Encapsulating the complexity of cryptographic authentication in black-boxes
Abstract
A method of authenticating a computing device to a back-end subsystem. In one embodiment a prover black-box in the computing device authenticates cryptographically to a verifier black-box in the back-end subsystem by proving possession of a cryptographic credential. The verifier black-box sends an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication. The prover black-box sends the authentication token to an application front-end in the computing device. The application front-end sends the authentication token to an application back-end in the back-end subsystem, and the application back-end verifies the authentication token.
Claims
exact text as granted — not AI-modified1 - 13 . (canceled)
14 . A method of authenticating a computing device to a back-end subsystem, comprising:
a prover black-box in the computing device authenticating cryptographically to a verifier black-box in the back-end subsystem by proving possession of a cryptographic credential; the verifier black-box sending an authentication token to the prover black-box as verifiable confirmation of the cryptographic authentication; the prover black-box sending the authentication token to an application front-end in the computing device; the application front-end sending the authentication token to an application back-end in the back-end subsystem; and the application back-end verifying the authentication token.
15 . The method of claim 14 , wherein the verifier black-box is a virtual appliance.
16 . The method of claim 14 , wherein the device uses the authentication token as a login session identifier.
17 . The method of claim 14 , wherein the authentication token uniquely identifies an object comprising authentication data.
18 . The method of claim 14 , wherein the authentication token comprises digitally signed authentication data.
19 . The method of claim 14 , wherein the cryptographic credential comprises a key pair pertaining to a public key cryptosystem and a public key that is part of the key pair is stored in a database within the back-end subsystem.
20 . The method of claim 14 , wherein the cryptographic credential comprises a key pair pertaining to a public key cryptosystem and a hash of a public key that is part of the key pair is stored in a database within the back-end subsystem.
21 . The method of claim 14 , wherein the cryptographic credential comprises a private key that is part of a key pair pertaining to a public key cryptosystem, and proving possession of the cryptographic credential includes proving knowledge of the private key.
22 . The method of claim 21 , wherein the public key cryptosystem is a digital signature cryptosystem, and proving knowledge of the private key includes using the private key to sign a challenge.
23 . A prover black-box included in a computing device and used in authenticating the device to a back-end subsystem, configured to:
receive a request from an application front-end running on the device to perform a cryptographic authentication to the back-end subsystem; authenticate cryptographically to the back-end subsystem by proving possession of a credential; receive an authentication token from the back-end subsystem as confirmation of the cryptographic authentication; and send the authentication token to the application front-end.
24 . The prover black-box of claim 23 , wherein the credential comprises a private key that is part of a key pair pertaining to a public key cryptosystem, and proving possession of the credential includes proving knowledge of the private key.
25 . The prover black-box of claim 24 , wherein the public key cryptosystem is a digital signature cryptosystem, and proving knowledge of the private key includes using the private key to sign a challenge.
26 . A verifier black-box configured to:
authenticate cryptographically a computing device by verifying possession of a cryptographic credential by the device; return an authentication token to the device as verifiable confirmation of the cryptographic authentication; receive the authentication token from an application back-end; and send authentication data to the application back-end.
27 . The verifier black-box of claim 26 , wherein the credential comprises a private key that is part of a key pair pertaining to a public key cryptosystem, and verifying possession of the credential includes verifying knowledge of the private key.
28 . The verifier black-box of claim 27 , wherein the public key cryptosystem is a digital signature cryptosystem, and verifying possession of the private key includes verifying that a signature made with the private key is valid.
29 . The verifier black-box of claim 26 , further configured to create an authentication object that comprises authentication data and is uniquely identified by the authentication token.
30 . The verifier black-box of claim 29 , wherein the authentication data comprises a hash of a public key that is part of the credential.
31 . The verifier black-box of claim 26 , wherein the authentication token comprises digitally signed authentication data.
32 . The verifier black-box of claim 26 , implemented as a virtual server made available for rent by a cloud service provider.
33 . The verifier black-box of claim 32 , located together with the application back-end within a virtual private cloud.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.