System and method for secure remote access
First Claim
1. A method of directing a client to establish a secure connection with a server providing remote customer services across a network, the method comprising:
- (a) exchanging a server authentication public key, a client authentication public key, and a remote service unique identifier between the server and the client during a registration process, and transmitting from the client to the server a client information package encrypted with a temporary server public key provided by the server in response to initiating a connection between the client and the server, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key to authenticate the client to the server and indicating a client session public key, wherein the unique identifier uniquely identifies a remote service customer, and decryption of the client information package by a temporary server private key and the client challenge information package by the server with a server authentication private key authenticates the client, and wherein said server authentication private key is associated with the server authentication public key and is retrieved based on the unique identifier serving as an index;
(b) receiving at the client from the server a server information package encrypted with the client session public key indicated in the client information package and having the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key;
(c) decrypting the received server information package utilizing a client session private key and decrypting and verifying the server challenge information package with a client authentication private key associated with the client authentication public key to authenticate the server, wherein decryption of the server challenge information package by the client with the client authentication private key authenticates the server; and
(d) transmitting from the client to the server portion of the decrypted server challenge information utilizing the server session public key indicated in the received server information package to indicate decryption of the server challenge information and authenticity of the server and facilitate access by the client to the remote customer services.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for directing a client to establish a secure connection with a server across a public network. The server and the client exchange a Server Authentication Public Key, a Client Authentication Public Key, and a Remote Service Unique Identifier (RSUID) during a registration process. In one embodiment, the method includes the client transmitting to the server a client information package having the RSUID and a client challenge information package encrypted with the Server Authentication Public Key, the client receiving from the server a server information package having the RSUID and a server challenge information package and a portion of the received client challenge information encrypted with the Client Authentication Public Key, the client decrypting and verifying the server challenge information package with the Client Authentication Private Key, and, the client transmitting to the server an encrypted portion of the received client challenge information.
31 Citations
14 Claims
-
1. A method of directing a client to establish a secure connection with a server providing remote customer services across a network, the method comprising:
-
(a) exchanging a server authentication public key, a client authentication public key, and a remote service unique identifier between the server and the client during a registration process, and transmitting from the client to the server a client information package encrypted with a temporary server public key provided by the server in response to initiating a connection between the client and the server, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key to authenticate the client to the server and indicating a client session public key, wherein the unique identifier uniquely identifies a remote service customer, and decryption of the client information package by a temporary server private key and the client challenge information package by the server with a server authentication private key authenticates the client, and wherein said server authentication private key is associated with the server authentication public key and is retrieved based on the unique identifier serving as an index; (b) receiving at the client from the server a server information package encrypted with the client session public key indicated in the client information package and having the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key; (c) decrypting the received server information package utilizing a client session private key and decrypting and verifying the server challenge information package with a client authentication private key associated with the client authentication public key to authenticate the server, wherein decryption of the server challenge information package by the client with the client authentication private key authenticates the server; and (d) transmitting from the client to the server portion of the decrypted server challenge information utilizing the server session public key indicated in the received server information package to indicate decryption of the server challenge information and authenticity of the server and facilitate access by the client to the remote customer services. - View Dependent Claims (2, 3)
-
-
4. A computer program product having a computer readable memory device tangibly embodying computer program logic for directing a client to establish a secure connection with a server providing remote customer services across a network, said computer program product comprising:
-
a registration module to exchange a server authentication public key, a client authentication public key, and a remote service unique identifier between the server and the client during a registration process; an initiation module to transmit from the client to the server a client information package encrypted with a temporary server public key provided by the server in response to initiation of a connection between the client and the server, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key to authenticate the client to the server and indicating a client session public key, wherein the unique identifier uniquely identifies a remote service customer, and decryption of the client information package by a temporary server private key and the client challenge information package by the server with a server authentication private key authenticates the client, and wherein said server authentication private key is associated with the server authentication public key and is retrieved based on the unique identifier serving as an index; a reception module to receive at the client from the server a server information package encrypted with the client session public key indicated in the client information package having the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key; a decryption module to decrypt the received server information package utilizing a client session private key and to decrypt and verify the server challenge information package with a client authentication private key associated with the client authentication public key to authenticate the server, wherein decryption of the server challenge information package by the client with the client authentication private key authenticates the server; and a response module to transmit from the client to the server a portion of the decrypted received server challenge information encrypted utilizing the server session public key indicated in the received server information package to indicate decryption of the server challenge information and authenticity of the server and to facilitate access by the client to the remote customer services. - View Dependent Claims (5, 6)
-
-
7. A method for directing a server providing remote customer services to establish a secure connection with a client across a network, the method comprising:
-
(a) exchanging a server authentication public key, a client authentication public key, and a remote service unique identifier between the server and the client during a registration process, and receiving at the server from the client a client information package encrypted with a temporary server public key provided by the server in response to initiation of a connection between the client and the server, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key to authenticate the client to the server and indicating a client session public key, wherein the unique identifier uniquely identifies a remote service customer; (b) decrypting the received client information package utilizing a temporary server private key and retrieving a server authentication private key associated with the server authentication public key utilizing the received unique identifier as an index; (c) decrypting and verifying the client challenge information package with the server authentication private key, wherein decryption of the client Challenge information package by the server with the server authentication private key authenticates the client; (d) transmitting from the server to the client a server information package encrypted with the client session public key indicated in the received client information package and including the unique identifier and a server challenge information package encrypted with the client authentication public key to authenticate the server to the client and indicating a server session public key, wherein decryption by the client of the server information package utilizing a client session private key and the server challenge information package utilizing a client authentication private key associated with the client authentication public key authenticates the server; and (e) enabling access by the client to the remote customer services in accordance with an appropriate response from the client indicating decryption of the server challenge information and authenticity of the server, wherein the appropriate response includes a portion of the decrypted server challenge information encrypted utilizing the server session public key indicated in the server information package. - View Dependent Claims (8, 9)
-
-
10. A computer program product having a computer readable memory device tangibly embodying computer program logic for directing a server providing remote customer services to establish a secure connection with a client across a network, said computer program product comprising:
-
a registration module to exchange a server authentication public key, a client authentication public key, and a remote service unique identifier between the server and the client during a registration process; a reception module at the server to receive from the client a client information package encrypted with a temporary server public key provided by the server in response to initiation of a connection between the client and the server, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key to authenticate the client to the server and indicating a client session public key, wherein the unique identifier uniquely identifies a remote service customer; a decryption module to decrypt the received client information package utilizing a temporary server private key; an index module at the server to retrieve a server authentication private key associated with the server authentication public key utilizing the received unique identifier as an index; a validation module at the server to decrypt and verify the client challenge information package with the server authentication private key, wherein decryption of the client challenge information package by the server with the server authentication private key authenticates the client; a transmission module at the server to transmit to the client a server information package encrypted with the client session public key indicated in the received client information package and including the unique identifier and a server challenge information package encrypted with the client authentication public key to authenticate the server to the client and indicating a server session public key, wherein decryption by the client of the server information package utilizing a client session private key and the server challenge information package utilizing a client authentication private key associated with the client authentication public key authenticates the server; and an access module at the server to enable access by the client to the remote customer services in accordance with an appropriate response from the client indicating decryption of the server challenge information and authenticity of the server, wherein the appropriate response includes a portion of the decrypted server challenge information encrypted utilizing the server session public key indicated in the server information package. - View Dependent Claims (11, 12)
-
-
13. A system to establish a secure connection between a server computer system providing remote customer services and a client across a network, the system comprising:
-
a server computer system in communication with a client via a network; a registration module to exchange a server authentication public key, a client authentication public key, and a remote service unique identifier between the server computer system and the client during a registration process; a reception module at the server computer system to receive from the client a client information package encrypted with a temporary server public key provided by the server computer system in response to initiation of a connection between the client and the server computer system, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key to authenticate the client to the server computer system and indicating a client session public key, wherein the unique identifier uniquely identifies a remote service customer; a decryption module to decrypt the received client information package utilizing a temporary server private key; an index module at the server computer system to retrieve a server authentication private key associated with the server authentication public key utilizing the received unique identifier as an index; a validation module at the server computer system to decrypt and verify the client challenge information package with the server authentication private key, wherein decryption of the client challenge information package by the server computer system with the server authentication private key authenticates the client; a transmission module at the server computer system to transmit to the client a server information package encrypted with the client session public key indicated in the received client information package and including the unique identifier and a server challenge information package encrypted with the client authentication public key to authenticate the server computer system to the client and indicating a server session public key, wherein decryption by the client of the server information package utilizing a client session private key and the server challenge information package utilizing a client authentication private key associated with the client authentication public key authenticates the server computer system; and an access module at the server computer system to enable access by the client to the remote customer services in accordance with an appropriate response from the client indicating decryption of the server challenge information and authenticity of the server computer system, wherein the appropriate response includes a portion of the decrypted server challenge information encrypted utilizing the server session public key indicated in the server information package. - View Dependent Claims (14)
-
Specification