Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-07-24
2001-04-24
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S150000, C713S168000, C713S152000, C380S028000, C380S255000
Reexamination Certificate
active
06223287
ABSTRACT:
FIELD OF THE INVENTION
The present invention generally relates to methods for establishing communication channels over the internet, and, in particular, for establishing secured communication channels over the internet.
BACKGROUND OF THE INVENTION
Web browser technology has propelled the internet to what has now become a pervasive and nearly universal information superhighway whereby a wealth of information can be readily retrieved and delivered to any requesting end user. As the level of activities on the internet increases, more and more powerful tools are being demanded. In providing these tools, a platform independent programming language such as the Java language allows a program written in Java to be executed on any platform. In this manner, virtually any tool (i.e. program) can be delivered over the internet to a client site to perform a desired function at the client. Along with the increase in the level of activities on the internet, the need to exchange sensitive information over secured channels becomes important as well. For this reason, Netscape has developed the Secure Socket Layer (SSL) protocol. The primary goal of the SSL protocol is to provide privacy and reliability between two communicating applications. The protocol is comprised of two layers. At the lowest level is the SSL Record protocol, which is layered on top of some reliable transport protocol, such as for example the Transport Control Protocol (TCP), and is used for encapsulation of various higher level protocols. One such encapsulated protocol is the SSL Handshake protocol which allows the server and client to authenticate each other and negotiate an encryption algorithm and cryptographic keys before any data is communicated.
While the SSL protocol is designed for use in many applications, its main application has been with web browsers. By issuing an “https://” (Hypertext Transfer Protocol with SSL) addressing command to the web browser rather than an “http://” (Hypertext Transfer Protocol) command, a transaction through a secured communication channel is requested and the web browser responds accordingly by establishing a secured communication channel to carry out secured transactions between a client and a server.
However, in the case where an application is delivered from a server to a client, and the application wishes to open a separate secured communication channel from the client to any another machine, attention must be paid to the constraints in such a scenario, i.e., the application must be delivered to the client in the least amount of time to minimize overhead execution time and the application must have fast execution speed. In order to have an application delivered to a destination client in the least amount of time, the application has to be kept to a minimal size, which means that the algorithm for such an application must be conducive to be programmed using a minimal amount of code. Additionally, for an application to have fast execution speed, the algorithm has to be both small and efficient.
Prior art technologies using either the SSL protocol or other encryption tend to be bulky, requiring a significant amount of download time for delivery of the application, and tend to have slow execution time. Therefore, there is a need for an improved and more efficient method for establishing a secured communication channel between a client and a server.
SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide an improved method for establishing a secured communication channel between a client and a server.
It is another object of the present invention to provide a method for establishing a secured communication channel between a client and a server using an algorithm programmable using a minimal amount of code and have fast execution speed.
It is yet another object of the present invention to provide a method for establishing a secured communication channel between a client and a server wherein the encryption information for establishing the secured channel is compact and can be delivered and executed using minimal system resources.
Briefly, a presently preferred embodiment of the present invention provides a method for establishing a secured communication channel between a client and a server wherein a program and a set of encryption information for establishing the secured communication channel are delivered from the server to the client. The set of encryption information is compact and can be used to quickly and efficiently encipher and decipher data. More specifically, the client requests a program from the server via a first secured communication channel that can be established by a web browser under the HTTPS (Hypertext Transfer Protocol with SSL) protocol. The server in response dynamically generates a set of encryption information and a token identifying this particular set of encryption information. This information is then sent with the requested program to the client. While the program can be written in any language, the language of choice is a platform-independent language such as Java. When the program executes on the client and performs its programmed tasks, one of the tasks is to establish a separate, secured communication channel with the server using the encryption information from the server. The encryption method used in the preferred embodiment is a software-efficient, pseudo-random number generating algorithm. In establishing the communication channel, the token, the server time stamp, and the client time stamps are verified to establish a secured channel.
An advantage of the present invention is that it provides an improved method for establishing a secured communication channel between a client and a server.
Another advantage of the present invention is that it provides a method for establishing a secured communication channel between a client and a server using an algorithm programmable using a minimal amount of code and have fast execution speed.
Yet another advantage of the present invention is that it provides a method for establishing a secured communication channel between a client and a server wherein the encryption information for establishing the secured channel is compact and can be delivered and executed using minimal system resources.
These and other features and advantages of the present invention will become well understood upon examining the figures and reading the following detailed description of the invention.
REFERENCES:
patent: 5557518 (1996-09-01), Rosen
patent: 5559884 (1996-09-01), Davidson et al.
patent: 5651068 (1997-07-01), Klemba et al.
patent: 5657390 (1997-08-01), Elgamal et al.
patent: 5692047 (1997-11-01), McManis
patent: 5694546 (1997-12-01), Reisman
patent: 5708709 (1998-01-01), Rose
patent: 5825881 (1998-10-01), Colvin Sr.
patent: 5825890 (1998-10-01), Elgamal et al.
patent: 6052785 (2000-04-01), Lin et al.
patent: 2312767 (1997-05-01), None
patent: WO97/34426 (1997-09-01), None
patent: WO97/37303 (1997-10-01), None
Douglas Daniel G.
Edelman Stewart J.
Guillot Robert O.
International Business Machines - Corporation
Oppenheimer Wolff & Donnelly LLP
Peeso Thomas R.
LandOfFree
Method for establishing a secured communication channel over... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for establishing a secured communication channel over..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for establishing a secured communication channel over... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2493939