Systems and methods for enhancing security of communication over a public network
First Claim
1. A computer-implemented method for enhancing the security of communication over a network, the method comprising:
- receiving a set of authentication credentials from a user;
receiving from the user a request that requires communication over the network with a remote system;
applying a collection of security privileges to the set of authentication credentials to determine if the user is authorized to carry out the request;
selectively transmitting a security certificate over the network to the remote system, the certificate containing a public key;
receiving from the remote system a session ticket that has been encrypted with the public key;
decrypting the session ticket with a corresponding private key;
using the session ticket as an authenticator for subsequent communications with the remote system.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication protocol is disclosed for use in enhancing the security of communications between software applications and Internet-based service providers. The protocol incorporates a two level authentication model based on a distribution of authentication responsibilities, wherein the application authenticates users and the service provider authenticates the application. Embodiments of the protocol incorporate public key infrastructure and digital certificate technology. Other embodiments of the present invention pertain to applying a corresponding protocol to peer-to-peer communication scenarios.
123 Citations
29 Claims
-
1. A computer-implemented method for enhancing the security of communication over a network, the method comprising:
-
receiving a set of authentication credentials from a user;
receiving from the user a request that requires communication over the network with a remote system;
applying a collection of security privileges to the set of authentication credentials to determine if the user is authorized to carry out the request;
selectively transmitting a security certificate over the network to the remote system, the certificate containing a public key;
receiving from the remote system a session ticket that has been encrypted with the public key;
decrypting the session ticket with a corresponding private key;
using the session ticket as an authenticator for subsequent communications with the remote system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer-implemented method for enhancing the security of communication over a network, the method comprising:
-
generating a public key and a corresponding private key;
storing the private key;
transmitting the public key over the network to a registration service;
receiving from the registration service a security certificate that includes the public key;
transmitting the security certificate over the network to an entity with which a channel of communication is desired;
receiving from the entity a session ticket encrypted with the public key;
decrypting the session ticket with the private key; and
using the session ticket as an authenticator for subsequent communications with the entity. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A communication security system for facilitating the enhancement of the security of communications over a network, the system comprising:
-
a client application configured to respond to a user request for service by retrieving a security certificate that contains a public encryption key, and by obtaining a service identifier that corresponds to the user request;
an authorization service configured to receive the security certificate and the service identifier from the client application, and being further configured to selectively generate a corresponding session ticket that is encrypted with the public key, the client application being further configured to receive and decrypt the corresponding session ticket with a private key that corresponds to the public key; and
a service provider configured to receive a service command with the corresponding session ticket after it has been decrypted, and being further configured to validate information contained in the corresponding session ticket and selectively execute the service command. - View Dependent Claims (19, 20, 24, 25)
-
-
21. A method for enabling secure communication between a service provider and a plurality of socket applications installed on multiple computing devices within a local access network, wherein the service provider is configured to extend the functionality of the socket applications by providing services, the method comprising:
-
creating an account by registering with a centralized authentication service associated with the service provider, wherein registering includes indicating a desire to activate a service supported by the service provider; and
activating each of the plurality of socket applications, wherein activating comprises;
generating a public key and a corresponding private key;
storing the private key;
transmitting the public key over the network, along with an indication of the account, to the centralized authentication service; and
receiving from the authentication service a security certificate that includes the public key. - View Dependent Claims (22, 23)
-
-
26. A computer-implemented method for enhancing the security of communication over a network between multiple peer application hosts, the method comprising:
-
receiving a security certificate from a first application host;
generating a session ticket;
encrypting the session ticket with a public key contained in the security certificate;
transmitting the session ticket to the first application host; and
receiving a message from the first application host, the message being at least partially encrypted in accordance with the session key prior to its being encrypted with the public key. - View Dependent Claims (27, 28, 29)
-
Specification