Client credential based secure session authentication method and apparatus
First Claim
Patent Images
1. A method for client credential based authentication of messages between a client and a server, said client and server both knowing said client credential, the method comprising the steps of:
- utilizing the client credential to create a first key;
preparing a message for transmission at the client;
computing, at the client, a message authentication code ‘
MAC’
with the first key and the message by using a MAC function known to both the client device and the server;
sending the message and the MAC from the client to the server;
receiving, at the client, a response message from the server, the response message including a session identifier;
utilizing the client credential and the session identifier to create a second key; and
using the MAC function and the second key to authenticate subsequent messages between the client and the server;
wherein creation of at least one of the first key and the second key is performed using a secure pseudo-random number generator that employs a seed being the client credential combined with either a security token or a nonce.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for client credential based authentication of messages between a client and a server, the client and server both knowing the client credential, the method comprising the steps of: utilizing the client credential to create a key; and using the key to authenticate messages between the client and the server.
-
Citations
35 Claims
-
1. A method for client credential based authentication of messages between a client and a server, said client and server both knowing said client credential, the method comprising the steps of:
-
utilizing the client credential to create a first key; preparing a message for transmission at the client; computing, at the client, a message authentication code ‘
MAC’
with the first key and the message by using a MAC function known to both the client device and the server;sending the message and the MAC from the client to the server; receiving, at the client, a response message from the server, the response message including a session identifier; utilizing the client credential and the session identifier to create a second key; and using the MAC function and the second key to authenticate subsequent messages between the client and the server; wherein creation of at least one of the first key and the second key is performed using a secure pseudo-random number generator that employs a seed being the client credential combined with either a security token or a nonce. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A client device adapted for client credential based authentication of messages between the client device and a server, said client device and server both knowing said client credential, the client device comprising:
-
memory for storing the shared credential; a processor communicating with said memory and adapted to; prepare a message for transmission; utilize the client credential to create a first key; use the key and a message to create a message authentication code ‘
MAC’
using a MAC function known to both the client device and the server;add the message authentication code to the message to create a secure message; send the secure message to the server; receive a response message from the server, the response message including a session identifier; utilize the client credential and the session identifier to create a second key; use the MAC function and the second key to authenticate subsequent messages received from the server; and a communication subsystem adapted to send the secure message, wherein creation of at least one of the first key and the second key is performed using a secure pseudo-random number generator that employs a seed being the client credential combined with either a security token or a nonce. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer readable medium storing program code executable by a computer processor for causing client credential based authentication of messages between a client and a server, said client and server both knowing said client credential, comprising:
-
utilizing the client credential to create a first key; preparing a message for transmission at the client; computing, at the client, a message authentication code ‘
MAC’
with the first key and the message by using a MAC function known to both the client device and the server;sending the message and the MAC from the client to the server; receiving, at the client, a response message from the server, the response message including a session identifier; utilizing the client credential and the session identifier to create a second key; and using the MAC function and the second key to authenticate subsequent messages between the client and the server; wherein creation of at least one of the first key and the second key is performed using a secure pseudo-random number generator that employs a seed being the client credential combined with either a security token or a nonce. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification