Application level security system and method
DCFirst Claim
1. A system for establishing secured communications pathways across an open unsecured network between a secured party and a possibly unsecured party, without compromising the security of either of the parties, comprising:
- a smartcard reader and a smartcard located at a client node of the unsecured party, the smartcard having stored thereon a shared secret key known to the secured party;
a gateway processor which controls access from the open unsecured network to said secured party and having access to the shared secret key;
means for authenticating communications between the respective parties based on said shared secret key and for generating session keys,wherein the smartcard reader includes means for prompting a card holder to enter a secret code and for confirming the code in order to authenticate the card holder before permitting further communications, andwherein the means for authenticating communication between the respective parties and for generating the session keys comprises;
means associated with the gateway processor for generating a first number and sending the first number to the smart card;
means on the smartcard for encrypting the first number by the shared secret key;
means on the smartcard for generating a second number and encrypting a combination of the encrypted first number and the second number;
means in the gateway processor for verifying whether the first number has been encrypted by the shared secret key, thereby authenticating the smartcard;
means in the gateway processor for generating a first session key by combining the encrypted first number with the second number and encrypting the combination;
means in the gateway processor for encrypting the second number by the shared secret key;
means in the smartcard for verifying whether the second random number has been encrypted by the shared secret key and thereby authenticating the gateway processor; and
means in the smartcard for combining the encrypted first number with the second number and encrypting same to generate a second session key corresponding to the first session key generated by the gateway processor; and
means for encrypting further communications between the respective parties using the first and second session keys.
6 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A system and method for establishing secured communications pathways across an open unsecured network, without compromising the security of any parties to the communication, involves establishing secured gateways or firewalls between the Internet and any party which desires protection by 1.) using a smart card to distribute shared secret keys between a computer which serves as the above-mentioned firewall and a client node on the Internet; 2.) using the shared private keys to establish mutual authentication between the gateway and the smartcard; 3.) generating a session or temporary secret key for use in further communications between the gateway and the client node once communications have been established; and 4.) encrypting further communications using the session key.
-
Citations
7 Claims
-
1. A system for establishing secured communications pathways across an open unsecured network between a secured party and a possibly unsecured party, without compromising the security of either of the parties, comprising:
- a smartcard reader and a smartcard located at a client node of the unsecured party, the smartcard having stored thereon a shared secret key known to the secured party;
a gateway processor which controls access from the open unsecured network to said secured party and having access to the shared secret key;
means for authenticating communications between the respective parties based on said shared secret key and for generating session keys,wherein the smartcard reader includes means for prompting a card holder to enter a secret code and for confirming the code in order to authenticate the card holder before permitting further communications, and wherein the means for authenticating communication between the respective parties and for generating the session keys comprises; means associated with the gateway processor for generating a first number and sending the first number to the smart card; means on the smartcard for encrypting the first number by the shared secret key; means on the smartcard for generating a second number and encrypting a combination of the encrypted first number and the second number; means in the gateway processor for verifying whether the first number has been encrypted by the shared secret key, thereby authenticating the smartcard; means in the gateway processor for generating a first session key by combining the encrypted first number with the second number and encrypting the combination; means in the gateway processor for encrypting the second number by the shared secret key; means in the smartcard for verifying whether the second random number has been encrypted by the shared secret key and thereby authenticating the gateway processor; and means in the smartcard for combining the encrypted first number with the second number and encrypting same to generate a second session key corresponding to the first session key generated by the gateway processor; and means for encrypting further communications between the respective parties using the first and second session keys. - View Dependent Claims (2, 3, 4)
- a smartcard reader and a smartcard located at a client node of the unsecured party, the smartcard having stored thereon a shared secret key known to the secured party;
-
5. A method of establishing a secured communication pathway between a party on a private network and a party on an open unsecured network, comprising the steps of:
- reading from a smartcard a shared secret key;
authenticating communications between the respective parties based on the shared secret key and generating session keys; and
prompting a card holder to enter a secret code into the smartcard reader and confirming the code in order to authenticate the card holder before permitting further communications,wherein the step of authenticating communications between the respective parties and generating the session key comprises the steps of; the gateway processor generating a first number and sending the first number to the smart card; the smartcard encrypting the first number by the shared secret key; the smart card generating a second number and encrypting a combination of the encrypted first number and the second number; the gateway processor verifying whether the first number has been encrypted by the shared secret key, thereby authenticating the smartcard; the gateway processor generating a session key by combining the encrypted first number with the second number and encrypting the result; the gateway processor encrypting the second number by the shared secret key; the smartcard verifying whether the second random number has been encrypted by the shared secret and thereby authenticating the gateway processor; and the smartcard combining the encrypted first number with the second number and encrypting same to generate a second session key corresponding to the first session key generated by the gateway processor; and further comprising the step of encrypting further communications between the respective parties using the first and second session keys. - View Dependent Claims (6, 7)
- reading from a smartcard a shared secret key;
Specification