Method and system for authentification of a mobile user via a gateway
First Claim
Patent Images
1. A method comprising:
- a gateway computer receiving a first party certificate from a first party, said first party certificate being signed and including a name identifying said first party;
in response to receiving said first party certificate, said gateway computer generating a new first party certificate, different from a certificate generated for the first party by a certificate authority, said new certificate including said name identifying said first party, but also including a gateway-generated first party public key, and said gateway computer signing said new certificate using a gateway private key;
supplying said new certificate from the gateway computer to a second party, the new certificate identifying the gateway as the first party, the first party being different from the gateway computer;
using said first party certificate to establish a first secure communication link between said first party and said gateway computer; and
using said new certificate to establish a second secure communication link between said second party and said gateway computer, and wherein said gateway computer uses said first and second communication links to conduct secure communications between said first and second parties.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for establishing secure communications between two entities, such as a server and a client, may involve the use of an intermediate gateway. Each party may establish a secure communication link with the gateway, and the gateway may provide signed certificates to each party, each certificate identifying the gateway as the other party for purposes of the communication. The gateway may then facilitate the secure communications between the two parties, and may perform data translation on the communications. The identification information may be contained within the certificates used by the gateway.
39 Citations
22 Claims
-
1. A method comprising:
-
a gateway computer receiving a first party certificate from a first party, said first party certificate being signed and including a name identifying said first party; in response to receiving said first party certificate, said gateway computer generating a new first party certificate, different from a certificate generated for the first party by a certificate authority, said new certificate including said name identifying said first party, but also including a gateway-generated first party public key, and said gateway computer signing said new certificate using a gateway private key; supplying said new certificate from the gateway computer to a second party, the new certificate identifying the gateway as the first party, the first party being different from the gateway computer; using said first party certificate to establish a first secure communication link between said first party and said gateway computer; and using said new certificate to establish a second secure communication link between said second party and said gateway computer, and wherein said gateway computer uses said first and second communication links to conduct secure communications between said first and second parties. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method, comprising:
-
establishing a first secure communication session between a client and a gateway computer by the gateway computer providing said client with a signed certificate identifying the gateway computer as a server, the gateway computer being different from the server; establishing a second secure communication session between said server and said I gateway computer by providing said server with a second signed certificate identifying the gateway computer as the client, the gateway computer being different from the client; and prior to establishing the second secure communication session, said gateway computer generating a public/private key pair for said client, generating the second signed certificate containing said public key for said client and being signed by a private key of the gateway, the second signed certificate being different from a certificate generated for the client by a certificate authority, and sending said second signed certificate to said server to establish the second secure communication session. - View Dependent Claims (20)
-
-
21. An apparatus comprising:
-
a gateway computer configured to; establish a first secure communication session between a client and said gateway computer by providing said client with a signed certificate identifying the gateway computer as a server, the gateway computer being different from the server; establish a second secure communication session between said server and said gateway computer by providing said server with a second signed certificate identifying the gateway computer as the client, the gateway computer being different than the client; generate a public/private key pair for said client; generate, prior to establishing the second secure communication session, the second signed certificate containing said public key for said client and being signed by a private key of the gateway computer, the second signed certificate being different from a certificate generated for the client by a certificate authority; and transmit the second signed certificate to the server to establish the second secure communication session. - View Dependent Claims (22)
-
Specification