Strong mutual authentication of devices

US 7,293,176 B2
Filed: 05/20/2004
Issued: 11/06/2007
Est. Priority Date: 07/17/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for enabling strong mutual authentication on a computer network comprising the steps of:

transmitting, by a first computer, a first encrypted message to a second computer over a first communication channel, said first encrypted message comprising a first authentication number encrypted with a second authentication number;

receiving, by said second computer, a second message over a second communication channel, wherein said second message comprises said second authentication number used to decrypt said first encrypted message;

receiving, by said first computer, from said second computer a third encrypted message over said first communication channel, said third encrypted message comprising said second authentication number encrypted with said first authentication number; and

determining, by said first computer, said second authentication number of said third encrypted message is the same as said second authentication number used to encrypt said first encrypted message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for enabling strong mutual authentication between two computers or devices in a communication system. A user attempting to gain access to a first computer transmits login information to the first computer. The first computer transmits a first message, including a first key encrypted by a second key, to the second computer. The first computer then transmits a second message to a third device. The second message includes the second key needed by the second computer to decrypt the first message. The third device uses the user'"'"'s login information to obtain the user'"'"'s private key, which the third device uses to obtain the second key. The third device transmits the second key in a third message to the second computer. The second computer then uses the second key to decrypt the first message and obtain the first key. Once the second computer obtains the first key, the second computer switches the role of the keys from the first message by encrypting the second key with the first key into a fourth message. The second computer transmits the fourth message to the server, and the first computer decrypts the fourth message using its first key. If the received second key is the same as the generated second key, the second computer is authenticated to the first computer.

Citations

37 Claims

1. A method for enabling strong mutual authentication on a computer network comprising the steps of:
- transmitting, by a first computer, a first encrypted message to a second computer over a first communication channel, said first encrypted message comprising a first authentication number encrypted with a second authentication number;
  
  receiving, by said second computer, a second message over a second communication channel, wherein said second message comprises said second authentication number used to decrypt said first encrypted message;
  
  receiving, by said first computer, from said second computer a third encrypted message over said first communication channel, said third encrypted message comprising said second authentication number encrypted with said first authentication number; and
  
  determining, by said first computer, said second authentication number of said third encrypted message is the same as said second authentication number used to encrypt said first encrypted message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, authenticating, by said first computer, said second computer in response to said determination.
  - 3. The method of claim 2 further comprising generating, by said first computer, at least one of said first authentication number or said second authentication number.
  - 4. The method of claim 2 further comprising decrypting, by said second computer, said first message transmitted by said first computer to recover said first authentication number.
  - 5. The method of claim 1, comprising decrypting, by said second computer, said first encrypted message using said second authentication number of the second message.
  - 6. The method of claim 1 further comprising transmitting a first indicia to said first computer over said first communication channel.
  - 7. The method of claim 1 further comprising generating, by said first computer, a third authentication number.
  - 8. The method of claim 1 further comprising transmitting, by said first computer, said second message to a verifier over a third communication channel and transmitting by said verifier said second message to said second computer over said second communication channel, wherein said second message comprises said second authentication number encrypted.
  - 9. The method of claim 8 further comprising decrypting, by said verifier, said second message to obtain a first decrypted message, wherein said first decrypted message comprises said second authentication number.
  - 10. The method of claim 8, wherein said verifier comprises one of a third computer, a mobile communications device or a subscriber identification module.
  - 11. The method of claim 1, comprising generating, by said second computer, said third encrypted message by encrypting said second authentication number of said second message with said first authentication number of said first encrypted message from said first computer.
  - 12. The method of claim 1, wherein said second message further comprises a third authentication number.
  - 13. The method of claim 1 further comprising transmitting, by said second computer, a third message to said first computer over said first communication channel, wherein said third message comprises said second authentication number encrypted by said first authentication number.
  - 14. The method of claim 13 further comprising validating said second computer by said first computer by decrypting said third message to obtain said second authentication number.
  - 15. The method of claim 1, wherein said second message further comprises an encrypted portion.
  - 16. The method of claim 1, comprising determining, by said first computer, said second authentication number of said third encrypted message is not the same as said second authentication number used to encrypt said first encrypted message.
  - 17. The method of claim 16, comprising not authenticating, by said first computer, said second computer in response to said determination.

18. A system for enabling strong mutual authentication comprising:
- a first computer transmitting a first encrypted message over a first communication channel, said first encrypted message comprising a first authentication number encrypted with a second authentication number;
  
  a second computer receiving said first encrypted message over said first communication channel and said second computer receiving a second message over a second communication channel, said second message comprising said second authentication number used to decrypt said first encrypted message; and
  
  wherein said first computer, receives from said second computer over said first communication channel a third encrypted message comprising said second authentication number encrypted with said first authentication number, and determines said second authentication number of said third encrypted message is the same as said second authentication number used to encrypt said first encrypted message.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The system of claim 18 wherein said first computer authenticates said second computer in response to said determination.
  - 20. The system of claim 18 wherein said second computer decrypts said first encrypted message using said second authentication number of the second message.
  - 21. The system of claim 18, wherein a verifier transmits said second message to said second computer over said second communication channel, said verifier comprising one of a third computer, a mobile communications device or a subscriber identification module.
  - 22. The system of claim 21 wherein said first computer transmits to said verifier said second message encrypted and said verifier decrypts said encrypted second message to obtain a key to decrypt said first encrypted message.

23. An apparatus for enabling strong mutual authentication on a computer network comprising:
- means for transmitting, by a first computer, a first encrypted message to a second computer over a first communication channel, said first encrypted message comprising a first authentication number encrypted with a second authentication number;
  
  means for receiving, by said second computer, a second message over a second communication channel, wherein said second message comprises said second authentication number used to decrypt said first encrypted message;
  
  means for receiving, by said first computer, from said second computer a third encrypted message over said first communication channel, said third encrypted message comprising said second authentication number encrypted with said first authentication number; and
  
  means for determining, by said first computer, said second authentication number of said third encrypted message is the same as the second authentication number used to encrypt said first encrypted message.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 24. The apparatus of claim 23, comprising means for authenticating, by said first computer, said second computer in response to said determination.
  - 25. The apparatus of claim 24, comprising means for generating, by said first computer, at least one of said first authentication number or said second authentication number.
  - 26. The apparatus of claim 24, comprising means for decrypting, by said second computer, said first message transmitted by said first computer to recover said first authentication number.
  - 27. The apparatus of claim 23, comprising means for decrypting, by said second computer, said first encrypted message using said second authentication number of the second message.
  - 28. The apparatus of claim 23, comprising means for transmitting a first indicia to said first computer over said first communication channel.
  - 29. The apparatus of claim 23, comprising means for generating, by said first computer, a third authentication number.
  - 30. The apparatus of claim 23, comprising means for transmitting, by said first computer, said second message to a verifier over a third communication channel and transmitting by said verifier said second message to said second computer over said second communication channel, wherein said second message comprises said second authentication number encrypted.
  - 31. The apparatus of claim 30, comprising means for decrypting, by said verifier, said second message to obtain a first decrypted message, wherein said first decrypted message comprises said second authentication number.
  - 32. The apparatus of claim 30, wherein said verifier comprises one of a third computer, a mobile communications device or a subscriber identification module.
  - 33. The apparatus of claim 23, comprising means for generating, by said second computer, said third encrypted message by encrypting said second authentication number of said second message with said first authentication number of said first encrypted message from said first computer.
  - 34. The apparatus of claim 23, wherein said second message further comprises a third authentication number.
  - 35. The apparatus of claim 24, comprising means for transmitting, by said second computer, a third message to said first computer over said first communication channel, wherein said third message comprises said second authentication number encrypted by said first authentication number.
  - 36. The apparatus of claim 35, comprising means for validating said second computer by said first computer by decrypting said third message to obtain said second authentication number.
  - 37. The apparatus of claim 24, wherein said second message further comprises an encrypted portion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Otway, David, Bull, John
Primary Examiner(s)
HENEGHAN, MATTHEW E

Application Number

US10/709,657
Publication Number

US 20040205344A1
Time in Patent Office

1,265 Days
Field of Search

713/169, 713/168, 713/171
US Class Current

713/169
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 63/0869   for achieving mutual authen...

H04L 63/18   using different networks or...

H04L 9/321   involving a third party or ...

H04L 9/3215   using a plurality of channe...

H04L 9/3273   for mutual authentication n...

Strong mutual authentication of devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Strong mutual authentication of devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links