Client-server opaque token passing apparatus and method
US8185942B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 8, 2008 |
| Grant date | May 22, 2012 |
| Priority date | — |
| Expiry date | Jan 24, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/56
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
In the computer client-server context, typically used in the Internet for communicating between a central server and user computers (clients), a method is provided for token passing which enhances security for client-server communications. The token passing is opaque, that is tokens as generated by the client and server are different and can be generated only by one or the other but can be verified by the other. This approach allows the server to remain stateless, since all state information is maintained at the client side. This operates to authenticate the client to the server and vice versa to defeat hacking attacks, that is, penetrations intended to obtain confidential information. The token as passed includes encrypted values including encrypted random numbers generated separately by the client and server, and authentication values based on the random numbers and other verification data generated using cryptographic techniques.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.