System and method for facilitating secure online transactions
First Claim
1. A method for mutually authenticating a client and a server, the method comprising:
- transmitting over a first data link a token including a unique session identifier generated by the server and signed with a private server key associated with a server certificate from the server to the client;
initiating a secure data transfer link from the client to the server in response to receiving the token, the secure data transfer link being independent of the first data link;
completing the secure data transfer link, the server certificate and a full requested Uniform Resource Locator (URL) identifier of the server as initially specified by the client being transmitted to the client during the completing of the secure data transfer link;
transmitting to the server over the secure data transfer link, a response packet including the full requested URL identifier of the server transmitted to the client during the completing of the secure data transfer link, a client certificate, the server certificate as received from the server during the completing of the secure data transfer link, the token, and an authenticity identifier corresponding to a private client key, the private client key being associated with the client certificate; and
validating the response packet.
11 Assignments
0 Petitions
Accused Products
Abstract
A method and system for mutually authenticating a client and a server is provided in accordance with an aspect of the present invention. The method commences with transmitting a token from the server to the client. Thereafter, the method continues with establishing a secure data transfer link between the server and the client. A server certificate is transmitted to the client during the establishment of the secure data transfer link. The method continues with transmitting a response packet to the server, which is validated thereby upon receipt. The system includes a client authentication module that initiates the secure data transfer link and transmits the response packet, and a server authentication module that transmits the token and validates the response packet.
-
Citations
28 Claims
-
1. A method for mutually authenticating a client and a server, the method comprising:
-
transmitting over a first data link a token including a unique session identifier generated by the server and signed with a private server key associated with a server certificate from the server to the client; initiating a secure data transfer link from the client to the server in response to receiving the token, the secure data transfer link being independent of the first data link; completing the secure data transfer link, the server certificate and a full requested Uniform Resource Locator (URL) identifier of the server as initially specified by the client being transmitted to the client during the completing of the secure data transfer link; transmitting to the server over the secure data transfer link, a response packet including the full requested URL identifier of the server transmitted to the client during the completing of the secure data transfer link, a client certificate, the server certificate as received from the server during the completing of the secure data transfer link, the token, and an authenticity identifier corresponding to a private client key, the private client key being associated with the client certificate; and validating the response packet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for authenticating a client to a server, the method comprising:
-
receiving a token from the server over a first data link, the token including a unique session identifier generated by the server and signed with a private server key associated with a server certificate; initiating a secure data transfer link from the client to the server in response to receiving the token; receiving, from the server, the server certificate and a full requested Uniform Resource Locator (URL) identifier of the server as initially specified by the client, during completion of the secure data transfer link; and transmitting to the server over the secure data transfer link a response packet including the full requested URL identifier of the server received from the server by the client during the completion of the secure data transfer link, a client certificate, the server certificate as received from the server during completion of the secure data transfer link, the token, and an authenticity identifier corresponding to a private client key, the private client key being associated with the client certificate. - View Dependent Claims (14, 15, 16, 17, 18)
-
-
19. A method for authenticating a server to a client, the method comprising:
-
transmitting a token from the server to the client over a first data link, the token including a unique session identifier generated by the server and signed with a private server key associated with a server certificate; completing a secure data transfer link between the server and the client based upon a request therefor from the client, the server certificate and a full requested Uniform Resource Locator (URL) identifier of the server as specified by the client in the request being transmitted to the client during the completing of the secure data transfer link; and transmitting to the server a response packet including the full requested URL identifier of the server transmitted to the client during the completing of the secure data transfer link, a client certificate, the server certificate as transmitted to the client during the completing of the secure data transfer link, the token, and an authenticity identifier corresponding to a private, client key, the private client key being associated with the client certificate. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An article of manufacture comprising a non-transitory program storage medium readable by a computer, the medium tangibly embodying one or more programs of instructions executable by the computer to perform a method for mutually authenticating a client and a server, the method comprising:
-
transmitting over a first data link a token including a unique session identifier generated by the server and signed with a private server key associated with a server certificate from the server to the client; initiating a secure data transfer link from the client to the server in response to receiving the token, the secure data transfer link being independent of the first data link; completing the secure data transfer link, the server certificate and a full requested Uniform Resource Locator (URL) identifier of the server as specified by the client being transmitted to the client during the completing of the secure data transfer link; transmitting to the server over the secure data transfer link, a response packet including the full requested URL identifier of the server transmitted to the client during the completing of the secure data transfer link, a client certificate, the server certificate as received from the server during the completing of the secure data transfer link, the token, and an authenticity identifier corresponding to a private client key, the private client key being associated with the client certificate; and validating the response packet.
-
Specification