Use and generation of a session key in a secure socket layer connection
First Claim
1. A method for establishing a secure connection between a client and a server comprising:
- establishing a secure connection, wherein a server public key is used to establish a symmetric key to encrypt communication for the duration of the connection;
generating a server authentication key by the server and a client authentication key by the client, the server authentication key and the client authentication key identical to each other and generated using a secret known to both the client and the server;
sending server authentication information to the client to authenticate the server, the server authentication information including the server'"'"'s public key, the server authentication information encrypted by the server using the server authentication key and decrypted by the client using the client authentication key, the correctness of the server information verified by the client; and
sending client information to the server to authenticate the client, the client information encrypted by the client using the client authentication key and decrypted by the server using the server authentication key, the correctness of the client information verified by the server.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention describes a method and system for verifying the link between a public key and a server'"'"'s identity as claimed in the server'"'"'s certificate without relying on the trustworthiness of the root certificate of the server'"'"'s certificate chain. The system establishes a secure socket layer type connection between a client and a server, wherein the server transmits information including the server'"'"'s public key to the client while establishing the connection. Next, a first information is sent from the client to the server. The client and the server create an identical authentication key using a shared secret known to the server and the client. Next, the server transmits a first encrypted message to the client, wherein the first encrypted message includes the server'"'"'s public key encrypted with the authentication key. Then, the client decrypts the first encrypted message and verifies the correctness of that message including comparing the public key included in the decrypted first encrypted message to the public key transmitted during the set-up of the secure socket layer type connection to authenticate the client and to establish the trustworthiness of the server'"'"'s public key and thereby the entire SSL connection. The client then transmits a second encrypted message to the server, wherein the second encrypted message is the first information encrypted with the authentication key. Finally, the server then decrypts the second encrypted message and verifies the correctness of the decrypted second encrypted message to authenticate the client.
-
Citations
16 Claims
-
1. A method for establishing a secure connection between a client and a server comprising:
-
establishing a secure connection, wherein a server public key is used to establish a symmetric key to encrypt communication for the duration of the connection;
generating a server authentication key by the server and a client authentication key by the client, the server authentication key and the client authentication key identical to each other and generated using a secret known to both the client and the server;
sending server authentication information to the client to authenticate the server, the server authentication information including the server'"'"'s public key, the server authentication information encrypted by the server using the server authentication key and decrypted by the client using the client authentication key, the correctness of the server information verified by the client; and
sending client information to the server to authenticate the client, the client information encrypted by the client using the client authentication key and decrypted by the server using the server authentication key, the correctness of the client information verified by the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for establishing a secure connection between a client and a server comprising:
-
establishing a secure connection, the connection establishing a symmetric key to encrypt communication for the duration of the connection, the server certificate transmitted from the server to the client while establishing the secure connection;
generating an identical and separate authentication key by both the server and the client using a secret known to both the client and the server, said generating the identical and separate authentication key including;
sending user authentication information from the client to the server;
exchanging dynamic information between the client and the server;
generating a secret by the client and the server from the response of a strong authentication token; and
generating the authentication key using the user authentication information, the dynamic information, and the secret;
sending server authentication information to the client, the server authentication information including an encrypted server certificate, the server certificate encrypted by the server using the authentication key generated by the server;
receiving and decrypting the server authentication information by the client, the client decrypting the server authentication information using the authentication key created by the client, the correctness of the server information verified by the client;
sending encrypted user authentication information to the server, the user authentication information encrypted by the client using the authentication key generated by the client; and
receiving and decrypting the user authentication information by the server, the server decrypting the user authentication information using the authentication key created by the server, the correctness of the user authentication information verified by the server. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
Specification