InnovationQ will be updated on Sunday, April 29, from 10am - noon ET. You may experience brief service interruptions during that time.
Browse Prior Art Database

A Scalable way to implement client-server authentication without using certification authorities

IP.com Disclosure Number: IPCOM000033275D
Original Publication Date: 2004-Dec-03
Included in the Prior Art Database: 2004-Dec-03
Document File: 1 page(s) / 39K

Publishing Venue



The article describes a way to establish a secure bi-directional authenticated HTTPS communication using TME

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 62% of the total text.

Page 1 of 1

A Scalable way to implement client-server authentication without using certification authorities

Often, distributed applications, require communicating through HTTPS using a bi-directional (client-server) authentication. In order to do that both the client and the server need to exchange certificates. Without using any certification authority the server creates all the client certificates and distribute them automatically (using a secure channel) or manually, as key stores (communicating the passwords too) to the clients. That approach is not scalable because the user should produce and distribute a different couple of key stores, separately, for each client. Using an infrastructure like TME a different approach can be adopted.

    We avoid to generate all the certificates for all the clients and to distribute them to the client, generating a single guest certificate. The server sends, using a secure channel, the same couple of certificates {guest certificate, server certificate} to each client. This can be done automatically in a very easy way. This is definitively scalable and it is secure, as the non-scalable way because we send the guest certificate as a key store which password will be never saved locally. Malicious those obtain the guest certificate cannot use it without the password. The same method can be implemented without using the guest certificate but using it we avoid opening two different ports on the server side two implement on the same server two di...