PKI-based client/server authentication

US 7,032,110 B1
Filed: 06/30/2000
Issued: 04/18/2006
Est. Priority Date: 06/30/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing a single sign-on authentication and privacy, comprising in order:

submitting a request to access a node, wherein the request is submitted by a client;

searching for a security token, wherein the searching is performed by a security filter on a server and operates to search for the security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie;

directing the client to submit a certificate to the server, wherein the directing is performed by the security filter on the server;

verifying the submitted certificate with a trusted certificate, wherein the verifying is performed by a security extension on the server and operates to verify the submitted certificate sent from the client to the server;

performing a challenge, wherein the challenge is generated by the security extension on the server and is sent to the client;

generating a response to the challenge, wherein the response is generated by the client and is sent to the server; and

saving the response as a named cookie on the client, wherein the response is saved by the client.

View all claims

25 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client/server authentication system is disclosed. The system includes a filter, a plug-in, and an extension. The filter monitors sessions between a client and a server for proper authentication. The plug-in is coupled to the client and the server. The plug-in generates public and private key pairs, and receives and stores certificates. The extension is coupled to the filter. The extension generates script commands to cause the client and the server to perform required steps indicated by the filter.

168 Citations

18 Claims

1. A method for providing a single sign-on authentication and privacy, comprising in order:
- submitting a request to access a node, wherein the request is submitted by a client;
  
  searching for a security token, wherein the searching is performed by a security filter on a server and operates to search for the security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie;
  
  directing the client to submit a certificate to the server, wherein the directing is performed by the security filter on the server;
  
  verifying the submitted certificate with a trusted certificate, wherein the verifying is performed by a security extension on the server and operates to verify the submitted certificate sent from the client to the server;
  
  performing a challenge, wherein the challenge is generated by the security extension on the server and is sent to the client;
  
  generating a response to the challenge, wherein the response is generated by the client and is sent to the server; and
  
  saving the response as a named cookie on the client, wherein the response is saved by the client.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said response is used as a security token.
  - 3. The method of claim 2, wherein said security token is used to propagate an initial authentication.
  - 4. The method of claim 1, further comprising:
    - creating a connection session if the certificate is valid.
  - 5. The method of claim 1, wherein said verifying the submitted certificate includes checking a signature on the submitted certificate with the trusted certificate.
  - 6. The method of claim 1, further comprising:
    - generating a key;
      
      encrypting the key with a client'"'"'s public key;
      
      sending an encrypted key to a client; and
      
      using the key to encrypt communication.

7. A method for providing a single sign-on authentication and privacy, comprising in order:
- submitting a request to access a node, wherein the request is submitted by a client;
  
  searching for a security token, wherein the searching is performed by a security filter on a server and operates to search for the security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie;
  
  directing the client to submit a certificate to the server, wherein the directing is performed by the security filter on the server;
  
  verifying the submitted certificate with a trusted certificate, wherein the verifying is performed by a security extension on the server and operates to verify the submitted certificate sent from the client to the server;
  
  performing a challenge, wherein the challenge is generated by the security extension in on the server and is sent to the client;
  
  generating a response to the challenge, wherein the response is generated by the client and is sent to the server;
  
  saving the response as a named cookie with an authentication token on the client, wherein the response is saved by the client; and
  
  using standard Secure Socket Layer (SSL) library to provide communication privacy.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The method of claim 7, wherein said verifying includes creating and registering a new authentication session.
  - 9. The method of claim 8, wherein said verifying includes validating the new authentication session with the authentication token.
  - 10. The method of claim 7, wherein said verifying includes indicating a failure status to a client if said verifying fails.
  - 11. The method of claim 7, wherein said performing said challenge includes generating a node challenge random number.
  - 12. A method of claim 7, wherein said directing includes receiving an address of the node;
    - andchecking to determine if the address is protected.
  - 13. The method of claim 7, further comprising:
    - determining if the authentication token is already present.
  - 14. The method of claim 13, further comprising:
    - determining if a client is on an access control list if the authentication token is present and valid.

15. An apparatus comprising a computer-readable storage medium having executable instructions that enable the computer to, in order:
- submit a request to access a node, wherein the request is submitted by a client;
  
  search for a security token, wherein the search is performed by a security filter on a server and operates to search for the security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie;
  
  direct the client to submit a certificate to the server, wherein the directing is performed by the security filter on the server;
  
  verify the submitted certificate with a trusted certificate, wherein the verifying is performed by a security extension on the server and operates to verify the submitted certificate sent from the client to the server;
  
  perform a challenge, wherein the challenge is generated by the security extension on the server and is sent to the client;
  
  generate a response to the challenge, wherein the response is generated by the client and is sent to the server; and
  
  save the response as a named cookie on the client, wherein the response is saved by the client.
- View Dependent Claims (16)
- - 16. The apparatus of claim 15, wherein said response is used as a security token.

17. An apparatus comprising a computer-readable storage medium having executable instructions that enable the computer to, in order:
- submit a request to access a node, wherein the request is submitted by a client;
  
  search for a security token, wherein the search is performed by a security filter on a server and operates to search for the security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie;
  
  direct the client to submit a certificate to the server, wherein the directing is performed by the security filter on the server;
  
  verify the submitted certificate with a trusted certificate, wherein the verifying is performed by a security extension on the server and operates to verify the submitted certificate sent from the client to the server;
  
  perform a challenge, wherein the challenge is generated by the security extension on the server and is sent to the client;
  
  generate a response to the challenge, wherein the response is generated by the client and is sent to the server;
  
  save the response as a named cookie with an authentication token on the client, wherein the response is saved by the client; and
  
  use standard Secure Socket Layer (SSL) library to provide communication privacy.
- View Dependent Claims (18)
- - 18. The apparatus of claim 17, wherein said verify the submitted certificate includes instructions to create and register new authentication session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
LANDesk Software Incorporated
Inventors
Hillyard, Paul B., Butt, Alan B., Su, Jin
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
Simitoski, Michael J.

Application Number

US09/608,986
Time in Patent Office

2,118 Days
Field of Search

713/156, 713/175, 709/229, 709/225, 726/10
US Class Current

713/156
CPC Class Codes

G06F 21/33   using certificates

G06F 2221/2103   Challenge-response

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

PKI-based client/server authentication

First Claim

25 Assignments

0 Petitions

Accused Products

Abstract

168 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

PKI-based client/server authentication

First Claim

25 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

168 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others