APPARATUS AND METHOD TO PREVENT MAN IN THE MIDDLE ATTACK
First Claim
1. A system for authenticating an encryption key before transmitting encrypted messages containing sensitive information, the system comprising:
- a client device, the client device being a data processing system having at least one processor and at least one memory, the client device connected to a network and operative to transmit and receive data over the network;
a remote device, the remote device being a data processing system having at least one processor and at least one memory, the remote device connected to the network and operative to transmit data to and receive data from the client device;
a peripheral device operative to encrypt messages before passing the encrypted message to the client device for transmission to the remote device, the peripheral device having at least one processor and a memory containing a first key of a cryptographic key pair, the peripheral device operatively connected to only the client device,wherein the remote device transmits a digital certificate to the client device, the digital certificate containing an encryption key and a first digital signature, the first digital signature issued by a certificate authority to verify the encryption key is associated with the remote device,in response to receiving the digital certificate from the remote device, the client device passing the digital certificate, a root certificate associated with the digital certificate and a second digital signature to the peripheral device, the second digital signature associated with the root certificate and created using a second key of the cryptographic key pair,in response to receiving the digital certificate, the root certificate and the second signature, the peripheral device uses the root certificate to certify the digital certificate and the first digital signature in the digital certificate to verify the encryption key in the digital certificate is associated with the remote device and the peripheral device retrieves the first key of the cryptographic key pair from the memory of the peripheral device and applies the first key of the encryption key pair to the second digital signature to verify the root certificate.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, peripheral device, and method for authenticating an encryption key before transmitting encrypted messages containing sensitive information are provided. Authentication of a client device during the coordination of data transfer among multiple computer devices is possible by providing a peripheral device that does not have a direct connection to a network, but rather, any message to be transmitted over the network must be relayed through a client device. Any sensitive information to be transferred to a remote device is inserted into a message, then the message is encrypted in the peripheral device. This prevents any process running on the client device from fooling the client device into communicating confidential information to a third party rather than the desired remote computer, because the client device never sees the sensitive information in an unencrypted form; only the peripheral device has access to the sensitive information in an unencrypted form.
74 Citations
36 Claims
-
1. A system for authenticating an encryption key before transmitting encrypted messages containing sensitive information, the system comprising:
-
a client device, the client device being a data processing system having at least one processor and at least one memory, the client device connected to a network and operative to transmit and receive data over the network; a remote device, the remote device being a data processing system having at least one processor and at least one memory, the remote device connected to the network and operative to transmit data to and receive data from the client device; a peripheral device operative to encrypt messages before passing the encrypted message to the client device for transmission to the remote device, the peripheral device having at least one processor and a memory containing a first key of a cryptographic key pair, the peripheral device operatively connected to only the client device, wherein the remote device transmits a digital certificate to the client device, the digital certificate containing an encryption key and a first digital signature, the first digital signature issued by a certificate authority to verify the encryption key is associated with the remote device, in response to receiving the digital certificate from the remote device, the client device passing the digital certificate, a root certificate associated with the digital certificate and a second digital signature to the peripheral device, the second digital signature associated with the root certificate and created using a second key of the cryptographic key pair, in response to receiving the digital certificate, the root certificate and the second signature, the peripheral device uses the root certificate to certify the digital certificate and the first digital signature in the digital certificate to verify the encryption key in the digital certificate is associated with the remote device and the peripheral device retrieves the first key of the cryptographic key pair from the memory of the peripheral device and applies the first key of the encryption key pair to the second digital signature to verify the root certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A peripheral device comprising:
-
at least one processor; and at least one memory containing a first key of a cryptographic key pair, the peripheral device operatively connectable to a client device connected to a network, the client device operative to transmit messages to and receive messages from a remote device connected to the network, the peripheral device operative to encrypt messages before passing the encrypted messages to the client device for transmission to the remote device, wherein the peripheral device verifies an encryption key originated from the remote device by; the client device receiving a digital certificate from the remote device, the digital certificate containing an encryption key and a first digital signature, the first digital signature issued by a certificate authority to verify that the encryption key is associated with the remote device, in response to receiving the digital certificate from the remote device, the client device passing the digital certificate, a root certificate associated with the digital certificate and a second digital signature to the peripheral device, the second digital signature associated with the root certificate and created using a second key of the cryptographic key pair, in response to receiving the digital certificate, the root certificate and the second signature, the peripheral device uses the root certificate to certify the digital certificate and the first digital signature in the digital certificate to verify the encryption key in the digital certificate is associated with the remote device and the peripheral device retrieves the first key of the cryptographic key pair from the memory of the peripheral device and applies the first key of the encryption key pair to the second digital signature to verify the root certificate. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method of authenticating a remote server, the method comprising:
-
providing a client device operatively connected to a remote device over a network; providing a peripheral device operatively connected to only the client device and having a memory containing a key; the client device receiving a digital certificate containing an encryption key and a first signature from the remote device, the first signature issued by a certificate authority to verify the encryption key is associated with the remote device; passing the digital certificate from the client device to the peripheral device; passing a certification path beginning with the digital certificate and ending with a root certificate from the client device to the peripheral device; the peripheral device verifying the encryption key in the digital certificate with the first signature in the digital certificate using the certification path including the root certificate; passing a second signature certifying the root certificate to the peripheral device; the peripheral device retrieving the key from the memory of the peripheral device; and the peripheral device checking the second signature using the retrieved key to verify the root certificate. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification