MY166563A - A system and method of mutual trusted authentication and identity encryption - Google Patents

Abstract

MUTUAL TRUSTED AUTHENTICATION AND IDENTITY ENCRYPTION IS PROVIDED BY UTILIZING TRANSPORT LAYER SECURITY EXTENSION WITH PROPERTIES BASED ATTESTATION MECHANISM. THE SYSTEM OF THE PRESENT INVENTION COMPRISING A SERVER PLATFORM (104) INSTALLED WITH AN INTEGRITY MEASUREMENT ARCHITECTURE (IMA) MODULE (104B); A TRUSTED AUTHORITY MODULE (TA) (104D) ASSOCIATED WITH A SERVER PLATFORM)104); AN INTEGRITY PROPERTIES COLLECTION MODULE (IPCM) (104E) IN COMMUNICATION WITH THE TRUSTED AUTHORITY MODULE (TA) (104D); A CLIENT PLATFORM (102) THAT IS IN COMMUNICATION WITH AND REGISTRABLE TO THE SERVER PLATFORM (104); A TRANSPORT LAYER SECURITY EXTENSION MODULE (TLS EXTENSION MODULE) (104A, 102C) ASSOCIATED WITH THE SERVER PLATFORM (104) AND THE CLIENT PLATFORM (102); AND A TRUSTED PLATFORM MODULE (TPM) (102B, 104C) ASSOCIATED WITH THE SERVER PLATFORM (104) AND SAID CLIENT PLATFORM (102). THE GENERAL PROCESS OF THE PRESENT INVENTION COMPRISES THREE MAIN COMPONENTS, WHEREIN THE FIRST STAGE (402) ESTABLISHES THE SECURITY AND INTEGRITY OF THE SERVER PLATFORM. AFTER THE ESTABLISHMENT OF PROCESS (402), THE NEXT STEP IS TO ESTABLISH IDENTITY ENCRYPTION IN THE SSL/TLS EXTENSION AND ESTABLISH PROPERTY-BASED ATTESTATION INTEGRATED WITH THE TRUSTED AUTHORITY (TA) IN THE SERVER PLATFORM (404). UPON COMPLETION OF THE PROCESSES OF ESTABLISHMENT, COMMUNICATION IS PERFORMED WITH SECURE DATA TRANSMISSION USING MUTUAL TRUSTED IDENTITY ENCRYPTION BETWEEN CLIENT AND SERVER (406) WHEREIN A HANDSHAKE PROTOCOL IS ESTABLISHED TO PRIORITISE EXCHANGE OF THE CERTIFICATES AND KEYS TO ENSURE THE AUTHENTICATION AND ENCRYPTION OF DATA (704). THE MOST ILLUSTRATIVE DRAWING IS