US2014006781A1PendingUtilityA1

Encapsulating the complexity of cryptographic authentication in black-boxes

48
Assignee: CORELLA FRANCISCOPriority: Jun 23, 2012Filed: Jun 24, 2013Published: Jan 2, 2014
Est. expiryJun 23, 2032(~5.9 yrs left)· nominal 20-yr term from priority
H04L 63/08H04L 63/0876H04L 63/0807H04L 9/3213H04L 9/3247H04L 63/0869H04L 2463/082
48
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device authenticates cryptographically to a verifier black-box in the back-end subsystem by proving possession of a cryptographic credential. The verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication. The prover black-box sends the authentication token to an application front-end in the computing device. The application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token.

Claims

exact text as granted — not AI-modified
1 - 13 . (canceled) 
     
     
         14 . A method of authenticating a computing device to a back-end subsystem, comprising:
 a prover black-box in the computing device authenticating cryptographically to a verifier black-box in the back-end subsystem by proving possession of a cryptographic credential;   the verifier black-box sending an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication;   the prover black-box sending the authentication token to an application front-end in the computing device;   the application front-end sending the authentication token to an application back-end in the back-end subsystem; and   the application back-end verifying the authentication token.   
     
     
         15 . The method of  claim 14 , wherein the verifier black-box is a virtual appliance. 
     
     
         16 . The method of  claim 14 , wherein the device uses the authentication token as a login session identifier. 
     
     
         17 . The method of  claim 14 , wherein the authentication token uniquely identifies an object comprising authentication data. 
     
     
         18 . The method of  claim 14 , wherein the authentication token comprises digitally signed authentication data. 
     
     
         19 . The method of  claim 14 , wherein the cryptographic credential comprises a key pair pertaining to a public key cryptosystem and a public key that is part of the key pair is stored in a database within the back-end subsystem. 
     
     
         20 . The method of  claim 14 , wherein the cryptographic credential comprises a key pair pertaining to a public key cryptosystem and a hash of a public key that is part of the key pair is stored in a database within the back-end subsystem. 
     
     
         21 . The method of  claim 14 , wherein the cryptographic credential comprises a private key that is part of a key pair pertaining to a public key cryptosystem, and proving possession of the cryptographic credential includes proving knowledge of the private key. 
     
     
         22 . The method of  claim 21 , wherein the public key cryptosystem is a digital signature cryptosystem, and proving knowledge of the private key includes using the private key to sign a challenge. 
     
     
         23 . A prover black-box included in a computing device and used in authenticating the device to a back-end subsystem, configured to:
 receive a request from an application front-end running on the device to perform a cryptographic authentication to the back-end subsystem;   authenticate cryptographically to the back-end subsystem by proving possession of a credential;   receive an authentication token from the back-end subsystem as confirmation of the cryptographic authentication; and   send the authentication token to the application front-end.   
     
     
         24 . The prover black-box of  claim 23 , wherein the credential comprises a private key that is part of a key pair pertaining to a public key cryptosystem, and proving possession of the credential includes proving knowledge of the private key. 
     
     
         25 . The prover black-box of  claim 24 , wherein the public key cryptosystem is a digital signature cryptosystem, and proving knowledge of the private key includes using the private key to sign a challenge. 
     
     
         26 . A verifier black-box configured to:
 authenticate cryptographically a computing device by verifying possession of a cryptographic credential by the device;   return an authentication token to the device as verifiable confirmation of the cryptographic authentication;   receive the authentication token from an application back-end; and   send authentication data to the application back-end.   
     
     
         27 . The verifier black-box of  claim 26 , wherein the credential comprises a private key that is part of a key pair pertaining to a public key cryptosystem, and verifying possession of the credential includes verifying knowledge of the private key. 
     
     
         28 . The verifier black-box of  claim 27 , wherein the public key cryptosystem is a digital signature cryptosystem, and verifying possession of the private key includes verifying that a signature made with the private key is valid. 
     
     
         29 . The verifier black-box of  claim 26 , further configured to create an authentication object that comprises authentication data and is uniquely identified by the authentication token. 
     
     
         30 . The verifier black-box of  claim 29 , wherein the authentication data comprises a hash of a public key that is part of the credential. 
     
     
         31 . The verifier black-box of  claim 26 , wherein the authentication token comprises digitally signed authentication data. 
     
     
         32 . The verifier black-box of  claim 26 , implemented as a virtual server made available for rent by a cloud service provider. 
     
     
         33 . The verifier black-box of  claim 32 , located together with the application back-end within a virtual private cloud.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.