Method and system for securely authenticating network access credentials for users
First Claim
1. A method to securely authenticate user credentials, the method including:
- encrypting a user credential with a public key at an access device, the public key being part of a public/private key pair suitable for use with an encryption algorithm;
transmitting the encrypted network user credential from the access device to a decryption server;
decrypting the user credential at the decryption server with a private key, the private key being part of the public/private key pair suitable for use with the encryption algorithm; and
transmitting the decrypted user credential from the decryption server to an authentication server for verification.
11 Assignments
0 Petitions
Accused Products
Abstract
A method is provided to securely authenticate user credentials. The method includes encrypting a user credential with a public key at an access device wherein the public key is part of a public/private key pair suitable for use with an encryption algorithm. The encrypted network user credential is transmitted from the access device to a decryption server where it is decrypted with a private key, the private key being part of the public/private key pair suitable for use with the encryption algorithm. The decrypted user credential is then transmitted from the decryption server to an authentication server for verification. The decryption server typically forms part of a multi-party service access environment including a plurality of access providers, the method including decrypting the user credential of a user proximate an access provider associated with the user credential. The method can be used in legacy protocols such as Point-to-Point protocol (PPP), Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), Remote Authentication Dial In User Service (RADIUS) protocol, Terminal Access Controller Access Control System (TACACS) protocol, Lightweight Directory Access Protocol (LDAP), NT Domain authentication protocol, Unix password authentication protocol, HyperText Transfer Protocol (HTTP), HyperText Transfer Protocol over Secure sockets layer (HTTPS), Extended Authentication Protocol (EAP), Transport Layer Security (TLS) protocol, Token Ring protocol and/or Secure Remote Password protocol (SRP).
-
Citations
47 Claims
-
1. A method to securely authenticate user credentials, the method including:
-
encrypting a user credential with a public key at an access device, the public key being part of a public/private key pair suitable for use with an encryption algorithm;
transmitting the encrypted network user credential from the access device to a decryption server;
decrypting the user credential at the decryption server with a private key, the private key being part of the public/private key pair suitable for use with the encryption algorithm; and
transmitting the decrypted user credential from the decryption server to an authentication server for verification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of authenticating user data of a user requesting access to a service access system including a plurality of service providers, the method including:
-
encrypting the user data with a public key, the public key being part of a public/private key pair suitable for use with an encryption algorithm; and
transmitting the encrypted user data to a decryption server for decryption using the private key. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method of authenticating user data of a user requesting access to a service access system including a plurality of service providers, the method including:
-
receiving encrypted user data from an access device;
decrypting the encrypted user data using a private key; and
transmitting the decrypted user data to an authentication server for authentication. - View Dependent Claims (32, 33, 34, 35, 36, 37)
-
-
38. A computer readable medium, having stored thereon:
-
a first sequence of instructions which, when executed by a processor, causes the processor to encrypt user data with a public key, the public key being part of a public/private key pair suitable for use with an encryption algorithm; and
a second sequence of instructions which, when executed by a processor, causes the processor to transmit the encrypted user credential to a decryption server. - View Dependent Claims (39, 40, 41, 42)
-
-
43. A computer readable medium, having stored thereon:
-
a first sequence of instructions which, when executed by a processor, causes the processor to receive encrypted user data from an access device;
a second sequence of instructions which, when executed by a processor, causes the processor to decrypt the encrypted user data using a private key, the private key being suitable for use with an encryption algorithm; and
a third sequence of instructions which, when executed by a processor, causes the processor to transmit the decrypted user data to an authentication server for verification. - View Dependent Claims (44, 45)
-
-
46. A computer to authenticate user data of a user requesting access to a service access system including a plurality of service providers, the computer including:
-
a receiver to receive encrypted user data from an access device;
decryptor to decrypt the encrypted user data using a private key; and
a transmitter to transmit the decrypted user data to an authentication server for authentication. - View Dependent Claims (47)
-
Specification