Network computer system with remote user data encipher methodology
First Claim
1. In a system having computing devices comprising at least a client connected to a server through a communication network, a method for establishing a secured communication session between the client and the server for enciphering data, the method comprising:
- receiving input at the client comprising user information, said input being received a point in time when it is desired to establish said secured communication session, said user information including a user identifier which uniquely identifies a particular user to the system and including a user password;
transmitting a request from the client to the server for establishing a secured communication session between the client and the server, said request including said user identifier;
retrieving at the server, based on said user identifier transmitted to the server, previously-stored user authentication information for authenticating the particular user;
computing at the server a first public sub-key, said first public sub-key being based at least in part on said previously-stored user authentication information;
transmitting said first public sub-key to said client;
computing at the client a second public sub-key, said second public sub-key being based at least in part on said user password and said computed first public sub-key;
computing at the client a secret session key, based at least in part on said computed second public sub-key; and
enciphering data with said computed secret session key.
4 Assignments
0 Petitions
Accused Products
Abstract
Computer-implemented methodology is described which allows any user to access a "network client" machine (e.g., PC, ATM machine, cell phone, or the like) which is connected to a network but which does not know the authentication of the user. With only the user'"'"'s password, the client machine is able to initiate a communication session with a server and identify the user to the server as the person who the server truly expects. The method allows both the client and the server to each identify the other as authentic (not a middle man or imposter)--that is, without compromise in security along the communication link. In this manner, the user can access information from the true server in a secure manner and bring that information down to the local client, for instance, for use in a JAVA application.
-
Citations
40 Claims
-
1. In a system having computing devices comprising at least a client connected to a server through a communication network, a method for establishing a secured communication session between the client and the server for enciphering data, the method comprising:
-
receiving input at the client comprising user information, said input being received a point in time when it is desired to establish said secured communication session, said user information including a user identifier which uniquely identifies a particular user to the system and including a user password; transmitting a request from the client to the server for establishing a secured communication session between the client and the server, said request including said user identifier; retrieving at the server, based on said user identifier transmitted to the server, previously-stored user authentication information for authenticating the particular user; computing at the server a first public sub-key, said first public sub-key being based at least in part on said previously-stored user authentication information; transmitting said first public sub-key to said client; computing at the client a second public sub-key, said second public sub-key being based at least in part on said user password and said computed first public sub-key; computing at the client a secret session key, based at least in part on said computed second public sub-key; and enciphering data with said computed secret session key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A secured client/server system comprising:
-
a client connected to a server through a communication network; an input means at the client for receiving user information at a point in time when it is desired to establish a secured communication session between said client and said server, said user information including a user identifier which uniquely identifies a particular user to the system and including a user password; means for computing at the server and at the client respective public sub-keys, based at least in part on a hash value derived from said user password; means for exchanging said respective public sub-keys; means for computing at the server and at the client a shared secret session key that is generated at least in part from said respective public sub-keys; and means for enciphering and deciphering data with said secret session key. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification