183 results about "Client certificate" patented technology

Apparatus and accompanying methods for use therein for implementing an integrated, virtual office user environment, through an office server(s), through which a remotely stationed user can access typical office network-based applications, including e-mail, file sharing and hosted thin-client programs, through a remotely located network, e.g., WAN, connected web browser. Specifically, a front end, namely a service enablement platform (SEP), to one or more office servers on a LAN is connected to both the WAN and LAN and acts both as a bridge between the user and his(her) office applications and as a protocol translator to enable bi-directional, web-based, real-time communication to occur between the browser and each such application. During initial operation, the SEP, operating under a default profile, establishes, over an analog connection to the WAN, a management session with the site to obtain customer WAN access information, then tears down the analog connection and establishes a broadband WAN connection through which the SEP re-establishes its prior session and obtains a client certificate and its customized profile. The SEP then re-initializes itself to that particular profile.

In a multimedia recording and playback network for receiving from a content server a service package of multimedia content, the network including a media server in communication with the content server, a method of securely transmitting a master encryption key from the content server to the media server, including the steps downloading a service package certificate from the content server to the media server, authenticating, in the media server, the received service package certificate, the content server providing to the media server a key server certificate, a public key of the content server, and a client certificate request, the media server authenticating the key server certificate, providing to the content server, upon authentication of the key server certificate by the media server, a client certificate including a challenge signature, and a public key of the media server, the content server authenticating the client certificate including the challenge signature received from the media server, the media server requesting the master encryption key from the content server, and the content server responding by transmitting the master encryption key to media server.

Various techniques are described to authenticate the identity of a proxy in a client-proxy-server configuration. The configuration may have a client-side and a server-side SSL session. In the server-side session, if the proxy has access to the private keys of the client, the proxy may select a client certificate from a collection of client certificates and send the selected certificate to the server to satisfy a client authentication request of the server. If the proxy does not have access to the private keys, the proxy may instead send an emulated client certificate to the server. Further, the client certificate received from the client may be embedded within the emulated client certificate so as to allow the server to directly authenticate the client, in addition to the proxy. An emulated client certificate chain may be formed instead of an emulated client certificate. Similar techniques may be applied to the client-side session.

In a method and appliance for authenticating, by an appliance, a client to access a virtual network connection, based on an attribute of a client-side certificate, a client authentication certificate is requested from a client. A value of at least one field in the client authentication certificate received from the client is identified. One of a plurality of types of access is assigned responsive to an application of a policy to the identified value of the at least one field, each of the plurality of access types associated with at least one connection characteristic.

A method and system for authenticating a client and a server is disclosed. In one contemplated embodiment, the client has a client certificate and the server have a server certificate. The client is validated to an authentication module based upon a certificate request identifier generated thereby, a secure data link certificate, and an authentication module Uniform Resource Locator. The authentication module is validated to the client based upon the client certificate and the certificate request identifier. A password associated with a user identifier that is encrypted with a private client key and signed with a public server key is transmitted to the authentication module. The password is then validated.

A method and system for secured network access is provided in accordance with the present invention. The method begins with receiving a login request from a client on a router. Thereafter, a certificate transfer instruction for the router to an authentication appliance is generated where the client lacks a copy of a client certificate. The client is authenticated with a challenge-response sequence, the response to which is deliverable through an out-of-band communications channel. Upon authentication, the client certificate and the client private key are transmitted to the client, which are used to authenticate the client to the network.

A method for self-service authentication of a client and a server. The method includes the server receiving an initialization command from the client. The initialization command may be transmitted to the server via a client web browser over an unsecured data transfer link. The method continues with requesting authentication information from the client. In response to receiving the authentication information from the client, the server transmits a client software component to the client. The client software component utilizes a client-side library installed on the operating system of the client to generate the various client credentials described above. Thereafter, the certificate signing request may be transmitted to a certificate server for signing the certificate signing request. The signed certificate signing request is then received by the client via the client web browser. The client utilizes the information associated with the signed certificate signing request with the client-side library installed on the client to generate a client certificate.

A method and system is provided for storing a plurality of client certificate credentials via a client web browser into one or more keystore file(s). The client web browser is used to establish the secure data transfer link between the client and the server. The client web browser includes a plug-in software component. The plug-in software component is configured to generate the keystore file and a key pair. The method may continue with generating a certificate request on the client. The certificate request generated is then transmitted to a certificate server. The certificate server is configured to digitally sign the certificate request generated. The method continues with the client receiving a signed certificate request. The signed certificate request is received by the client via the client web browser. The method may conclude by storing the plurality of client certificate credentials associated with the signed certificate request in one or more keystore file(s).

Authenticating a client to a server accessible through an Internet Protocol Security (IPSec) Virtual Private Network (VPN) appliance. The IPSec VPN appliance and an SSL VPN appliance are configured to receive an initialization command from the client. The SSL VPN appliance is in communication with an authentication appliance for authenticating the client to the server. In response to the initialization command, the authentication appliance generates a client key pair including a client private key and a client public key. The authentication appliance generates a client certificate and a client IPSec profile. The authentication appliance transmits the client key pair, the client certificate and the client IPSec profile to the client. A secure communication session between the client and the server is established. The secure communication session is established through the IPSec VPN appliance. Upon receipt of the IPSec profile, the communication session between the client and the server is encrypted.

A method, apparatus and computer program product are provided for enabling multiple mobile terminals to access a subscription service. The method may further include causing a client certificate to be issued to the first mobile terminal as a result of the certificate enrollment procedure. In some example embodiments, the client certificate comprises a subscription identifier and a flag indicating whether the client certificate is to be sharable with a second mobile terminal. The method may further include causing a certificate enrollment procedure to be initiated by a second mobile terminal with the first mobile terminal in an instance in which the first mobile terminal possesses one or more credentials that are configured to be shared with another mobile terminal. The method may further include the second mobile terminal receiving at least one credential in the form of a client certificate from the first mobile terminal.

A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake.

The invention provides systems and methods for securely transmitting data between a roaming computer and a managed network service over a shared public network. A secure connection is created between the roaming computer and a server computer that hosts or acts as a secure gateway to the managed network service. The connection is set up and established by a client agent installed on the roaming computer and a connection component of the managed service on the server computer. The client agent and the connection component of the managed service operate, on an initial request from the roaming computer to the managed service to negotiate the secure connection using certificate-based client authentication. The client certificate preferably includes user-specific attributes that can be extracted by the connection component and made available to the managed service to apply processing rules specific to the user.

The invention discloses a secure digital (SD)-password-card-based Internet of things healthcare service system. The system comprises a server, a WEB server, a sensor and a client; and an SD password card stores a client certificate, a certificate authority (CA) public key and a public pks. The invention also discloses a secure communication method of the system. According to the method, an identity authentication process comprises the following steps of: (a), initiating a request; (c), verifying whether ServerCert is legal; (d), encrypting and transmitting data; and (e), decrypting a secure digital serial number (SDSN) and an identity (ID); and (f) acquiring a public key pkc. And an uploading process comprises the following steps of: 1), generating a random number K; 2), signing the K; 3), encrypting the K; 5), verifying a signature; and 6), decrypting the K, wherein the K is used as a communication key. By the system and the method, the security of medical information is ensured, and the advantages of high speed, high security and convenience in management of a symmetrical encryption algorithm are realized, so that health data can be prevented from being stolen, destroyed, modified and unauthorizedly used.

The invention discloses a cross-trust-domain identity authentication method. An identity authentication service module and an authentication terminal module are involved in the method. The identity authentication service module provides an issuing service and a verification service for an identity token, the issuing service of the identity token includes the steps of accepting the application for the identity token, packaging the identity token and issuing the identity token, and the verification service of the identity token includes the steps of verifying the identity token based on a challenge, returning user application system information depending on a valid token and excluding identity tokens of non-valid users through synchronization with an LDAP or a CRL. The authentication terminal module comprises an identity token application module and a client side password module. The identity token application module is in charge of identity token application and maintenance, and the client side password module provides a client side certification and password operation. A user can have access to a whole network through identity authentication at one place, and the trust problem existing in the prior is solved.

The invention discloses a federation chain transaction method. The method comprises the following steps: when receiving a transaction request sent by a client, obtaining a client certificate carried in the transaction request and a service message signed by the client; judging whether the client certificate is valid; When the client certificate is valid, re-signing the service message through thepre-stored private key of the institution node; sending the re-signed service message to a transaction node corresponding to the transaction request. The invention also discloses a federation chain trading device and a computer-readable storage medium. The invention can realize the safe and effective identity authentication of the participants of the alliance chain, thereby ensuring the authenticity and security of the transaction of the alliance chain.

Embodiments of the present invention include methods involving an authentication application, a client application, or a combination of a network access control server with the authentication application and the client application. The client application collects compliance data regarding the user device and communicates the compliance data to the network access control server. The network access control server generates a compliance check result based on whether the compliance data indicates that the user device is compliant with a security policy for the software-as-a-service server. The authentication application grants access by the user device when the compliance check result is positive; and the authentication application denies access by the user device when the compliance check result is negative. In some embodiments, the compliance check result or a user device identifier is stored in a web browser cookie or a client certificate on the user device.

A main CPU of an MFP reads out an IP address or URL of a relay server on the Internet, which is set in an HDD, and connects to the relay server via a firewall using https. The main CPU confirms security of the relay server on the basis of a server certificate. A PC on the Internet accesses the relay server on the Internet, establishes SSL connection, and sends a client certificate. The relay server receives the client certificate from the PC by SSL connection, and sends a server certificate to the PC. If mutual authentication is successfully executed, the PC sends data to the MFP via the relay server and executes such a job as print data transmission, scan data acquisition, or change of setting information.

The invention discloses a method for double-factor bidirectional authentication. The method comprises the following steps: releasing a digital certificate and a CA certificate used for signature during the making of the digital certificate by a secret key system; configuring the configuration files of a client and a server-side so as to support the access of the client to an application interface of the server-side; accessing the application interface of the server-side by the client in a double-factor authentication mode; carrying out first verification on a server-side certificate by the client, carrying out second verification on a client certificate by the server-side, and after passing through of both the first verification and the second verification, allowing the client to access the application interface of the server-side. Besides, the invention discloses a system for double-factor bidirectional authentication, corresponding to the method. The method and the system for double-factor bidirectional authentication have the advantages of higher compatibility, wider application range, simpler design, more efficiency in use, and higher safety in data communication.

The invention provides an authentication method for a client certificate, a server and a client. The authentication method includes the steps that the server receives a certificate chain sent by the client, the certificate chain comprises a second-level CA certificate and a client temporary certificate, the second-level CA certificate includes a first MD5 value corresponding to a hardware feature code of the client, and the client temporary certificate includes a hardware feature code; the server verifies whether the certificate chain is legal or not, if the certificate chain is legal, a corresponding second MD5 value is generated according to the hardware feature code included in the client temporary certificate, the first MD5 value and the second MD5 value are compared whether to be same or not, and if yes, the situation that the identification of the client is effective is determined. Due to the uniqueness of the MD5 values, if the client temporary certificate is stolen, the second MD5 value is bound to be different from the first MD5 value. Therefore, the client can not be counterfeited, and the situation that in the prior art, a digital certificate is stolen and causes identification mistakes is avoided.

Provided is a terminal authentication system including a client terminal and a server device. The client terminal transmits first information based on secret information different for each client terminal and a client certificate including a hash value of the secret information which is derived from the secret information, to a server device. The server device receives the first information and the client certificate, derives a hash value from the secret information based on the first information using a unidirectional function, and authenticates the client terminal on the basis of the derived hash value and the hash value of the secret information which is included in the client certificate.