Token distribution, registration, and dynamic configuration of user entitlement for an application level security system and method

Assignee

• V-ONE Co., LTD. · US

Inventors

• James F. Chen · Potomac, US
• Jieh-Shan Wang · Potomac, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2211/008
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A shared secret key distribution system which enables secure on-line registration for services provided by an application server through an application level security system or firewall utilizes an authentication token containing a server public key. The server public key is used to encrypt a client-generated portion of the shared secret key, and the encrypted client-generated key is sent to the server where it is recovered using a private key held by the server and combined with a server generated portion of the shared secret key to form the shared secret key. The server generated portion of the shared secret key is then encrypted by the client-generated portion of the shared secret key and transmitted to the client for recovery and combination with the client-generated portion of the shared secret key, at which time both the client and server are in possession of the shared secret key, which can then be used for mutual authentication and development of session keys to secure subsequent communications. The session keys can be used to provide dynamic configuration of a client system to provide for different or changing user entitlements.