Enhanced authentication for secure communications
First Claim
Patent Images
1. A computer-implemented method comprising:
- obtaining a challenge value from an authentication service;
subsequent to performing a cryptographic key exchange with a client computer in accordance with a cryptographic protocol that includes an authentication phase, sending, to the client computer using the cryptographic protocol, the challenge value within a field that is not reserved by the cryptographic protocol for the challenge value, wherein the field is in a handshake message, the handshake message in accordance with the cryptographic protocol, transmitted as part of a handshake of the cryptographic protocol; and
authenticating a response to the challenge value based at least in part on the challenge value.
1 Assignment
0 Petitions
Accused Products
Abstract
A server obtains a challenge from another computer system during a negotiation with a client according to a protocol. The server injects the challenge into a message of the protocol to the client. The client uses the challenge in an authentication request. The server submits the authentication request to the other computer system for verification. The other computer system verifies the authentication request using a key registered to the client. The server operations are further dependent at least in part on whether verification of the authentication request was successful.
24 Citations
17 Claims
-
1. A computer-implemented method comprising:
-
obtaining a challenge value from an authentication service; subsequent to performing a cryptographic key exchange with a client computer in accordance with a cryptographic protocol that includes an authentication phase, sending, to the client computer using the cryptographic protocol, the challenge value within a field that is not reserved by the cryptographic protocol for the challenge value, wherein the field is in a handshake message, the handshake message in accordance with the cryptographic protocol, transmitted as part of a handshake of the cryptographic protocol; and authenticating a response to the challenge value based at least in part on the challenge value. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system, comprising:
-
one or more processors; and memory storing instructions that, if executed by the one or more processors, cause the system to; perform, before an authentication phase of a cryptographic protocol, a key exchange with a client computer, the key exchange being a condition of the cryptographic protocol; send, to the client computer in accordance with the cryptographic protocol, a challenge value within a field that is not reserved by the cryptographic protocol for the challenge value, the challenge value obtained from an authentication service, the field in a handshake message sent as part of a handshake of the cryptographic protocol; and authenticate a response, from the client computer, to the challenge value based at least in part on the challenge value. - View Dependent Claims (7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium storing thereon instructions that, if executed by one or more processors of a computer system, cause the computer system to:
-
obtain, after exchanging a key with a first computer in accordance with a cryptographic protocol that includes an authentication phase, a challenge value from the first computer within a field that is not reserved by the cryptographic protocol for the challenge value, the field in a handshake message transmitted as part of a handshake of the cryptographic protocol; send a response to the challenge value; and obtain an indication from the first computer whether the response to the challenge value has been verified by an authentication service. - View Dependent Claims (14, 15, 16, 17)
-
Specification