Systems, methods and computer program products that use an encrypted session for additional password verification
First Claim
Patent Images
1. A password authentication method between a client and a server that communicate over a network, the server storing a plurality of hashed passwords for a corresponding plurality of clients, the method comprising the steps of:
- establishing an encrypted session between the client and the server over the network, using a client password and the corresponding hashed password that is stored at the server;
transmitting the client password from the client to the server during the encrypted session;
hashing the received password at the server during the encrypted session;
comparing the hashed received password with the corresponding hashed password for the client that is stored at the server during the encrypted session; and
terminating the encrypted session between the client and the server over the network if the hashed received password and the corresponding hashed password that were compared during the encrypted session do not match.
4 Assignments
0 Petitions
Accused Products
Abstract
Systems, methods and computer program products for two-party key authentication provide additional security against intruders that might gain access to the password database of a server. The client verifies his clear password over an encrypted channel, rather than merely verifying the encrypted password, prior to receiving secure traffic.
-
Citations
24 Claims
-
1. A password authentication method between a client and a server that communicate over a network, the server storing a plurality of hashed passwords for a corresponding plurality of clients, the method comprising the steps of:
-
establishing an encrypted session between the client and the server over the network, using a client password and the corresponding hashed password that is stored at the server; transmitting the client password from the client to the server during the encrypted session; hashing the received password at the server during the encrypted session; comparing the hashed received password with the corresponding hashed password for the client that is stored at the server during the encrypted session; and terminating the encrypted session between the client and the server over the network if the hashed received password and the corresponding hashed password that were compared during the encrypted session do not match. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A password authentication method for a client that communicates with a server over a network, the server storing a plurality of hashed passwords for a corresponding plurality of clients, the method comprising the steps of:
-
establishing an encrypted session between the client and the server over the network, using a client password and the corresponding hashed password that is stored at the server; and transmitting the client password from the client to the server during the encrypted session. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A password authentication method for a server that communicates with a client over a network, the server storing a corresponding plurality of hashed passwords for a plurality of clients, the method comprising the steps of:
-
establishing an encrypted session between the client and the server over the network, using a client password and the corresponding hashed password that is stored at the server; hashing a received password that is received at the server during the encrypted session; comparing the hashed received password with the corresponding hashed password for the client that is stored at the server during the encrypted session; and terminating the encrypted session between the client and the server over the network if the hashed received password and the corresponding hashed password that were compared during the encrypted session do not match. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A password authentication system for a client and a server that communicate over a network, the server storing a plurality of hashed passwords for a corresponding plurality of clients, the system comprising:
-
means for establishing an encrypted session between the client and the server over the network, using a client password and the corresponding hashed password that is stored at the server; means for transmitting the client password from the client to the server during the encrypted session; means for hashing the received password at the server during the encrypted session; means for comparing the hashed received password with the corresponding hashed password for the client that is stored at the server during the encrypted session; and means for terminating the encrypted session between the client and the server over the network if the hashed received password and the corresponding hashed password that were compared during the encrypted session do not match. - View Dependent Claims (18, 19)
-
-
20. A computer program product for authenticating a password of a client that communicates with a server over a network, the server storing a plurality of hashed passwords for a corresponding plurality of clients, the computer program product comprising a computer-readable storage medium having computer-readable program code embodied in the medium, the computer-readable program code comprising:
-
computer-readable program code that establishes an encrypted session between the client and the server over the network, using a client password and the corresponding hashed password that is stored at the server; and computer-readable program code that transmits the client password from the client to the server during the encrypted session. - View Dependent Claims (21, 22)
-
-
23. A computer program product for authenticating a password at a server that communicates with a client over a network, the server storing a corresponding plurality of hashed passwords for a plurality of clients, the computer program product comprising a computer-readable storage medium having computer-readable program code embodied in the medium, the computer-readable program code comprising:
-
computer-readable program code that establishes an encrypted session between the client and the server over the network, using a client password and the corresponding hashed password that is stored at the server; computer-readable program code that hashes a received password that is received at the server during the encrypted session; computer-readable program code that compares the hashed received password with the corresponding hashed password for the client that is stored at the server during the encrypted session; and computer-readable program code that terminates the encrypted session between the client and the server over the network if the hashed received password and the corresponding hashed password that were compared during the encrypted session do not match. - View Dependent Claims (24)
-
Specification