Efficient method for providing secure remote access
First Claim
Patent Images
1. A computer network, comprising:
- a client and a server connected by a network connection, wherein the client has a userid and a password associated with the client;
wherein the client requests access to the server by sending a first set of values to the server;
wherein the server responds to the client by generating a one-time challenge token that depends at least on a first random value and sending the challenge token to the client;
wherein the client retrieves the first random value from the challenge token and sends the first random value and the userid to the server;
wherein the server verifies the received first random value from the client is correct, and if so, the server generates a one-time authentication token and sends it to the client, giving it permission to access the server.
1 Assignment
0 Petitions
Accused Products
Abstract
A remote user, two-way authentication and password change protocol that also allows parties to optionally establish a session key which can be used to protect subsequent communication. In a preferred embodiment, a challenge token is generated and exchanged which is a one-time value that includes a random value that changes from session to session. The construction and use of the challenge token avoids transmission of the password or even the transmission of a digest of the password itself. Thus the challenge token does not reveal any information about a secret password or a digest of the password.
-
Citations
24 Claims
-
1. A computer network, comprising:
-
a client and a server connected by a network connection, wherein the client has a userid and a password associated with the client;
wherein the client requests access to the server by sending a first set of values to the server;
wherein the server responds to the client by generating a one-time challenge token that depends at least on a first random value and sending the challenge token to the client;
wherein the client retrieves the first random value from the challenge token and sends the first random value and the userid to the server;
wherein the server verifies the received first random value from the client is correct, and if so, the server generates a one-time authentication token and sends it to the client, giving it permission to access the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product in a computer readable medium, comprising:
-
a client and a server connected by a network connection, wherein the client has a userid and a password associated with the client;
first instructions whereby the client requests access to the server by sending a first set of values to the server;
second instructions whereby the server responds to the client by generating a one-time challenge token that depends at least on a first random value and sending the challenge token to the client;
third instructions whereby the client retrieves the first random value from the challenge token and sends the first random value and the userid to the server;
fourth instructions whereby the server verifies the received first random value from the client is correct, and if so, the server generates a one-time authentication token and sends it to the client, giving it permission to access the server. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method of authenticating a client with a server across a network connection, comprising the steps of:
-
requesting, by the client, access to the server by sending a first set of values to the server;
responding, by the server, to the client by generating a one-time challenge token that depends on at least a first random value and sending the challenge token to the client;
retrieving, by the client, the first random value from the challenge token;
sending, by the client, the first random value and a userid of the client to the server;
verifying, by the server, the received first random value from the client;
if the first random value from the client is verified by the server, generating a one-time authentication token by the server;
sending the one-time authentication token to the client to thereby give the client permission to access the server. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification