Security method and system for persistent storage and communications on computer network systems and computer network systems employing the same
First Claim
1. A login method to enhance security in a network computer system having at least one server computer coupled over a communication network to a plurality of client computers, wherein each client computer is coupled to directly access a persistent storage device and wherein each client computer is operated by a control program after login, the method comprising the steps of:
- receiving a login ID and password from a user at a first one of said client computers;
encrypting the login ID and password with a first asymmetric key stored in the persistent storage coupled to the first client computer;
transmitting a login request including the encrypted login ID and password to a first one of said server computers;
decrypting the encrypted portions of the login request with a second asymmetric key at the server computer;
authenticating the first client computer to the first server computer, using the login ID and password from the decrypted login request;
transmitting, upon authentication of the first client computer, a set of symmetric keys from the first server computer to the first client computer, including;
one symmetric key for encrypting and decrypting persistent information associated with the control program for operating the first client computer;
another symmetric key for encrypting and decrypting persistent information associated with the login ID; and
yet another symmetric key for encrypting and decrypting communications between the first client computer and the first server computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A process is described in which a user enters ID and password information at a network client computer terminal. This information is combined with an asymmetric key stored in a persistent storage directly accessible to the client'"'"'s computer terminal. This "combined" information is communicated through a communication network to one or more server computers for authentication of the client. A similar identification and authentication process may be used to authenticate the server computer. Upon authentication of the client, the server provides the client computer with three symmetric keys, in encrypted format. The first key is for encrypting and decrypting persistent information associated with the client computer'"'"'s control program. The second key is used to encrypt and decrypt persistent information associated with the login ID. The third key is used to encrypt and decrypt communication between the client computer and the server computer.
-
Citations
18 Claims
-
1. A login method to enhance security in a network computer system having at least one server computer coupled over a communication network to a plurality of client computers, wherein each client computer is coupled to directly access a persistent storage device and wherein each client computer is operated by a control program after login, the method comprising the steps of:
-
receiving a login ID and password from a user at a first one of said client computers; encrypting the login ID and password with a first asymmetric key stored in the persistent storage coupled to the first client computer; transmitting a login request including the encrypted login ID and password to a first one of said server computers; decrypting the encrypted portions of the login request with a second asymmetric key at the server computer; authenticating the first client computer to the first server computer, using the login ID and password from the decrypted login request; transmitting, upon authentication of the first client computer, a set of symmetric keys from the first server computer to the first client computer, including; one symmetric key for encrypting and decrypting persistent information associated with the control program for operating the first client computer; another symmetric key for encrypting and decrypting persistent information associated with the login ID; and yet another symmetric key for encrypting and decrypting communications between the first client computer and the first server computer.
-
-
2. A method to enhance security in a network computer system having at least one server computer coupled over a communication network to at least one client computer, wherein each client computer is coupled to directly access a persistent storage device and wherein each client computer is operated by a control program after login, the method comprising the steps of:
-
receiving a login ID and password from a user at a first one of said client computers; encrypting the login ID and password using a first asymmetric key stored in the persistent storage coupled to the first client computer; forming a login request including the encrypted login ID and password; transmitting the login request to a first one of said server computers; decrypting the encrypted portions of the login request with a second asymmetric key at the server computer; authenticating the first client computer to the first server computer, using the login ID and password from the decrypted login request; transmitting, upon authentication of the first client computer at least three symmetric keys from the first server computer to the first client computer; encrypting and decrypting persistent information associated with the control program for operating the first client computer, using one of the at least three symmetric keys transmitted by the server computer; encrypting and decrypting persistent information associated with the login ID using another one of the at least three symmetric keys transmitted by the server computer; and encrypting and decrypting further communications between the client computer and the server computer using yet another one of the at least three symmetric keys transmitted by the server computer. - View Dependent Claims (3, 4, 5, 6, 7, 8)
-
-
9. A computer network system having enhanced security, comprising:
-
a communications network; at least one server computer coupled for communication over the communication network; a plurality of client computers, each coupled for communication over the communication network and each operated by a control program after login; a persistent storage device associated with each client computer, for storing persistent information directly accessible by the associated client computer; an input device associated with each client computer for receiving a login ID and password from a user; means associated with each client computer, for encrypting the login ID and password received by the input device, with a first asymmetric key stored in the associated persistent storage; means associated with each client computer for constructing and transmitting a login request including the encrypted login ID and password, over the communications network, to at least one of said server computers; means associated with said at least one server computer, for receiving said login request and decrypting the encrypted portions of the login request with a second asymmetric key; means associated with said at least one server computer for authenticating the first client computer, using the login ID and password from the decrypted portions of the login request; means associated with said at least one server, for transmitting, upon authentication of the first client computer, a set of symmetric keys to the first client computer, including; at least one symmetric key for encrypting and decrypting persistent information associated with the control program for operating the first client computer; at least one other symmetric key for encrypting and decrypting persistent information associated with the login ID; and at least one further symmetric key for encrypting and decrypting communications between the first client computer and the first server computer. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An article of manufacture comprising a computer program carrier readable by a first client computer coupled to a computer network system having a plurality of client computers and at least one server computer, the computer program carrier embodying one or more instructions executable by the first remote computer to perform method steps of:
-
receiving a login ID and password from a user at a first one of said client computers; encrypting the login ID and password using an asymmetric key stored in the persistent storage coupled to the first client computer; forming a login request including the encrypted login ID and password; transmitting the login request to a first one of said server computers; decrypting the encrypted portions of the login request with a first asymmetric key at the server computer; authenticating the first client computer to the first server computer, using the login ID and password from the decrypted login request; transmitting, upon authentication of the first client computer a set of symmetric keys from the first server computer to the first client computer; encrypting and decrypting persistent information associated with the control program for operating the first remote computer, using at least one of the symmetric keys transmitted by the server computer; encrypting and decrypting persistent information associated with the login ID using another one of the symmetric key transmitted by the server computer; and encrypting and decrypting further communications between the client computer and the server computer using at least one further symmetric key transmitted by the server computer.
-
Specification