Authenticating peer-to-peer connections
First Claim
1. A method of establishing and authenticating a peer-to-peer connection between at least two client components, said client components each having an authenticated connection to a server, said method comprising:
- exchanging through the server a shared key between the client components via the authenticated connections to the server;
establishing a peer-to-peer connection between the client components, said peer-to-peer connection excluding the server;
exchanging said shared key between the client components via the established, peer-to-peer connection;
comparing said shared key exchanged via the peer-to-peer connection with said shared key exchanged via the authenticated connection to the server, wherein a firstone of the client components authenticates a second one of the client components responsive to said comparing by verifying that said shared key exchanged via the peer-to-peer connection corresponds to said shared key exchanged via the authenticated connections to the server,encrypting, by the second one of the client components, a first message using the shared key;
transmitting the encrypted first message from the second one of the client components to the first one of the client components via the peer-to-peer connection, wherein the first one of the client components decrypts the received encrypted message using the shared key to create a second message;
receiving, by the second one of the client components, the decrypted second message from the first one of the client components via the peer-to-peer connection; and
comparing, by the second one of the client components, the first message with the second message to confirm that the first one of the client components possesses the shared key to thereby authenticate the first one of the client components.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods employing authenticated connections to a central server to establish and authenticate a peer-to-peer connection between peer devices. The invention circumvents the potential vulnerability of clear-text transmission of secrets through a series of encrypted data transfers. A secret key is encrypted and then transmitted from one peer device to another using authenticated connections to the server. The secret key is then used to transmit encrypted data over a peer connection between the peer devices for the purpose of authenticating the peer devices on each end of the connection.
-
Citations
51 Claims
-
1. A method of establishing and authenticating a peer-to-peer connection between at least two client components, said client components each having an authenticated connection to a server, said method comprising:
-
exchanging through the server a shared key between the client components via the authenticated connections to the server; establishing a peer-to-peer connection between the client components, said peer-to-peer connection excluding the server; exchanging said shared key between the client components via the established, peer-to-peer connection; comparing said shared key exchanged via the peer-to-peer connection with said shared key exchanged via the authenticated connection to the server, wherein a first one of the client components authenticates a second one of the client components responsive to said comparing by verifying that said shared key exchanged via the peer-to-peer connection corresponds to said shared key exchanged via the authenticated connections to the server, encrypting, by the second one of the client components, a first message using the shared key; transmitting the encrypted first message from the second one of the client components to the first one of the client components via the peer-to-peer connection, wherein the first one of the client components decrypts the received encrypted message using the shared key to create a second message; receiving, by the second one of the client components, the decrypted second message from the first one of the client components via the peer-to-peer connection; and comparing, by the second one of the client components, the first message with the second message to confirm that the first one of the client components possesses the shared key to thereby authenticate the first one of the client components. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method of establishing and authenticating a peer connection between a first device and a second device, the first device and the second device having authenticated connections to a server, said method comprising:
-
enabling the first device and the second device to exchange, through the server, a shared key in encrypted form via the authenticated connections to the server; receiving, via the authenticated connections to the server, a request from the first device for an identifier associated with the second device; transmitting, via the authenticated connections to the server, the requested identifier to the first device, wherein the first device and the second device establish the peer connection based on the identifier, said peer connection excluding the server; enabling the first device and the second device to exchange said shared key in encrypted form via the established, peer connection; comparing said shared key exchanged via the peer connection with said shared key exchanged via the authenticated connections to the server; enabling the first device and the second device to authenticate each other responsive to said comparing by verifying, by the first device and the second device, that said shared key exchanged via the peer connection corresponds to said shared key exchanged via the authenticated connections to the server, wherein the first device encrypts a first message using the shared key and transmits the encrypted first message to the second device via the peer-to-peer connection, wherein the second device decrypts the first message using the shared key to create a second message and transmits the second message to the first device via the peer-to-peer connection to enable the first device to confirm that the second device possesses the shared key to thereby authenticate the second device. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. One or more computer storage media having computer-executable components comprising:
-
a server component; one or more client components, wherein each of the client components has a authenticated connection to the server component, and wherein the server component interacts with each of the client components via the authenticated connection to establish a peer connection between one or more of the client components, said established peer connection excluding the server; and at least one communicative application program associated with a first one of the client components, said communicative application program configured to interface with said first one of the client components to transmit through the server component a shared key in encrypted form from said first one of the client components to a second one of the client components via said authenticated connection to the server component, and said communicative application program configured to establish the peer connection between the first one of the client components and the second one of the client components using said shared key, said communicative application program further configured to interface with said first one of the client components to transmit said shared key in encrypted form from said first one of the client components to said second one of the client components via said established peer connection, wherein said second one of the client components receives said shared key transmitted from said first one of the client components and further transmits the received shared key back to said first one of the client components via said established peer connection, wherein said communicative application program is configured to interface with said first one of the client components to receive said shared key from said second one of the client components via the established peer connection and to compare said shared key received from said second one of the client components via said established peer connection with said shared key transmitted from said first one of the client components to said second one of the client components via said authenticated connection to the server component, wherein the communicative application program then authenticates said second one of the client components responsive to the comparison by verifying that said shared key received from said second one of the client components via said established peer connection corresponds to said shared key transmitted from said first one of the client components to said second one of the client components via said authenticated connections to the server component;
wherein the first one of the client components encrypts a first message using the shared key and transmits the encrypted first message to the second one of the client components via the peer connection, wherein the second one of the client components decrypts the first message using the shared key to create a second message and transmits the second message to the first one of the client components via the peer connection to enable the first one of the client components to confirm that the second one of the client components possesses the shared key to thereby authenticate the second one of the client components. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A method of securing information between a first device and a second device, the method comprising:
-
establishing authenticated connections to a server from the first device and from the second device, wherein the first device encrypts a shared key using a public key associated with the second device and transmits said shared key as encrypted using the public key associated with the second device to the server via said authenticated connection and from the server to the second device via said authenticated connection; decrypting, in the second device, said shared key received from the first device; establishing a peer connection between the first device and the second device, said peer connection excluding the server; encrypting, in the second device, said shared key received from the first device using a public key associated with the first device; transmitting said shared key as encrypted using the public key associated with the first device from the second device to the first device via said peer connection, wherein the first device decrypts said shared key received from the second device; and confirms that said shared key received from the second device via said peer connection is the same as said shared key transmitted to the second device via said authenticated connections to the server to thereby authenticate the second device; and encrypting, by the second device, a first message using the shared key; transmitting the encrypted first message from the second device to the first device via the peer connection, wherein the first device decrypts the received encrypted message using the shared key to create a second message; receiving, by the second device, the decrypted second message from the first device via the peer connection; and comparing, by the second device, the first message with the second message to confirm that the first device possesses the shared key to thereby authenticate the first device. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A method of securing information between a first device and a second device, the method comprising:
-
establishing authenticated connections to a server from the first device and from the second device; encrypting, in the first device, a shared key using a public key associated with the second device; transmitting said shared key as encrypted using the public key associated with the second device from the first device to the common server via said authenticated connection and from the common server to the second device via said authenticated connection, wherein the second device decrypts said shared key received from the first device; establishing a peer connection between the first device and the second device, said peer connection excluding the common server; transmitting said shared key as encrypted using the public key associated with the second device from the first device to the second device via said peer connection, wherein the second device decrypts said shared key received from the first device via said peer connection, wherein the second device confirms that said shared key received from the first device via said peer connection is the same as said shared key received from the first device via said authenticated connections to the server to thereby authenticate the first device; encrypting, by the first device, a first message using the shared key; transmitting the encrypted first message from the first device to the second device via the peer connection, wherein the second device decrypts the received encrypted message using the shared key to create a second message; receiving, by the first device, the decrypted second message from the second device via the peer connection; and comparing, by the first device, the first message with the second message to confirm that the second device possesses the shared key to thereby authenticate the second device. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51)
-
Specification