Authentication for information exchange over a communication network
First Claim
Patent Images
1. A method for authenticating an information exchange between a host and a guest on a network, the host having a host key and the guest having a guest key, the method comprising:
- (a) authenticating the guest by an authenticating server, the authenticating server using the host key and the guest key;
(b) the guest authenticating the authenticating server using the guest key; and
(c) the host authenticating the guest and the authenticating server using the host key.
12 Assignments
0 Petitions
Accused Products
Abstract
The present invention is a method and apparatus for authenticating an information exchange between a host and a guest on a network. The host has a host key and the guest has a guest key. An authenticating server authenticates the guest. The authenticating server uses the host key and the guest key. The guest authenticates the authenticating server using the guest key. The host authenticates the guest and the authenticating server using the host key.
-
Citations
20 Claims
-
1. A method for authenticating an information exchange between a host and a guest on a network, the host having a host key and the guest having a guest key, the method comprising:
-
(a) authenticating the guest by an authenticating server, the authenticating server using the host key and the guest key;
(b) the guest authenticating the authenticating server using the guest key; and
(c) the host authenticating the guest and the authenticating server using the host key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
initiating a request by the guest to the host; and
redirecting the guest to connect to the authenticating server in response to the request.
-
-
3. The method of claim 1 wherein (a) authenticating the guest comprises:
-
the guest encrypting a message using a guest key;
the guest appending the encrypted message to a parameter list, the parameter listing including a guest identification and a device type;
the guest sending the encrypted message and the appended parameter list to the authenticating server;
the authenticating server decrypting the encrypted message to obtain a decrypted guest code; and
the authenticating server authenticating the guest if the decrypted guest code matches the appended guest identification.
-
-
4. The method of claim 1 wherein (b) the guest authenticating the authenticating server comprises:
-
the authenticating server encrypting a response using a temporary key, the temporary key being derived from the guest key;
the guest decrypting the encrypted response to obtain a decrypted guest code using the guest key; and
the guest authenticating the authenticating server if the decrypted guest code matches a guest identification.
-
-
5. The method of claim 1 wherein (c) the host authenticating the guest and the authenticating server comprises:
-
the guest converting a decrypted response from the authenticating server using a temporary key to an encrypted ticket;
the guest appending a guest identification to the encrypted ticket;
the host decrypting the encrypted ticket using the host key; and
the host authenticating the guest and the authenticating server if the decrypted guest code matches the appended guest identification.
-
-
6. The method of claim 4 wherein the guest encrypting the message comprises:
-
generating a session key;
appending a time to the session key to produce a first message part;
encrypting the first message part using the guest key;
generating second message part, the second message part including a guest identification and a customer identification; and
encrypting the second message part using the temporary key.
-
-
7. The method of claim 6 wherein the temporary key is created by:
-
generating a data key from a portion of an MD5 digest of the session key; and
creating the temporary key from a portion of an MD5 of the data key.
-
-
8. The method of claim 7 wherein the authenticating server decrypting the encrypted message comprises:
-
obtaining a secret key according to the device type; and
decrypting the encrypted message using the secret key.
-
-
9. The method of claim 8 further comprising:
-
the authenticating server determining if the time is within a predetermined range relative to a current time; and
the authenticating server requesting the guest to re-send the message and the parameter list if the time is not within the predetermined range.
-
-
10. The method of claim 6 wherein the authenticating server encrypting the response further comprises:
-
encrypting the session key and the time using the host key to produce a first response part;
encrypting the guest identification and a customer identification by the temporary key to produce a second response part; and
encrypting the first and second response parts using the temporary key.
-
-
11. A system for authenticating an information exchange between a host and a guest on a network, the host having a host key and the guest having a guest key, the system comprising:
-
an authenticating server coupled to the guest for authenticating the guest, the authenticating server using the host key and the guest key; and
wherein the guest authenticating the authenticating server using the guest key and the host authenticating the guest and the authenticating server using the host key. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
the guest encrypts a message using a guest key; the guest appends the encrypted message to a parameter list, the parameter listing including a guest identification and a device type;
the guest sends the encrypted message and the appended parameter list to the authenticating server;
the authenticating server decrypts the encrypted message to obtain a decrypted guest code; and
the authenticating server authenticates the guest if the decrypted guest code matches the appended guest identification.
-
-
14. The system of claim 11 wherein:
-
the authenticating server encrypts a response using a temporary key, the temporary key being derived from the guest key;
the guest decrypts the encrypted response to obtain a decrypted guest code using the guest key; and
the guest authenticates the authenticating server if the decrypted guest code matches a guest identification.
-
-
15. The system of claim 11 wherein:
-
the guest converts a decrypted response from the authenticating server using a temporary key to an encrypted ticket;
the guest appends a guest identification to the encrypted ticket;
the host decrypts the encrypted ticket using the host key; and
the host authenticates the guest and the authenticating server if the decrypted guest code matches the appended guest identification.
-
-
16. The system of claim 14 wherein the guest
generates a session key; -
appends a time to the session key to produce a first message part;
encrypts the first message part using the guest key;
generates a second message part, the second message part including a guest identification and a customer identification; and
encrypts the second message part using the temporary key.
-
-
17. The system of claim 16 wherein the temporary key is created from a portion of an MD5 of a data key, the data key being generated from a portion of an MD5 digest of the session key.
-
18. The system of claim 17 wherein the authenticating server:
-
obtains a secret key according to the device type; and
decrypts the encrypted message using the secret key.
-
-
19. The system of claim 18 wherein the authenticating server:
-
determines if the time is within a predetermined range relative to a current time; and
requests the guest to re-send the message and the parameter list if the time is not within the predetermined range.
-
-
20. The system of claim 16 wherein the authenticating server:
-
encrypts the session key and the time using the host key to produce a first response part;
encrypts the guest identification and a customer identification by the temporary key to produce a second response part; and
encrypts the first and second response parts using the temporary key.
-
Specification