Mutual authentication with symmetric secrets and signatures
First Claim
Patent Images
1. A non-transitory computer-readable storage medium storing thereon instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to:
- access a cryptographic key usable to derive a signing key, the signing key accessible to a second computer system and usable to generate a digital signature of a request to cause the second computer system to fulfill the request;
derive, from the cryptographic key, a session key by at least deriving a pre-shared key from the cryptographic key and generating the session key from the pre-shared key; and
use the session key to encrypt at least a portion of one or more communications to the second computer system, the one or more communications comprising a first request that is digitally signed using the signing key.
1 Assignment
0 Petitions
Accused Products
Abstract
A client and server negotiate a secure communication channel using a pre-shared key where the server, at the time the negotiation initiates, lacks access to the pre-shared key. The server obtains the pre-shared key from another server that shares a secret with the client. A digital signature or other authentication information generated by the client may be used to enable the other server to determine whether to provide the pre-shared key.
-
Citations
21 Claims
-
1. A non-transitory computer-readable storage medium storing thereon instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to:
-
access a cryptographic key usable to derive a signing key, the signing key accessible to a second computer system and usable to generate a digital signature of a request to cause the second computer system to fulfill the request; derive, from the cryptographic key, a session key by at least deriving a pre-shared key from the cryptographic key and generating the session key from the pre-shared key; and use the session key to encrypt at least a portion of one or more communications to the second computer system, the one or more communications comprising a first request that is digitally signed using the signing key. - View Dependent Claims (2, 3)
-
-
4. A system, comprising:
-
one or more processors; and memory storing instructions that, if executed by the one or more processors, cause the system to; access a secret usable to derive a signing key, the signing key accessible to a second computer system and usable to generate a digital signature of a request to cause the second computer system to fulfill the request; derive a session key based at least in part on the secret; use the signing key to digitally sign information that is based at least in part on multiple messages transmitted between the system and the second computer system; and use the session key to cryptographically protect at least a portion of one or more communications to the second computer system, the one or more communications comprising a first request that is digitally signed using the signing key. - View Dependent Claims (5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method, comprising:
-
deriving a session key based at least in part on a secret, the secret usable to derive a signing key, the signing key accessible to a second computer system and usable to generate a digital signature of a request to cause the second computer system to fulfill the request; and using the session key to cryptographically protect at least a portion of one or more communications to the second computer system, the one or more communications comprising a first request that is digitally signed using the signing key. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium storing thereon instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to:
-
derive a session key based at least in part on a secret, the secret usable to derive a signing key, the signing key accessible to a second computer system and usable to generate a digital signature of a request to cause the second computer system to fulfill the request, the session key being iteratively derived using a plurality of iterations, each iteration of the plurality of iterations involving a different derivation parameter input into a function; use the session key to cryptographically protect at least a portion of one or more communications to the second computer system, the one or more communications comprising a first request that is digitally signed using the signing key. - View Dependent Claims (18, 19, 20, 21)
-
Specification