System and method for providing secure communications between clients and service providers

US 20040030887A1
Filed: 08/07/2002
Published: 02/12/2004
Est. Priority Date: 08/07/2002
Status: Abandoned Application

First Claim

Patent Images

1. A computer-based method for providing secure communications between a service provider and clients, comprising:

receiving a request from a client with an identifier for the client;

authenticating an identity of the client by processing the client identifier; and

when the client authenticating verifies the client as authentic, generating a response to the client including an identifier for the service provider that can be used by the client in authenticating an identity of the service provider.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for secure network communications. The method includes receiving at the service provider a request from a client that includes an identifier (e.g., a digital certificate) for the client. The identity is authenticated by the service provider by retrieving a stored copy of a digital certificate for the client sending the request and comparing the copy of the digital certificate included with the request to the stored copy. If authenticated, access to the service provider is granted and typically, a response is generated and transmitted to the client that includes an identifier or a digital certificate for the service provider. The client then authenticates the service provider by comparing the certificate with a stored copy prior to transmitting further messages. The method includes encrypting and decrypting the requests and the responses using private and public key pairs associated with the stored digital certificates.

Citations

17 Claims

1. A computer-based method for providing secure communications between a service provider and clients, comprising:
- receiving a request from a client with an identifier for the client;
  
  authenticating an identity of the client by processing the client identifier; and
  
  when the client authenticating verifies the client as authentic, generating a response to the client including an identifier for the service provider that can be used by the client in authenticating an identity of the service provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the client identifier is a digital certificate issued by a certificate authority and includes a digital signature of the certificate authority.
  - 3. The method of claim 1, wherein the request is encrypted and the authenticating includes decrypting the request with a client key.
  - 4. The method of claim 1, wherein the service provider identifier is a digital certificate issued by a certificate authority, and further including authenticating at the client the identity of the service provider based on the service provider digital certificate.
  - 5. The method of claim 4, wherein at least a portion of the service provider response is encrypted and the service provider authenticating includes decrypting the portion with a service provider key.
  - 6. The method of claim 1, further including determining whether the client is a new client, and if determined to be new, contacting a certificate authority to request generation of a digital certificate signed by the certificate authority for the client, transferring a copy of the digital certificate to the client for use in generating a next request to the service providers, and storing a copy of the digital certificate in memory.
  - 7. The method of claim 6, wherein the client identifier includes a copy of a digital certificate for the client issued by a certificate authority and further including if the client is determined not to be new, retrieving a copy of the client digital certificate, and further wherein the client authenticating includes comparing the retrieved client digital certificate with the copy of the digital certificate in the client identifier.

8. A method for providing secure digital data communications between a service device and a plurality of client devices, comprising:
- at the service device, receiving from a first client device digital data including a digital certificate for the first client device;
  
  first operating the service device to retrieve a copy of the digital certificate for the first client device;
  
  second operating the service device to compare the received digital certificate for the first client device and the retrieved copy of the digital certificate for the first client device to authenticate the first client device; and
  
  if the first client device is authenticated, third operating the service device to transmit a digital data response to the first client device including a digital certificate for the service device.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, further including operating the first client device to receive the digital data response, retrieve a copy of the digital certificate for the service device, and compare the received digital certificate for the service device and retrieved copy of the digital certificate for the service device to authenticate the service device.
  - 10. The method of claim 9, wherein the digital certificates are generated by a certificate authority and include a digital signature of the certificate authority.
  - 11. The method of claim 8, further including receiving initial access requests from the first client device and a second client device, collecting identification information from the first and second client devices, requesting digital certificates for the first and second client devices from a certificate authority based on the collected identification information, and storing digital certificates for the first and second client devices in memory.
  - 12. The method of claim 11, further including at the service receiving from the second client device digital data including a copy of the digital certificate for the second client device and operating the service device to retrieve the stored digital certificate for the second client device and authenticating the second client device by comparing the received copy and the retrieved digital certificate for the second client device.

13. A secure communications system, comprising:
- a server linked to a digital communication network including memory storing a digital certificate for the service provider and a digital certificate for a plurality of client devices, a verification tool adapted for authenticating transmitting client devices by comparing received client digital certificates with the stored digital certificates for the client devices, and a response generator generating responses over the network including a copy of the digital certificate for the service provider; and
  
  a client device linked to the network to allow communication with the server including memory storing a digital certificate for the client and a copy of the digital certificate for the server, a verification tool for authenticating the server by comparing received server digital certificates with the stored server digital certificate, and a request generator generating requests over the network including a copy of the stored digital certificate for the client.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The system of claim 13, further including a certificate authority server adapted to generate the digital certificates based on registration and right to use information from the server and the client device.
  - 15. The system of claim 14, wherein the digital certificates include a public key for the server or the client device and are signed by the certificate authority.
  - 16. The system of claim 13, wherein the server and the client each include an encryption tool for encrypting transmitted messages and decrypting received messages.
  - 17. The system of claim 16, wherein the encrypting is performed using private keys and the decrypting is performed using public keys paired to the private keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Demoff, Jeff S., Wolff, Alan S., Harrisville-Wolff, Carol L.

Application Number

US10/213,765
Publication Number

US 20040030887A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

System and method for providing secure communications between clients and service providers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing secure communications between clients and service providers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links