Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
2011-07-05
2011-07-05
Orgad, Edan (Department: 2439)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S168000, C713S170000, C713S171000, C713S175000, C726S002000, C726S003000
Reexamination Certificate
active
07975139
ABSTRACT:
The invention describes a method and system for verifying the link between a public key and a server's identity as claimed in the server's certificate without relying on the trustworthiness of the root certificate of the server's certificate chain. The system establishes a secure socket layer type connection between a client and a server, wherein the server transmits information including the server's public key to the client while establishing the connection. Next, a first information is sent from the client to the server. The client and the server create an identical authentication key using a shared secret known to the server and the client. Next, the server transmits a first encrypted message to the client, wherein the first encrypted message includes the server's public key encrypted with the authentication key. Then, the client decrypts the first encrypted message and verifies the correctness of that message including comparing the public key included in the decrypted first encrypted message to the public key transmitted during the set-up of the secure socket layer type connection to authenticate the client and to establish the trustworthiness of the server's public key and thereby the entire SSL connection. The client then transmits a second encrypted message to the server, wherein the second encrypted message is the first information encrypted with the authentication key. Finally, the server then decrypts the second encrypted message and verifies the correctness of the decrypted second encrypted message to authenticate the client.
REFERENCES:
patent: 5241599 (1993-08-01), Bellovin et al.
patent: 5351293 (1994-09-01), Michener et al.
patent: 5371796 (1994-12-01), Avarne
patent: 5689563 (1997-11-01), Brown et al.
patent: 5825890 (1998-10-01), Elgamal et al.
patent: 5953420 (1999-09-01), Matyas et al.
patent: 5953424 (1999-09-01), Vogelesang et al.
patent: 6009173 (1999-12-01), Sumner
patent: 6009177 (1999-12-01), Sudia
patent: 6061796 (2000-05-01), Chen et al.
patent: 6085320 (2000-07-01), Kaliski, Jr.
patent: 6088805 (2000-07-01), Davis et al.
patent: 6094485 (2000-07-01), Weinstein et al.
patent: 6134327 (2000-10-01), Van Oorschot
patent: 6148404 (2000-11-01), Yatsukawa
patent: 6173400 (2001-01-01), Perlman et al.
patent: 6189098 (2001-02-01), Kaliski, Jr.
patent: RE37178 (2001-05-01), Kingdon
patent: 6233341 (2001-05-01), Riggins
patent: 6246771 (2001-06-01), Stanton et al.
patent: 6285991 (2001-09-01), Powar
patent: 6317829 (2001-11-01), Van Oorschot
patent: 6535980 (2003-03-01), Kumar et al.
patent: 6550011 (2003-04-01), Sims, III
patent: 6633979 (2003-10-01), Smeets
patent: 6718467 (2004-04-01), Trostle
patent: 6823454 (2004-11-01), Hind et al.
patent: 6874084 (2005-03-01), Dobner et al.
patent: 6895507 (2005-05-01), Teppler
patent: 7047409 (2006-05-01), Aull et al.
patent: 2001/0042051 (2001-11-01), Barrett et al.
patent: 2002/0002674 (2002-01-01), Grimes et al.
patent: 2002/0138442 (2002-09-01), Hori et al.
patent: 2002/0157019 (2002-10-01), Kadyk et al.
patent: 2003/0041244 (2003-02-01), Buttyan et al.
T. Allen and C. Allen; The TLS Protocol Version 1.0; The Internet Society 1999; pp. 1-80.
Boyeon Song, Kwangjo Kim, “Comparison of Existing Key Establishment Protocols”, Conference on Information Security & Cryptography, Nov. 25, 2000, pp. 1-13.
Alfred J. Menezes, Paul C. van Oorschot, Scott A. Vanstone, “Handbook of Applied Cryptography”, CRC Press, 1997, pp. 397-405.
“Microsoft Computer Dictionary, Fifth Edition”, Microsoft Press 2002, pp. 93, 288, 429, 495, 522, 576.
R. Khare, S. Lawrence, “Upgrading to TLS Within HTTP/1.1”, The Internet Society, May 2000, pp. 1-13.
R. Perlman, C. Kaufman, “Analysis of the IPSec Key Exchange Standard”, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, WET ICE 2001 p. 150-6, Jun. 20-22, 2001, IEEE Computer Society, Los Alamitos, CA, USA.
Joon S. Park, Ravi Sandhu, “Smart Certificates: Extending X.509 for Secure Attribute Services on the Web”, Information and Software Engineering Department, George Mason University, pp. 337-348, 1999.
J. Huges, L. Elteto, N. Cicovic, “Token Interoperability and Portability”, Rainbow Technologies, May 2002, pp. 1-13.
C. Kaufman, R. Perlman, M. Speciner, “Network Security: Private Communication in a Public World”, Prentice-Hall Inc., 1995, pp. 223 and 249-253.
Manatt Phelps & Phillips LLP
Orgad Edan
Shaw Yin-Chen
Vasco Data Security, Inc.
LandOfFree
Use and generation of a session key in a secure socket layer... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Use and generation of a session key in a secure socket layer..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Use and generation of a session key in a secure socket layer... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2655724