Client/server protocol for proving authenticity
First Claim
Patent Images
1. A method for authenticating a client by a server, comprising the steps of:
- (a) receiving by the client from a credential issuer a digital credential;
(b) transmitting credential verification information from the client to the server over an encrypted communications channel; and
(c) authenticating the client based on the validity of the credential and in response to the credential verification information.
5 Assignments
0 Petitions
Accused Products
Abstract
A protocol for establishing the authenticity of a client to a server in an electronic transaction by encrypting a certificate with a key known only to the client and the server. The trust of the server, if necessary, can be established by a public key protocol. The client generates and sends over a communications channel a message containing at least a part of a certificate encrypted with the server'"'"'s public key or a secret session key. The server receives and processes the message to recover at least part of the certificate, verifies and accepts it as proof of the client'"'"'s authenticity.
-
Citations
17 Claims
-
1. A method for authenticating a client by a server, comprising the steps of:
-
(a) receiving by the client from a credential issuer a digital credential;
(b) transmitting credential verification information from the client to the server over an encrypted communications channel; and
(c) authenticating the client based on the validity of the credential and in response to the credential verification information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
providing, by a certificate issuer, a certificate comprising a public key of the server;
receiving, by the client, the certificate; and
verifying, by the client, the certificate comprising the public key of the server.
-
-
7. The method of claim 6 wherein the credential issuer and the certificate issuer are separate entities.
-
8. The method of claim 1, further comprising,
before step (a), the step of initiating, by the client, a login session with the credential issuer; - and
wherein step (a) comprises receiving a credential that is valid for a relatively short validity period; and
wherein step (b) comprises transmitting credential verification information during the validity period.
- and
-
9. An authentication system, comprising:
-
a credential issuer providing a digital credential;
a client receiving the credential from the credential issuer and transmitting credential verification information over an encrypted communications channel; and
a server receiving credential verification information over the encrypted communications channel and authenticating the client based on the validity of the credential and in response to the credential verification information. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
a certificate issuer providing a certificate comprising a server'"'"'s public key; and
whereinthe client receives and verifies the certificate comprising the server'"'"'s public key.
-
-
15. The system of claim 9 wherein the credential issuer and certificate issuer are different entities.
-
16. The system of claim 9 wherein:
-
the client receives the credential in response to a login session initiated by the client;
the credential is valid for a relatively short validity period; and
the credential verification information is transmitted during the validity period.
-
-
17. A computer readable medium comprising instructions for execution on a processor, the instructions when executed direct the processor to receive credential verification information from a client over an encrypted communications channel, the client having received a digital credential from a credential issuer, and direct the processor to authenticate the client based on the validity of the digital credential and in response to the credential verification information.
Specification