USE AND GENERATION OF A SESSION KEY IN A SECURE SOCKET LAYER CONNECTION
First Claim
1. A method for establishing a secure connection and authenticating a server in connections formed with PKI procedures, wherein a server public key, obtained from the server by a client, is used with asymmetric cryptography to establish a symmetric session key for encryption of communications with symmetric cryptography during the connection, said method offering an alternative for authenticating the server public key, and comprising:
- generating a server authentication key by the server,transmitting said server public key by the server to the client in clear text form;
generating a client authentication key by the client, the server authentication key and the client authentication key being identical to each other as both are generated using a common secret;
generating server authentication information from data derived from the server public key and processed with a symmetric cryptographic algorithm and the server authentication key,sending said server authentication information to the client,verifying the server authentication information at the client in order to authenticate the server public key, said verifying using the client authentication key to determine that the server authentication information is based on said server authentication key and the server public key used in establishing the secure connection and received from the server.
0 Assignments
0 Petitions
Accused Products
Abstract
The invention describes a method and system for verifying the link between a public key and a server'"'"'s identity without relying on the trustworthiness of the root certificate of the server'"'"'s certificate chain. The system establishes a secure socket layer type connection between a client and a server. The client and the server create an identical authentication key using a shared secret known to the server and the client. Next, the server transmits a first encrypted message to the client, wherein the first encrypted message includes the server'"'"'s public key encrypted with the authentication key. Then, the client decrypts the first encrypted message and verifies the correctness of that message including comparing the public key included in the decrypted first encrypted message to the public key transmitted during the set-up of the secure socket layer type connection to authenticate the client.
-
Citations
46 Claims
-
1. A method for establishing a secure connection and authenticating a server in connections formed with PKI procedures, wherein a server public key, obtained from the server by a client, is used with asymmetric cryptography to establish a symmetric session key for encryption of communications with symmetric cryptography during the connection, said method offering an alternative for authenticating the server public key, and comprising:
-
generating a server authentication key by the server, transmitting said server public key by the server to the client in clear text form; generating a client authentication key by the client, the server authentication key and the client authentication key being identical to each other as both are generated using a common secret; generating server authentication information from data derived from the server public key and processed with a symmetric cryptographic algorithm and the server authentication key, sending said server authentication information to the client, verifying the server authentication information at the client in order to authenticate the server public key, said verifying using the client authentication key to determine that the server authentication information is based on said server authentication key and the server public key used in establishing the secure connection and received from the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 23)
-
-
13. A method for authenticating a server public key and establishing a secure connection between a client and a server, the connection formed with PKI procedures and including a symmetric key established using the server public key with asymmetric cryptography, said symmetric key used to encrypt communications during the connection with symmetric cryptography, the method offering an alternative for authenticating the server public key, and comprising:
-
transmitting a server certificate from the server to the client, the server certificate including server public key information; generating separate authentication keys by the server and the client, the keys being identical as generated using a common secret, said generating separate authentication keys including; sending user authentication information from the client to the server; exchanging dynamic information between the client and the server; generating a secret by the client and the server from the response of a strong authentication token; and generating authentication keys at client and server using the user authentication information, the dynamic information, and the secret;
thereaftergenerating server authentication information at the server from data derived from the server public key and processed with a symmetric cryptographic algorithm and the server authentication key; sending said server authentication information to the client; receiving the server authentication information at the client, and verifying the server authentication information at the client in order to authenticate the server public key, said verifying using the client authentication key to determine that the server authentication information is based on said server authentication key and the server public key information from the server certificate. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 24)
-
-
25. A method for establishing a secure connection using PKI procedures and authenticating a server public key, wherein the server public key, obtained from the server by a client, is used with asymmetric cryptography to establish a symmetric session key for encryption of communications with symmetric cryptography during the connection and offering an alternative for authenticating the server public key where a server authentication key is generated by the server and used to create server authentication information for transmission to the client, said method comprising
generating a client authentication key by the client, the server authentication key and the client authentication key being identical to each other as both are generated using a common secret; -
receiving the server public key in clear text form from the server; receiving the server authentication information at the client to authenticate the server public key, the server authentication information including data derived from the server'"'"'s public key and processed with a server authentication key and with a symmetric cryptographic algorithm; and verifying the server authentication information at the client in order to authenticate the server public key, said verifying using the client authentication key to determine that the server authentication information is based on the server authentication key and the server public key used in establishing the secure connection and received from the server. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 45)
-
-
36. A method for authenticating a server public key and establishing a secure connection between a client and a server, the connection formed with PKI procedures and including a symmetric key, established using the server public key with asymmetric cryptography, to encrypt communications during the connection with symmetric cryptography, the method offering an alternative for authenticating the server public key, and comprising:
-
receiving a server certificate at the client, the server certificate including server public key information in clear text form; generating an authentication key by the client corresponding to an authentication key generated at the server, the keys being identical as generated using a common secret, said generating an authentication key by the client including; sending user authentication information from the client to the server; exchanging dynamic information between the client and server, generating a secret by the client from a response of a client strong authentication token corresponding to a secret generated by the server; and the client generating said authentication key, corresponding to an authentication key generated at the server, using the user authentication information, the dynamic information, and the secret;
thereafterreceiving server authentication information at the client, the server authentication information including data derived from the server public key, processed using the authentication key generated by the server and a symmetric cryptographic algorithm; and verifying the server authentication information at the client by using the client authentication key to determine that the server authentication information is based on the server authentication key and the server public key information received in clear text form. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 46)
-
Specification