System and method for secure remote access

US 7,321,971 B2
Filed: 01/07/2004
Issued: 01/22/2008
Est. Priority Date: 08/26/2003
Status: Active Grant

First Claim

Patent Images

1. A method of directing a client to establish a secure connection with a server across a network comprising:

(a) exchanging a server authentication public key, a client authentication public key, and a remote service unique identifier between a client and a server during a registration process;

(b) transmitting from the client to the server a client information package encrypted with a temporary server public key, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key and indicating a client session public key;

(c) receiving at the server the client information package having the unique identifier and the client challenge information package encrypted with the server authentication public key and decrypting the received client information package utilizing a temporary server private key;

(d) retrieving an associated server authentication private key utilizing the received unique identifier as an index;

(e) decrypting and verifying the client challenge information package with the server authentication private key;

(f) transmitting from the server to the client a server information package encrypted with the client session public key indicated in the received client information package, wherein the server information package includes the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key;

(g) receiving at the client the server information package having the unique identifier and the server challenge information package encrypted with the client authentication public key and decrypting the received server information package utilizing a client session private key;

(h) decrypting and verifying the server challenge information package with the client authentication private key; and

(i) transmitting to the server an encrypted portion of the received server challenge information utilizing the server session public key indicated in the received server information package.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for directing a client to establish a secure connection with a server across a public network. The server and the client exchange a Server Authentication Public Key, a Client Authentication Public Key, and a Remote Service Unique Identifier (RSUID) during a registration process. In one embodiment, the method includes the client transmitting to the server a client information package having the RSUID and a client challenge information package encrypted with the Server Authentication Public Key, the client receiving from the server a server information package having the RSUID and a server challenge information package and a portion of the received client challenge information encrypted with the Client Authentication Public Key, the client decrypting and verifying the server challenge information package with the Client Authentication Private Key, and, the client transmitting to the server an encrypted portion of the received client challenge information.

Citations

15 Claims

1. A method of directing a client to establish a secure connection with a server across a network comprising:
- (a) exchanging a server authentication public key, a client authentication public key, and a remote service unique identifier between a client and a server during a registration process;
  
  (b) transmitting from the client to the server a client information package encrypted with a temporary server public key, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key and indicating a client session public key;
  
  (c) receiving at the server the client information package having the unique identifier and the client challenge information package encrypted with the server authentication public key and decrypting the received client information package utilizing a temporary server private key;
  
  (d) retrieving an associated server authentication private key utilizing the received unique identifier as an index;
  
  (e) decrypting and verifying the client challenge information package with the server authentication private key;
  
  (f) transmitting from the server to the client a server information package encrypted with the client session public key indicated in the received client information package, wherein the server information package includes the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key;
  
  (g) receiving at the client the server information package having the unique identifier and the server challenge information package encrypted with the client authentication public key and decrypting the received server information package utilizing a client session private key;
  
  (h) decrypting and verifying the server challenge information package with the client authentication private key; and
  
  (i) transmitting to the server an encrypted portion of the received server challenge information utilizing the server session public key indicated in the received server information package.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein step (b) further includes:
    - (b.1) transmitting the client challenge information package including a client session public key.
  - 3. The method of claim 1, wherein step (b) further includes:
    - (b.1) transmitting the client challenge information package including a previous session ID to enable the server to select a client session public key associated with the previous session ID.
  - 4. The method of claim 1, wherein step (f) further includes:
    - (f.1) transmitting the server challenge information package including a server session public key.
  - 5. The method of claim 1, wherein step (f) further includes:
    - (f.1) transmitting the server challenge information package including a previous session ID that enables the client to select a server session public key associated with the previous session ID.

6. A program product apparatus having a computer readable medium with computer program logic recorded thereon for directing a client to establish a secure connection with a server across a network, said program product apparatus comprising:
- a registration module to exchange a server authentication public key, a client authentication public key, and a remote service unique identifier between a client and a server during a registration process;
  
  an initiation module to transmit from the client to the server a client information package encrypted with a temporary server public key, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key and indicating a client session public key;
  
  a server reception module to receive at the server the client information package having the unique identifier and the client challenge information package encrypted with the server authentication public key and to decrypt the received client information package utilizing a temporary server private key;
  
  an index module to retrieve an associated server authentication private key utilizing the received unique identifier as an index;
  
  a validation module to decrypt and verify the client challenge information package with the server authentication private key;
  
  a transmission module to transmit from the server to the client a server information package encrypted with the client session public key indicated in the received client information package, wherein the server information package includes the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key;
  
  a client reception module to receive at the client the server information package having the unique identifier and the server challenge information package encrypted with the client authentication public key and to decrypt the received server information package utilizing a client session private key;
  
  a decryption module to decrypt and verify the server challenge information package with the client authentication private key; and
  
  a response module to transmit to the server an encrypted portion of the received server challenge information utilizing the server session public key indicated in the received server information package.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The program product of claim 6, wherein the initiation module includes:
    - a session key module to place a client session public key within the client challenge information package.
  - 8. The program product of claim 6, wherein the initiation module includes:
    - a session tracking module to place a previous session ID within the client challenge information package to enable the server to select a client session public key associated with the previous session ID.
  - 9. The program product of claim 6, wherein the transmission module includes:
    - a session module to place a server session public key within the server challenge information package.
  - 10. The program product of claim 6, wherein the transmission module includes:
    - a session tracking module to place a previous session ID within the server challenge information package that enables the client to select a server session public key associated with the previous session ID.

11. A system to establish a secure connection between a client computer system and a server across a network, the system comprising:
- a client computer system coupled to a server via a network;
  
  a registration system to exchange a server authentication public key, a client authentication public key, and a remote service unique identifier between said client computer system and said server during a registration process;
  
  an initiation module at said client computer system to transmit to the server a client information package encrypted with a temporary server public key, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key and indicating a client session public key;
  
  a server reception module at said server to receive the client information package having the unique identifier and the client challenge information package encrypted with the server authentication public key and to decrypt the received client information package utilizing a temporary server private key;
  
  an index module at said server to retrieve an associated server authentication private key utilizing the received unique identifier as an index;
  
  a validation module at said server to decrypt and verify the client challenge information package with the server authentication private key;
  
  a transmission module at said server to transmit to the client a server information package encrypted with the client session public key indicated in the received client information package, wherein the server information package includes the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key;
  
  a client reception module at the client computer system to receive the server information package having the unique identifier and the server challenge information package encrypted with the client authentication public key and to decrypt the received server information package utilizing a client session private key;
  
  a decryption module at the client computer system to decrypt and verify the server challenge information package with the client authentication private key; and
  
  a response module at the client computer system to transmit to the server an encrypted portion of the received server challenge information utilizing the server session public key indicated in the received server information package.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein the initiation module includes:
    - a session key module to place a client session public key within the client challenge information package.
  - 13. The system of claim 11, wherein the initiation module includes:
    - a session tracking module to place a previous session ID within the client challenge information package to enable the server to select a client session public key associated with the previous session ID.
  - 14. The system of claim 11, wherein the transmission module includes:
    - a session module to place a server session public key within the server challenge information package.
  - 15. The system of claim 11, wherein the transmission module includes:
    - a session tracking module to place a previous session ID within the server challenge information package that enables the client to select a server session public key associated with the previous session ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hulu LLC (The Walt Disney Company)
Original Assignee
International Business Machines Corporation
Inventors
Wilding, Mark F., Horman, Randall W.
Primary Examiner(s)
Barron; Gilberto
Assistant Examiner(s)
Kane; Cordelia

Application Number

US10/752,027
Publication Number

US 20050050329A1
Time in Patent Office

1,476 Days
Field of Search

713/168, 713/169, 713/151, 726/14
US Class Current

713/169
CPC Class Codes

G06F 21/445   by mutual authentication, e...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

System and method for secure remote access

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure remote access

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links