System and method for provisioning and authenticating via a network
First Claim
1. A method of authenticating communication between a first and a second party, the method comprising:
- provisioning a first secure credential between the first party and the second party;
establishing a secure tunnel between the first party and the second party using the first secure credential;
authenticating a relationship between the first party and the second party within the secure tunnel using a second secure credential to establish an authorization policy; and
distributing an update to one of the first secure credential and the second secure credential within the secure tunnel to update the authorization policy.
1 Assignment
0 Petitions
Accused Products
Abstract
System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.
-
Citations
23 Claims
-
1. A method of authenticating communication between a first and a second party, the method comprising:
-
provisioning a first secure credential between the first party and the second party;
establishing a secure tunnel between the first party and the second party using the first secure credential;
authenticating a relationship between the first party and the second party within the secure tunnel using a second secure credential to establish an authorization policy; and
distributing an update to one of the first secure credential and the second secure credential within the secure tunnel to update the authorization policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for communicating via a network, the system comprising:
-
means for providing a communication link between a first party and a second party;
means for provisioning a first secure credential between the first and the second party;
means for establishing a secure tunnel utilizing the first secure credential;
means for authenticating a relationship between the first party and the second party within the secure tunnel using a second secure credential to establish an authorization policy; and
means for delivering an update to one of the first secure credential and the second secure credential to update the authorization policy. - View Dependent Claims (18, 19, 20, 21)
-
-
22. An article of manufacture embodied in a computer-readable medium for use in a processing system for communicating via a network, the article comprising:
-
a provisioning logic for causing the processing system to establish a shared secret between a first and a second party;
a tunnel establishment logic for causing the processing system to establish a secure tunnel based upon the shared secret;
an authentication logic for causing the processing system to authenticate a communication link between the first and the second party within the secure tunnel based upon a secure credential; and
a second provisioning logic for causing the processing system to provision an access; and
a delivery logic for causing the processing system to deliver an update to one of the shared secret and the secure credential via the network. - View Dependent Claims (23)
-
Specification