PKI-based client/server authentication

US 7,127,607 B1
Filed: 05/28/2004
Issued: 10/24/2006
Est. Priority Date: 06/30/2000
Status: Expired due to Term

First Claim

Patent Images

1. An authentication system, comprising:

a security filter to monitor sessions between a client and a server for proper authentication, to search for a security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie, and to direct the client to submit a certificate to the server;

a plug-in coupled to the client and the server, said plug-in to generate public and private key pairs, and to receive and store certificates; and

security extension coupled to said filter, said extension to verify the submitted certificate sent from the client to the server, to generate script commands to cause the client and the server to perform required operations indicated by said security filter, wherein the extension is configured to generate a node challenge random number; and

to cause the client to generate a response to the node challenge random number, to send the response to the server, and to save the response as a named cookie on the client.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client/server authentication system is disclosed. The system includes a filter, a plug-in, and an extension. The filter monitors sessions between a client and a server for proper authentication. The plug-in is coupled to the client and the server. The plug-in generates public and private key pairs, and receives and stores certificates. The extension is coupled to the filter. The extension generates script commands to cause the client and the server to perform required steps indicated by the filter.

Citations

7 Claims

1. An authentication system, comprising:
- a security filter to monitor sessions between a client and a server for proper authentication, to search for a security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie, and to direct the client to submit a certificate to the server;
  
  a plug-in coupled to the client and the server, said plug-in to generate public and private key pairs, and to receive and store certificates; and
  
  security extension coupled to said filter, said extension to verify the submitted certificate sent from the client to the server, to generate script commands to cause the client and the server to perform required operations indicated by said security filter, wherein the extension is configured to generate a node challenge random number; and
  
  to cause the client to generate a response to the node challenge random number, to send the response to the server, and to save the response as a named cookie on the client.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the certificates are used to certify the client to the server.
  - 3. The system of claim 1, wherein the certificates are used to certify the server to the client.
  - 4. The system of claim 1, wherein the certificates are used to certify the client and the server to each other.
  - 5. The system of claim 1, wherein the script commands are implemented in a hypertext markup language (HTML) program.

6. A secure client/server system, comprising:
- a client to request data or service;
  
  a server to provide the requested data or service; and
  
  an authentication system including;
  
  a security filter to monitor sessions between the client and the server for proper authentication, to search for a security token sent from the client to the server, wherein the security token, if present, is stored on the client as a cookie, and to direct the client to submit a certificate to the server,a plug-in coupled to the client and the server, said plug-in to generate public and private key pairs, and to receive and store certificates, andsecurity extension coupled to said filter, said extension to verify the submitted certificates sent from the client to the server, to generate script commands to cause the client and the server to perform required steps indicated by said security filter, wherein the extension is configured to generate a node challenge random number, andto cause the client to generate a response to the node challenge random number, to send the response to the server, and to save the response as a named cookie on the client.
- View Dependent Claims (7)
- - 7. The system of claim 6, wherein the certificates are used to certify the client to the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ivanti, Inc. (Ivanti Software, Inc.)
Original Assignee
LANDesk Software Incorporated
Inventors
Hillyard, Paul, Butt, Alan B., Su, Jin
Primary Examiner(s)
Louis-Jacques, Jacques H.
Assistant Examiner(s)
Simitoski, Michael J.

Application Number

US10/856,450
Time in Patent Office

879 Days
Field of Search

726/10, 713/156
US Class Current

713/156
CPC Class Codes

G06F 21/33   using certificates

G06F 2221/2103   Challenge-response

H04L 63/0815   providing single-sign-on or...

H04L 63/0823   using certificates cryptogr...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3234   involving additional secure...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

PKI-based client/server authentication

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

PKI-based client/server authentication

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links