Computer network security system
First Claim
1. A method for authenticating a user of a computer, the method comprising:
- transmitting a signal having a challenge string and a first encryption key;
receiving a login packet having the challenge string and a password that is encrypted using the first encryption key;
decrypting the password;
receiving information from an authentication provider; and
authenticating the password by using the information received from the authentication provider.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system are provided for authenticating a user of a computer over a computer network. In one embodiment of the invention, the method includes transmitting an applet having a challenge string and a first encryption key, receiving a login packet having the challenge string and a password that is encrypted using the first encryption key, decrypting the password, receiving information from an authentication provider, and authenticating the password by using the information provided by the authentication provider. The challenge string can be either a sequence number or a session identifier. The login packet can further include a user name, wherein the session identification, the user name, and the password are encrypted. Additionally, the login packet can include a hash of the session identification, the user name, and the password. Authenticating the password by using an authentication provider can include receiving from an authentication provider a second encryption key; encrypting using the second encryption key and transmitting to the authentication provider the password, receiving from the authentication provider a second hash of the password and a character string; and determining from the character string if the password is correct. The authentication provider can be a software program or an authentication server. An advantage of embodiments of the present invention is that a computer can provide secure Internet communications using a web browser that does not support SSL and can provide secure integration with third party security systems.
-
Citations
34 Claims
-
1. A method for authenticating a user of a computer, the method comprising:
-
transmitting a signal having a challenge string and a first encryption key;
receiving a login packet having the challenge string and a password that is encrypted using the first encryption key;
decrypting the password;
receiving information from an authentication provider; and
authenticating the password by using the information received from the authentication provider. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for authenticating a user of a computer over a computer network, the method comprising:
-
transmitting to the computer a signal having a unique session identifier and a first encryption key;
receiving from the computer a login packet having the session identification, a user name, a password and a first hash of the session identification, the user name, and the password, wherein the session identification, the user name, and the password are encrypted using the first encryption key;
decrypting the session identification, the user'"'"'s name, and the password contained in the packet;
receive information from an authentication provider; and
authenticating the user'"'"'s name and the password by using the information provided by the authentication provider. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for authenticating a user of a computer coupled to a computer network, the system comprising:
a web server coupled to the computer network, wherein the web server is programmed to;
transmit a signal having a challenge string and a first encryption key;
receive a login packet having the challenge string and a password that is encrypted using the first encryption key;
decrypt the password;
receive information from an authentication provider; and
authenticate the password by using the information provided by the authentication provider. - View Dependent Claims (16, 17, 18, 19)
-
20. A system for authenticating a user of a computer over a computer network coupled to a security server, the system comprising:
a web server coupled to the computer and the computer network, wherein the web server is programmed to;
transmit to the computer a signal having a unique session identification and a first encryption key and;
receive from the computer a login packet having the session identification, a user name, a password and a first hash of the session identification, the user name, and the password, wherein the session identification, the user name, and the password are encrypted using the first encryption key;
decrypt the session identification, the user'"'"'s name, and the password contained in the packet;
receive information from an authentication provider; and
authenticate the user'"'"'s name and the password by using the information provided by the authentication provider. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
28. An article of manufacture, comprising:
a computer readable medium having computer readable program code for authenticating a user of a client computer over a computer network, the computer readable program code including instructions for;
causing the computer system to transmit a signal having a challenge string and a first encryption key;
causing the computer system to receive a login packet having the challenge string and a password that is encrypted using the first encryption key;
causing the computer system to decrypt the password;
causing the computer system to receive information from an authentication provider; and
causing the computer system to authenticate the password by using the information provided by the authentication provider. - View Dependent Claims (29, 30)
-
31. An article of manufacture, comprising:
a computer readable medium having computer readable program code for authenticating a user of a client computer over a computer network, the computer readable program code including instructions for;
causing the computer system to transmit to the client computer a signal having a unique session identification and a first encryption key;
causing the computer system to receive from the client computer a login packet having the session identification, a user name, a password and a first hash of the session identification, the user name, and the password, wherein the session identification, the user name, and the password are encrypted using the first encryption key;
causing the computer system to decrypt the session identification, the user'"'"'s name, and the password contained in the packet; and
causing the computer system to receive information from an authentication provider; and
causing the computer system to authenticate the user'"'"'s name and the password by using the information provided by the authentication provider. - View Dependent Claims (32, 33, 34)
Specification