| 发明名称 |
Hardware identity in multi-factor authentication at the application layer |
| 摘要 |
Device authentication is implemented at the application layer of a computer communication model to add a factor to user authentication without requiring any action by the user. User space applications, such as web browsers, e-mail readers, and such, can remain completely unaffected. Instead, the additional authentication factor is provided at the application layer, typically in an operating system, where protocols such as HTTP(s), FTP(s), POP, SMTP, SNMP and DNS are implemented. Authentication is performed by a challenge/response transaction and the client device's digital fingerprint is compared to a whitelist of digital fingerprints of authorized client devices. |
| 申请公布号 |
US8898450(B2) |
申请公布日期 |
2014.11.25 |
| 申请号 |
US201213517584 |
申请日期 |
2012.06.13 |
| 申请人 |
DeviceAuthority, Inc. |
发明人 |
Harjanto Dono;Davis Bradley Craig |
| 分类号 |
H04L29/06;G06F21/44 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
Burdick Sean D. |
| 主权项 |
1. A method for authenticating a client device for a data transaction between the client device and a server, the method comprising:
in the client device, sending a request message to the server in accordance with a protocol at the application layer of a computer communication model; in the client device, receiving a response message in accordance with the protocol from the server that is responsive to the request message and that indicates that the request is denied for lack of authorization; in the client device, sending an authorization request to the server in accordance with the protocol and in response to the response message; in the client device, receiving an authorization challenge message from the server in accordance with the protocol wherein the authorization challenge message requests data representing one or more parts of a digital fingerprint of the client device; in the client device, sending a challenge response message to the server in accordance with the protocol wherein the challenge response message includes data representing the one or more parts of a digital fingerprint of the client device; and in the client device, receiving a grant message from the server in accordance with the protocol only if the one or more parts of a digital fingerprint of the client device match predetermined data stored within the server representing the one or more parts of a digital fingerprint of an authorized client device; wherein the grant message represents a granting of the request of the request message by the server. |
| 地址 |
Fremont CA US |
