System and method for secure remote access
First Claim
1. A method of directing a client to establish a secure connection with a server across a network comprising:
- (a) exchanging a server authentication public key, a client authentication public key, and a remote service unique identifier between a client and a server during a registration process;
(b) transmitting from the client to the server a client information package encrypted with a temporary server public key, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key and indicating a client session public key;
(c) receiving at the server the client information package having the unique identifier and the client challenge information package encrypted with the server authentication public key and decrypting the received client information package utilizing a temporary server private key;
(d) retrieving an associated server authentication private key utilizing the received unique identifier as an index;
(e) decrypting and verifying the client challenge information package with the server authentication private key;
(f) transmitting from the server to the client a server information package encrypted with the client session public key indicated in the received client information package, wherein the server information package includes the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key;
(g) receiving at the client the server information package having the unique identifier and the server challenge information package encrypted with the client authentication public key and decrypting the received server information package utilizing a client session private key;
(h) decrypting and verifying the server challenge information package with the client authentication private key; and
(i) transmitting to the server an encrypted portion of the received server challenge information utilizing the server session public key indicated in the received server information package.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for directing a client to establish a secure connection with a server across a public network. The server and the client exchange a Server Authentication Public Key, a Client Authentication Public Key, and a Remote Service Unique Identifier (RSUID) during a registration process. In one embodiment, the method includes the client transmitting to the server a client information package having the RSUID and a client challenge information package encrypted with the Server Authentication Public Key, the client receiving from the server a server information package having the RSUID and a server challenge information package and a portion of the received client challenge information encrypted with the Client Authentication Public Key, the client decrypting and verifying the server challenge information package with the Client Authentication Private Key, and, the client transmitting to the server an encrypted portion of the received client challenge information.
-
Citations
15 Claims
-
1. A method of directing a client to establish a secure connection with a server across a network comprising:
-
(a) exchanging a server authentication public key, a client authentication public key, and a remote service unique identifier between a client and a server during a registration process; (b) transmitting from the client to the server a client information package encrypted with a temporary server public key, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key and indicating a client session public key; (c) receiving at the server the client information package having the unique identifier and the client challenge information package encrypted with the server authentication public key and decrypting the received client information package utilizing a temporary server private key; (d) retrieving an associated server authentication private key utilizing the received unique identifier as an index; (e) decrypting and verifying the client challenge information package with the server authentication private key; (f) transmitting from the server to the client a server information package encrypted with the client session public key indicated in the received client information package, wherein the server information package includes the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key; (g) receiving at the client the server information package having the unique identifier and the server challenge information package encrypted with the client authentication public key and decrypting the received server information package utilizing a client session private key; (h) decrypting and verifying the server challenge information package with the client authentication private key; and (i) transmitting to the server an encrypted portion of the received server challenge information utilizing the server session public key indicated in the received server information package. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A program product apparatus having a computer readable medium with computer program logic recorded thereon for directing a client to establish a secure connection with a server across a network, said program product apparatus comprising:
-
a registration module to exchange a server authentication public key, a client authentication public key, and a remote service unique identifier between a client and a server during a registration process; an initiation module to transmit from the client to the server a client information package encrypted with a temporary server public key, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key and indicating a client session public key; a server reception module to receive at the server the client information package having the unique identifier and the client challenge information package encrypted with the server authentication public key and to decrypt the received client information package utilizing a temporary server private key; an index module to retrieve an associated server authentication private key utilizing the received unique identifier as an index; a validation module to decrypt and verify the client challenge information package with the server authentication private key; a transmission module to transmit from the server to the client a server information package encrypted with the client session public key indicated in the received client information package, wherein the server information package includes the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key; a client reception module to receive at the client the server information package having the unique identifier and the server challenge information package encrypted with the client authentication public key and to decrypt the received server information package utilizing a client session private key; a decryption module to decrypt and verify the server challenge information package with the client authentication private key; and a response module to transmit to the server an encrypted portion of the received server challenge information utilizing the server session public key indicated in the received server information package. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system to establish a secure connection between a client computer system and a server across a network, the system comprising:
-
a client computer system coupled to a server via a network; a registration system to exchange a server authentication public key, a client authentication public key, and a remote service unique identifier between said client computer system and said server during a registration process; an initiation module at said client computer system to transmit to the server a client information package encrypted with a temporary server public key, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key and indicating a client session public key; a server reception module at said server to receive the client information package having the unique identifier and the client challenge information package encrypted with the server authentication public key and to decrypt the received client information package utilizing a temporary server private key; an index module at said server to retrieve an associated server authentication private key utilizing the received unique identifier as an index; a validation module at said server to decrypt and verify the client challenge information package with the server authentication private key; a transmission module at said server to transmit to the client a server information package encrypted with the client session public key indicated in the received client information package, wherein the server information package includes the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key; a client reception module at the client computer system to receive the server information package having the unique identifier and the server challenge information package encrypted with the client authentication public key and to decrypt the received server information package utilizing a client session private key; a decryption module at the client computer system to decrypt and verify the server challenge information package with the client authentication private key; and a response module at the client computer system to transmit to the server an encrypted portion of the received server challenge information utilizing the server session public key indicated in the received server information package. - View Dependent Claims (12, 13, 14, 15)
-
Specification