System and method for achieving machine authentication without maintaining additional credentials

Assignee

• Cisco Technology, Inc. · US

Inventors

• Hao Zhou · Evanston, US
• Joseph Salowey · Seattle, US
• Nancy Cam Winget · Mountain View, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2129
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A Machine Authentication PAC (Protected Access Credential) serves as machine credentials to obtain network access without requiring server storage and management of the additional set of credentials. The first time authentication is performed, user authentication is executed. After the supplicant and server have mutually authenticated each other and satisfied other validations, the supplicant requests a Machine Authentication PAC from the server. The Server randomly generates a cryptographic key (Device Key) and sends it to the supplicant along with an encrypted ticket, comprising the Device Key and other information and encrypted with a key only known to the Server. The supplicant caches the Machine Authentication PAC in its non-volatile memory for future use. When the machine needs to access certain network services before a user is available, the supplicant uses the Machine Authentication PAC to gain authorization for the machine to limited access on the network, without requiring user input.