Systems and methods for mutual authentication of network nodes
First Claim
1. A method comprising:
- receiving, at an authentication server, a communication from a client, the communication having been sent wirelessly from the client to an access point and from the access point to the authentication server, the communication associated with a credential, the credential having a user identifier and a first token;
determining, at the authentication server, a second token associated with the user identifier, wherein the second token is independently stored on the client such that the second token is not transmitted between the client and authentication server but is available on both the client and the authentication server;
generating, at the authentication server, an encryption key based at least in part on the second token, wherein the encryption key is not transmitted between the client and authentication server but is available on both the client and authentication server since each can generate the encryption key using the second token;
receiving, at the authentication server, an authentication message from the client, wherein the authentication message was encrypted at the client using the encryption key, wherein the encryption key was generated at the client using the second token;
decrypting, at the authentication server, the authentication message using the encryption key, wherein the authentication message encrypted using the encryption key allows the authentication server to authenticate the client; and
transmitting, from the authentication server to the client, an authentication reply encrypted using the encryption key, wherein the authentication reply encrypted using the encryption key allows the client to authenticate the authentication server.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for mutual encryption of network nodes are described. One described method includes transmitting a communication from a client to a server, the communication associated with a credential, the credential having a user identifier and a first token and receiving the communication at the server. The method further includes determining a second token associated with the user identifier on the server and on the client and generating an encryption key based at least in part on the second token on the server and on the client. The method further includes generating and encrypting an encrypted authentication request on the client; transmitting the encrypted authentication request to the server; receiving the encrypted authentication request on the server; decrypting the encrypted authentication request using the encryption key on the server; generating and encrypting an encrypted authentication response on the server; and transmitting the encrypted authentication response to the client.
89 Citations
26 Claims
-
1. A method comprising:
-
receiving, at an authentication server, a communication from a client, the communication having been sent wirelessly from the client to an access point and from the access point to the authentication server, the communication associated with a credential, the credential having a user identifier and a first token; determining, at the authentication server, a second token associated with the user identifier, wherein the second token is independently stored on the client such that the second token is not transmitted between the client and authentication server but is available on both the client and the authentication server; generating, at the authentication server, an encryption key based at least in part on the second token, wherein the encryption key is not transmitted between the client and authentication server but is available on both the client and authentication server since each can generate the encryption key using the second token; receiving, at the authentication server, an authentication message from the client, wherein the authentication message was encrypted at the client using the encryption key, wherein the encryption key was generated at the client using the second token; decrypting, at the authentication server, the authentication message using the encryption key, wherein the authentication message encrypted using the encryption key allows the authentication server to authenticate the client; and transmitting, from the authentication server to the client, an authentication reply encrypted using the encryption key, wherein the authentication reply encrypted using the encryption key allows the client to authenticate the authentication server. - View Dependent Claims (2)
-
-
3. A method comprising:
-
transmitting from a client a communication, the communication associated with a credential, the credential having a user identifier and a first token, wherein the communication is sent wirelessly via a first communication channel from the client to an access point and via a second communication channel from the access point to an authentication server; determining, at the client, a second token associated with the user identifier, wherein the second token is independently stored on the client such that the second token is not transmitted between the client and authentication server but is available on both the client and the authentication server; generating, at the client, an encryption key based at least in part on the second token, wherein the encryption key is not transmitted between the client and authentication server but is available on both the client and authentication server since each can generate the encryption key using the second token; transmitting an authentication message from the client to the authentication server, wherein the authentication message was encrypted using the encryption key, wherein the authentication message encrypted using the encryption key allows the authentication server to authenticate the client; receiving, at the client, from the authentication server an authentication response encrypted using the encryption key, wherein the encryption key on the authentication server was generated on the authentication server using the second token; and decrypting, at the client, the authentication response using the encryption key, wherein the authentication response encrypted using the encryption key allows the client to authenticate the authentication server. - View Dependent Claims (4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
transmitting a communication from a client to an authentication server, the communication associated with a credential, the credential having a user identifier and a first token, wherein the communication is sent wirelessly from the client to an access point and from the access point to an authentication server; receiving the communication at the authentication server; determining a second token associated with the user identifier on the authentication server and on the client, wherein the second token is independently stored on the client such that the second token is not transmitted between the client and authentication server but is available on both the client and the authentication server; generating an encryption key based at least in part on the second token on the authentication server and on the client, wherein the encryption key is not transmitted between the client and authentication server but is available on both the client and authentication server since each can generate the encryption key using the second token; generating and encrypting an encrypted authentication request using the encryption key on the client; transmitting the encrypted authentication request from the client to the authentication server; receiving the encrypted authentication request on the authentication server; decrypting the encrypted authentication request using the encryption key on the authentication server, wherein the authentication request encrypted using the encryption key allows the authentication server to authenticate the client; generating and encrypting an encrypted authentication response using the encryption key on the authentication server; and transmitting the encrypted authentication response to the client, wherein the authentication response encrypted using the encryption key allows the client to authenticate the authentication server.
-
-
11. A non-transitory computer-readable medium on which is encoded program code, the program code comprising:
-
program code for receiving at an authentication server, a communication from a client, the communication having been sent wirelessly from the client to an access point and from the access point to the authentication server, the communication associated with a credential, the credential having a user identifier and a first token; program code for determining, at the authentication server, a second token associated with the user identifier, wherein the second token is independently stored on the client such that the second token is not transmitted between the client and authentication server but is available on both the client and the authentication server; program code for generating, at the authentication server, an encryption key based at least in part on the second token, wherein the encryption key is not transmitted between the client and authentication server but is available on both the client and authentication server since each can generate the encryption key using the second token; program code for receiving, at the authentication server, an authentication message from the client, wherein the authentication message was encrypted at the client using the encryption key, wherein the encryption key was generated on the client using the second token; program code for decrypting, at the authentication server, the authentication message using the encryption key, wherein the authentication message encrypted using the encryption key allows the authentication server to authenticate the client; and program code for transmitting, at the authentication server to the client, an authentication reply encrypted using the encryption key, wherein the authentication reply encrypted using the encryption key allows the client to authenticate the authentication server. - View Dependent Claims (12)
-
-
13. A non-transitory computer-readable medium on which is encoded program code, the program code comprising:
-
program code for transmitting from a client a communication, the communication associated with a credential, the credential having a user identifier and a first token, wherein the communication is sent wirelessly via a first communication channel from the client to an access point and via a second communication channel from the access point to an authentication server; program code for determining, at the client, a second token associated with the user identifier, wherein the second token is independently stored on the client such that the second token is not transmitted between the client and authentication server but is available on both the client and the authentication server; program code for generating, at the client, an encryption key based at least in part on the second token, wherein the encryption key is not transmitted between the client and authentication server but is available on both the client and authentication server since each can generate the encryption key using the second token; program code for transmitting an authentication message from the client to the authentication server, wherein the authentication message was encrypted using the encryption key, wherein the authentication message encrypted using the encryption key allows the authentication server to authenticate the client; program code for receiving, at the client, from the authentication server an authentication response encrypted using the encryption key, wherein the encryption key on the authentication server was generated on the authentication server using the second token; and program code for decrypting, at the client, the authentication response using the encryption key, wherein the authentication response encrypted using the encryption key allows the client to authenticate the authentication server. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A non-transitory computer-readable medium on which is encoded program code, the program code comprising:
-
program code for transmitting a communication from a client to an authentication server, the communication associated with a credential, the credential having a user identifier and a first token, wherein the communication is sent wirelessly from the client to an access point and from the access point to an authentication server; program code for receiving the communication at the authentication server; program code for determining a second token associated with the user identifier on the authentication server and on the client, wherein the second token is independently stored on the client such that the second token is not transmitted between the client and authentication server but is available on both the client and the authentication server; program code for generating an encryption key based at least in part on the second token on the authentication server and on the client, wherein the encryption key is not transmitted between the client and authentication server but is available on both the client and authentication server since each can generate the encryption key using the second token; program code for generating and encrypting an encrypted authentication request using the encryption key on the client; program code for transmitting the encrypted authentication request from the client to the authentication server; program code for receiving the encrypted authentication request on the authentication server; program code for decrypting the encrypted authentication request using the encryption key on the authentication server, wherein the authentication request encrypted using the encryption key allows the authentication server to authenticate the client; program code for generating and encrypting an encrypted authentication response using the encryption key on the authentication server; and program code for transmitting the encrypted authentication response to the client, wherein the authentication response encrypted using the encryption key allows the client to authenticate the authentication server.
-
-
19. A system comprising:
an authentication server operable to; receive, at the authentication server, a communication from a client, the communication associated with a credential, the credential having a user identifier and a first token, wherein the communication is sent wirelessly from the client to an access point and from the access point to the authentication server; determine a second token associated with the user identifier on the authentication server, wherein the second token is independently stored on the client such that the second token is not transmitted between the client and authentication server but is available on both the client and the authentication server; generate an encryption key based at least in part on the second token on the authentication server, wherein the encryption key is not transmitted between the client and authentication server but is available on both the client and authentication server since each can generate the encryption key using the second token; receive, at the authentication server, an authentication message from the client, wherein the authentication message was encrypted at the client using the encryption key, wherein the encryption key was generated on the client using the second token; decrypt, at the authentication server, the authentication message using the encryption key, wherein the authentication message encrypted using the encryption key allows the authentication server to authenticate the client; and transmit, from the authentication server, an authentication reply encrypted using the encryption key to the client, wherein the authentication reply encrypted using the encryption key allows the client to authenticate the authentication server. - View Dependent Claims (20)
-
21. A system comprising:
a client device operable to; transmit to an authentication server a communication, the communication associated with a credential, the credential having a user identifier and a first token, wherein the communication is sent wirelessly via a first communication channel from the client to an access point and via a second communication channel from the access point to an authentication server; determine, at the client, a second token associated with the user identifier, wherein the second token is independently stored on the client such that the second token is not transmitted between the client and authentication server but is available on both the client and the authentication server;
;generate, at the client, an encryption key based at least in part on the second token, wherein the encryption key is not transmitted between the client and authentication server but is available on both the client and authentication server since each can generate the encryption key using the second token; transmit an authentication message from the client to the authentication server, wherein the authentication message was encrypted using the encryption key, wherein the authentication message encrypted using the encryption key allows the authentication server to authenticate the client; receive, at the client, from the authentication server an authentication response encrypted using the encryption key, wherein the encryption key on the authentication server was generated on the authentication server using the second token; and decrypt, at the client, the authentication response using the encryption key, wherein the authentication response encrypted using the encryption key allows the client to authenticate the authentication server. - View Dependent Claims (22, 23, 24, 25, 26)
Specification