PKI-based client/server authentication
First Claim
Patent Images
1. A method for providing a single sign-on authentication and privacy, comprising in order:
- submitting a request to access a node, wherein the request is submitted by a client;
searching for a security token, wherein the searching is performed by a security filter on a server and operates to search for the security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie;
directing the client to submit a certificate to the server, wherein the directing is performed by the security filter on the server;
verifying the submitted certificate with a trusted certificate, wherein the verifying is performed by a security extension on the server and operates to verify the submitted certificate sent from the client to the server;
performing a challenge, wherein the challenge is generated by the security extension on the server and is sent to the client;
generating a response to the challenge, wherein the response is generated by the client and is sent to the server; and
saving the response as a named cookie on the client, wherein the response is saved by the client.
25 Assignments
0 Petitions
Accused Products
Abstract
A client/server authentication system is disclosed. The system includes a filter, a plug-in, and an extension. The filter monitors sessions between a client and a server for proper authentication. The plug-in is coupled to the client and the server. The plug-in generates public and private key pairs, and receives and stores certificates. The extension is coupled to the filter. The extension generates script commands to cause the client and the server to perform required steps indicated by the filter.
168 Citations
18 Claims
-
1. A method for providing a single sign-on authentication and privacy, comprising in order:
-
submitting a request to access a node, wherein the request is submitted by a client; searching for a security token, wherein the searching is performed by a security filter on a server and operates to search for the security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie; directing the client to submit a certificate to the server, wherein the directing is performed by the security filter on the server; verifying the submitted certificate with a trusted certificate, wherein the verifying is performed by a security extension on the server and operates to verify the submitted certificate sent from the client to the server; performing a challenge, wherein the challenge is generated by the security extension on the server and is sent to the client; generating a response to the challenge, wherein the response is generated by the client and is sent to the server; and saving the response as a named cookie on the client, wherein the response is saved by the client. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for providing a single sign-on authentication and privacy, comprising in order:
-
submitting a request to access a node, wherein the request is submitted by a client; searching for a security token, wherein the searching is performed by a security filter on a server and operates to search for the security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie; directing the client to submit a certificate to the server, wherein the directing is performed by the security filter on the server; verifying the submitted certificate with a trusted certificate, wherein the verifying is performed by a security extension on the server and operates to verify the submitted certificate sent from the client to the server; performing a challenge, wherein the challenge is generated by the security extension in on the server and is sent to the client; generating a response to the challenge, wherein the response is generated by the client and is sent to the server; saving the response as a named cookie with an authentication token on the client, wherein the response is saved by the client; and using standard Secure Socket Layer (SSL) library to provide communication privacy. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising a computer-readable storage medium having executable instructions that enable the computer to, in order:
-
submit a request to access a node, wherein the request is submitted by a client; search for a security token, wherein the search is performed by a security filter on a server and operates to search for the security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie; direct the client to submit a certificate to the server, wherein the directing is performed by the security filter on the server; verify the submitted certificate with a trusted certificate, wherein the verifying is performed by a security extension on the server and operates to verify the submitted certificate sent from the client to the server; perform a challenge, wherein the challenge is generated by the security extension on the server and is sent to the client; generate a response to the challenge, wherein the response is generated by the client and is sent to the server; and save the response as a named cookie on the client, wherein the response is saved by the client. - View Dependent Claims (16)
-
-
17. An apparatus comprising a computer-readable storage medium having executable instructions that enable the computer to, in order:
-
submit a request to access a node, wherein the request is submitted by a client; search for a security token, wherein the search is performed by a security filter on a server and operates to search for the security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie; direct the client to submit a certificate to the server, wherein the directing is performed by the security filter on the server; verify the submitted certificate with a trusted certificate, wherein the verifying is performed by a security extension on the server and operates to verify the submitted certificate sent from the client to the server; perform a challenge, wherein the challenge is generated by the security extension on the server and is sent to the client; generate a response to the challenge, wherein the response is generated by the client and is sent to the server; save the response as a named cookie with an authentication token on the client, wherein the response is saved by the client; and use standard Secure Socket Layer (SSL) library to provide communication privacy. - View Dependent Claims (18)
-
Specification