ATE446638T1 - Verfahren und system zum heraufgehen zu einer auf zertifikaten basierenden authentifizierung ohne brechung einer existierenden ssl-sitzung - Google Patents

Verfahren und system zum heraufgehen zu einer auf zertifikaten basierenden authentifizierung ohne brechung einer existierenden ssl-sitzung

Info

Publication number
ATE446638T1
ATE446638T1 AT04766174T AT04766174T ATE446638T1 AT E446638 T1 ATE446638 T1 AT E446638T1 AT 04766174 T AT04766174 T AT 04766174T AT 04766174 T AT04766174 T AT 04766174T AT E446638 T1 ATE446638 T1 AT E446638T1
Authority
AT
Austria
Prior art keywords
server
certificate
based authentication
ssl session
client
Prior art date
Application number
AT04766174T
Other languages
German (de)
English (en)
Inventor
Paul Ashley
Sridhar Muppidi
Mark Vandenwauver
Original Assignee
Ibm
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ibm filed Critical Ibm
Application granted granted Critical
Publication of ATE446638T1 publication Critical patent/ATE446638T1/de

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/40User authentication by quorum, i.e. whereby two or more security principals are required
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/22Arrangements for preventing the taking of data from a data transmission channel without authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer And Data Communications (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Devices For Checking Fares Or Tickets At Control Points (AREA)
  • Treatment And Processing Of Natural Fur Or Leather (AREA)
AT04766174T 2003-07-17 2004-07-09 Verfahren und system zum heraufgehen zu einer auf zertifikaten basierenden authentifizierung ohne brechung einer existierenden ssl-sitzung ATE446638T1 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/621,927 US7395424B2 (en) 2003-07-17 2003-07-17 Method and system for stepping up to certificate-based authentication without breaking an existing SSL session
PCT/EP2004/051435 WO2005015872A1 (en) 2003-07-17 2004-07-09 Method and system for stepping up to certificate-based authentication without breaking an existing ssl session

Publications (1)

Publication Number Publication Date
ATE446638T1 true ATE446638T1 (de) 2009-11-15

Family

ID=34063095

Family Applications (1)

Application Number Title Priority Date Filing Date
AT04766174T ATE446638T1 (de) 2003-07-17 2004-07-09 Verfahren und system zum heraufgehen zu einer auf zertifikaten basierenden authentifizierung ohne brechung einer existierenden ssl-sitzung

Country Status (9)

Country Link
US (1) US7395424B2 (enExample)
EP (1) EP1661362B1 (enExample)
JP (1) JP4886508B2 (enExample)
KR (1) KR100946110B1 (enExample)
CN (1) CN100534092C (enExample)
AT (1) ATE446638T1 (enExample)
CA (1) CA2528486C (enExample)
DE (1) DE602004023728D1 (enExample)
WO (1) WO2005015872A1 (enExample)

Families Citing this family (74)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7403995B2 (en) * 2003-01-08 2008-07-22 Outhink, Inc. Symmetrical bi-directional communication
JP2004334330A (ja) * 2003-04-30 2004-11-25 Sony Corp 端末機器、提供サーバ、電子情報利用方法、電子情報提供方法、端末機器プログラム、提供サーバプログラム、仲介プログラム、及び記憶媒体
US9614772B1 (en) 2003-10-20 2017-04-04 F5 Networks, Inc. System and method for directing network traffic in tunneling applications
US20050228999A1 (en) * 2004-04-09 2005-10-13 Arcot Systems, Inc. Audit records for digitally signed documents
US8185945B1 (en) * 2005-03-02 2012-05-22 Crimson Corporation Systems and methods for selectively requesting certificates during initiation of secure communication sessions
US9692725B2 (en) 2005-05-26 2017-06-27 Citrix Systems, Inc. Systems and methods for using an HTTP-aware client agent
US9621666B2 (en) 2005-05-26 2017-04-11 Citrix Systems, Inc. Systems and methods for enhanced delta compression
US9407608B2 (en) 2005-05-26 2016-08-02 Citrix Systems, Inc. Systems and methods for enhanced client side policy
US8397287B2 (en) * 2006-08-21 2013-03-12 Citrix Systems, Inc. Method and system for authorizing a level of access of a client to a virtual private network connection, based on a client-side attribute
US8943304B2 (en) * 2006-08-03 2015-01-27 Citrix Systems, Inc. Systems and methods for using an HTTP-aware client agent
US20060294366A1 (en) * 2005-06-23 2006-12-28 International Business Machines Corp. Method and system for establishing a secure connection based on an attribute certificate having user credentials
NL1030558C2 (nl) * 2005-11-30 2007-05-31 Sdu Identification Bv Systeem en werkwijze voor het aanvragen en verstrekken van een autorisatiedocument.
US8316429B2 (en) * 2006-01-31 2012-11-20 Blue Coat Systems, Inc. Methods and systems for obtaining URL filtering information
FR2897489B1 (fr) * 2006-02-15 2008-04-25 Credit Lyonnais Sa Authentification en toute confiance d'un utilisateur par un serveur
US20070283142A1 (en) * 2006-06-05 2007-12-06 Microsoft Corporation Multimode authentication using VOIP
US20070283143A1 (en) * 2006-06-06 2007-12-06 Kabushiki Kaisha Toshiba System and method for certificate-based client registration via a document processing device
US8566925B2 (en) * 2006-08-03 2013-10-22 Citrix Systems, Inc. Systems and methods for policy based triggering of client-authentication at directory level granularity
US8413229B2 (en) 2006-08-21 2013-04-02 Citrix Systems, Inc. Method and appliance for authenticating, by an appliance, a client to access a virtual private network connection, based on an attribute of a client-side certificate
US8181227B2 (en) * 2006-08-29 2012-05-15 Akamai Technologies, Inc. System and method for client-side authenticaton for secure internet communications
US20080091817A1 (en) * 2006-10-12 2008-04-17 Technology Patents, Llc Systems and methods for locating terrorists
US8051475B2 (en) * 2006-11-01 2011-11-01 The United States Of America As Represented By The Secretary Of The Air Force Collaboration gateway
US20080215675A1 (en) * 2007-02-01 2008-09-04 Worklight Ltd. Method and system for secured syndication of applications and applications' data
JP4494521B2 (ja) * 2007-06-27 2010-06-30 Gmoグローバルサイン株式会社 サーバ証明書発行システム
CN100512313C (zh) * 2007-08-08 2009-07-08 西安西电捷通无线网络通信有限公司 一种增强安全性的可信网络连接系统
CN101388772B (zh) * 2007-09-10 2011-11-30 捷德(中国)信息科技有限公司 一种数字签名方法和系统
CN101388771B (zh) * 2007-09-10 2010-12-15 捷德(中国)信息科技有限公司 一种下载数字证书的方法和系统
US8230435B2 (en) 2008-02-12 2012-07-24 International Business Machines Corporation Authenticating a processing system accessing a resource
US8412932B2 (en) * 2008-02-28 2013-04-02 Red Hat, Inc. Collecting account access statistics from information provided by presence of client certificates
US9832069B1 (en) 2008-05-30 2017-11-28 F5 Networks, Inc. Persistence based on server response in an IP multimedia subsystem (IMS)
US20100031312A1 (en) * 2008-07-29 2010-02-04 International Business Machines Corporation Method for policy based and granular approach to role based access control
JP4252620B1 (ja) * 2008-08-27 2009-04-08 グローバルサイン株式会社 サーバ証明書発行システム
JP2010108237A (ja) * 2008-10-30 2010-05-13 Nec Corp 情報処理システム
US8924707B2 (en) * 2009-04-28 2014-12-30 Hewlett-Packard Development Company, L.P. Communicating confidential information between an application and a database
US8418079B2 (en) 2009-09-01 2013-04-09 James J. Nicholas, III System and method for cursor-based application management
US8887264B2 (en) * 2009-09-21 2014-11-11 Ram International Corporation Multi-identity access control tunnel relay object
JP5105291B2 (ja) * 2009-11-13 2012-12-26 セイコーインスツル株式会社 長期署名用サーバ、長期署名用端末、長期署名用端末プログラム
US10015286B1 (en) 2010-06-23 2018-07-03 F5 Networks, Inc. System and method for proxying HTTP single sign on across network domains
JP2012043154A (ja) * 2010-08-18 2012-03-01 Canon Inc 情報処理装置及びその制御方法
US20120079278A1 (en) * 2010-09-28 2012-03-29 Microsoft Corporation Object security over network
CN101964800B (zh) * 2010-10-21 2015-04-22 神州数码网络(北京)有限公司 一种在ssl vpn中对数字证书用户认证的方法
JP5569440B2 (ja) * 2011-03-11 2014-08-13 ブラザー工業株式会社 通信装置およびコンピュータプログラム
US10110591B2 (en) * 2011-04-01 2018-10-23 Clawd Technologies Inc. System, method, server and computer-readable medium for real-time verification of a status of a member of an organization
JP5417628B2 (ja) * 2011-04-08 2014-02-19 株式会社日立製作所 署名サーバ、署名システム、および、署名処理方法
US8584224B1 (en) * 2011-04-13 2013-11-12 Symantec Corporation Ticket based strong authentication with web service
CN102195781B (zh) * 2011-05-30 2013-07-10 武汉理工大学 一种基于电子记录关联签名的电子证据取证系统
US9047456B2 (en) 2012-03-20 2015-06-02 Canon Information And Imaging Solutions, Inc. System and method for controlling access to a resource
US9165126B1 (en) * 2012-10-30 2015-10-20 Amazon Technologies, Inc. Techniques for reliable network authentication
US10205750B2 (en) * 2013-03-13 2019-02-12 Intel Corporation Policy-based secure web boot
WO2014142857A1 (en) 2013-03-14 2014-09-18 Hewlett-Packard Development Company, L.P. Wireless communication of a user identifier and encrypted time-sensitive data
US9288208B1 (en) * 2013-09-06 2016-03-15 Amazon Technologies, Inc. Cryptographic key escrow
US9130996B1 (en) * 2014-03-26 2015-09-08 Iboss, Inc. Network notifications
US9300656B2 (en) 2014-08-21 2016-03-29 International Business Machines Corporation Secure connection certificate verification
US10250594B2 (en) 2015-03-27 2019-04-02 Oracle International Corporation Declarative techniques for transaction-specific authentication
US9690525B2 (en) * 2015-05-06 2017-06-27 Citrix Systems, Inc. Availability of devices based on location
US10225283B2 (en) 2015-10-22 2019-03-05 Oracle International Corporation Protection against end user account locking denial of service (DOS)
US10257205B2 (en) * 2015-10-22 2019-04-09 Oracle International Corporation Techniques for authentication level step-down
US10164971B2 (en) 2015-10-22 2018-12-25 Oracle International Corporation End user initiated access server authenticity check
US10158489B2 (en) 2015-10-23 2018-12-18 Oracle International Corporation Password-less authentication for access management
JP6108246B2 (ja) * 2015-11-04 2017-04-05 ブラザー工業株式会社 プリンタ
JP6551176B2 (ja) * 2015-11-10 2019-07-31 富士通株式会社 認証制御方法、認証プログラム、エージェントプログラム、サーバ装置、及びクライアント装置
EP3542274B1 (en) * 2016-11-18 2025-01-01 Veritas Technologies LLC Systems and methods for performing secure backup operations
US11107068B2 (en) 2017-08-31 2021-08-31 Bank Of America Corporation Inline authorization structuring for activity data transmission
US10523658B2 (en) * 2017-09-05 2019-12-31 Citrix Systems, Inc. Securing a data connection for communicating between two end-points
EP3544252A1 (en) * 2018-03-19 2019-09-25 Virtual Solution AG Methods and apparatus for controlling application-specific access to a secure network
US11005971B2 (en) * 2018-08-02 2021-05-11 Paul Swengler System and method for user device authentication or identity validation without passwords or matching tokens
CA3108917A1 (en) * 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11288399B2 (en) * 2019-08-05 2022-03-29 Visa International Service Association Cryptographically secure dynamic third party resources
FR3111203B1 (fr) * 2020-06-08 2023-02-10 Evidian Dispositif informatique et procédé pour l’authentification d’un utilisateur
CN111970301B (zh) * 2020-08-27 2022-11-04 北京浪潮数据技术有限公司 一种容器云平台安全通信系统
CN112751825B (zh) * 2020-12-07 2022-09-16 湖南麒麟信安科技股份有限公司 基于ssl证书的软件源发布权限控制方法及系统
US11341796B1 (en) 2021-01-04 2022-05-24 Bank Of America Corporation System for secure access and initiation using a remote terminal
CN113032829B (zh) * 2021-03-26 2022-06-10 山东英信计算机技术有限公司 多通道并发的文件权限管理方法、装置、服务器和介质
CN113347010B (zh) * 2021-08-05 2021-11-05 深圳市财富趋势科技股份有限公司 基于ssl-tls协议的双向认证方法、系统
CN117544318B (zh) * 2023-11-29 2024-10-01 中金金融认证中心有限公司 协同签名增强认证方法及增强认证系统

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6380365A (ja) * 1986-09-24 1988-04-11 Hitachi Ltd 端末装置における不正取引防止方法
JP3505058B2 (ja) * 1997-03-28 2004-03-08 株式会社日立製作所 ネットワークシステムのセキュリティ管理方法
US6094485A (en) 1997-09-18 2000-07-25 Netscape Communications Corporation SSL step-up
GB2337671B (en) 1998-05-16 2003-12-24 Ibm Security mechanisms in a web server
WO2000027089A1 (en) 1998-10-30 2000-05-11 Lockstar, Inc. Secure authentication for access to back-end resources
US6367009B1 (en) 1998-12-17 2002-04-02 International Business Machines Corporation Extending SSL to a multi-tier environment using delegation of authentication and authority
ES2263474T3 (es) * 1999-05-21 2006-12-16 International Business Machines Corporation Metodo y aparato para inicializar comunicaciones seguras entre dispositivos inalambricos y para emparejarlos en forma exclusiva.
US6584567B1 (en) * 1999-06-30 2003-06-24 International Business Machines Corporation Dynamic connection to multiple origin servers in a transcoding proxy
US6609198B1 (en) 1999-08-05 2003-08-19 Sun Microsystems, Inc. Log-on service providing credential level change without loss of session continuity
US6928550B1 (en) * 2000-01-06 2005-08-09 International Business Machines Corporation Method and system for generating and using a virus free file certificate
JP2001202437A (ja) * 2000-01-20 2001-07-27 Kyocera Communication Systems Co Ltd サービスシステム
WO2001060012A2 (en) * 2000-02-11 2001-08-16 Verimatrix, Inc. Web based human services conferencing network
WO2001080479A1 (en) 2000-04-14 2001-10-25 Wu Wen Delayed commitment scheme to prevent attacks based on compromised certificates
JP2002007345A (ja) * 2000-06-16 2002-01-11 Osaka Gas Co Ltd ユーザ認証方法
US7134137B2 (en) * 2000-07-10 2006-11-07 Oracle International Corporation Providing data to applications from an access system
WO2002039237A2 (en) 2000-11-09 2002-05-16 International Business Machines Corporation Method and system for web-based cross-domain single-sign-on authentication
WO2002091662A1 (en) 2001-05-01 2002-11-14 Vasco Data Security, Inc. Use and generation of a session key in a secure socket layer connection
US6920556B2 (en) 2001-07-20 2005-07-19 International Business Machines Corporation Methods, systems and computer program products for multi-packet message authentication for secured SSL-based communication sessions
GB2378010A (en) 2001-07-27 2003-01-29 Hewlett Packard Co Mulit-Domain authorisation and authentication
CN1268088C (zh) * 2001-11-29 2006-08-02 东南大学 基于pki的vpn密钥交换的实现方法

Also Published As

Publication number Publication date
DE602004023728D1 (de) 2009-12-03
EP1661362B1 (en) 2009-10-21
US20050015594A1 (en) 2005-01-20
JP2009514262A (ja) 2009-04-02
CN100534092C (zh) 2009-08-26
CN1823513A (zh) 2006-08-23
CA2528486A1 (en) 2005-02-17
KR100946110B1 (ko) 2010-03-10
KR20060032625A (ko) 2006-04-17
CA2528486C (en) 2012-07-24
JP4886508B2 (ja) 2012-02-29
US7395424B2 (en) 2008-07-01
EP1661362A1 (en) 2006-05-31
WO2005015872A1 (en) 2005-02-17

Similar Documents

Publication Publication Date Title
ATE446638T1 (de) Verfahren und system zum heraufgehen zu einer auf zertifikaten basierenden authentifizierung ohne brechung einer existierenden ssl-sitzung
US10541991B2 (en) Method for OAuth service through blockchain network, and terminal and server using the same
JP2009514262A5 (enExample)
US8301876B2 (en) Techniques for secure network communication
CN109818946B (zh) Ca证书申请和部署的方法和系统
CN111062023B (zh) 多应用系统实现单点登录的方法及装置
ATE397349T1 (de) Sicheres verfahren zur benachrichtigung einer dienstbeendigung
CN1698336A (zh) 通信设备和验证设备
DE60335664D1 (de) Authentifizierungsverfahren
CN104917740B (zh) 一种密码重置方法、密码验证方法及装置
CN109792604A (zh) 一种eUICC配置文件管理方法及相关装置
CN101047504A (zh) 一种网站登录认证方法及认证系统
CN101626291B (zh) 一种基于ecc算法的身份认证系统和身份认证方法
CN112653685B (zh) 客户端辅助进项通道云端交互的方法及电子设备
CN106331003A (zh) 一种云桌面上应用门户系统的访问方法及装置
CN105337967B (zh) 实现用户登录目标服务器的方法、系统和中心服务器
CN118153024B (zh) 服务器证书应用风险检测方法、装置、设备和存储介质
KR20220096270A (ko) 동적 토큰 생성 에이전트를 이용한 단말기 기반 싱글 사인 온 인증 방법 및 시스템
CN104717187B (zh) 一种登录方法及设备
CN112448920A (zh) 网站访问监控方法、装置、服务器及计算机可读存储介质
CN112507343A (zh) 一种bios更新方法、装置、设备及介质
JP5289481B2 (ja) 永続無線ネットワーク接続を維持する方法、装置、及びプログラム
CN107547466A (zh) 一种简单网络协议认证方法及装置
US12278911B2 (en) Certificate issuance support system, certificate issuance support method and program
CN111092864A (zh) 一种会话保护方法、装置、设备及可读存储介质

Legal Events

Date Code Title Description
RER Ceased as to paragraph 5 lit. 3 law introducing patent treaties