identifying which of the plurality of authentication models is the selected authentication model used by the agent device; (e) receiving, at the registry apparatus, an authentication model query from the one or more application providing apparatuses requesting the authentication model information for the agent device; (f) transmitting, from the registry apparatus to the one or more application providing apparatuses, the authentication model information for the agent device; and (g) receiving, at the registry apparatus from the one or more application providing apparatuses, an indication that the authentication model information for the agent device meets a minimum security requirement, and that the one or more application providing apparatuses will perform communication with the agent device. 2. The method according to claim 1 , wherein the method comprises a step of providing authentication resources in the agent device for implementing the selected authentication model. 3. The method according to claim 1 , wherein the determining step determines the selected authentication model in dependence on which authentication resources are already provided in the agent device for implementing the selected authentication model. 4. The method according to claim 1 , wherein the first authentication information and the second authentication information are generated by an external device separate from the agent device. 5. The method according to claim 4 , wherein after the first authentication information has been embedded in the agent device, the external device deletes the first authentication information. 6. The method according to claim 1 , wherein the first authentication information and the second authentication information are generated internally by circuitry within the agent device. 7. The method according to claim 1 , wherein the embedding comprises providing storage circuitry in the agent device for storing the first authentication information. 8. The method according to claim 1 , wherein the embedding comprises storing the first authentication information in storage circuitry provided in the agent device. 9. The method according to claim 1 , wherein the first authentication information is embedded in a protected storage region of the agent device. 10. The method according to claim 1 , wherein the plurality of authentication models comprise at least one authentication model in which the first authentication information and the second authentication information comprise the same authentication information. 11. The method according to claim 1 , wherein the plurality of authentication models comprise at least one authentication model in which the first authentication information comprises different authentication information to the second authentication information. 12. The method according to claim 11 , wherein for the at least one authentication model, the first authentication information comprises a private key and the second authentication information comprises a public key different to the private key. 13. The method according to claim 12 , wherein for the at least one authentication model, the transmitting step comprises transmitting a digital certificate comprising the public key. 14. The method according to claim 1 , wherein the plurality of authentication models comprise at least one authentication model in which the first authentication information and the second authentication information are unchangeable. 15. The method according to claim 1 , wherein the plurality of authentication models comprise at least one authentication model in which the first authentication information and second authentication information are changeable. 16. The method according to claim 15 , wherein the agent device comprises authentication information generating circuitry for regenerating the first authentication information and the second authentication information. 17. The method according to claim 1 , wherein the plurality of authentication models comprise: (i) a first authentication model in which the first and second authentication information comprise the same authentication information and are unchangeable; (ii) a second authentication model in which the first and second authentication information comprise different authentication information and are unchangeable; and (iii) a third authentication model in which the first and second authentication information comprise different authentication information and are changeable. 18. The method according to claim 1 , wherein the plurality of authentication models comprise at least one authentication model for which the agent device can be reassigned to a different device registry. 19. The method according to claim 1 , wherein the agent device comprises a device identifier uniquely identifying the agent device, and the transmitting step further comprises transmitting the device identifier to the registry apparatus. 20. The method according to claim 1 , further comprising a step of embedding registry authentication information in the agent device for authenticating the registry apparatus. 21. The method according to claim 1 , wherein the method further comprises receiving, from the one or more application providing apparatuses an indication that the authentication model information for the agent device falls below a minimum security requirement, and that the one or more application providing apparatuses will not perform communication with the agent device. 22. A registry apparatus for maintaining a device registry of agent devices for performing trusted communication with one or more application providing apparatuses, comprising: a storage circuit configured to store the device registry comprising at least one registry entry for a corresponding agent device comprising authentication model information identifying which of a plurality of authentication models is a selected authentication model used for uniquely authenticating the corresponding agent device, wherein the selected authentication model is selected based on the agent device's resources, and wherein the selected authentication model indicates a degree of trust of said agent device; and a communication circuit configured, in response to an authentication model query from an application providing apparatus requesting the authentication model
Assignees
Inventors
Classifications
Electricity · mapped topic
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Key management, e.g. using generic bootstrapping architecture [GBA] · CPC title
Electricity · mapped topic
for achieving mutual authentication (cryptographic mechanisms or cryptographic arrangements for mutual authentication H04L9/3273) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9860235B2 cover?
- A trusted identity may be established for an agent device for performing trusted communication with one or more application providing apparatuses. The method of establishing the trusted identity includes determining which of a number of authentication models is a selected authentication model to be used for uniquely authenticating the agent device. First and second authentication information is…
- Who is the assignee on this patent?
- Arm Ip Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 02 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).