Client/server protocol for proving authenticity
First Claim
Patent Images
1. A method for authenticating a client by a server, comprising the steps of:
- (a) receiving by the client from a credential issuer a digital credential;
(b) transmitting credential verification information from the client to the server over an encrypted communications channel; and
(c) authenticating the client based on the validity of the credential and in response to the credential verification information.
5 Assignments
0 Petitions
Accused Products
Abstract
A protocol for establishing the authenticity of a client to a server in an electronic transaction by encrypting a certificate with a key known only to the client and the server. The trust of the server, if necessary, can be established by a public key protocol. The client generates and sends over a communications channel a message containing at least a part of a certificate encrypted with the server'"'"'s public key or a secret session key. The server receives and processes the message to recover at least part of the certificate, verifies and accepts it as proof of the client'"'"'s authenticity.
651 Citations
17 Claims
-
1. A method for authenticating a client by a server, comprising the steps of:
-
(a) receiving by the client from a credential issuer a digital credential;
(b) transmitting credential verification information from the client to the server over an encrypted communications channel; and
(c) authenticating the client based on the validity of the credential and in response to the credential verification information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
providing, by a certificate issuer, a certificate comprising a public key of the server;
receiving, by the client, the certificate; and
verifying, by the client, the certificate comprising the public key of the server.
-
-
7. The method of claim 6 wherein the credential issuer and the certificate issuer are separate entities.
-
8. The method of claim 1, further comprising,
before step (a), the step of initiating, by the client, a login session with the credential issuer; - and
wherein step (a) comprises receiving a credential that is valid for a relatively short validity period; and
wherein step (b) comprises transmitting credential verification information during the validity period.
- and
-
9. An authentication system, comprising:
-
a credential issuer providing a digital credential;
a client receiving the credential from the credential issuer and transmitting credential verification information over an encrypted communications channel; and
a server receiving credential verification information over the encrypted communications channel and authenticating the client based on the validity of the credential and in response to the credential verification information. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
a certificate issuer providing a certificate comprising a server'"'"'s public key; and
whereinthe client receives and verifies the certificate comprising the server'"'"'s public key.
-
-
15. The system of claim 9 wherein the credential issuer and certificate issuer are different entities.
-
16. The system of claim 9 wherein:
-
the client receives the credential in response to a login session initiated by the client;
the credential is valid for a relatively short validity period; and
the credential verification information is transmitted during the validity period.
-
-
17. A computer readable medium comprising instructions for execution on a processor, the instructions when executed direct the processor to receive credential verification information from a client over an encrypted communications channel, the client having received a digital credential from a credential issuer, and direct the processor to authenticate the client based on the validity of the digital credential and in response to the credential verification information.
Specification