Enhanced authorization process using digital signatures
First Claim
1. A method for enhancing security of a communication session between a client and a server which employ a key management protocol, comprising:
- sending, by the client, a first message to the server over a communications network requesting a secure communication session therewith, said message including an identity of the client requesting the authenticated communication session;
receiving, by the client, from the server, over the communications network a digital certificate issued by a certifying source verifying information contained in the digital certificate, wherein said digital certificate includes a plurality of fields, one or more of said fields being transformed in accordance with a transformation algorithm;
applying a reverse transform to the one or more transformed fields to obtain the one or more fields and validating the digital certificate; and
sending, by the client, a second message to the server indicating that validation is complete.
4 Assignments
0 Petitions
Accused Products
Abstract
A method is provided for enhancing security of a communication session between first and second endpoints which employs a key management protocol. The method includes sending a first message to a first end point over a communications network requesting a secure communication session therewith. The message includes an identity of a second end point requesting the authenticated communication session. A digital certificate is received from the first endpoint over the communications network. The digital certificate is issued by a certifying source verifying information contained in the digital certificate. The digital certificate includes a plurality of fields, one or more of which are transformed in accordance with a transformation algorithm. A reverse transform is applied to the one or more transformed fields to obtain the one or more fields. The digital certificate is validated and a second message is sent to the first endpoint indicating that validation is complete.
53 Citations
22 Claims
-
1. A method for enhancing security of a communication session between a client and a server which employ a key management protocol, comprising:
-
sending, by the client, a first message to the server over a communications network requesting a secure communication session therewith, said message including an identity of the client requesting the authenticated communication session; receiving, by the client, from the server, over the communications network a digital certificate issued by a certifying source verifying information contained in the digital certificate, wherein said digital certificate includes a plurality of fields, one or more of said fields being transformed in accordance with a transformation algorithm; applying a reverse transform to the one or more transformed fields to obtain the one or more fields and validating the digital certificate; and sending, by the client, a second message to the server indicating that validation is complete. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of providing a client device access to a communications network, comprising:
-
receiving from the client device over the communications network a first message requesting access to network services, said message including an identity of the client device requesting access; sending to the client device over the communications network a digital certificate verifying credentials of an H-AAA server associated with the communications network, wherein said digital certificate includes a plurality of fields, one or more of said fields being encrypted in accordance with an encryption algorithm; and receiving a second message from the client device indicating that validation of the digital certificate is complete. - View Dependent Claims (13, 14, 15)
-
-
16. A method of gaining access to a communications network, comprising:
-
sending, by a client device, a first message to an access point in the communications network requesting access to network services, said message including an identity of the client device requesting access; receiving, by the client device from the access point, a digital certificate from a H-AAA server associated with the communications network, wherein said digital certificate including a plurality of fields, one or more of said fields being transformed in accordance with a transformation algorithm; applying a reverse transformation to the one or more transformed fields and validating the H-AAA server certificate; and sending, by the client device, a second message to the access point indicating that validation is complete. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification