Detection of data exfiltration
US-10462116-B1 · Oct 29, 2019 · US
Method of performing integrity verification between client and server and encryption security protocol-based communication method of supporting integrity verification between client and server
US10958664B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10958664-B2 |
| Application number | US-201816135290-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 19, 2018 |
| Priority date | Sep 22, 2017 |
| Publication date | Mar 23, 2021 |
| Grant date | Mar 23, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An encryption security protocol-based communication method of supporting integrity verification between a client and a server includes receiving, by the server, a first message from the client, the first message including a request for a first integrity verification of the client so as to start a handshake of a transport layer security (TLS) connection, transmitting, by the server, a second message to the client, the second message including a request for first verification information for the first integrity verification, receiving, by the server, the first verification information from the client, and performing the first integrity verification by using the first verification information, and finishing the handshake and performing data communication between the client and the server based on a result of the first integrity verification.
First claim
Opening claim text (preview).
What is claimed is: 1. An encryption security, protocol-based communication method of supporting integrity verification between a client and a server, the encryption security protocol-based communication method comprising: receiving, by the server, a first message from the client, the first message comprising a request for a first integrity verification of the client so as to start a handshake of a transport layer security (TLS) connection; transmitting, by the server, a second message to the client, the second message comprising a request for first verification information for the first integrity verification; receiving, by the server, the first verification information from the client, and performing the first integrity verification by using the first verification information; and finishing the handshake and performing data communication between the client and the server based on a result of the first integrity verification, wherein performing the first integrity verification includes decrypting software configuration signature information provided in the first verification information and verifying the integrity of the client by comparing a value obtained by decrypting the software configuration signature information of the client by using a first public key with a software configuration value of the client included in a client certificate. 2. The encryption security protocol-based communication method of claim 1 , wherein the first message further comprises a client hello message comprising at least one of TLS protocol version information of the client, session ID field information of the client, first secure random data, a list of encryption algorithms supportable in the client, and a list of compression methods supportable in the client. 3. The encryption security protocol-based communication method of claim 2 , wherein the second message further comprises a server hello message comprising at least one of TLS protocol version information of the server, session ID field information of the server, second secure random data, an encryption algorithm selected from the list of the encryption algorithms, and a compression method selected from the list of the compression methods. 4. The encryption security protocol-based communication method of claim 1 , wherein the request for the first integrity verification comprises software configuration type information of the client. 5. The encryption security protocol-based communication method of claim 1 , wherein the first verification information comprises the client certificate, software configuration type information of the client, and the software configuration value of the client, and the software configuration type information of the client and the software configuration value of the client are stored in a secure memory region of the client. 6. The encryption security protocol-based communication method of claim 1 , wherein the first verification information comprises the client certificate, and the client certificate comprises a first public key, software configuration type information of the client, and the software configuration value of the client. 7. The encryption security protocol-based communication method of claim 6 , wherein the first verification information further comprises the software configuration signature information of the client, and the client generates the software configuration signature information of the client in response to the request for the first verification information by encrypting a current software configuration value of the client by using a first private key corresponding to the first public key. 8. The encryption security protocol-based communication method of claim 7 , wherein the software configuration value of the client and the current software configuration value of the client are hash values generated by using a hash algorithm. 9. The encryption security protocol-based communication method of claim 6 , wherein the performing of the first integrity verification further comprises performing, by the server, verification of the client certificate. 10. The encryption security protocol-based communication method of claim 6 , wherein the software configuration type information of the client is information indicating one of a non-configuration type, a process map type of the client, a security policy type of the client, a process map-security policy type, and a user-defined type. 11. The encryption security protocol-based communication method of claim 6 , wherein the software configuration type information of the client and the software configuration value of the client are included in an extension region of the client certificate. 12. The encryption security protocol-based communication method of claim 1 , wherein the second message further comprises a request for a second integrity verification of the server and second verification information for the second integrity verification, and the encryption security protocol-based communication method further comprises performing, by the client, the second integrity verification by using the second verification information. 13. The encryption security protocol-based communication method of claim 12 , wherein the second verification information comprises a server certificate, and the server certificate comprises a second public key, software configuration type information of the server, and a software configuration value of the server. 14. The encryption security protocol-based communication method of claim 13 , wherein the second verification information further comprises software configuration signature information of the server, and the server generates the software configuration signature information of the server by encrypting a current software configuration value of the server by using a second private key corresponding to the second public key. 15. The encryption security protocol-based communication method of claim 14 , wherein the performing of the second integrity verification comprises comparing, by the client, a value obtained by decrypting the software configuration signature information of the server by using the second public key with the software configuration value of the server. 16. The encryption security protocol-based communication method of claim 13 , wherein the performing of the second integrity verification further comprises performing, by the client, verification of the server certificate. 17. The encryption security protocol-based communication method of claim 1 , wherein the encryption security protocol is a secure socket layer (SSL)/transport layer security (TLS) protocol.
Assignees
Inventors
Classifications
Protocols · CPC title
for mutual authentication (network architectures or network communication protocols for achieving mutual authentication in a packet data network H04L63/0869) · CPC title
involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements (network architectures or network communication protocols for supporting authentication of entities using certificates in a packet data network H04L63/0823) · CPC title
involving additional devices, e.g. trusted platform module [TPM], smartcard or USB · CPC title
involving digital signatures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10958664B2 cover?
- An encryption security protocol-based communication method of supporting integrity verification between a client and a server includes receiving, by the server, a first message from the client, the first message including a request for a first integrity verification of the client so as to start a handshake of a transport layer security (TLS) connection, transmitting, by the server, a second mes…
- Who is the assignee on this patent?
- Samsung Electronics Co Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/123. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 23 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).