Two-way authentication using a combined code
First Claim
1. One or more device-readable media encoded with device-executable instructions for performing steps comprising:
- identifying in a combined code at least two sets of data for authentication;
sending a connection request to a target service;
receiving a certificate from the target service for establishing a secure channel;
validating the certificate with a first set of data included in the combined code; and
if the certificate is validated, providing the second set of data to the target service, the second set of data including credential for authentication.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication process using a combined code as a shared secret between a client and target service is provided. The combined code is provided out-of-band and includes data to perform two-way authentication for both the client and the target service. The target service may provide the client with a certificate to establish a secure channel. The client may use the data in the combined code to validate the target service. When the target service is validated, the client may provide credentials in the combined code to the target service for authentication. In one example implementation, the combined code includes a hash of a public key. The client may compute another hash of another public key in the certificate provided by the target service and validate the service by comparing the hash in the combined code and the computed hash.
-
Citations
21 Claims
-
1. One or more device-readable media encoded with device-executable instructions for performing steps comprising:
-
identifying in a combined code at least two sets of data for authentication;
sending a connection request to a target service;
receiving a certificate from the target service for establishing a secure channel;
validating the certificate with a first set of data included in the combined code; and
if the certificate is validated, providing the second set of data to the target service, the second set of data including credential for authentication. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
- 8. A device configured to offer services to a client through a network connection, the device also configured to provide a combined code containing data for the client to authenticate the device and a certificate to establish a secure channel with the client, the combined code being provided to the client out-of-band and containing a first credential, the certificate including data verifiable by the data in the combined code provided to the client, the device further configured to receive a second credential from the client with the established secure channel and to authenticate the client by comparing the second credential received from the client with the first credential included in the provided combined code.
-
17. A system for establishing a connection between a client and a target service comprising:
-
means for incorporating data in a combined code for the client and the target service to perform mutual authentication;
means for providing the combined code to the client out-of-band;
means for the client to authenticate the target service using data in the combined code; and
means for the client to provide credential in the combined code to the target service for authentication. - View Dependent Claims (18, 19, 20, 21)
-
Specification