Method and system for establishing a secure communication channel
First Claim
1. A system comprising a first terminal and a second terminal, whereinthe first terminal having a first hardware processor configured to initiate a communication session with the second terminal by:
- sending a first session request to a server for initiating a communication channel with the second terminal;
receiving a first session response from the server, said first response including an identifier for a session channel and a combination of key data for the first terminal and key data for the second terminal;
sending a second session request to the second terminal including an identifier and a key encryption seed for the first terminal;
receiving a third session response from the second terminal, said third session response including a key encryption seed for the second terminal; and
establishing a connection over the session channel, and whereinthe first terminal is further configured to authenticate the server by;
generating a first authentication token (AT), being a data structure to be used for authenticating a first computing device, such as a terminal to a second computing device, such as a server; and
sending the first authentication token (AT) to the server;
wherein the second terminal has a second processor and is configured to perform;
receiving the second session request from the first terminal;
sending a third session request to the server for initiating a communication channel with said first terminal;
receiving a second session response from the server, said second response including the identifier for the session channel and a combination of key data for the first terminal and key data for the second terminal;
sending said third session response to the first terminal; and
establishing a connection over the session channel, whereby a communication channel is established between the first and the second terminal over the session channel, and whereinthe server is configured to perform;
receiving the first authentication token (AT) and authenticate it;
generating a second authentication token for the first terminal; and
send the second authentication token (AT) to the first terminal,whereby the first terminal is further configured to perform;
receiving the second authentication token (AT) and authenticate it, thereby performing a mutual authentication of the first terminal and the server, and wherein the server is further configured to generate a third authentication token for the second terminal and send it to the first terminal, wherein the first terminal is further configured to perform receiving the third authentication token (AT) and sending it to the second terminal, wherein the second terminal is configured to perform receiving and authenticating the third authentication token thereby performing an authentication of the server and the first terminal, and whereinthe first terminal is further configured to generate a same symmetric encryption key based on the key encryption seed for the first terminal and the combination of key data for the first terminal and key data for the second terminal in combination with the key encryption seed for the second terminal and the combination of key data for the first terminal and key data for the second terminal, andthe second terminal is further configured to generate a symmetric encryption key based on the key encryption seed for the second terminal and the combination of key data for the first terminal and key data for the second terminal in combination with and the key encryption seed for the first terminal and the combination of key data for the first terminal and key data for the second terminal,whereby the same symmetric encryption key is generated for the first terminal and the second terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
A first terminal initiates a communication session with a second terminal by sending a first session request to a server for initiating a communication channel with the second terminal, receiving a first session response from the server, said first response including an identifier for a session channel and data relevant to the second terminal, sending a second session request to the second terminal including an identifier for the first terminal, receiving a third session response from the second terminal, and establishing a connection over the session channel.
-
Citations
10 Claims
-
1. A system comprising a first terminal and a second terminal, wherein
the first terminal having a first hardware processor configured to initiate a communication session with the second terminal by: -
sending a first session request to a server for initiating a communication channel with the second terminal; receiving a first session response from the server, said first response including an identifier for a session channel and a combination of key data for the first terminal and key data for the second terminal; sending a second session request to the second terminal including an identifier and a key encryption seed for the first terminal; receiving a third session response from the second terminal, said third session response including a key encryption seed for the second terminal; and establishing a connection over the session channel, and wherein the first terminal is further configured to authenticate the server by; generating a first authentication token (AT), being a data structure to be used for authenticating a first computing device, such as a terminal to a second computing device, such as a server; and sending the first authentication token (AT) to the server; wherein the second terminal has a second processor and is configured to perform; receiving the second session request from the first terminal; sending a third session request to the server for initiating a communication channel with said first terminal; receiving a second session response from the server, said second response including the identifier for the session channel and a combination of key data for the first terminal and key data for the second terminal; sending said third session response to the first terminal; and establishing a connection over the session channel, whereby a communication channel is established between the first and the second terminal over the session channel, and wherein the server is configured to perform; receiving the first authentication token (AT) and authenticate it; generating a second authentication token for the first terminal; and
send the second authentication token (AT) to the first terminal,whereby the first terminal is further configured to perform; receiving the second authentication token (AT) and authenticate it, thereby performing a mutual authentication of the first terminal and the server, and wherein the server is further configured to generate a third authentication token for the second terminal and send it to the first terminal, wherein the first terminal is further configured to perform receiving the third authentication token (AT) and sending it to the second terminal, wherein the second terminal is configured to perform receiving and authenticating the third authentication token thereby performing an authentication of the server and the first terminal, and wherein the first terminal is further configured to generate a same symmetric encryption key based on the key encryption seed for the first terminal and the combination of key data for the first terminal and key data for the second terminal in combination with the key encryption seed for the second terminal and the combination of key data for the first terminal and key data for the second terminal, and the second terminal is further configured to generate a symmetric encryption key based on the key encryption seed for the second terminal and the combination of key data for the first terminal and key data for the second terminal in combination with and the key encryption seed for the first terminal and the combination of key data for the first terminal and key data for the second terminal, whereby the same symmetric encryption key is generated for the first terminal and the second terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for establishing a secure communication channel in a system comprising a first terminal and a second terminal, wherein the method comprises:
-
the first terminal sending a first session request to a server for initiating a communication channel with the second terminal; the first terminal receiving a first session response from the server, said first response including an identifier for a session channel and a combination of key data for the first terminal and key data for the second terminal; the first terminal sending a second session request to the second terminal including an identifier and a key encryption seed for the first terminal; the first terminal generating a first authentication token (AT), being a data structure to be used for authenticating a first computing device, such as a terminal to a second computing device, such as a server; the first terminal sending the first authentication token (AT) to the server; the second terminal receiving the second session request from the first terminal; the second terminal sending a third session request to the server for initiating a communication channel with said first terminal; the second terminal receiving a second session response from the server, said second response including the identifier for the session channel and a combination of key data for the first terminal and key data for the second terminal; the second terminal sending a third session response to the first terminal, said third session response including a key encryption seed for the second terminal; the first terminal receiving said third session response from the second terminal; the first terminal establishing a connection over the session channel and the second terminal establishing a connection over the session channel, whereby a communication channel is established between the first and the second terminal over the session channel; the server receiving the first authentication token (AT) and authenticate it; the server generating a second authentication token for the first terminal; the server sending the second authentication token (AT) to the first terminal; the first terminal receiving the second authentication token (AT) and authenticate it, thereby performing a mutual authentication of the first terminal and the server; the server generating a third authentication token (AT) for the second terminal; the server sending the third authentication token (AT) to the first terminal, the first terminal receiving the third authentication token (AT) and sending it to the second terminal, and the second terminal receiving and authenticating the third authentication token (AT) thereby performing an authentication of the server and the first terminal and wherein the method further comprises; the first terminal generating the same symmetric encryption key based on the key encryption seed for the first terminal and the combination of key data for the first terminal and key data for the second terminal in combination with the key encryption seed for the second terminal and the combination of key data for the first terminal and key data for the second terminal, and the second terminal generating a symmetric encryption key based on the key encryption seed for the second terminal and the combination of key data for the first terminal and key data for the second terminal in combination with the key encryption seed for the first terminal and the combination of key data for the first terminal and key data for the second terminal, whereby the same symmetric encryption key is generated for the first terminal and the second terminal, and wherein the first terminal and second terminal have at least one hardware processor.
-
-
10. A non-transitory computer readable storage medium encoded with instructions that, when executed on by one or more processors, cause the one or more processors to perform:
-
sending, by a first terminal, a first session request to a server for initiating a communication channel with the second terminal; receiving, by the first terminal a first session response from the server, said first response including an identifier for a session channel and a combination of key data for the first terminal and key data for the second terminal; sending, by the first terminal, a second session request to the second terminal including an identifier and a key encryption seed for the first terminal; generating, by the first terminal, a first authentication token (AT), being a data structure to be used for authenticating a first computing device such as a terminal to a second computing device, such as a server; sending, by the first terminal, the first authentication token (AT) to the server; receiving, by the second terminal, the second session request from the first terminal; sending, by the second terminal, a third session request to the server for initiating a communication channel with said first terminal; receiving, by the second terminal, a second session response from the server, said second response including the identifier for the session channel and a combination of key data for the first terminal and key data for the second terminal; sending, by the second terminal, a third session response to the first terminal, said third session response including a key encryption seed for the second terminal; receiving, by the first terminal, said third session response from the second terminal; establishing, by the first terminal, a connection over the session channel and the second terminal establishing a connection over the session channel, whereby a communication channel is established between the first and the second terminal over the session channel; receiving, by the server, the first authentication token (AT) and authenticate it; generating, by the server, a second authentication token for the first terminal; sending, by the server, the second authentication token (AT) to the first terminal; receiving, by the first terminal, the second authentication token (AT) and authenticate it, thereby performing a mutual authentication of the first terminal and the server; generating, by the server, a third authentication token (AT) for the second terminal; sending, by the server, the third authentication token (AT) to the first terminal, receiving, by the first terminal, the third authentication token (AT) and sending it to the second terminal, and receiving and authenticating, by the second terminal, the third authentication token (AT) thereby performing an authentication of the server and the first terminal and wherein the method further comprises; generating, by the first terminal, the same symmetric encryption key based on the key encryption seed for the first terminal and the combination of key data for the first terminal and key data for the second terminal in combination with the key encryption seed for the second terminal and the combination of key data for the first terminal and key data for the second terminal, and generating, by the second terminal, a symmetric encryption key based on the key encryption seed for the second terminal and the combination of key data for the first terminal and key data for the second terminal in combination with the key encryption seed for the first terminal and the combination of key data for the first terminal and key data for the second terminal, whereby the same symmetric encryption key is generated for the first terminal and the second terminal.
-
Specification