(54) COMPUTER NETWORK SECURITY SYSTEM
(75) Inventors: Thomas F. Wenisch, Narragansett, RI (US); Stephen R. Berard, Seattle, WA (US); David J. Smith, East Greenwich, RI (US)
(73) Assignee: American Power Conversion, West Kingston, RI (US)
( * ) Notice: Subject to any disclaimer, the term of this patent is extended or adjusted under 35 U.S.C. 154(b) by 842 days.
(21) Appl. No.: 09/925,958
(22) Filed: Aug. 9, 2001
(65) Prior Publication Data
US 2003/0033545 Al Feb. 13, 2003
(51) Int. CI.
H04L 9/32 (2006.01)
G06F 7/04 (2006.01)
(52) U.S. CI 713/185; 726/5
(58) Field of Classification Search 713/202,
713/153, 201, 168 See application file for complete search history.
(56) References Cited
U.S. PATENT DOCUMENTS
6,766,454 Bl * 7/2004 Riggins 713/185
A method and system are provided for authenticating a user of a computer over a computer network. In one embodiment of the invention, the method includes transmitting an applet having a challenge string and a first encryption key, receiving a login packet having the challenge string and a password that is encrypted using the first encryption key, decrypting the password, receiving information from an authentication provider, and authenticating the password by using the information provided by the authentication provider. The challenge string can be either a sequence number or a session identifier. The authentication provider can be a software program or an authentication server. An advantage of embodiments of the present invention is that a computer can provide secure Internet communications using a web browser that does not support SSL and can provide secure integration with third party security systems.
34 Claims, 6 Drawing Sheets