Linked registration
First Claim
1. A method for secure registration of a new application with a server system, the new application operating on an electronic user system wherein an old application operating on the same electronic user system has already been securely registered with the server system by reference to a user-specific credential, the method comprising:
- initializing a first secure link between the new application and the server system and thereby establishing a first encryption key;
communicating first check data from the server system to the new application over the first secure link, the first check data being passed from the new application to the old application;
initializing a second secure link between the old application and the server system based on a second encryption key, the second encryption key being based on an input of the user-specific credential by the user to the old application;
communicating the first check data from the old application to the server system over the second secure link;
communicating enciphered second check data from the server system to the old application over the second secure link, the enciphered second check data being encrypted with the first encryption key, the enciphered second check data being further encrypted by the old application using a third encryption key to generate doubly-enciphered check data thereby, the doubly-enciphered check data being passed from the old application to the new application, wherein the third encryption key is derived from the first check data and the user-specific credential inputted to the old application; and
communicating a decrypted version of the doubly-enciphered check data from the new application to the server system over a secure link between the new application and the server system, the decrypted version of the doubly-enciphered check data being generated at the new application by decrypting the doubly-enciphered check data using the first encryption key and a fourth encryption key, wherein the fourth encryption key is generated at the new application based on the first check data and an input of the user-specific credential by the user to the new application.
4 Assignments
0 Petitions
Accused Products
Abstract
Secure registration of a new application with a server system is provided. An old application has been registered with the system. A first link between the new application and the system establishes a first key and first check data is communicated from the system to the new application and passed to the old application. A second link between the old application and the system establishes a second key based on input of a credential to the old application; the first check data is communicated from the old application to the system. Enciphered second check data is communicated from the system to the old application over the second link and further encrypted by the old application using a third key. This generates doubly-enciphered check data which is passed to the new application and decrypted using the first key and a fourth key, generated at the new application based on the first check data and input of the credential to the new application.
12 Citations
23 Claims
-
1. A method for secure registration of a new application with a server system, the new application operating on an electronic user system wherein an old application operating on the same electronic user system has already been securely registered with the server system by reference to a user-specific credential, the method comprising:
-
initializing a first secure link between the new application and the server system and thereby establishing a first encryption key; communicating first check data from the server system to the new application over the first secure link, the first check data being passed from the new application to the old application; initializing a second secure link between the old application and the server system based on a second encryption key, the second encryption key being based on an input of the user-specific credential by the user to the old application; communicating the first check data from the old application to the server system over the second secure link; communicating enciphered second check data from the server system to the old application over the second secure link, the enciphered second check data being encrypted with the first encryption key, the enciphered second check data being further encrypted by the old application using a third encryption key to generate doubly-enciphered check data thereby, the doubly-enciphered check data being passed from the old application to the new application, wherein the third encryption key is derived from the first check data and the user-specific credential inputted to the old application; and communicating a decrypted version of the doubly-enciphered check data from the new application to the server system over a secure link between the new application and the server system, the decrypted version of the doubly-enciphered check data being generated at the new application by decrypting the doubly-enciphered check data using the first encryption key and a fourth encryption key, wherein the fourth encryption key is generated at the new application based on the first check data and an input of the user-specific credential by the user to the new application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An electronic system for secure application registration, comprising:
-
an electronic user system, configured to operate an old application and a new application; and a server system, the old application operating on the electronic user system being already securely registered with the server system by reference to a user-specific credential; and wherein the electronic system is configured to register the new application securely with the server system by; initializing a first secure link between the new application and the server system and thereby establishing a first encryption key; communicating first check data from the server system to the new application over the first secure link, the first check data being passed from the new application to the old application; initializing a second secure link between the old application and the server system based on a second encryption key, the second encryption key being based on an input of the user-specific credential by the user to the old application; communicating the first check data from the old application to the server system over the second secure link; communicating enciphered second check data from the server system to the old application over the second secure link, the enciphered second check data being encrypted with the first encryption key, the enciphered second check data being further encrypted by the old application using a third encryption key to generate doubly-enciphered check data thereby, the doubly-enciphered check data being passed from the old application to the new application, wherein the third encryption key is derived from the first check data and the user-specific credential inputted to the old application; and communicating a decrypted version of the doubly-enciphered check data from the new application to the server system over a secure link between the new application and the server system, the decrypted version of the doubly-enciphered check data being generated at the new application by decrypting the doubly-enciphered check data using the first encryption key and a fourth encryption key, wherein the fourth encryption key is generated at the new application based on the first check data and an input of the user-specific credential by the user to the new application.
-
-
16. A server system for secure registration of a new application operating on a remote electronic user system, wherein an old application operating on the same electronic user system has already been securely registered with the server system by reference to a user-specific credential, the server system comprising:
-
a first communication interface, configured to initialize a first secure link between the new application and the server system and thereby establishing a first encryption key and to communicate first check data to the new application over the first secure link, so that the first check data may be passed from the new application to the old application; a second communication interface, configured to initialize a second secure link between the old application and the server system based on a second encryption key, the second encryption key being based on an input of the user-specific credential by the user to the old application, the second communication interface being further configured to receive the first check data from the old application over the second secure link; encryption logic, configured to generated enciphered second check data by encrypting second check data with the first encryption key, the second communication interface being further configured to communicate the enciphered second check data to the old application over the second secure link; a third communication interface, configured to receive a decrypted version of the second check data from the new application over a secure link between the new application and the server system. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification