US Patent 8423759 Method of bootstrapping an authenticated data session configuration

An inventive method is disclosed for bootstrapping a trusted client public key at the server side in a client-server model of e-commerce or distributed computer applications. Generally, the invention integrates security technique elements and user procedural elements in such a way that no vulnerability arises due to the decoupling of elements. It is thus aimed at high security application areas. The readily available support of X.509 client security certificates in web browsers is advantageous for easy deployment at the client side. However, serious usability flaws deter the use of client certificates despite their potential for high security client authentication. The invention circumvents this contradiction at the client registration phase, and extends the benefits of simplified reliance on client public-private key pair to production use of the circumvention. Many variations of the inventive idea are disclosed, including the use of a dummy client security certificate that addresses the interoperability pitfalls of the X.509 technology while the trust in the client public key rests on other elements of the inventive method.