Server authentication verification method on user terminal at the time of extensible authentication protocol authentication for internet access
First Claim
1. A server certificate verification method performed by a wireless LAN user terminal during Extensible Authentication Protocol authentication for Internet access, the method comprising:
- (a) receiving a server certificate from a wireless LAN authentication server, and transmitting a server certificate verification request message of the server certificate to the wireless LAN authentication server via a wireless LAN access server;
(b) transmitting by the wireless LAN authentication server an On-line Certificate Status Protocol request message to an On-line Certificate Status Protocol (OCSP) server to verify the server certificate;
(c) receiving a result of the server certificate verification performed by the OCSP server using an Extensible Authentication Protocol packet from the wireless LAN authentication server; and
(d) determining whether the result of the server certificate verification is valid.
1 Assignment
0 Petitions
Accused Products
Abstract
A server certificate verification method in a terminal during. Extensible Authentication Protocol authentication for Internet access is provided, the method including (a) receiving a server certificate from a wireless LAN authentication server, and transmitting a server certificate verification request message of the server certificate to a wireless LAN authentication server via a wireless LAN access server; (b) transmitting by the wireless LAN authentication server an On-line Certificate Status Protocol request message to an On-line Certificate Status Protocol server to verify the server certificate; (c) receiving a result of the server certificate verification performed by the OCSP server using an Extensible Authentication Protocol packet from the wireless LAN authentication server; and (d) determining whether the result of the server certificate verification is valid.
27 Citations
6 Claims
-
1. A server certificate verification method performed by a wireless LAN user terminal during Extensible Authentication Protocol authentication for Internet access, the method comprising:
-
(a) receiving a server certificate from a wireless LAN authentication server, and transmitting a server certificate verification request message of the server certificate to the wireless LAN authentication server via a wireless LAN access server; (b) transmitting by the wireless LAN authentication server an On-line Certificate Status Protocol request message to an On-line Certificate Status Protocol (OCSP) server to verify the server certificate; (c) receiving a result of the server certificate verification performed by the OCSP server using an Extensible Authentication Protocol packet from the wireless LAN authentication server; and (d) determining whether the result of the server certificate verification is valid.
-
-
2. A server certificate verification method in a user terminal during Extensible Authentication Protocol authentication for Internet access, the method comprising:
-
(a) receiving a server certificate from a wireless LAN authentication server and transmitting a server certificate verification request message to the wireless LAN authentication server via a wireless LAN access server; (b) transmitting an On-line Certificate Status Protocol (OCSP) request message to an On-line Certificate Status Protocol server to verify the server certificate; (c) receiving a result of the server certificate verification performed by the OCSP server using an Extensible Authentication Protocol packet from the wireless LAN authentication server; (d) transmitting a certificate and a key message of the user terminal to the wireless LAN authentication server when the result of the server certificate verification is valid; (e) transmitting by the wireless LAN authentication server an Online Certificate Status Protocol message to the Online Certificate Status Protocol server to verify the certificate of the user terminal in response to the certificate and the message of the user terminal; (f) receiving a server finished message in response to a result of the user terminal certificate verification performed by the Online Certificate Status Protocol server, from the wireless LAN authentication server; and (g) recognizing that authentications of the user terminal and the wireless LAN authentication server are successfully performed when the server finished message transmitted from the wireless LAN authentication server is valid.
-
-
3. The method of one of claims 1 and 2, wherein the operation (a) comprises:
-
(a-1) receiving the server certificate via an Extensible Authentication Protocol method unit; (a-2) generating the server certificate verification request message in an Extensible Authentication Process authentication unit; and (a-3) transmitting the server certificate verification request message to the wireless LAN authentication server.
-
-
4. The method of one of claims 1 and 2, wherein the operation (b) comprises:
-
(b-1) receiving the server certificate verification request message via an Extensible Authentication Protocol authentication unit; (b-2) requesting an Online Certificate Status Protocol message generation unit to generate an Online Certificate Status Protocol request message from the Extensible Authentication Protocol authentication unit; (b-3) transmitting the Online Certificate Status Protocol request message to the Online Certificate Status Protocol server from the Online Certificate Status Protocol message generation unit; and (b-4) verifying the server certificate in response to the Online Certificate Status Protocol request message with an Online Certificate Status Protocol message process unit of the Online Certificate Status Protocol server.
-
-
5. The method of one of claims 1 and 2, wherein a message used in the verification, method comprises:
-
a code area storing a code value indicating a type of the message and an extensible code to verify the server certificate; an identifier area storing an identifier value identifying the message; a message length area storing a value of the message length; and a data area storing additional data of the message.
-
-
6. A computer readable storage medium which stores a program for executing the method of one of claims 1 and 2 in a computer.
Specification