TECHNIQUES FOR ENSURING AUTHENTICATION AND INTEGRITY OF COMMUNICATIONS
First Claim
1. A computer-implemented communication method comprising:
- sending a request from a first module to a second module, the request comprising a first portion that is a shared secret encrypted with a public key of an asymmetric key pair, the request comprising a second portion identifying a right associated with the request, the shared secret comprising a session key associated with a communication session between the first module and the second module, the session key having a size in a range of bytes and generated based upon the public key and a current time; and
receiving a response to the request from the second module, the response comprising authentication data based upon the shared secret, a token that is unique for the response, and a version number associated with an application corresponding to the request.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques are described for ensuring data integrity and authentication of received messages. One technique includes sending a request from a first module to a second module in which the request includes a first portion that is a shared secret encrypted with a public key, obtaining by the second module a private key from a secure and trusted information store, such as a license information store, including license information or other application specific information for the first module, using the private key to decrypt the first portion and obtain the shared secret, sending a response from the second module to the first module in which the response includes authentication data and at least one data item used with the shared secret to determine the authentication data, and performing by the first module verification processing to verify the authentication data included in the response.
55 Citations
20 Claims
-
1. A computer-implemented communication method comprising:
-
sending a request from a first module to a second module, the request comprising a first portion that is a shared secret encrypted with a public key of an asymmetric key pair, the request comprising a second portion identifying a right associated with the request, the shared secret comprising a session key associated with a communication session between the first module and the second module, the session key having a size in a range of bytes and generated based upon the public key and a current time; and receiving a response to the request from the second module, the response comprising authentication data based upon the shared secret, a token that is unique for the response, and a version number associated with an application corresponding to the request. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
one or more processing units; and memory comprising instructions that when executed by at least one of the one or more processing units perform a method comprising; sending a request from a first module to a second module; receiving a response to the request from the second module, the response comprising a digital signature formed using a private key of an asymmetric key pair and at least one data item; and performing, by the first module, verification processing using a public key of the asymmetric key pair to verify the digital signature comprised in the response. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer readable storage medium comprising executable code stored thereon for:
-
sending a request from a first module to a second module, the request comprising a first portion that is a shared secret encrypted with a public key of an asymmetric key pair, the request comprising a second portion identifying a right associated with the request, the shared secret comprising a session key associated with a communication session between the first module and the second module, the session key generated based upon the public key; and receiving a response to the request from the second module, the response comprising authentication data based upon the shared secret and a token. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification