System and method for validating a network session
First Claim
Patent Images
1. A method for securing a session over a network, comprising:
- (a) coupling a client computer to a server in a session over a network in order to gain access to a secured webpage;
(b) coupling a unique token device to the client computer, said token device including a processor and a memory, the processor adapted to run a data encryption/decryption algorithm and the memory for storing shared symmetric keys that eliminate a need for key exchanges between parties in a secure network session;
(c) querying said server for access over the network from said client computer;
(d) generating a challenge from said server responsive to the query that includes a challenge puzzle, an encryption/decryption key ID, and a session ID code, wherein said challenge puzzle and encryption/decryption key ID determine which two particular said shared keys are to be sent to said processor in the unique token device;
(e) transmitting the challenge to the unique token device over the network for processing with said encryption/decryption program;
(g) generating an encryption key in said token device by decomposing the challenge to recover said challenge puzzle, encryption/decryption key ID, and session ID code to produce an encrypted puzzle key from said two shared keys;
(g) generating a one-time-password (OTP) response in said token device from said session ID code and said encrypted puzzle key;
(h) transmitting the OTP response from said client computer to the server over the network;
(i) comparing the OTP response to a server-generated response which was generated with the same process that the client token device should have used to generate the OTP response and determining if the OTP response and the server-generated response match;
(j) if the OTP response and the server-generated response match, then granting the client computer access to the server over the network; and
(k) if the OTP response and the server-generated response do not match, then denying the client computer access to the server over the network.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for preventing interception and decryption of information by an unauthorized party when that information is transmitted over a network is provided. A token is used to encrypt one-time password that is different for each network session, to prevent decryption thereof. The encrypted one-time password is returned to a network server for authentication by the server. The network server generates its response in a similar fashion. The server compares its response to the one-time password, to determine if they match. If they match, then the client is granted access to the network. If they responses do not match, then the client is denied access to the network by the server.
50 Citations
7 Claims
-
1. A method for securing a session over a network, comprising:
-
(a) coupling a client computer to a server in a session over a network in order to gain access to a secured webpage; (b) coupling a unique token device to the client computer, said token device including a processor and a memory, the processor adapted to run a data encryption/decryption algorithm and the memory for storing shared symmetric keys that eliminate a need for key exchanges between parties in a secure network session; (c) querying said server for access over the network from said client computer; (d) generating a challenge from said server responsive to the query that includes a challenge puzzle, an encryption/decryption key ID, and a session ID code, wherein said challenge puzzle and encryption/decryption key ID determine which two particular said shared keys are to be sent to said processor in the unique token device; (e) transmitting the challenge to the unique token device over the network for processing with said encryption/decryption program; (g) generating an encryption key in said token device by decomposing the challenge to recover said challenge puzzle, encryption/decryption key ID, and session ID code to produce an encrypted puzzle key from said two shared keys; (g) generating a one-time-password (OTP) response in said token device from said session ID code and said encrypted puzzle key; (h) transmitting the OTP response from said client computer to the server over the network; (i) comparing the OTP response to a server-generated response which was generated with the same process that the client token device should have used to generate the OTP response and determining if the OTP response and the server-generated response match; (j) if the OTP response and the server-generated response match, then granting the client computer access to the server over the network; and (k) if the OTP response and the server-generated response do not match, then denying the client computer access to the server over the network. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for securing information obtained over a network, the system comprising:
-
a token device adapted to be coupled to the computer, said token device including a processor and a memory, the processor adapted to run a data encryption/decryption algorithm and the memory for storing shared symmetric keys that eliminate a need for key exchanges between parties in a secure network session; wherein if a client requests access to a server then a query is sent to the server, a challenge including a challenge puzzle, an encryption/decryption key ID, and a session ID code that determine which two particular said symmetric shared keys are to be sent to said processor in the token device responsive to the query is generated and transmitted to the token, the token performing a first round of encryption to produce an encrypted puzzle key from said two symmetric shared keys and performing a second round of encryption to generate a one-time password (OTP) from said encrypted puzzle key and said session ID code, the one-time-password transmitted to the server to compare the one-time password to a server-generated response to determine if the one-time password and the server-generated response match; whereby if the one-time password and the server-generated response match, then the client is granted access to the network and if the one-time password and the server-generated response do not match, then the client is denied access to the network.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeAuthenex Incorporated
-
Original AssigneeAuthenex Incorporated
-
InventorsHon, Henry, Cheng, Fred
-
Primary Examiner(s)Moise, Emmanuel L.
-
Assistant Examiner(s)Gelagay, Shewaye
-
Application NumberUS10/280,590Publication NumberTime in Patent Office1,691 DaysField of Search713/185US Class Current713/185CPC Class CodesG06Q 20/367 involving electronic purses...G06Q 20/3678 e-cash details, e.g. blinde...H04L 63/0428 wherein the data content is...H04L 63/0838 using one-time-passwordsH04L 63/0853 using an additional device,...
