Client/server protocol for proving authenticity

US 6,085,320 A
Filed: 04/21/1997
Issued: 07/04/2000
Est. Priority Date: 05/15/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for authenticating a user with a verifier, comprising the steps of:

(a) receiving by a user from a credential issuer a credential comprising the credential issuer'"'"'s digital signature;

(b) transmitting from the user to the verifier over an encrypted communications channel credential verification information; and

(c) authenticating the user based on the validity of the credential issuer'"'"'s digital signature and in response to the credential verification information.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A protocol for establishing the authenticity of a client to a server in an electronic transaction by encrypting a certificate with a key known only to the client and the server. The trust of the server, if necessary, can be established by a public key protocol. The client generates and sends over a communications channel a message containing at least a part of a certificate encrypted with the server'"'"'s public key or a secret session key. The server receives and processes the message to recover at least part of the certificate, verifies and accepts it as proof of the client'"'"'s authenticity.

724 Citations

42 Claims

1. A method for authenticating a user with a verifier, comprising the steps of:
- (a) receiving by a user from a credential issuer a credential comprising the credential issuer'"'"'s digital signature;
  
  (b) transmitting from the user to the verifier over an encrypted communications channel credential verification information; and
  
  (c) authenticating the user based on the validity of the credential issuer'"'"'s digital signature and in response to the credential verification information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, further comprising the step of transmitting unencrypted a portion of the credential to the verifier.
  - 3. The method of claim 1 wherein step (b) comprises transmitting at least a portion of the credential over the encrypted communications channel.
  - 4. The method of claim 1, wherein step (b) comprises transmitting a time-varying message over the encrypted communications channel.
  - 5. The method of claim 1, wherein:
    - step (a) comprises receiving a credential comprising the result of a one-way function computed on a secret value;
      
      step (b) comprises encrypting and transmitting the secret value; and
      
      step (c) comprises;
      
      (i) computing the result of the one-way function computed on the secret value;
      
      (ii) comparing the computed result with the one-way function result contained in the credential; and
      
      (iii) verifying the validity of the credential issuer'"'"'s digital signature.
  - 6. The method of claim 5, further comprising, before step (a), the steps of:
    - calculating a one-way function on a secret value; and
      
      transmitting the result of the one-way function computed on the secret value to the credential issuer.
  - 7. The method of claim 1, wherein:
    - step (a) comprises receiving a credential comprising a root of a hash tree; and
      
      step (b) comprises encrypting and transmitting at least a portion of a path through the hash tree; and
      
      step (c) comprises;
      
      (i) verifying the path through the hash tree using the root contained in the credential;
      
      (ii) comparing the computed hash tree root with the hash tree root contained in the credential; and
      
      (iii) verifying the validity of the credential issuer'"'"'s digital signature.
  - 8. The method of claim 7, further comprising, before step (a), the steps of:
    - constructing a hash tree; and
      
      transmitting the root of the hash tree to the credential issuer.
  - 9. The method of claim 1, wherein:
    - step (b) comprises encrypting and transmitting at least a portion of the credential issuer'"'"'s digital signature; and
      
      step (c) comprises verifying the validity of the credential issuer'"'"'s digital signature.
  - 10. The method of claim 1 wherein step (c) comprises verifying the credential issuer'"'"'s digital signature using the credential issuer'"'"'s public key.
  - 11. The method of claim 1, wherein step (b) comprises transmitting over a communications channel encrypted with a secret key shared by the user and the verifier.
  - 12. The method of claim 1, wherein step (b) comprises transmitting over a communications channel encrypted with a key established with a key agreement technique.
  - 13. The method of claim 1, wherein step (b) comprises transmitting over a communications channel encrypted with the verifier'"'"'s public key.
  - 14. The method of claim 1, wherein step (b) comprises transmitting over a communications channel encrypted with a key established by encryption with the verifier'"'"'s public key.
  - 15. The method of claim 1 further comprising the steps of:
    - receiving, by the user, a certificate comprising the verifier'"'"'s public key; and
      
      verifying, by the user, the certificate comprising the verifier'"'"'s public key.
  - 16. The method of claim 1, wherein the credential issuer comprises the verifier.
  - 17. The method of claim 1, further comprising, before step (a), the step of authenticating the user to the credential issuer.
  - 18. The method of claim 1, wherein step (c) comprises determining that the credential is not included in a credential revocation list.
  - 19. The method of claim 1, wherein step (a) comprises receiving a credential comprising at least one of:
    - (i) operations that the user is allowed to perform;
      
      (ii) systems that the user is allowed to access;
      
      (iii) locations that the user is allowed to access;
      
      (iv) files or directories that the user is allowed to access;
      
      (v) a valid time for the credential;
      
      (vi) an expiration time for the credential; and
      
      (vii) a list of verifiers with which the credential may be used.
  - 20. The method of claim 1, wherein step (c) depends on an operation other than validation with the user'"'"'s public key.
  - 21. The method of claim 1 wherein step (a) comprises receiving a credential comprising the user'"'"'s public key, and wherein step (c) is accomplished without operations involving the user'"'"'s public key.

22. A system for authenticating a user, comprising:
- a credential issuer issuing a credential comprising the credential issuer'"'"'s digital signature;
  
  a user element receiving the credential from the credential issuer and transmitting credential verification information over an encrypted communications channel; and
  
  a verifier authenticating the user in response to the validity of the credential issuer'"'"'s digital signature and in response to the credential verification information.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 23. The system of claim 22 wherein the user element transmits unencrypted a portion of the credential to the verifier.
  - 24. The system of claim 22, wherein the user element transmits credential verification information comprising a time-varying message over the encrypted communications channel.
  - 25. The system of claim 22 wherein the user element transmits at least a portion of the credential over the encrypted communications channel.
  - 26. The system of claim 22, wherein:
    - the credential issuer issues a credential comprising the result of a one-way function computed on a secret value;
      
      the receiver encrypts and transmits the secret value; and
      
      the verifier calculates a one-way function on the secret value, compares the calculated one-way function result to result in the credential, and verifies the validity of the credential issuer'"'"'s digital signature.
  - 27. The system of claim 26, wherein the user element calculates a one-way function on a secret value, and transmits the result of the one-way function computed on the secret value to the credential issuer.
  - 28. The system of claim 22, wherein:
    - the credential issuer issues a credential comprising the root of a hash tree that is digitally signed by the credential issuer;
      
      the receiver encrypts and transmits at least a portion of a path through the hash tree; and
      
      the verifier verifies the at least a portion of a path through the hash tree using the root contained in the credential, and verifies the validity of the credential issuer'"'"'s digital signature.
  - 29. The system of claim 28, wherein the user element constructs a hash tree, and transmits the root of the hash tree to the credential issuer.
  - 30. The system of claim 22, wherein the receiver encrypts and transmits at least a portion of the credential issuer'"'"'s digital signature, and the verifier verifies the validity of the credential issuer'"'"'s digital signature.
  - 31. The system of claim 22, wherein the verifier verifies the credential isuer'"'"'s digital signature using the credential issuer'"'"'s public key.
  - 32. The system of claim 22, wherein the user element transmits over a communications channel encrypted with a secret key shared by the user and the verifier.
  - 33. The system of claim 22, wherein the user element transmits over a communications channel encrypted with a key established with a key agreement technique.
  - 34. The system of claim 22, wherein the user element transmits over a communications channel encrypted with the verifier'"'"'s public key.
  - 35. The system of claim 22, wherein the user element transmits over a communications channel encrypted with a key established by encryption with the verifier'"'"'s public key.
  - 36. The system of claim 22 wherein:
    - the certificate issuer issues a certificate comprising the verifier'"'"'s public key; and
      
      the user element verifies the certificate comprising the verifier'"'"'s public key.
  - 37. The system of claim 22 wherein the credential issuer comprises the verifier.
  - 38. The system of claim 22, wherein the user element authenticates to the credential issuer.
  - 39. The system of claim 22, wherein the verifier determines that the credential is not included in a credential revocation list.
  - 40. The system of claim 22, wherein the credential comprises at least one of:
    - (i) operations that the user is allowed to perform;
      
      (ii) systems that the user is allowed to access;
      
      (iii) locations that the user is allowed to access;
      
      (iv) files or directories that the user is allowed to access;
      
      (v) a valid time for the credential;
      
      (vi) an expiration time for the credential; and
      
      (vii) a list of verifiers with which the credential may be used.
  - 41. The system of claim 22, wherein the verifier depends on an operation other than the validation with the user'"'"'s public key to authorize the user.
  - 42. The system of claim 22 wherein the credential issuer issues a credential comprising the user'"'"'s public key, and wherein the verifier authorizes the user without operations involving the user'"'"'s public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
EMC Corporation (Dell Technologies Inc.)
Original Assignee
RSA Security Incorporated (Symphony Technology Group LLC)
Inventors
Kaliski, Burton S. Jr.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/845,196
Time in Patent Office

1,170 Days
Field of Search

380/30, 713/168, 713/170, 713/176, 713/189, 713/200
US Class Current

713/168
CPC Class Codes

G06F 21/33   using certificates

G06F 2211/008   Public Key, Asymmetric Key,...

G06F 2211/009   Trust

G06Q 20/04   Payment circuits

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/38215   Use of certificates or encr...

G06Q 20/4097   using mutual authentication...

G07F 7/1008   Active credit-cards provide...

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

H04L 9/3297   involving time stamps, e.g....

H04L 9/50   using hash chains, e.g. blo...

Client/server protocol for proving authenticity

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

724 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Client/server protocol for proving authenticity

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

724 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links