STRONG MUTUAL AUTHENTICATION OF DEVICES

US 20040205344A1
Filed: 05/20/2004
Published: 10/14/2004
Est. Priority Date: 07/17/2000
Status: Active Grant

First Claim

Patent Images

1. A method for enabling strong mutual authentication on a computer network comprising the steps of:

transmitting, by a first computer, a first encrypted message to a second computer over a first communication channel; and

transmitting, by said first computer, a second message to said second computer over a second communication channel, wherein said second message comprises a second authentication number used to decrypt said first message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for enabling strong mutual authentication between two computers or devices in a communication system. A user attempting to gain access to a first computer transmits login information over a first communication channel to the first computer. The first computer transmits a first message, which in one embodiment includes a first key encrypted by a second key, to the second computer over the first communication channel. The first computer then transmits a second message to a third device over a second communication channel. The second message includes the second key needed by the second computer to decrypt the first message. The third device uses the user'"'"'s login information to obtain the user'"'"'s private key, which the third device uses to obtain the second key.

The third device transmits the second key in a third message to the second computer over a third communication channel. The second computer then uses the second key to decrypt the first message and obtain the first key.

Once the second computer obtains the first key, in one embodiment the second computer switches the role of the keys from the first message by encrypting the second key with the first key into a fourth message. The second computer transmits the fourth message to the server over the first communication channel, and the first computer decrypts the fourth message using its first key. If the received second key is the same as the generated second key, the second computer is authenticated to the first computer.

Citations

23 Claims

1. A method for enabling strong mutual authentication on a computer network comprising the steps of:
- transmitting, by a first computer, a first encrypted message to a second computer over a first communication channel; and
  
  transmitting, by said first computer, a second message to said second computer over a second communication channel, wherein said second message comprises a second authentication number used to decrypt said first message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein said first message comprises a first authentication number.
  - 3. The method of claim 2, wherein said first authentication number is encrypted by said second authentication number.
  - 4. The method of claim 1 further comprising transmitting a first indicia to said first computer over said first communication channel.
  - 5. The method of claim 1 further comprising generating, by said first computer, at least one of said first authentication number and said second authentication number.
  - 6. The method of claim 1 further comprising generating, by said first computer, a third authentication number.
  - 7. The method of claim 1 further comprising transmitting, by said first computer, said second message to a verifier over said second communication channel and transmitting by said verifier said second message to said second computer over said second communication channel, wherein said second message comprises said second authentication number encrypted.
  - 8. The method of claim 1, wherein said second communication channel further comprises a third communication channel.
  - 9. The method of claim 1, wherein said second message further comprises a third authentication number.
  - 10. The method of claim 7 further comprising decrypting, by said verifier, said second message to obtain a first decrypted message, wherein said first decrypted message comprises said second authentication number.
  - 11. The method of claim 7, wherein said transmitting said second message to said second computer over said second communication channel further comprises transmitting, by said verifier, said second authentication number to said second computer over said second communication channel.
  - 12. The method of claim 1 further comprising decrypting, by said second computer, said first message transmitted by said first computer to recover said first authentication number.
  - 13. The method of claim 1 further comprising transmitting, by said second computer, a third message to said first computer over said first communication channel, wherein said third message comprises said second authentication number encrypted by said first authentication number.
  - 14. The method of claim 2 further comprising validating said second computer by said first computer by decrypting said third message to obtain said second authentication number.
  - 15. The method of claim 1, wherein said second message further comprises an encrypted portion.

16. A system for enabling strong mutual authentication comprising:
- a first transmitter; and
  
  a first receiver in communication with said first transmitter over a first communication channel and in communication with said first transmitter over a second communication channel;
  
  wherein said first transmitter transmits a first encrypted message to said first receiver over said first communication channel; and
  
  wherein said first transmitter transmits a second message to said first receiver over said second communication channel, sdaid second message used to decrypt said first encrypted message.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16 further comprising:
    - a second transmitter; and
      
      a second receiver in communication with said second transmitter over said first communication channel;
      
      wherein said second transmitter transmits a first indicia to said second receiver over said first communication channel, wherein said second transmitter transmits a third message to said second receiver over said first communication channel, said third message comprising at least a portion of said decrypted first encrypted message.
  - 18. The system of claim 17 further comprising a comparator in communication with said first transmitter and said second receiver to compare at least a portion of said third message with at least a portion of said decrypted first encrypted message.
  - 19. The system of claim 16, wherein said second message is encrypted.
  - 20. The system of claim 19 further comprising a verifier in communication with said first transmitter to decrypt said encrypted second message to obtain a key to decrypt said first encrypted message.

21. An apparatus for enabling strong mutual authentication on a computer network comprising:
- means for transmitting a first message to a computer over a first communication channel, wherein said first message comprises a first encrypted authentication number; and
  
  means for transmitting a second message to said computer over a second communication channel, wherein said second message comprises a second authentication number used to decrypt said first message.
- View Dependent Claims (22)
- - 22. The apparatus of claim 21 wherein said first encrypted authentication number is encrypted by said second authentication number.

23. A method for enabling strong mutual authentication on a computer network comprising the steps of:
- transmitting, by a server computer, a first encrypted message to a client computer over a first communication channel;
  
  receiving, by said client computer, a key over a second communication channel; and
  
  transmitting, by said client computer, a decrypted message over said first communication channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
BULL, John Albert, OTWAY, David John

Granted Patent

US 7,293,176 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 63/0869   for achieving mutual authen...

H04L 63/18   using different networks or...

H04L 9/321   involving a third party or ...

H04L 9/3215   using a plurality of channe...

H04L 9/3273   for mutual authentication n...

STRONG MUTUAL AUTHENTICATION OF DEVICES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

STRONG MUTUAL AUTHENTICATION OF DEVICES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links