Session Key Security Protocol
First Claim
1. A method for exchanging information in a multi-site authentication system having a first network server and a second network server coupled to a data communication network, said method comprising:
- receiving, from a client computing device via the first network server, a request for a service provided by the second network server;
receiving, from the first network server, an authentication ticket along with the request, said authentication ticket including;
a session key encrypted by a public key associated with the second network server;
message content encrypted by the session key; and
a signature for the encrypted session key and the encrypted message content, said signature including address information of the second network server;
identifying the address information for the second network server in the signature to validate the signature included in the authentication ticket;
verifying the authentication ticket content based on the signature included in the authentication ticket;
decrypting the encrypted session key via a private key associated with the second network server; and
decrypting the encrypted message content via the decrypted session key.
1 Assignment
0 Petitions
Accused Products
Abstract
Exchanging information in a multi-site authentication system. A network server receives, from an authentication server, a request by a client computing device for a service provided by the network server along with an authentication ticket. The authentication ticket includes: a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content. The signature includes address information of the network server. The network server identifies its own address information in the signature to validate the signature included in the authentication ticket and verifies the authentication ticket content based on the signature included in the authentication ticket. The network server decrypts the encrypted session key via a private key associated with the second network server and decrypts the encrypted message content via the decrypted session key.
75 Citations
20 Claims
-
1. A method for exchanging information in a multi-site authentication system having a first network server and a second network server coupled to a data communication network, said method comprising:
-
receiving, from a client computing device via the first network server, a request for a service provided by the second network server; receiving, from the first network server, an authentication ticket along with the request, said authentication ticket including; a session key encrypted by a public key associated with the second network server; message content encrypted by the session key; and a signature for the encrypted session key and the encrypted message content, said signature including address information of the second network server; identifying the address information for the second network server in the signature to validate the signature included in the authentication ticket; verifying the authentication ticket content based on the signature included in the authentication ticket; decrypting the encrypted session key via a private key associated with the second network server; and decrypting the encrypted message content via the decrypted session key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for exchanging in a multi-site authentication system having an authentication server coupled to a data communication network, said system comprising:
-
a network server coupled to the data communication network, wherein said network server includes a processor executing instructions stored on one or more computer-readable storage media to perform the following operations; receiving, from a client computing device via the authentication server, a request for a service provided by the network server; receiving, from the authentication server, an authentication ticket along with the request, said authentication ticket including a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content, said signature including address information of the network server; identifying the address information of the network server in the signature to validate the signature included in the authentication ticket; verifying the authentication ticket content based on the signature included in the authentication ticket; decrypting the encrypted session key via a private key associated with the network server; and decrypting the encrypted message content via the decrypted session key. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method of exchanging information on a data communication network, said data communication network having at least a client computing device, a network server, and an authentication server coupled thereto, said method comprising:
-
receiving a request for a service provided by the network server; generating, in response to the request, a sign-in interface for obtaining authenticating information from a user of the client computing device; redirecting the client computing device from the network server to the authentication server, wherein the authentication server receives message content from the client computing device, said message content including the authenticating information obtained from the user of the client computing device via the interface; receiving, from the authentication server, an authentication ticket along with the request, said authentication ticket including; a randomly generated session key encrypted by a public key associated with the network server; the message content encrypted by the session key; and a signature for the encrypted session key and the encrypted message content, said signature including address information of the network server; identifying the address information for the network server in the signature to validate the signature included in the authentication ticket; verifying the authentication ticket content based on the signature included in the authentication ticket; decrypting the encrypted session key via a private key associated with the network server; decrypting the encrypted message content via the decrypted session key; and providing the service to the client computing device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification