The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
May. 22, 2012
Filed:
Jul. 08, 2008
Augustin J. Farrugia, Cupertino, CA (US);
Gianpaolo Fasoli, Palo Alto, CA (US);
Jean-francois Riendeau, Santa Clara, CA (US);
Michael L. H. Brouwer, Sunnyvale, CA (US);
Justin Henzie, Concord, CA (US);
Augustin J. Farrugia, Cupertino, CA (US);
Gianpaolo Fasoli, Palo Alto, CA (US);
Jean-Francois Riendeau, Santa Clara, CA (US);
Michael L. H. Brouwer, Sunnyvale, CA (US);
Justin Henzie, Concord, CA (US);
Apple Inc., Cupertino, CA (US);
Abstract
In the computer client-server context, typically used in the Internet for communicating between a central server and user computers (clients), a method is provided for token passing which enhances security for client-server communications. The token passing is opaque, that is tokens as generated by the client and server are different and can be generated only by one or the other but can be verified by the other. This approach allows the server to remain stateless, since all state information is maintained at the client side. This operates to authenticate the client to the server and vice versa to defeat hacking attacks, that is, penetrations intended to obtain confidential information. The token as passed includes encrypted values including encrypted random numbers generated separately by the client and server, and authentication values based on the random numbers and other verification data generated using cryptographic techniques.