Method for providing secure remote command execution over an insecure computer network
First Claim
1. A method of enhancing the security of a message sent through a network server from a client computer to a destination server, comprising the steps, performed by the network server, of:
- (a) receiving at least one request for authentication from said client computer;
(b) establishing a secure connection for receiving data from said client computer;
(c) generating a credentials cache containing client-authenticating information from a validation center;
(d) transmitting said credentials cache to said client computer and erasing said client-authenticating information from the network server;
(e) receiving from said client computer a new credentials cache containing said client-authenticating information and a corresponding message for said destination server;
(f) obtaining permission data for accessing said destination server from said validating center using said client-authenticating information and a secure authentication protocol; and
(g) transmitting said permission data and said message to said destination server.
8 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus is disclosed for enhancing the security of a message sent through a network server from a client computer to a destination server. A secure connection for receiving and transmitting data is established between the client computer and the network server. Using client-identifying information and a secure authentication protocol, the network server may then obtain client-authentication information from a validation center. The client-authentication information is transmitted to the client and erased from the network server. The network server then receives the client-authenticating information back from the client with an accompanying message for the destination server. The network server may use the client-authenticating information to obtain permission data from the validation center for use in accessing the destination server.
-
Citations
27 Claims
-
1. A method of enhancing the security of a message sent through a network server from a client computer to a destination server, comprising the steps, performed by the network server, of:
-
(a) receiving at least one request for authentication from said client computer; (b) establishing a secure connection for receiving data from said client computer; (c) generating a credentials cache containing client-authenticating information from a validation center; (d) transmitting said credentials cache to said client computer and erasing said client-authenticating information from the network server; (e) receiving from said client computer a new credentials cache containing said client-authenticating information and a corresponding message for said destination server; (f) obtaining permission data for accessing said destination server from said validating center using said client-authenticating information and a secure authentication protocol; and (g) transmitting said permission data and said message to said destination server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer system comprising:
-
(a) a first computer server issuing commands over a network connection; (b) a second computer server connected to said first server by a secure connection, said second server further having an authentication device generating an authentication request relating to said first server and generating a credentials cache containing client-authenticating information received in response to said authentication request, wherein said second server transmits said credentials cache to said first server and erases said client-authenticating information; (c) a third computer server responsive to said second server over said network and capable of receiving said authentication request, responding to said request to authenticate the identity of said first computer server, and sending authentication indicator information regarding said first server back to said second server; and (d) a fourth computer server for operative connection to said network and capable of receiving and executing said commands if said second server transmits authentication indicator information to said fourth server authenticating said first server.
-
-
16. A computer system having improved security for a message sent over an insecure network from a client computer to a destination server via a network server, said system comprising:
-
(a) means for establishing a secure network connection between said client computer and said network server; (b) means for obtaining at the network server client-authenticating information from a validating center in a secure manner and generating a credentials cache therefrom; (c) means for transmitting said credentials cache containing said client-authenticating information from said network server to said client computer and erasing said client-authenticating information from said network server; (d) means for transmitting said message and said client identifying information from said client computer to said network server; and (e) means for obtaining permission to access said destination server from said validating center over said insecure network using the secure authentication protocol. - View Dependent Claims (17, 18, 19)
-
-
20. A network computer server comprising:
-
(a) a client network interface for receiving client-identifying information from a client computer over a secure network connection; (b) a permission-granting network interface for exchanging client-authenticating information and permission-granting data with a validating center through a network connection and means for generating a credentials cache therefrom; (c) means for transmitting said credentials cache containing said client-authenticating information received from said validating center to said client without retaining said client-authenticating information; and (d) a destination computer network interface for operative communication with a destination computer through which client-authenticating information received back from said client computer and permission-granting data received from said validating center is transmitted to said destination computer via a network connection. - View Dependent Claims (21, 22, 23)
-
-
24. A method of enhancing the security of a message sent through a network server from a client computer to a destination server, comprising the steps, performed by the network server, of:
-
(a) obtaining client-authenticating information from a validation center using client-identifying information and a secure authentication protocol; (b) transmitting to said client computer a credentials cache containing said client-authenticating information; (c) erasing said client-authenticating information; (d) receiving said credentials cache and a message for said destination server back from said client computer; (e) obtaining permission data for accessing said destination server from said validating center using said credentials cache and a secure authentication protocol; and
,(f) transmitting said permission data and said message to said destination server.
-
-
25. A computer server responsive to a client, validation center, and destination server over a network, the server comprising:
-
means for obtaining client-authenticating information on behalf of the client from the validation center using client-identifying information and a secure authentication protocol; means for transmitting to said client a credentials cache containing said client-authenticating information; means for erasing said client-authenticating information from said network server; means for receiving said credentials cache and a message for said destination server back from said client; and means for obtaining permission data for accessing said destination server on behalf of said client from said validating center using said credentials cache and a secure authentication protocol.
-
-
26. A method of providing improved security of a network transaction, comprising the steps performed by a server of:
-
(a) establishing a secure connection for receiving data from a client; (b) generating a credentials cache containing client-authenticating information from a source external to the server; (c) transmitting the credentials cache to the client; and (d) erasing the client-authenticating information from the server. - View Dependent Claims (27)
-
Specification