System and methods for online authentication
First Claim
1. A method of establishing a communication channel between a network client and a computer server over a network, the network client being configured to communicate with the computer server over the network and to communicate with a token manager, the token manager being configured with a parent digital certificate associated with the token manager, the method comprising:
- one of the token manager and the network client generating a credential from the parent digital certificate, the credential being associated with the computer server, wherein the parent digital certificate includes a public encryption key, and wherein generating the credential comprises;
the token manager generating a pseudo-random code; and
the one of the token manager and the network client generating a child digital certificate from the parent digital certificate;
incorporating the pseudo-random code in the child digital certificate; and
the one of the token manager and the network client signing the child digital certificate with a private encryption key unique to the token manager and uniquely associated with the public encryption key,wherein the private encryption key and the public encryption key comprise an asymmetric encryption key pair, and wherein the credential comprises the signed child digital certificate;
the one of the token manager and the network client transmitting the credential to the computer server; and
the network client establishing the communications channel with the computer server in accordance with, an outcome of a determination of validity of the credential by the computer server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of establishing a communication channel between a network client and a computer server over a network is described. The network client may be configured to communicate with the computer server over the network and to communicate with a token manager. The token manager may be configured with a parent digital certificate that is associated with the token manager. The token manager or network client generates a credential from the parent digital certificate, and transmits the credential to the computer server. The credential may be associated with the computer server. The network client may establish the communications channel with the computer server in accordance with an outcome of a determination of validity of the credential by the computer server.
-
Citations
19 Claims
-
1. A method of establishing a communication channel between a network client and a computer server over a network, the network client being configured to communicate with the computer server over the network and to communicate with a token manager, the token manager being configured with a parent digital certificate associated with the token manager, the method comprising:
-
one of the token manager and the network client generating a credential from the parent digital certificate, the credential being associated with the computer server, wherein the parent digital certificate includes a public encryption key, and wherein generating the credential comprises; the token manager generating a pseudo-random code; and the one of the token manager and the network client generating a child digital certificate from the parent digital certificate; incorporating the pseudo-random code in the child digital certificate; and the one of the token manager and the network client signing the child digital certificate with a private encryption key unique to the token manager and uniquely associated with the public encryption key, wherein the private encryption key and the public encryption key comprise an asymmetric encryption key pair, and wherein the credential comprises the signed child digital certificate; the one of the token manager and the network client transmitting the credential to the computer server; and the network client establishing the communications channel with the computer server in accordance with, an outcome of a determination of validity of the credential by the computer server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A communications device comprising;
-
an interface configured to interface the communications device to a computer; a memory storing a parent digital certificate associated with the communications device; and a data processor coupled to the interface and the memory, the data processor being configured to; (i) generate a credential from the parent digital certificate, the credential being associated with a computer server in communication with the computer, wherein the parent digital certificate includes a public encryption key, and wherein in order to generate the credential, the data processor is configured to; generate a pseudo-random code, generate a child digital certificate from the parent digital certificate, incorporate the pseudo-random code in the child digital certificate, and sign the child digital certificate with a private encryption key unique to the communications device and uniquely associated with the public encryption key, wherein the private encryption key and the public encryption key comprise an asymmetric encryption key pair, and wherein the credential comprises the signed child digital certificate; (ii) initiate transmission of the credential to the computer server; and (iii) facilitate establishment of a communications channel between the computer and the computer server in accordance with an outcome of a determination of validity of the credential by the computer server.
-
-
13. A method of establishing a communication channel between a network client and a computer server over a network, the network client being configured to communicate with the computer server over the network and to communicate with a token manager, the token manager being configured with a parent digital certificate associated with the token manager, the method comprising:
-
the computer server receiving a credential from one of the token manager and the network client; the computer server determining a validity of the credential, the determining the validity of the credential comprising verifying that the credential comprises a child digital certificate that incorporates a pseudo-random code generated by the token manager, that the child digital certificate is generated from the parent digital certificate, and that the credential is associated with the computer server, wherein the parent digital certificate includes a public encryption key, wherein the determining the validity of the credential comprises verifying that the credential was signed with a private encryption key unique to the token manager and uniquely associated with the public encryption key, the private encryption key and the public encryption key comprising an asymmetric encryption key pair; and in accordance with an outcome of the determining the validity of the credential, the computer server establishing the communications channel with the network client. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification