Enhanced authentication for secure communications
First Claim
Patent Images
1. A computer-implemented method, comprising:
- obtaining a challenge from an authentication service;
generating a secure shell (SSH) identification string that comprises the obtained challenge;
transmitting the generated SSH identification string to another computer system during an SSH identification string exchange;
receiving, from the other computer system, after an SSH key exchange with the other computer system, an SSH authentication request that comprises a digital signature;
transmitting to the authentication service the digital signature and information usable to determine a set of messages passed between the computer system and the other computer system, at least one message of the set of messages comprising the challenge;
receiving, from the authentication service, a response that indicates whether the digital signature was successfully verified as having been generated using the challenge; and
authenticating the other computer system based at least in part on the received response.
1 Assignment
0 Petitions
Accused Products
Abstract
A server obtains a challenge from another computer system during a negotiation with a client according to a protocol. The server injects the challenge into a message of the protocol to the client. The client uses the challenge in an authentication request. The server submits the authentication request to the other computer system for verification. The other computer system verifies the authentication request using a key registered to the client. The server operates further dependent at least in part on whether verification of the authentication request was successful.
28 Citations
23 Claims
-
1. A computer-implemented method, comprising:
-
obtaining a challenge from an authentication service; generating a secure shell (SSH) identification string that comprises the obtained challenge; transmitting the generated SSH identification string to another computer system during an SSH identification string exchange; receiving, from the other computer system, after an SSH key exchange with the other computer system, an SSH authentication request that comprises a digital signature; transmitting to the authentication service the digital signature and information usable to determine a set of messages passed between the computer system and the other computer system, at least one message of the set of messages comprising the challenge; receiving, from the authentication service, a response that indicates whether the digital signature was successfully verified as having been generated using the challenge; and authenticating the other computer system based at least in part on the received response. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system, comprising:
-
one or more processors; and memory to store computer-executable instructions that, if executed, cause the one or more processors to; obtain a challenge from an authentication service; generate a secure shell (SSH) identification string that comprises the obtained challenge; transmit the generated SSH identification string to another computer system during an SSH identification string exchange; receive, from the other computer system, after an SSH key exchange with the other computer system, an SSH authentication request that comprises a digital signature; transmit to the authentication service the digital signature and information usable to determine a set of messages passed between the computer system and the other computer system, at least one message of the set of messages comprising the challenge; receive, from the authentication service, a response that indicates whether the digital signature was successfully verified as having been generated using the challenge; and authenticate the other computer system based at least in part on the received response. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of execution by one or more processors of a computer system, cause the computer system to at least:
-
obtain a challenge from an authentication service; generate a secure shell (SSH) identification string that comprises the obtained challenge; transmit the generated SSH identification string to another computer system during an SSH identification string exchange; receive, from the other computer system, after an SSH key exchange with the other computer system, an SSH authentication request that comprises a digital signature; transmit to the authentication service the digital signature and information usable to determine a set of messages passed between the computer system and the other computer system, at least one message of the set of messages comprising the challenge; receive, from the authentication service, a response that indicates whether the digital signature was successfully verified as having been generated using the challenge; and authenticate the other computer system based at least in part on the received response. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification