ENCAPSULATING THE COMPLEXITY OF CRYPTOGRAPHIC AUTHENTICATION IN BLACK-BOXES

US 20140006781A1
Filed: 06/24/2013
Published: 01/02/2014
Est. Priority Date: 06/23/2012
Status: Abandoned Application

First Claim

Patent Images

1. -13. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device authenticates cryptographically to a verifier black-box in the back-end subsystem by proving possession of a cryptographic credential. The verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication. The prover black-box sends the authentication token to an application front-end in the computing device. The application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token.

28 Citations

View as Search Results

33 Claims

1. -13. (canceled)

14. A method of authenticating a computing device to a back-end subsystem, comprising:
- a prover black-box in the computing device authenticating cryptographically to a verifier black-box in the back-end subsystem by proving possession of a cryptographic credential;
  
  the verifier black-box sending an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication;
  
  the prover black-box sending the authentication token to an application front-end in the computing device;
  
  the application front-end sending the authentication token to an application back-end in the back-end subsystem; and
  
  the application back-end verifying the authentication token.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The method of claim 14, wherein the verifier black-box is a virtual appliance.
  - 16. The method of claim 14, wherein the device uses the authentication token as a login session identifier.
  - 17. The method of claim 14, wherein the authentication token uniquely identifies an object comprising authentication data.
  - 18. The method of claim 14, wherein the authentication token comprises digitally signed authentication data.
  - 19. The method of claim 14, wherein the cryptographic credential comprises a key pair pertaining to a public key cryptosystem and a public key that is part of the key pair is stored in a database within the back-end subsystem.
  - 20. The method of claim 14, wherein the cryptographic credential comprises a key pair pertaining to a public key cryptosystem and a hash of a public key that is part of the key pair is stored in a database within the back-end subsystem.
  - 21. The method of claim 14, wherein the cryptographic credential comprises a private key that is part of a key pair pertaining to a public key cryptosystem, and proving possession of the cryptographic credential includes proving knowledge of the private key.
  - 22. The method of claim 21, wherein the public key cryptosystem is a digital signature cryptosystem, and proving knowledge of the private key includes using the private key to sign a challenge.

23. A prover black-box included in a computing device and used in authenticating the device to a back-end subsystem, configured to:
- receive a request from an application front-end running on the device to perform a cryptographic authentication to the back-end subsystem;
  
  authenticate cryptographically to the back-end subsystem by proving possession of a credential;
  
  receive an authentication token from the back-end subsystem as confirmation of the cryptographic authentication; and
  
  send the authentication token to the application front-end.
- View Dependent Claims (24, 25)
- - 24. The prover black-box of claim 23, wherein the credential comprises a private key that is part of a key pair pertaining to a public key cryptosystem, and proving possession of the credential includes proving knowledge of the private key.
  - 25. The prover black-box of claim 24, wherein the public key cryptosystem is a digital signature cryptosystem, and proving knowledge of the private key includes using the private key to sign a challenge.

26. A verifier black-box configured to:
- authenticate cryptographically a computing device by verifying possession of a cryptographic credential by the device;
  
  return an authentication token to the device as verifiable confirmation of the cryptographic authentication;
  
  receive the authentication token from an application back-end; and
  
  send authentication data to the application back-end.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
- - 27. The verifier black-box of claim 26, wherein the credential comprises a private key that is part of a key pair pertaining to a public key cryptosystem, and verifying possession of the credential includes verifying knowledge of the private key.
  - 28. The verifier black-box of claim 27, wherein the public key cryptosystem is a digital signature cryptosystem, and verifying possession of the private key includes verifying that a signature made with the private key is valid.
  - 29. The verifier black-box of claim 26, further configured to create an authentication object that comprises authentication data and is uniquely identified by the authentication token.
  - 30. The verifier black-box of claim 29, wherein the authentication data comprises a hash of a public key that is part of the credential.
  - 31. The verifier black-box of claim 26, wherein the authentication token comprises digitally signed authentication data.
  - 32. The verifier black-box of claim 26, implemented as a virtual server made available for rent by a cloud service provider.
  - 33. The verifier black-box of claim 32, located together with the application back-end within a virtual private cloud.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pomian & Corella LLC
Original Assignee
Pomian & Corella LLC
Inventors
Corella, Francisco, Lewison, Karen Pomian

Application Number

US13/925,824
Publication Number

US 20140006781A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2463/082   applying multi-factor authe...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0869   for achieving mutual authen...

H04L 63/0876   based on the identity of th...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3247   involving digital signatures

ENCAPSULATING THE COMPLEXITY OF CRYPTOGRAPHIC AUTHENTICATION IN BLACK-BOXES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

33 Claims

Specification

Use Cases

Quick Links

Others

ENCAPSULATING THE COMPLEXITY OF CRYPTOGRAPHIC AUTHENTICATION IN BLACK-BOXES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

33 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others