Methods and systems for secure channel initialization
First Claim
1. A method for secure channel initialization for a client network device, the method comprising:
- sending a secure channel initialization request from the client network device to a server network device, the secure channel initialization request including a client ephemeral public key; and
receiving, from the server network device, a secure channel initialization response at the client network device, the secure channel initialization response including an encrypted payload and a server ephemeral public key, the encrypted payload comprising a certificate of the server network device trusted by the client network device and a certificate of the client network device, the certificate of the client network device having been created by the server network device;
computing a high entropy shared secret with the server ephemeral public key;
decrypting the payload with the high entropy shared secret;
wherein said certificate of the server network device and said certificate of the client network device are used to establish a secure session.
4 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for secure channel initialization between a client network element and a server network element are disclosed. In accordance with one embodiment of the present disclosure, the method includes: sending a secure channel initialization request from the client network element to the server network element; receiving the secure channel initialization request at the server network element; creating a server credential and a client credential at the server network element; and sending a secure channel initialization response from the server network element to the client network element, the secure channel initialization response including the server credential and the client credential, wherein said server credential and said client credential are used to establish a secure session.
26 Citations
39 Claims
-
1. A method for secure channel initialization for a client network device, the method comprising:
-
sending a secure channel initialization request from the client network device to a server network device, the secure channel initialization request including a client ephemeral public key; and receiving, from the server network device, a secure channel initialization response at the client network device, the secure channel initialization response including an encrypted payload and a server ephemeral public key, the encrypted payload comprising a certificate of the server network device trusted by the client network device and a certificate of the client network device, the certificate of the client network device having been created by the server network device; computing a high entropy shared secret with the server ephemeral public key; decrypting the payload with the high entropy shared secret; wherein said certificate of the server network device and said certificate of the client network device are used to establish a secure session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for secure channel initialization for a server network device, the method comprising:
-
receiving a secure channel initialization request at the server network device, the secure channel initialization request including a client ephemeral public key; computing a high entropy shared secret with the client ephemeral public key; creating, at the server network device, a server certificate and a client certificate trusted by the server network device; and sending a secure channel initialization response from the server network device, the secure channel initialization response including a payload encrypted with the high entropy shared secret, the payload comprising the server certificate and the client certificate, and a server ephemeral public key; wherein said server certificate and said client certificate are used to establish a secure session. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A client network element adapted for secure channel initialization, the client network element comprising a processor;
- a communications subsystem; and
memory;
the client network element being adapted to;send from said communications subsystem a secure channel initialization request to a server network element, the secure channel initialization request including a client ephemeral public key; receive, from the server network element, at the communications subsystem a secure channel initialization response, the secure channel initialization response including an encrypted payload and a server ephemeral public key, the encrypted payload comprising a certificate of the server network trusted by the client network element and a certificate of the client network element, the certificate of the client network device having been created by the server network device; compute a high entropy shared secret with the server ephemeral public key; decrypting the payload with the high entropy shared secret; wherein said certificate of the server network element and said certificate of the client network element are used to establish a secure session. - View Dependent Claims (19, 20, 21, 22)
- a communications subsystem; and
-
23. A server network element adapted for secure channel initialization, the server network element comprising a processor;
- a communications subsystem; and
memory;
the server network element being adapted to;receive at the communications subsystem a secure channel initialization request, the secure channel initialization request including a client ephemeral public key; compute a high entropy shared secret with the client ephemeral public key; create at the processor a server certificate and a client certificate trusted by the server network element; and send from the communications subsystem a secure channel initialization response, the secure channel initialization response including a payload encrypted with the high entropy shared secret, the payload comprising the server certificate and the client certificate, and a server ephemeral public key; wherein said server credential and said client credential are used to establish a secure session. - View Dependent Claims (24, 25, 26)
- a communications subsystem; and
-
27. A method for secure channel initialization between a client network element and a server network element, the method comprising the steps of:
-
sending a secure channel initialization request from the client network element to the server network element, the secure channel initialization request including a client ephemeral public key; receiving the secure channel initialization request at the server network element; computing, at the server network element, a high entropy shared secret based on the client ephemeral public key; creating, at the server network element, a server certificate and a client certificate trusted by the server network element; sending a secure channel initialization response from the server network element to the client network element, the secure channel initialization response including a payload encrypted with the high entropy shared secret, the payload comprising the server certificate trusted by the client network element and the client certificate, and a server ephemeral public key; computing, at the client network element, the high entropy shared secret based on the server ephemeral public key; decrypting the payload with the high entropy shared secret at the client network element; wherein said server certificate and said client certificate are used to establish a secure session. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A system for secure channel initialization comprising:
-
a client network element, the client network element having a processor;
a communications subsystem; and
memory; anda server network element, the server network element having;
a processor;
a communications subsystem; and
memory,the system being adapted to; send a secure channel initialization request from the communications subsystem of client network element to the communications subsystem of the server network element, the secure channel initialization request including a client ephemeral public key; compute, using the processor of the server network element, a high entropy shared secret with the client ephemeral public key; create, using the processor of the server network element, a server certificate and a client certificate trusted by the server network element; send a secure channel initialization response from the server network element to the client network element, the secure channel initialization response including a payload encrypted with the high entropy shared secret, the payload including the server certificate trusted by the client network element and the client certificate, and a server ephemeral public key; compute, using the processor of the client network element, the high entropy shared secret with the server ephemeral public key; decrypt, using the processor of the client network element, the payload with the high entropy shared secret; wherein said server certificate and said client certificate are used to establish a secure session. - View Dependent Claims (37, 38, 39)
-
Specification