Session key secruity protocol
First Claim
1. A method of securing information in a multi-site authentication system, said method comprising:
- generating an authentication ticket from a first network server, said ticket including information associated with a user of a client computer, said first network server and said client computer being coupled to a data communication network;
encrypting content of the ticket, by the first network server, using a shared symmetric key, said shared key being shared by the first network server and a second network server, said second network server also being coupled to the data communication network;
encrypting the shared key, by the first network server, using a public key associated with the second network server; and
directing the client computer along with the ticket from the first network server to the second network server.
2 Assignments
0 Petitions
Accused Products
Abstract
A security protocol for use in a multi-site authentication system. After authenticating a user, an authentication server generates a ticket including information associated with the user. The authentication server encrypts content of the ticket using a symmetric key shared with an affiliate server. The affiliate server has a public key that the authentication server uses to encrypt the shared key. The authentication server has private key for creating a signature on the ticket. The affiliate server decrypts the shared key with its private key and then decrypts the content of the ticket using the decrypted shared key. The affiliate server validates the signature with the authentication server'"'"'s public key.
-
Citations
32 Claims
-
1. A method of securing information in a multi-site authentication system, said method comprising:
-
generating an authentication ticket from a first network server, said ticket including information associated with a user of a client computer, said first network server and said client computer being coupled to a data communication network;
encrypting content of the ticket, by the first network server, using a shared symmetric key, said shared key being shared by the first network server and a second network server, said second network server also being coupled to the data communication network;
encrypting the shared key, by the first network server, using a public key associated with the second network server; and
directing the client computer along with the ticket from the first network server to the second network server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
- 16. A system of securing information comprising an authentication server associated with a multi-site user authentication system, said authentication server retrieving login information from a user of a client computer for authenticating the user, said authentication server further generating an authentication ticket after authenticating the user, said ticket including information associated with the user of the client computer, said authentication server having a shared symmetric key for encrypting content of the ticket, said shared key being shared by the authentication server and an affiliate server, said affiliate server having a public key and said authentication server using the public key to encrypt the shared key.
-
26. A method of securing information in a multi-site authentication system, said method comprising:
-
generating an authentication ticket from a first network server, said ticket including information associated with a user of a client computer, said first network server and said client computer being coupled to a data communication network;
generating a signature for the ticket using a private key associated with the first network server, said signature including address information for a second network server, said second network server also being coupled to the data communication network;
directing the client computer along with the ticket from the first network server to the second network server over a privacy-enhanced protocol; and
identifying, by the second network server, its own address information in the signature to validate the signature. - View Dependent Claims (27)
-
-
28. A security protocol for use in a multi-site authentication system comprising:
-
a shared symmetric key, said shared key being shared by a first network server and a second network server, said first network server encrypting content of an authentication ticket that includes information associated with a user of a client computer using the shared key, said first and second network servers and said client computer being coupled to a data communication network;
a public key associated with the second network server, said first network server encrypting the shared key using the public key; and
a private key associated with the second network server;
said second network server decrypting the encrypted shared key using the private key and decrypting the content of the ticket using the decrypted shared key. - View Dependent Claims (29, 30, 31, 32)
-
Specification