One pass security
First Claim
1. A method for secure network communication at the start of a session, comprising the acts of:
- receiving a server request;
generating and encrypting a session key;
acquiring and adding credentials to the server request;
encrypting the server request with the session key;
sending the encrypted server request and encrypted session key to a server;
decrypting the session key;
decrypting the server request with the session key;
authenticating the credentials; and
acting on the server request if the credentials are authentic.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for secure network communication. In various embodiments of the present invention, data needed for authentication an encryption is included in each communication pass between network devices, so that when a network connection is broken, a secure connection can be reestablished with the next pass. A client authentication service on the client receives a server request and searches for a current client-side session key. If one is not present, the client authentication service generates and encrypts an initial session key, acquires credentials, adds the credentials to the server request, and encrypts the server request with the initial session key. The encrypted server request and the encrypted session key are sent to the server, where a server authentication service decrypts the initial session key, decrypts the server request with the initial session key, and authenticates the credentials before allowing the server request to be acted upon. Where a current client-side session key is detected, the client authentication service acquires the current client-side session key, generates a next step session key, adds the next step session key to the server request, and encrypts the server request with the current client-side session key. The encrypted server request is sent to the server where the server authentication service decrypts the server request with a current server-side session key allowing the server request to be acted upon.
-
Citations
45 Claims
-
1. A method for secure network communication at the start of a session, comprising the acts of:
-
receiving a server request;
generating and encrypting a session key;
acquiring and adding credentials to the server request;
encrypting the server request with the session key;
sending the encrypted server request and encrypted session key to a server;
decrypting the session key;
decrypting the server request with the session key;
authenticating the credentials; and
acting on the server request if the credentials are authentic. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method secure network communication during an existing session, comprising the acts of:
-
receiving a server request;
acquiring a current client-side session key;
generating and adding a next step session key to the server request;
encrypting the server request with the current client-side session key;
sending the server request;
acquiring a current server-side session key;
decrypting the server request with the current server-side session key; and
acting on the server request. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A method for secure network communication, comprising
receiving a server request; -
detecting the presence of a current client-side session key;
if a current client-side session key is not detected, generating and encrypting an initial session key, acquiring credentials, adding the credentials to the server request, encrypting the server request with the initial session key, sending the encrypted server request and the encrypted session key to a server, decrypting the initial session key, decrypting the server request with the initial session key, and authenticating the credentials;
if a current client-side session key is detected, acquiring the current client-side session key, generating a next step session key, adding the next step session key to the server request, and encrypting the server request with the current client-side session key, sending the encrypted server request, and decrypting the server request with a current server-side session key; and
acting on the server request. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer program product for secure network communication at the start of a session, the product comprising computer useable medium having computer readable instructions thereon for:
-
receiving a server request;
generating and encrypting a session key;
acquiring and adding credentials to the server request;
encrypting the server request with the session key;
sending the encrypted server request and encrypted session key to a server;
decrypting the session key;
decrypting the server request with the session key;
authenticating the credentials; and
acting on the server request if the credentials are authentic. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. A computer program product for secure network communication during an existing session, the product comprising computer useable medium having computer readable instructions thereon for:
-
receiving a server request;
acquiring a current client-side session key;
generating and adding a next step session key to the server request;
encrypting the server request with the current client-side session key;
sending the server request;
acquiring a current server-side session key;
decrypting the server request with the current server-side session key; and
acting on the server request. - View Dependent Claims (27, 28, 29, 30, 31)
-
-
32. A computer program product for secure network communication, the product comprising computer useable medium having computer readable instructions thereon for:
-
receiving a server request;
detecting the presence of a current client-side session key;
if current client-side session key is not detected, generating and encrypting an initial session key, acquiring credentials, adding the credentials to the server request, encrypting the server request with the initial session key, sending the encrypted server request and the encrypted session key to a server, decrypting the initial session key, decrypting the server request with the initial session key, and authenticating the credentials;
if a current client-side session key is detected, acquiring the current client-side session key, generating a next step session key, adding the next step session key to the server request, and encrypting the server request with the current client-side session key, sending the encrypted server request, and decrypting the server request with a current server-side session key; and
acting on the server request. - View Dependent Claims (33, 34, 35, 36, 37, 38)
-
-
39. A system for secure network communication, comprising:
-
a request builder operable to act on a server request;
a client encryption module operable to generate session keys, encrypt the server request with a generated or an acquired session key, and to decrypt a client response with a generated or an acquired session key;
a response builder operable to act on the client response generated in response to the server request; and
a server encryption module operable to generate session keys, encrypt the client response with a generated or an acquired session key, and to decrypt the server request with an acquired session key. - View Dependent Claims (40, 41, 42, 43, 44)
-
-
45. A system for secure network communication, comprising:
-
a means for adding a session key and a session counter to a server request;
a means adding a session key to a client response adding a session key;
a means for generating session keys;
a means for encrypting a session key with a server public key;
a means for encrypting the server request with a generated or an acquired session key, and decrypting the client response with a generated or an acquired session key;
a means for encrypting the client response with a generated or an acquired session key and to decrypting the server request with an acquired session key;
a means for passing encrypted server requests, encrypted client responses, and encrypted session keys between a client and a server; and
a means for validating the session counter.
-
Specification