Peer-to-peer authentication and authorization
US7350074B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 20, 2005 |
| Grant date | Mar 25, 2008 |
| Priority date | — |
| Expiry date | Apr 20, 2025 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/80
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An authentication mechanism uses a trusted people store that can be populated on an individual basis by users of computing devices, and can comprise certificates of entities that the user wishes to allow to act as certification authorities. Consequently, peer-to-peer connections can be made even if neither device presents a certificate or certificate chain signed by a third-party certificate authority, so long as each device present a certificate or certificate chain signed by a device present in the trusted people store. Once authenticated, a remote user can access trusted resources on a host device by having local processes mimic the user and create an appropriate token by changing the user's password or password type to a hash of the user's certificate and then logging the user on. The token can be referenced in a standard manner to determine whether the remote user is authorized to access the trusted resource.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.