Secure protocol attack mitigation
First Claim
1. A system, comprising at least one computing device implementing one or more services, wherein the one or more services:
- generate a CAPTCHA that has a corresponding answer value;
provide the CAPTCHA to a client computer system as part of a handshake that establishes a shared secret, the shared secret based at least in part on the answer value;
establish an encrypted network connection between the system and the client computer system using the shared secret;
generate a cryptographic key based at least in part on the answer value; and
use the cryptographic key to perform cryptographic operations on messages transmitted between the client computer system and the system.
1 Assignment
0 Petitions
Accused Products
Abstract
A handshake for establishing a secure connection between a client computer system and a service includes a CAPTCHA element. When the client computer system initiates the secure connection to the service, the service responds by generating a key seed and providing the key seed to the client computer system in the form of the CAPTCHA element. The CAPTCHA element is solvable by a human user at the client computer system to obtain a solution. The solution to the CAPTCHA is used to recover the key seed. The client and the server use the key seed to generate an encryption key which is used to encrypt communications between the client computer system and the service.
28 Citations
20 Claims
-
1. A system, comprising at least one computing device implementing one or more services, wherein the one or more services:
-
generate a CAPTCHA that has a corresponding answer value; provide the CAPTCHA to a client computer system as part of a handshake that establishes a shared secret, the shared secret based at least in part on the answer value; establish an encrypted network connection between the system and the client computer system using the shared secret; generate a cryptographic key based at least in part on the answer value; and use the cryptographic key to perform cryptographic operations on messages transmitted between the client computer system and the system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
-
receive, as part of a handshake that establishes an encrypted network connection between the computer system and a server, information that specifies a CAPTCHA, the CAPTCHA being more difficult for an automated agent to interpret than by a human, where a proposed solution to the CAPTCHA is computationally less intensive to verify than the CAPTCHA is to solve by a second computer system; acquire an answer associated with the CAPTCHA; establish a shared secret, the shared secret based at least in part on the answer; establish an encrypted network connection with the server using the shared secret generate a cryptographic key based at least in part on the answer associated with the CAPTCHA; and cryptographically protect communications with the server using the cryptographic key. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented method comprising:
-
receiving information that specifies a CAPTCHA; providing a solution to the CAPTCHA; generating a key seed value from the solution to the CAPTCHA; establishing a shared secret, the shared secret based at least in part on the solution; providing the shared secret as part of a handshake to establish a network connection; generating a cryptographic key based at least in part on the solution; and cryptographically verifying communications over the network connection using a digital signature based at least in part on the cryptographic key. - View Dependent Claims (18, 19, 20)
-
Specification