Method and system for providing authentication service for Internet users
First Claim
1. A method for obtaining a session master key by an application executing on a computer from a server over a network comprising:
- sending by the application an open request to the server for the session master key;
receiving a first reply by the application from the server with a first portion of the session master key, said first reply identifying a directory server from which a second portion of the session master key may be obtained;
sending by the application an open request to the directory server specified by the server in the first reply for the second portion of the session master key; and
receiving by the application from the directory server the second portion of the session master key.
7 Assignments
0 Petitions
Accused Products
Abstract
A system and method comprising a computer useable medium having computer readable program code means embodied therein for authenticating and encrypting and decrypting information transferred over a public network between a client application program running in a client computer and a server application program running in a server computer and a directory service application program running in a server computer. A method for obtaining a session master key by an application from a server includes sending an open request to the server for the session master key and receiving a first reply by the application from the server with a first portion of the session master key. The first reply identifies a directory server from which a second portion of the session master key may be obtained. The application sends an open request to the directory server specified by the server in the first reply for the second portion of the session master key and receives it from the directory server. The session master key is generated by the application using the first portion of the session master key received from the server and the second portion of the session master key received from the directory server.
-
Citations
36 Claims
-
1. A method for obtaining a session master key by an application executing on a computer from a server over a network comprising:
-
sending by the application an open request to the server for the session master key;
receiving a first reply by the application from the server with a first portion of the session master key, said first reply identifying a directory server from which a second portion of the session master key may be obtained;
sending by the application an open request to the directory server specified by the server in the first reply for the second portion of the session master key; and
receiving by the application from the directory server the second portion of the session master key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for transferring a session master key from a server to an application executing on a computer over a network comprising:
-
receiving an open request by the server from the application for the session master key;
sending a first reply to the application with a first portion of the session master key; and
sending a second reply to a directory server with a second portion of the session master key wrapped in an SSLX-EA exchange using a server directory server key obtained by the server from the directory server. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for verifying a computer on a network comprising:
-
receiving an open request by a directory service from the computer for a directory service key, wherein the request includes an authentication request value;
sending by the directory service a single reply with the directory service key encrypted using a public key included in the open request sent by the computer if the authentication request value designates a public key option;
sending by the directory service a single message including the directory service key via an out-of-band communication path specified in the request from the computer if the authentication request value designates an out-of-band communication path option; and
sending by the directory service a first reply back to the computer with a first portion of the directory service key, and a second reply via an out-of-band communication path specified in the request from the computer with the second portion of the directory service key if the authentication request value designates a combination of both public key and the out-of-band communication path option. - View Dependent Claims (25, 26, 27)
-
-
28. A method for obtaining a trusted key from a trusted third party for use in communicating securely comprising:
-
sending an open request to the trusted third party for the trusted key, wherein the request includes an authentication request value, and said authentication request value designates a delivery option for the trusted key;
receiving the trusted key from the trusted third party via one or more communication paths based on the designation in the authentication request value; and
sending a confirmation message to the trusted third party wrapped in an SSLX-EA exchange using the trusted key. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
-
36. An apparatus for serving as a trusted intermediary between computers communicating securely over a network comprising:
-
a server;
a database coupled to the server to store pertinent information to securely communicate with any particular directory member, said pertinent information including a directory service key associated with each particular directory member;
a known static IP address associated with the server;
an application executing on the server, wherein;
the server routes real-time requests from browsers to web servers and replies from web servers to browsers;
the requests and replies are secured with a requestor-generated public key or with a trusted key in an SSLX-EA exchange if the requestor has performed a verified set up with the server;
each of said replies includes only a portion of information for the requestor to combine and verify that said each reply and a web-connected location are identical; and
a remaining portion of information is provided directly from the web site to the requestor using a requestor-generated public key to encrypt a remaining portion of information.
-
Specification