发明名称 |
System and method for establishing trust using secure transmission protocols |
摘要 |
A system, apparatus, method, and machine readable medium are described for establishing trust using secure communication protocols. For example, one embodiment of a method comprises: generating a first authentication-related communication at an authentication server on behalf of a relying party the first authentication-related communication being directed to a client device having one or more authenticators; signing the first authentication-related communication using a first key of a self-signed certificate from a decentralized public key infrastructure (PKI); establishing a first secure communication channel with a relying party app on the client device using a trusted secure communication infrastructure; transmitting the first authentication-related communication with the signature to the relying party app over the first secure communication channel; establishing a second secure communication channel with an authentication client on the client device using a trusted secure communication infrastructure; transmitting a second key of the self-signed certificate from the decentralized PKI to the authentication client over the second communication channel; providing the first authentication-related communication from the relying party app to the authentication client; and the authentication client using the second key to validate the signature generated over the first authentication-related communication with the first key. |
申请公布号 |
US9455979(B2) |
申请公布日期 |
2016.09.27 |
申请号 |
US201414448697 |
申请日期 |
2014.07.31 |
申请人 |
NOK NOK LABS, INC. |
发明人 |
Blanke William J. |
分类号 |
H04L29/06;H04L9/00 |
主分类号 |
H04L29/06 |
代理机构 |
Nicholson De Vos Webster & Elliott LLP |
代理人 |
Nicholson De Vos Webster & Elliott LLP |
主权项 |
1. A method comprising:
generating a first authentication-related communication at an authentication server on behalf of a relying party the first authentication-related communication being directed to a client device having one or more authenticators; signing the first authentication-related communication using a first key of a self-signed certificate from a decentralized public key infrastructure (PKI); establishing a first secure communication channel with a relying party app on the client device using a trusted secure communication infrastructure; transmitting the first authentication-related communication with the signature to the relying party app over the first secure communication channel; establishing a second secure communication channel with an authentication client on the client device using a trusted secure communication infrastructure; transmitting a second key of the self-signed certificate from the decentralized PKI to the authentication client over the second communication channel; providing the first authentication-related communication from the relying party app to the authentication client; and the authentication client using the second key to validate the signature generated over the first authentication-related communication with the first key. |
地址 |
Palo Alto CA US |