Client-Client-Server Authentication

1. In a computing environment, a method performed at least in part on at least one processor comprising, validating a responder client machine at an initiator client machine coupled to the responder client machine via a network connection, including communicating to receive a responder certificate from the responder client machine, maintaining an instance of an initiator certificate at a server, generating a private key at the initiator client machine that corresponds to a public key included in the initiator certificate, using the public key of the initiator certificate as an index key to locate property data associated with the instance of the initiator certificate, and communicating with the server to determine, based upon the public key in the initiator certificate, whether the responder certificate is valid on a network comprising the initiator client machine and the responder client machine.

2. The method of claim 1 further comprising, at the responder client machine, validating the initiator client machine, including communicating to receive an initiator certificate from the initiator client machine, and communicating with the server to determine whether the initiator certificate is valid.

3. The method of claim 2 further comprising, securely communicating between the initiator client machine and the responder client machine using the initiator certificate and the responder certificate.

4. The method of claim 1 further comprising, maintaining an instance of the responder certificate at the server, maintaining an initiator private key at the initiator client machine that corresponds to a public key included in the initiator certificate maintained at the server, and maintaining a responder private key at the responder client machine that corresponds to a public key included in the responder certificate maintained at the server.

5. The method of claim 4 further comprising, maintaining initiator property data associated with the instance of the initiator certificate, and maintaining responder property data associated with the instance of the responder certificate.

6. The method of claim 4 further comprising, detecting an initial coupling of the initiator machine to the network, and creating the initiator certificate at the server.

7. The method of claim 6 further comprising, revoking the initiator certificate by marking the initiator certificate as invalid.

8. The method of claim 7 further comprising, un-revoking the revoked initiator certificate by marking the initiator certificate as valid.

9. In a networked machine environment, a system comprising, at least one processor, a memory communicatively coupled to the at least one processor and including components comprising, a server configured on a network to maintain certificate data for a plurality of client machines that are valid in the network, the server configured to access the certificate data to determine whether a certificate associated with a request is valid in the network, wherein the request is from a first client machine in the network and the certificate in the request corresponds to a second client machine, wherein a public key that corresponds to a certificate for the first client machine is stored in the request and a private key that corresponds to the certificate for the first machine is generated at the first client machine, wherein the server is further configured to maintain property data associated with the certificate for the first client machine and use the public key in the request as an index key to locate the property data.

10. The system of claim 9 wherein the server is configured to access the certificate data to respond to the request from the first client machine in the network as to whether the certificate, which corresponds to the second client machine, is valid.

11. The system of claim 10 wherein the first client machine and second client machine have different platforms.

12. The system of claim 10 wherein the first client machine comprises a personal computer and the second client machine comprises a Smartphone.

13. The system of claim 10 wherein the server validates a first certificate provided by a second client machine and validates a second certificate provided by a first client machine to facilitate secure communication between the first client machine and the second client machine.

14. The system of claim 9 wherein the certificate data associated with a client machine includes public key data corresponding to private key data of the client machine, and name data of the client machine.

15. The system of claim 9 wherein the server is configured to access the certificate data to control, manage or maintain, or any combination of control, manage or maintain, at least one of the plurality of client machines.

16. A computer-readable storage device having computer-executable instructions, which when executed perform steps, comprising: detecting an initial coupling of an initiator client machine to a network, generating a private key at the initiator client machine, receiving a responder certificate as part of a request from the initiator client machine, the request comprising a public key that corresponds to an initiator certificate; using the public key of the initiator certificate as an index key to locate property data associated with the initiator certificate; determining whether the responder certificate is valid, and returning a response to the request from the initiator client machine that indicates whether the responder certificate is valid; receiving an instance of the initiator certificate as part of a request from a responder client machine of the network; and determining whether the initiator certificate is valid, and returning a response to the request from the responder client machine that indicates whether the initiator certificate is valid.

17. The computer-readable device of claim 16 having further computer-executable instructions comprising, detecting a new machine coupled to the network, receiving instructions from an administrator to add the new machine as a valid machine to the network, and creating a certificate for the new machine by which the new machine is able to authenticate with a server of the network.

18. The computer-readable storage device of claim 16 having further computer-executable instructions comprising, receiving instructions from an administrator to revoke a certificate for a specified machine on the network, and revoking the certificate for the specified machine by associating information with the certificate that marks the certificate as invalid.

19. The computer-readable storage device of claim 16 having further computer-executable instructions comprising using the initiator certificate or the responder certificate, or both, for viewing, patching, controlling, backing up, file restoring and bare metal restoring of at least one client on the network.