Method and apparatus for providing peer authentication for a transport layer session
First Claim
1. A method, comprising:
- a client sending a message to a server, wherein the message claims an identity associated with a shared secret key; and
the server performing authentication of the client and conversely, based on information derived from the shared secret key but not revealing the shared secret key;
wherein the shared secret key and the identity are provided out-of-band to both the client and at least one other entity so as to associate the identity with the shared secret key; and
wherein the sending of the message and authentication are according to a predetermined transport layer session handshake protocol providing authentication for a transport layer session communication using a predetermined authentication and key agreement not making use of a public key infrastructure.
0 Assignments
0 Petitions
Accused Products
Abstract
A handshake protocol, for encapsulation by the so-called TLS Record Protocol, for use by a client (11) and a server (12) in authenticating each other. The handshake protocol is based on the TLS Handshake Protocol, but replaces the PKI trust infrastructure of that protocol with the IMS AKA trust infrastructure, which is based on a private key stored on a so-called smart card (11a) in the client terminal (11), and also stored (usually) in a Home Subscriber Server (14) serving as a trusted third party (but instead sometimes in the server (12) being authenticated), the third party providing information to the server (12) sufficient for the server (12) to authenticate the client (11) and also sufficient for the server (12) to provide to the client (11) information sufficient for the client (11) to authenticate the server (12).
-
Citations
14 Claims
-
1. A method, comprising:
-
a client sending a message to a server, wherein the message claims an identity associated with a shared secret key; and the server performing authentication of the client and conversely, based on information derived from the shared secret key but not revealing the shared secret key; wherein the shared secret key and the identity are provided out-of-band to both the client and at least one other entity so as to associate the identity with the shared secret key; and wherein the sending of the message and authentication are according to a predetermined transport layer session handshake protocol providing authentication for a transport layer session communication using a predetermined authentication and key agreement not making use of a public key infrastructure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
Specification