Strong mutual authentication of devices
First Claim
1. A method for enabling strong mutual authentication on a computer network comprising the steps of:
- transmitting a first indicia of a user to a first computer over a first communication channel;
generating by said first computer a first authentication number, a second authentication number, and a third authentication number;
transmitting by said first computer a first message to a second computer, wherein said first message comprises said first authentication number encrypted by said second authentication number;
transmitting by said first computer a second message to a verifier over a second communication channel, wherein said second message comprises said second authentication number encrypted and said third authentication number;
decrypting by said verifier said second message to obtain a first decrypted message, wherein said first decrypted message comprises said second authentication number;
transmitting by said verifier said second authentication number to said second computer over a third communication channel;
decrypting by said second computer said first message transmitted by said first computer to recover said first authentication number;
transmitting by said second computer a third message to said first computer over said first communication channel, wherein said third message comprises said second authentication number encrypted by said first authentication number; and
validating said second computer by said first computer by decrypting said third message to obtain said second authentication number.
7 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a method for enabling strong mutual authentication between two computers in a communication system. A user from a client attempts to gain access to a server. The server transmits a first key encrypted by a second key to the client and a second key encrypted by a user'"'"'s private key to a verifier. The verifier uses the user'"'"'s login information to obtain the user'"'"'s private key, which the verifier uses to obtain the second key. The verifier transmits the second key to the client and the client decrypts the first key with the second key. The client then transmits the second key encrypted by the first key to the server. If the received second key is the same as the generated second key, the client is authenticated to the server.
204 Citations
47 Claims
-
1. A method for enabling strong mutual authentication on a computer network comprising the steps of:
-
transmitting a first indicia of a user to a first computer over a first communication channel;
generating by said first computer a first authentication number, a second authentication number, and a third authentication number;transmitting by said first computer a first message to a second computer, wherein said first message comprises said first authentication number encrypted by said second authentication number; transmitting by said first computer a second message to a verifier over a second communication channel, wherein said second message comprises said second authentication number encrypted and said third authentication number; decrypting by said verifier said second message to obtain a first decrypted message, wherein said first decrypted message comprises said second authentication number; transmitting by said verifier said second authentication number to said second computer over a third communication channel; decrypting by said second computer said first message transmitted by said first computer to recover said first authentication number; transmitting by said second computer a third message to said first computer over said first communication channel, wherein said third message comprises said second authentication number encrypted by said first authentication number; and validating said second computer by said first computer by decrypting said third message to obtain said second authentication number. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. The method for authenticating a third device to a first device comprising the steps of:
-
encrypting a first key with a second key by said first device; transmitting by said first device said encrypted first key to said third device; encrypting said second key with a third key by said first device; transmitting by said first device said encrypted second key to a second device; decrypting said encrypted second key in response to obtaining from said first device said third key by a second device; and decrypting by said third device said encrypted first key using said second key obtained from said second device. - View Dependent Claims (18, 19, 20)
-
-
21. The method for authenticating a third device to a first device comprising the steps of:
-
transmitting by said first device a first message to said third device; transmitting by said first device a second message to a second device; transmitting by said second device a second key of said second message to said third device; obtaining by said third device a first key of said first message using said second key of said second message; and transmitting by said third device a third message to said first device. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for enabling strong mutual authenticating comprising:
-
a first transmitter; a first receiver in communication with said first transmitter; an output device in communication with said first receiver; a second receiver in communication with said output device; a second transmitter; and a comparator in communication with said second transmitter and said first transmitter, wherein said first transmitter transmits a first message to said second receiver over a first communication channel; wherein said first transmitter transmits a second message to said first receiver over a second communication channel; wherein said output device transmits a second key derived from said second message to said second receiver over a third communication channel;
wherein said second transmitter transmits a third message to said comparator over said first communication channel;wherein said comparator compares said second key of said third message with said second key of said first message. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
Specification