公开(公告)号：US08146141B1

公开(公告)日：2012-03-27

申请号：US11014127

申请日：2004-12-16

申请人： Michael Grandcolas ,  Marc Guzman ,  Thomas Yee ,  Dilip Parekh ,  Yongqiang Chen

发明人： Michael Grandcolas ,  Marc Guzman ,  Thomas Yee ,  Dilip Parekh ,  Yongqiang Chen

IPC分类号： G06F7/04

CPC分类号： H04L9/3226 ,  H04L9/0825 ,  H04L63/045 ,  H04L63/0853 ,  H04L2209/56

摘要： A method and system for securely logging onto a banking system authentication server so that a user credential never appears in the clear during interaction with the system in which during a log on process, an encryption applet and the public key of a public/private key pair of a banking application server, the private key for which is known by a hardware security module (HSM) of the banking application, are downloaded by a user's browser. The applet contains code for generating a DES key and performing DES and PKI encryption. A user's credential is DES encrypted, and the DES key is PKI encrypted with the public key of the application server by the applet before being transmitted to the application server. Within the HSM of the application server, the HSM decrypts and re-encrypts the credential under a new DES key known to the authentication server, the re-encrypted credential is forwarded to the authentication server, decrypted with the new DES key known to the authentication server, and verified by the authentication server.

摘要翻译： 一种用于安全地登录到银行系统认证服务器的方法和系统，使得用户证书在与登录过程中的系统的交互期间不会出现在清楚中，其中在登录过程中，加密小程序和公钥/私钥对的公钥 的银行应用服务器，其私钥由银行应用的硬件安全模块（HSM）知道，由用户的浏览器下载。 该小程序包含用于生成DES密钥和执行DES和PKI加密的代码。 用户的凭证被DES加密，并且DES密钥在被发送到应用服务器之前由小应用程序使用应用服务器的公钥进行PKI加密。 在应用服务器的HSM内，HSM在认证服务器已知的新DES密钥下对证书进行解密和重新加密，将重新加密的证书转发给认证服务器，并使用认证已知的新DES密钥进行解密 服务器，并由验证服务器验证。