US 7,321,971 B2
System and method for secure remote access
Mark F. Wilding, Barrie (Canada); and Randall W. Horman, Toronto (Canada)
Assigned to International Business Machines Corporation, Armonk, N.Y. (US)
Filed on Jan. 07, 2004, as Appl. No. 10/752,027.
Claims priority of application No. 2438357 (CA), filed on Aug. 26, 2003.
Prior Publication US 2005/0050329 A1, Mar. 03, 2005
Int. Cl. G04L 9/00 (2006.01)
U.S. Cl. 713—169  [726/14; 713/151] 15 Claims
OG exemplary drawing
 
1. A method of directing a client to establish a secure connection with a server across a network comprising:
(a) exchanging a server authentication public key, a client authentication public key, and a remote service unique identifier between a client and a server during a registration process;
(b) transmitting from the client to the server a client information package encrypted with a temporary server public key, wherein the client information package includes the unique identifier and a client challenge information package encrypted with the server authentication public key and indicating a client session public key;
(c) receiving at the server the client information package having the unique identifier and the client challenge information package encrypted with the server authentication public key and decrypting the received client information package utilizing a temporary server private key;
(d) retrieving an associated server authentication private key utilizing the received unique identifier as an index;
(e) decrypting and verifying the client challenge information package with the server authentication private key;
(f) transmitting from the server to the client a server information package encrypted with the client session public key indicated in the received client information package, wherein the server information package includes the unique identifier and a server challenge information package encrypted with the client authentication public key and indicating a server session public key;
(g) receiving at the client the server information package having the unique identifier and the server challenge information package encrypted with the client authentication public key and decrypting the received server information package utilizing a client session private key;
(h) decrypting and verifying the server challenge information package with the client authentication private key; and
(i) transmitting to the server an encrypted portion of the received server challenge information utilizing the server session public key indicated in the received server information package.