Method and system for hypertext transfer protocol digest authentication
First Claim
Patent Images
1. A method at a computing device comprising:
- receiving a message from a token issuing entity, the message including a token secret, e token secret being in encrypted format;
receiving a challenge from a service provider;
creating a response utilizing information from the challenge and the token secret, said creating utilizing a hash function which hashes the token secret as a shared secret between the computing device and the service provider; and
forwarding the response and token secret to the service provider;
wherein the computing device does not have a decryption key for decrypting the token secret.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for hypertext transfer protocol digest authentication through the use of a token issuing entity trusted by both a client and a service provider. The token issuing entity may issue an encrypted token and a token secret to the client. The client may then use the token secret instead of a password for digest authentication, and provided the encrypted token along with the digest authentication response to the service provider. The service provider may decrypt the encrypted token to obtain the token secret, which may then be used for digest authentication with the client.
6 Citations
42 Claims
-
1. A method at a computing device comprising:
-
receiving a message from a token issuing entity, the message including a token secret, e token secret being in encrypted format; receiving a challenge from a service provider; creating a response utilizing information from the challenge and the token secret, said creating utilizing a hash function which hashes the token secret as a shared secret between the computing device and the service provider; and forwarding the response and token secret to the service provider;
wherein the computing device does not have a decryption key for decrypting the token secret. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computing device comprising:
-
a processor, and a communications subsystem, wherein the computing device is configured to; receive a message from a token issuing entity, the message including a token secret, the token secret in encrypted format; receive a challenge from a service provider; create a response utilizing information from the challenge and the token secret with a hash function which hashes the token secret as a shared secret between the computing device and the service provider; and forward the response and token secret to the service provider; wherein the computing device does not have a decryption key for decrypting the token secret. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium having stored thereon instructions for execution by a processor of a computing device, the instructions including code for:
-
receiving a message from a token issuing entity, the message including a token secret, the token secret in encrypted format; receiving a challenge from a service provider; creating a response utilizing information from the challenge and the token secret, said creating utilizing a hash function which hashes the token secret as a shared secret between the computing device and the service provider; and forwarding the response and token secret to the service provider; wherein the computing device does not have a decryption key for decrypting the token secret. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method at a service provider comprising:
-
receiving a service request from an unauthorized client; providing a challenge to the client; receiving, from the client, a response, the response including digest information and an encrypted token; decrypting the token to obtain a token secret, the decrypting utilizing a key obtained from a token issuing entity; creating a server response utilizing information from the challenge and the token secret with a hash function which hashes the token secret as a shared secret between the client and the service provider; and authenticating the client if the server response matches the digest information. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
-
29. A server comprising:
-
a processor; and a communications subsystem, wherein the server is configured to; receive a service request from an unauthorized client; provide a challenge to the client; receive, from the client, a response, the response including digest information and an encrypted token; decrypt the token to obtain a token secret utilizing a key obtained from a token issuing entity; create a server response utilizing information from the challenge and token secret with a hash function which hashes the token secret as a shared secret between the client and the service provider; and authenticate the client if the server response matches the digest information. - View Dependent Claims (30, 31, 32, 33, 34, 35)
-
-
36. A non-transitory computer readable medium having stored thereon instructions for execution by a processor of a service provider, the instructions including code for:
-
receiving a service request from an unauthorized client; providing a challenge to the client; receiving, from the client, a response, the response including digest information and an encrypted token; decrypting the token to obtain a token secret, the decrypting utilizing a key obtained from a token issuing entity; creating a server response utilizing information from the challenge and the token secret with a hash function which hashes the token secret as a shared secret between the client and the service provider; and authenticating the client if the server response matches the digest information. - View Dependent Claims (37, 38, 39, 40, 41, 42)
-
Specification