As more electronic system have become networked, there has been an increased focus on issues relating to security of networks, and restricting network access for security reasons. Device authentication is one tool that is used for network security purposes. Authentication is used, for example, in the Institute of Electrical & Electronics Engineers (IEEE) 802.1x standards. Traditionally, the concept of device authentication is based on storing and presenting device “credentials” to obtain access to a network. Obtaining access to a network may include receiving an Internet protocol (IP) address, receiving an access channel assignment, etc. Credentials have typically been based on an account/password combination, or are based on a digital authentication certificate, such as with the International Telecommunication Union (ITU) X.509 standard Recommendation.
One problem with the account/password combination and the digital certificate methods of authentication is the fact that credentials based on these mechanisms are generally portable. The credentials are portable because they could be presented from a device or system that is not the true “owner” of the credentials, yet may be authenticated as valid, thus giving access to the presenting device. For example, the known good credentials of a system could be transported to a rogue system that would be able to use the credentials to authenticate itself. Thus, from an authentication perspective, there is nothing to prevent theft or other falsification of the credentials, because standard device authentication only evaluates the validity of the credentials being presented, without being able to determine whether the presenter should be permitted to use the credentials.