METHOD AND SYSTEM FOR STEPPING UP TO CERTIFICATE-BASED AUTHENTICATION WITHOUT BREAKING AN EXISTING SSL SESSION

摘要

A method is presented for performing authentication operations. When a clientrequests a resource from a server, a non-certificate~based authenticationoperation is performed through an SSL (Secure Sockets Layer) session betweenthe server and the client, When the client requests another resource, theserver determines to step up to a more restrictive level of authentication,and a certificate-based authentication operation is performed through the SSLsession without exiting or renegotiating the SSL session prior to completionof the certificate-based authentication operation. During the certificate-based authentication procedure, an executable module is downloaded to theclient from the server through the SSL session, after which the serverreceives through the SSL session a digital signature that has been generatedby the executable module using a digital certificate at the client. Inresponse to successfully verifying the digital signature at the server, theserver provides access to a requested resource.