Method for authenticating a communication channel between a client and a server

摘要

A method for authenticating a communication channel between a client and server has been disclosed. The method employs a mutual authentication payload (MAP) protocol that enables mutual authentication between a client and server system in a convenient user-friendly manner while providing seamless and automated portability to the clients. In the process of mutual authentication, the client verifies that the server entity is indeed the intended entity and is trusted. Likewise, the server verifies if the client entity initiating the exchange is indeed the intended entity and is trusted. Accordingly, this verification process involves multi-factor authentication factors contained within the MAP protocol.

主权项

1. A method for authenticating a communication channel between a client and server comprising:
the sequential steps of: generating a mutual authentication payload (MAP) by encrypting a multi-factor authentication (MFA) key; and exchanging the MAP between the client and server along with its digital signature using a prior exchanged asymmetric key-pair via an out-of-band channel between the client and server; wherein the exchanging step comprises of:transmission of a server side MAP, extracting a server-MFA key by decrypting the MAP, authenticating the server-MFA key and verification of decrypted server-MFA key's integrity by verification of digital signature accompanying the server MAP, generating a client side MAP, extracting a client-MFA key by decrypting the client-MAP at the server, authenticating the client-MFA key and verification of decrypted client-MFA key's integrity by verification of digital signature accompanying the client MAP at server side; wherein an establishment of the sender (client) key-pair on a target workstation computer comprises:
verifying the identity of the client using an independent out-of-band channel such as Text Message, USSD, e-mail, but not limited to these; installing the key-pair of the client encrypted with a key derived from a container fingerprint unique to the target workstation computer.