Efficient start-up for secured connections and related services
First Claim
1. A non-transitory computer-readable storage medium including instructions that, when executed by a processor, cause the processor to perform the steps of:
- generating entity authentication data that identifies and authenticates a client machine;
generating user authentication data that identifies a user associated with the client machine;
generating a first key request for generating a first plurality of session keys for encrypting and authenticating messages exchanged with the client machine; and
transmitting a first message to a server machine that includes the entity authentication data, the user authentication data, the first key request, and payload data, wherein, prior to transmission, the first message is encrypted using a pre-provisioned encryption key,wherein the first plurality of session keys are generated based on decrypting the first message to retrieve the key request and the payload data, authenticating the client machine based on the entity authentication data included in the first message, and authenticating the user associated with the client machine based on the user authenticated data included in the first message.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention includes an approach for efficient start-up for secured connections and related services. A client machine receives, via an application program, a request to send a secure message to a server machine. The client machine transmits a plurality of messages to the server machine that includes a first message comprising at least two of user authentication data, entity authentication data, key exchange data, and encrypted message data. The client machine receives, from the server machine, a second message that includes a first master token comprising a first set of session keys for encrypting and authenticating messages exchanged with the server machine.
-
Citations
20 Claims
-
1. A non-transitory computer-readable storage medium including instructions that, when executed by a processor, cause the processor to perform the steps of:
-
generating entity authentication data that identifies and authenticates a client machine; generating user authentication data that identifies a user associated with the client machine; generating a first key request for generating a first plurality of session keys for encrypting and authenticating messages exchanged with the client machine; and transmitting a first message to a server machine that includes the entity authentication data, the user authentication data, the first key request, and payload data, wherein, prior to transmission, the first message is encrypted using a pre-provisioned encryption key, wherein the first plurality of session keys are generated based on decrypting the first message to retrieve the key request and the payload data, authenticating the client machine based on the entity authentication data included in the first message, and authenticating the user associated with the client machine based on the user authenticated data included in the first message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A server machine, comprising:
-
a processor; and a memory coupled to the processor and including a base authentication module; a key derivation module; and
a key exchange module;wherein, when executed by the processor, the base authentication module is configured to; receive a first message from a client machine that includes entity authentication data, user authentication data, and a first key request for generating a first plurality of session keys for encrypting and authenticating messages exchanged with the client machine, wherein, prior to transmission, the first message is encrypted using a pre-provisioned encryption key, decrypting the first message to retrieve the key request and the payload data, authenticating the client machine based on the entity authentication data included in the first message, authenticating the user associated with the client machine based on the user authenticated data included in the first message, and generate a signature the includes a private key for transmission to the client machine; wherein, when executed by the processor, the key derivation module is configured to; generate the first plurality of session keys in response to decrypting the first key request, authenticating the client machine, and authenticating the user associated with the client machine; and wherein, when executed by the processor, the key exchange module is configured to; transmit a second message to the client machine that includes the private key and the first plurality of session keys. - View Dependent Claims (14, 15)
-
-
16. A computer-implemented method, comprising:
-
receiving, via an application program, a request to send a secure message to a server machine; transmitting a plurality of messages to the server machine that includes a first message comprising a first key request for generating a first plurality of session keys for encrypting and authenticating messages exchanged with the server machine and at least one of user authentication data, entity authentication data, key exchange data, and encrypted message data wherein, prior to transmission, the first message is encrypted using a pre-provisioned encryption key; and receiving, from the server machine, a second message that includes a first master token comprising the first plurality of session keys, wherein the first plurality of session keys are generated based on decrypting the first message to retrieve the key request and the payload data, authenticating the client machine based on the entity authentication data included in the first message, and authenticating the user associated with the client machine based on the user authenticated data included in the first message. - View Dependent Claims (17, 18, 19, 20)
-
Specification