Anonymous Spoof resistant authentication and enrollment methods
First Claim
1. A method for authenticating a Client to Server over a communication link comprising the steps of:
- creating a message at Client comprising at least Client identifying data unique to Server;
adding to said message a tamper proof anti-spoof data element computed as a function of at least first key data derived from a secret shared between Client and Server and from first unique communication link attribute data as known to Client;
communicating said message from Client to Server over said communication link;
verifying said anti-spoof data element at Server by computing a verification function of at least second key data derived from said shared secret retrieved by Server and related to said Client identifying data, second unique communication link attribute data as known to Server and said anti-spoof data element;
authenticating Client, as identified by said Client identifying data, at Server, if said verification step is successful.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods for creating and authenticating a message sent from a client over a communication link to a server comprising the steps of creating a message at client containing client identification data adding to said message a first anti-spoof data element computed as a function of a key derived from a shared secret and communication link attribute data, sending said message from client to server over communication link, verifying at server said anti-spoof data element by computing a verification function of anti-spoof element data, server link attribute data and server key computed from said shared secret related to client. These methods are also used for enrolling clients to an authentication system employing authenticated anonymous client certificates.
44 Citations
16 Claims
-
1. A method for authenticating a Client to Server over a communication link comprising the steps of:
-
creating a message at Client comprising at least Client identifying data unique to Server;
adding to said message a tamper proof anti-spoof data element computed as a function of at least first key data derived from a secret shared between Client and Server and from first unique communication link attribute data as known to Client;
communicating said message from Client to Server over said communication link;
verifying said anti-spoof data element at Server by computing a verification function of at least second key data derived from said shared secret retrieved by Server and related to said Client identifying data, second unique communication link attribute data as known to Server and said anti-spoof data element;
authenticating Client, as identified by said Client identifying data, at Server, if said verification step is successful. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification