Verification of server authorization to provide network resources
First Claim
1. A method of verifying that a server is authorized to provide resources to a client, comprising the steps of:
- generating and encrypting a first message at the client, including selecting an encryption key from among a plurality of encryption keys encoded on an integrated circuit at the client, the first message including a random number and the selected encryption key;
transmitting the first message to the server;
receiving an encrypted second message from the server;
decrypting the second message at the client; and
determining, by client, whether the random number has been included in the second message, wherein the inclusion of the random number in the second message indicates that the server is authorized to provide resources to the client.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for verifying the authorization of a server to provide network resources to a client. At selected times, the client asserts an authorization interrupt, which will disable some or all non-essential functions of the client unless the server'"'"'s authorization is verified within an allotted period of time. The client creates a client message by generating a random number and combining it with a client identifier and a value that specifies the current time. The client message is encrypted and sent to the server. Only authorized servers can decrypt the client message and create an encrypted service message that includes the random number. The service message can also contain an authorization code specifying the services that the client may receive, and an expiration count indicating when the authorization procedure will be repeated. The client receives and decrypts the service message. If the random number in the service message is found to be the same as the random number in the client message, the server is authorized, and the client is enabled to exhibit a selected level of functionality. The client can be associated with a smart card or another intelligent peripheral that verifies the authorization of the server in behalf of the client.
150 Citations
40 Claims
-
1. A method of verifying that a server is authorized to provide resources to a client, comprising the steps of:
-
generating and encrypting a first message at the client, including selecting an encryption key from among a plurality of encryption keys encoded on an integrated circuit at the client, the first message including a random number and the selected encryption key;
transmitting the first message to the server;
receiving an encrypted second message from the server;
decrypting the second message at the client; and
determining, by client, whether the random number has been included in the second message, wherein the inclusion of the random number in the second message indicates that the server is authorized to provide resources to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
decrypting the first message at the server; and
generating and encrypting the second message at the server, the second message including the random number.
-
-
3. A method as defined in claim 2, wherein the step of determining whether the random number has been included comprises the step of determining that the random number has been included in the second message, the method further comprising the step of activating selected functions of the client.
-
4. A method as defined in claim 2, wherein:
-
the step of receiving the encrypted second message comprises the step of receiving the encrypted second message from an unauthorized server; and
the step of determining whether the random number has been included comprises the step of determining that the random number has not been included in the second message.
-
-
5. A method as defined in claim 4, further comprising the step of disabling selected functions of the client.
-
6. A method as defined in claim 1, further comprising the step processing asynchronous input to the client to generate the random number.
-
7. A method as defined in claim 1, further comprising the step of asserting an authorization interrupt signal at the client prior to the step of generating and encrypting the first message, wherein the authorization interrupt disables at least some functions of the client after the expiration of an allotted period of time unless the server is first verified as being authorized to provide resources to the client.
-
8. A method as defined in claim 6, wherein the step of determining whether the random number is included comprises the step of determining that the random number is included in the second message, the method further comprising the step of identifying an expiration count encoded in the second message that specifies when a next authorization interrupt signal is to be asserted.
-
9. A method as defined in claim 6, wherein the step of determining whether the random number is included comprises the step of determining that the random number is included in the second message, the method further comprising the step of identifying an authorization code that specifies a level of functionality to be exhibited by the client.
-
10. A method as defined in claim 1, further comprising the steps of:
-
generating and encrypting another message at the client, the other message including another random number;
transmitting the other message to unauthorized server that does not possess a decryption key for decrypting the other message; and
noting, at the client, that no message has been received from the unauthorized server within an allotted period of time, thereby indicating that the unauthorized server is not authorized to provide resources to the client.
-
-
11. A method as defined in claim 1, wherein the client includes an intelligent peripheral, and wherein the step of generating and encrypting a first message at the client is conducted by the intelligent peripheral.
-
12. A method as defined in claim 11, further comprising the step of communicating between the intelligent peripheral and a system enabler module of the client to indicate whether the server is authorized to provide resources to the client.
-
13. A method of verifying that a server is authorized to provide resources to a client, comprising:
-
repeatedly conducting, at times specified by a timing mechanism at the client, the steps of;
by the client, combining and encrypting a client identifier, a random number, and a time identifier to generate a first message;
transmitting the first message from the client to the server;
at the server, conducting the steps of;
decrypting the first message;
identifying an authorization code associated with the client identifier, the authorization code defining a level of functionality to be exhibited by the client;
generating an expiration count based upon the time identifier, the expiration count defining a time when the client is to verify the authorization of the server; and
combining and encrypting the authorization code, the expiration count, and the random number to generate a second message;
transmitting the second message to the client;
decrypting the second message at the client; and
verifying, by the client, that the random number has been included in the second message, thereby indicating that the server is authorized to provide resources to the client. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer program product for implementing, at a client system, a method of verifying that a server is authorized to provide resources to the client system, the computer program product comprising:
-
a computer-readable medium having computer-executable instructions for implementing the method, wherein the computer-executable instructions comprise;
program code means for generating and encrypting a first message identifying the client system and including a random number, the first message being encrypted using an encryption key selected from a plurality of encryption keys encoded on an integrated circuit at the client system;
program code means for initiating transmission of the first message to the server, the first message including the encryption key;
program code means for receiving an encrypted second message from the server;
program code means for decrypting the second message; and
program code means for determining whether the random number has been included in the second message, wherein inclusion of the random number in the second message indicates that the server is authorized to provide resources to the client system. - View Dependent Claims (21, 22, 23, 24, 25)
-
-
26. A computer program product for implementing, at a server, a method of verifying that the server is authorized to provide resources to a client, the computer program product comprising:
-
a computer-readable medium having computer-executable instructions for implementing the method, wherein the computer-executable instructions comprise;
program code means for receiving an encrypted first message from the client, the first message identifying the client and including a random number and an encryption key selected from a plurality of encryption keys encoded on an integrated circuit at the client;
program code means for decrypting the first message;
program code means for selecting an authorization code associated with the client, the authorization code defining a level of functionality to be exhibited by the client;
program code means for generating and encrypting a second message including the random number and the authorization code; and
program code means for initiating transmission of the second message to the client, wherein the random number, having been included in the second message, is to indicate to the client that the server is authorized to provide resources to the client. - View Dependent Claims (27, 28)
-
-
29. A method for periodically authorizing a client to exhibit a selected level of functionality, the method comprising the steps of:
-
establishing communication between the client and the server; and
repeatedly conducting, at selected times while communication is established between the client and the server, the steps of;
causing the client to determine whether the server is authorized to provide resources to the client by verifying that a random number received in an encrypted message from the server is the same as the random number stored at the client, wherein the random number is initially sent from the client to the server and is encrypted using one of a plurality of encryption keys encoded on an integrated circuit at the client;
if the client determines that the server is authorized to provide resources, then activating selected functions of the client; and
if the client determines that the server is not authorized to provide resources, then disabling selected functions of the client. - View Dependent Claims (30, 31, 32)
decrypting an encrypted authorization code received by the client from the server, wherein the encrypted authorization code is decrypted using a decryption key encoded in an integrated circuit at the client, the decryption key being inaccessible to any software being executed at the client; and
writing the authorization code to a register at the integrated circuit, the authorization code specifying a level of functionality to be exhibited by the client.
-
-
33. In a networked system including a client and a server interconnected one with another, wherein resources are provided from the server to the client based on an authorization level of the client, a method for verifying the authorization level, comprising the steps of:
-
receiving at the server, a first message including a random number, an authorization code, and an encryption key selected from a plurality of encryption keys encoded on an integrated circuit at the client;
transmitting an encrypted message from the server to the client, the encrypted message including the random number received from the client and the authorization code defining the authorization level of the client;
decrypting the encrypted message using decryption instructions encoded in hardware at the client, the decryption instructions being inaccessible to software executed on the client; and
upon matching the random number included in the encrypted message with the random number stored at the client, writing the authorization code to a register in the client after the step of decrypting the encrypted message. - View Dependent Claims (34, 35, 36, 37)
generating and encrypting a first message at the client, the first message identifying the client and including a random number;
transmitting the first message from the client to the server prior to the step of transmitting the encrypted message from the server to the client;
decrypting the first message at the server prior to the step of transmitting the encrypted message from the server to the client; and
determining, after the step of decrypting the encrypted message, that the random number has been included in the encrypted message, thereby indicating that the server is authorized to provide the resources to the client.
-
-
35. A method as defined in claim 33, wherein the step of transmitting an encrypted message from the server to the client is conducted in response to an encrypted first message being transmitted from the client to the server.
-
36. A method as defined in claim 33, further comprising the steps of:
-
including an expiration count in the encrypted message, the expiration count indicating a time when a timing mechanism at the client is to again initiate an authorization process; and
writing the expiration count to another register in the client after the step of decrypting the encrypted message.
-
-
37. A method as defined in claim 33, wherein the hardware at the client is an integrated circuit.
-
38. A method of verifying that a server is authorized to provide resources to a client, comprising the steps of:
-
asserting an authorization interrupt signal at the client, the-authorization interrupt disabling at least some functions of the client after the expiration of an allotted period of time unless the server is first verified as being authorized to provide resources to the client;
generating and encrypting a first message at the client, the first message including a random number;
transmitting the first message to the server;
receiving an encrypted second message from the server;
decrypting the second message at the client; and
determining, by the client, whether the random number has been included in the second message, wherein the inclusion of the random number in the second message indicates that the server is authorized to provide resources to the client.
-
-
39. A method of verifying that a server is authorized to provide resources to a client, comprising the steps of:
-
asserting an authorization interrupt signal at the client, the authorization interrupt disabling at least some functions of the client after the expiration of an allotted period of time unless the server is first verified as being authorized to provide resources to the client;
generating and encrypting a first message at the client, the first message identifying the client and including a random number and an encryption key encoded on an integrated circuit at the client;
transmitting the first message to the server;
receiving an encrypted second message from the server;
decrypting the second message at the client; and
determining, by the client, whether the random number has been included in the second message, wherein the inclusion of the random number in the second message indicates that the server is authorized to provide resources to the client.
-
-
40. A method of verifying that a server is authorized to provide resources to a client, comprising:
-
repeatedly conducting, at times specified by a timing mechanism at the client, the steps of;
by the client, combining and encrypting a client identifier, a random number, and a time identifier to generate a first message;
encrypting the first message using an encryption key selected from a plurality of encryption keys encoded on an integrated circuit at the client, the encryption key being included in the first message;
transmitting the first message from the client to the server;
at the server, conducting the steps of;
decrypting the first message;
identifying an authorization code associated with the client identifier, the authorization code defining a level of functionality to be exhibited by the client; and
combining and encrypting the authorization code and the random number to generate a second message;
transmitting the second message to the client;
decrypting the second message at the client; and
verifying, by the client, that the random number has been included in the second message, thereby indicating that the server is authorized to provide resources to the client.
-
Specification