TLS tunneling
First Claim
1. A method of authentication between a client and a server, the method comprising:
- negotiating the use of an extensible authentication protocol;
receiving from the server, using the extensible authentication protocol, a first request packet requesting to use a protected extensible authentication protocol;
transmitting a first response packet, using the extensible authentication protocol, to the server agreeing to use the protected extensible authentication protocol, wherein the protected extensible authentication protocol is used in transmitting and receiving further authentication packets between the client and the server;
receiving a second request packet from the server with information for establishing a secure communication tunnel between the client and the server and for authenticating the server to the client;
authenticating the server;
transmitting a second response packet to the server establishing the secure communication tunnel between the client and the server;
receiving a third request packet sent by the server within the secure communication tunnel, the third request packet requesting an identity for authenticating the client;
transmitting a third response packet within the secure communication tunnel to the server with the identity;
receiving a fourth request packet sent by the server within the secure communication tunnel, the fourth request packet proposing an inner extensible authentication protocol method for authenticating the client;
transmitting a fourth response packet to the server within the secure communication tunnel, the fourth request packet agreeing to the inner extensible authentication protocol method; and
authenticating the client within the secure communication tunnel using the inner extensible authentication protocol method.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication protocol can be used to establish a secure method of communication between two devices on a network. Once established, the secure communication can be used to authenticate a client through various authentication methods, providing security in environments where intermediate devices cannot be trusted, such as wireless networks, or foreign network access points. Additionally, the caching of session keys and other relevant information can enable the two securely communicating endpoints to quickly resume their communication despite interruptions, such as when one endpoint changes the access point through which it is connected to the network. Also, the secure communication between the two devices can enable users to roam off of their home network, providing a mechanism by which access through foreign networks can be granted, while allowing the foreign network to monitor and control the use of its bandwidth.
-
Citations
33 Claims
-
1. A method of authentication between a client and a server, the method comprising:
-
negotiating the use of an extensible authentication protocol; receiving from the server, using the extensible authentication protocol, a first request packet requesting to use a protected extensible authentication protocol; transmitting a first response packet, using the extensible authentication protocol, to the server agreeing to use the protected extensible authentication protocol, wherein the protected extensible authentication protocol is used in transmitting and receiving further authentication packets between the client and the server; receiving a second request packet from the server with information for establishing a secure communication tunnel between the client and the server and for authenticating the server to the client; authenticating the server; transmitting a second response packet to the server establishing the secure communication tunnel between the client and the server; receiving a third request packet sent by the server within the secure communication tunnel, the third request packet requesting an identity for authenticating the client; transmitting a third response packet within the secure communication tunnel to the server with the identity; receiving a fourth request packet sent by the server within the secure communication tunnel, the fourth request packet proposing an inner extensible authentication protocol method for authenticating the client; transmitting a fourth response packet to the server within the secure communication tunnel, the fourth request packet agreeing to the inner extensible authentication protocol method; and authenticating the client within the secure communication tunnel using the inner extensible authentication protocol method. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of authenticating a client, the method comprising:
-
negotiating the use of an extensible authentication protocol with the client; transmitting to the client a first request packet, using the extensible authentication protocol, requesting to use a protected extensible authentication protocol; receiving from the client a first response packet, using the extensible authentication protocol, agreeing to use the protected extensible authentication protocol, wherein the protected extensible authentication protocol is used in transmitting and receiving further authentication packets; transmitting a second request packet to the client with information for establishing a secure communication tunnel; receiving a second response packet from the client establishing the secure communication tunnel; transmitting a third request packet to the client within the secure communication tunnel, the third request packet requesting an identity for authenticating the client; receiving a third response packet within the secure communication tunnel with the identity; transmitting a fourth request packet to the client within the secure communication tunnel, the fourth request packet proposing an inner extensible authentication protocol method for authenticating the client; receiving a fourth response packet within the secure communication tunnel, the fourth request packet agreeing to the inner extensible authentication protocol method; and authenticating the client within the secure communication tunnel using the inner extensible authentication protocol method. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer storage medium storing computer executable instructions that when executed perform a method comprising:
-
negotiating the use of an extensible authentication protocol with the client; transmitting to the client a first request packet, using the extensible authentication protocol, requesting to use a protected extensible authentication protocol; receiving from the client a first response packet, using the extensible authentication protocol, agreeing to use the protected extensible authentication protocol, wherein the protected extensible authentication protocol is used in transmitting and receiving further authentication packets; transmitting a second request packet to the client with information for establishing a secure communication tunnel; receiving a second response packet from the client establishing the secure communication tunnel; transmitting a third request packet to the client within the secure communication tunnel, the third request packet requesting an identity for authenticating the client; receiving a third response packet within the secure communication tunnel with the identity; transmitting a fourth request packet to the client within the secure communication tunnel, the fourth request packet proposing an inner extensible authentication protocol method for authenticating the client; receiving a fourth response packet within the secure communication tunnel, the fourth request packet agreeing to the inner extensible authentication protocol method; and authenticating the client within the secure communication tunnel using the inner extensible authentication protocol method. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification