Two-way authentication using a combined code
First Claim
1. A device comprising:
- one or more device-readable storage media encoded with device executable instructions for performing a method comprising;
identifying in a combined code at least two sets of data for authentication, the combined code being received out-of-band and comprising a combined code hash of the at least two sets of data from which an encoding scheme of the at least two sets of data can be determined;
sending a connection request to a target service;
receiving a certificate from the target service for establishing a secure channel;
validating the certificate with a first set of data included in the combined code, the first set of data including a first hash of a public key associated with the certificate; and
when the certificate is validated, identifying in the combined code a second set of data that includes a credential for authentication, and providing the credential to the target service.
2 Assignments
0 Petitions
Accused Products
Abstract
An authentication process using a combined code as a shared secret between a client and target service is provided. The combined code is provided out-of-band and includes data to perform two-way authentication for both the client and the target service. The target service may provide the client with a certificate to establish a secure channel. The client may use the data in the combined code to validate the target service. When the target service is validated, the client may provide credentials in the combined code to the target service for authentication. In one example implementation, the combined code includes a hash of a public key. The client may compute another hash of another public key in the certificate provided by the target service and validate the service by comparing the hash in the combined code and the computed hash.
-
Citations
18 Claims
-
1. A device comprising:
-
one or more device-readable storage media encoded with device executable instructions for performing a method comprising; identifying in a combined code at least two sets of data for authentication, the combined code being received out-of-band and comprising a combined code hash of the at least two sets of data from which an encoding scheme of the at least two sets of data can be determined; sending a connection request to a target service; receiving a certificate from the target service for establishing a secure channel; validating the certificate with a first set of data included in the combined code, the first set of data including a first hash of a public key associated with the certificate; and when the certificate is validated, identifying in the combined code a second set of data that includes a credential for authentication, and providing the credential to the target service. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A server device comprising:
-
at least one memory; and at least one processing unit configured to; offer services to a client through a network connection; provide a combined code containing data for the client to authenticate the server device and a certificate to establish a secure channel with the client, the data comprising a hash of a public key included in the certificate, the combined code being provided to the client out-of-band, the combined code also containing a first credential and a combined code hash of the combined code to enable the client to determine an encoding scheme of at least the hash of the public key, the certificate including data verifiable by the data in the combined code; receive a second credential from the client via an established secure channel; and authenticate the client by comparing the second credential with the first credential. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented system for establishing a connection between a client and a target service comprising:
at least one processing unit configured to; incorporate data in a combined code for the client and the target service to perform mutual authentication; provide the combined code to the client out-of-band; enable the client to authenticate the target service using the data in the combined code, the data including a first hash of a public key in the combined code and a combined code hash of the combined code to enable the client to determine an encoding format of the first hash of the public key; and enable the client to identify a credential in the combined code and provide the credential to the target service for authentication. - View Dependent Claims (15, 16, 17, 18)
Specification