Enhanced authorization process using digital signatures

US 8,321,663 B2
Filed: 12/31/2009
Issued: 11/27/2012
Est. Priority Date: 12/31/2009
Status: Active Grant

First Claim

Patent Images

1. A method for enhancing security of a communication session between a client and a server which employ a key management protocol, comprising:

sending, by the client, a first message to the server over a communications network requesting a secure communication session therewith, said message including an identity of the client requesting the authenticated communication session;

receiving, by the client, from the server, over the communications network a digital certificate issued by a certifying source verifying information contained in the digital certificate, wherein said digital certificate includes a plurality of fields, one or more of said fields being transformed in accordance with a transformation algorithm;

applying a reverse transform to the one or more transformed fields to obtain the one or more fields and validating the digital certificate; and

sending, by the client, a second message to the server indicating that validation is complete.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for enhancing security of a communication session between first and second endpoints which employs a key management protocol. The method includes sending a first message to a first end point over a communications network requesting a secure communication session therewith. The message includes an identity of a second end point requesting the authenticated communication session. A digital certificate is received from the first endpoint over the communications network. The digital certificate is issued by a certifying source verifying information contained in the digital certificate. The digital certificate includes a plurality of fields, one or more of which are transformed in accordance with a transformation algorithm. A reverse transform is applied to the one or more transformed fields to obtain the one or more fields. The digital certificate is validated and a second message is sent to the first endpoint indicating that validation is complete.

53 Citations

View as Search Results

22 Claims

1. A method for enhancing security of a communication session between a client and a server which employ a key management protocol, comprising:
- sending, by the client, a first message to the server over a communications network requesting a secure communication session therewith, said message including an identity of the client requesting the authenticated communication session;
  
  receiving, by the client, from the server, over the communications network a digital certificate issued by a certifying source verifying information contained in the digital certificate, wherein said digital certificate includes a plurality of fields, one or more of said fields being transformed in accordance with a transformation algorithm;
  
  applying a reverse transform to the one or more transformed fields to obtain the one or more fields and validating the digital certificate; and
  
  sending, by the client, a second message to the server indicating that validation is complete.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein sending and receiving are performed in accordance with an Extensible Authentication Protocol (EAP).
  - 3. The method of claim 1 wherein the digital certificate conforms to a pre-established standard.
  - 4. The method of claim 3 wherein the pre-established standard is X.509.
  - 5. The method of claim 3 wherein the one or more fields in the digital certificate that are transformed are not fully specified by the standard.
  - 6. The method of claim 3 wherein the pre-established standard is X.509 and the one or more fields that are transformed are optional or not fully specified attribute fields in a distinguished name field.
  - 7. The method of claim 1 further comprising receiving a public key from the server for use in accordance with a key management protocol and wherein the digital certificate verifies that the public key is associated with the server.
  - 8. The method of claim 1 wherein the server is a content server and the communications session is established to receive content from the content server.
  - 9. The method of claim 1 wherein the server is a conditional access system server.
  - 10. The method of claim 1 wherein the server is a Home Authentication, Authorization, Accounting (H-AAA) server associated with the communications network and the communications session is established to gain access to the communications network.
  - 11. The method of claim 1 wherein the transformation algorithm is a patented or otherwise proprietary transformation algorithm.

12. A method of providing a client device access to a communications network, comprising:
- receiving from the client device over the communications network a first message requesting access to network services, said message including an identity of the client device requesting access;
  
  sending to the client device over the communications network a digital certificate verifying credentials of an H-AAA server associated with the communications network, wherein said digital certificate includes a plurality of fields, one or more of said fields being encrypted in accordance with an encryption algorithm; and
  
  receiving a second message from the client device indicating that validation of the digital certificate is complete.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12 wherein the transformation algorithm is a patented or otherwise proprietary algorithm.
  - 14. The method of claim 12 wherein the communications network is a wireless communications network.
  - 15. The method of claim 14 wherein the wireless communications network is a WiMAX network.

16. A method of gaining access to a communications network, comprising:
- sending, by a client device, a first message to an access point in the communications network requesting access to network services, said message including an identity of the client device requesting access;
  
  receiving, by the client device from the access point, a digital certificate from a H-AAA server associated with the communications network, wherein said digital certificate including a plurality of fields, one or more of said fields being transformed in accordance with a transformation algorithm;
  
  applying a reverse transformation to the one or more transformed fields and validating the H-AAA server certificate; and
  
  sending, by the client device, a second message to the access point indicating that validation is complete.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method of claim 16 wherein sending and receiving are performed in accordance with an Extensible Authentication Protocol (EAP).
  - 18. The method of claim 16 wherein the digital certificate conforms to a pre-established standard.
  - 19. The method of claim 18 wherein the pre-established standard is X.509.
  - 20. The method of claim 18 wherein the one or more fields in the digital certificate that are transformed are not fully specified by the standard.
  - 21. The method of claim 18 wherein the pre-established standard is X.509 and the one or more fields that are transformed are optional or not fully specified attribute fields in a distinguished name field.
  - 22. The method of claim 16 further comprising receiving a public key from the H-AAA server for use in accordance with a key management protocol and wherein the H-AAA server certificate verifies that the public key is associated with the H-AAA server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Medvinsky, Alexander, Chan, Tat Keung, Sprunk, Eric J.
Primary Examiner(s)
Song, Hosuk

Application Number

US12/650,943
Publication Number

US 20110161661A1
Time in Patent Office

1,062 Days
Field of Search

713168-171, 713/173, 713/156, 713175-176, 380/277, 380/282, 380/285, 726 2- 5, 726/10
US Class Current

713/156
CPC Class Codes

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless network architectu...

H04L 63/0823   using certificates cryptogr...

H04L 63/162   at the data link layer

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04W 12/069   using certificates or pre-s...

Enhanced authorization process using digital signatures

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Enhanced authorization process using digital signatures

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links