Method and system for public-key-based secure authentication to distributed legacy applications
First Claim
1. A method for an authentication process within a distributed data processing system, the method comprising:
- receiving an attribute certificate from a client at a host within the distributed data processing system;
extracting encrypted authentication data from the attribute certificate, wherein the encrypted authentication data was generated by encrypting authentication data with a public key associated with the host;
decrypting the encrypted authentication data to regenerate the authentication data using a private key associated with the host; and
forwarding the authentication data to a controlled resource.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, a system, an apparatus, and a computer program product are presented for an authentication process. A host application or system within a distributed data processing system supports one or more controlled resources, such as a legacy application, that requires the receipt of authentication data prior to allowing a user to have access to the controlled resource. The required authentication data is encrypted using the public key of the host system, and an attribute certificate containing the encrypted authentication data is generated by an attribute-certificate-issuing authority. When a user of a client application or system requires access to the controlled resource, the attribute certificate is sent to the host, which decrypts the authentication data with its private key prior to forwarding the authentication data to the controlled resource. The controlled resource then authenticates a user based on the provided authentication data.
-
Citations
35 Claims
-
1. A method for an authentication process within a distributed data processing system, the method comprising:
-
receiving an attribute certificate from a client at a host within the distributed data processing system;
extracting encrypted authentication data from the attribute certificate, wherein the encrypted authentication data was generated by encrypting authentication data with a public key associated with the host;
decrypting the encrypted authentication data to regenerate the authentication data using a private key associated with the host; and
forwarding the authentication data to a controlled resource. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for generating a digital certificate, the method comprising:
-
receiving, at an attribute-certificate-issuing authority, a request for an attribute certificate from a client;
generating the attribute certificate in response to the received request for an attribute certificate, wherein the attribute certificate comprises encrypted authentication data that was generated by encrypting authentication data for a controlled resource at a host with a public key associated with the host; and
sending the generated attribute certificate to the client. - View Dependent Claims (9)
-
-
10. A method for obtaining a digital certificate, the method comprising:
-
retrieving a public key certificate associated with a host within a distributed data processing system;
extracting a public key associated with the host from the public key certificate;
encrypting with the public key authentication data for a controlled resource at the host;
generating a request for an attribute certificate;
storing the encrypted authentication data within the request for the attribute certificate;
sending the request for the attribute certificate to an attribute-certificate-issuing authority; and
receiving an attribute certificate from the attribute-certificate-issuing authority, wherein the attribute certificate comprises the encrypted authentication data. - View Dependent Claims (11, 13, 15, 16, 17, 18, 19, 20)
-
-
12. A data structure representing an attribute certificate for use in a data processing system, the data structure comprising:
-
an issuer name;
a signature;
a holder name;
an attribute containing encrypted authentication data that was generated by encrypting authentication data for a controlled resource at a host with a public key associated with the host.
-
-
14. An apparatus for performing an authentication process within a distributed data processing system, the apparatus comprising:
-
receiving means for receiving an attribute certificate from a client at a host within the distributed data processing system;
extracting means for extracting encrypted authentication data from the attribute certificate, wherein the encrypted authentication data was generated by encrypting authentication data with a public key associated with the host;
decrypting means for decrypting the encrypted authentication data to regenerate the authentication data using a private key associated with the host; and
forwarding means for forwarding the authentication data to a controlled resource.
-
-
21. An apparatus for generating a digital certificate, the apparatus comprising:
-
receiving means for receiving, at an attribute-certificate-issuing authority, a request for an attribute certificate from a client;
generating means for generating the attribute certificate in response to the received request for an attribute certificate, wherein the attribute certificate comprises encrypted authentication data that was generated by encrypting authentication data for a controlled resource at a host with a public key associated with the host; and
sending means for sending the generated attribute certificate to the client. - View Dependent Claims (22, 24, 26, 27, 28, 29, 30, 31)
-
-
23. An apparatus for obtaining a digital certificate, the apparatus comprising:
-
retrieving means for retrieving a public key certificate associated with a host within a distributed data processing system;
extracting means for extracting a public key associated with the host from the public key certificate;
encrypting means for encrypting with the public key authentication data for a controlled resource at the host;
generating means for generating a request for an attribute certificate;
storing means for storing the encrypted authentication data within the request for the attribute certificate;
sending means for sending the request for the attribute certificate to an attribute-certificate-issuing authority; and
receiving means for receiving an attribute certificate from the attribute-certificate-issuing authority, wherein the attribute certificate comprises the encrypted authentication data.
-
-
25. A computer program product in a computer readable medium for use in a distributed data processing system for performing an authentication process, the computer program product comprising:
-
instructions for receiving an attribute certificate from a client at a host within the distributed data processing system;
instructions for extracting encrypted authentication data from the attribute certificate, wherein the encrypted authentication data was generated by encrypting authentication data with a public key associated with the host;
instructions for decrypting the encrypted authentication data to regenerate the authentication data using a private key associated with the host; and
instructions for forwarding the authentication data to a controlled resource.
-
-
32. A computer program product in a computer readable medium for use in a data processing system for generating a digital certificate, the computer program product comprising:
-
instructions for receiving, at an attribute-certificate-issuing authority, a request for an attribute certificate from a client;
instructions for generating the attribute certificate in response to the received request for an attribute certificate, wherein the attribute certificate comprises encrypted authentication data that was generated by encrypting authentication data for a controlled resource at a host with a public key associated with the host; and
instructions for sending the generated attribute certificate to the client. - View Dependent Claims (33, 35)
-
-
34. A computer program product in a computer readable medium for use in a data processing system for obtaining a digital certificate, the computer program product comprising:
-
instructions for retrieving a public key certificate associated with a host within a distributed data processing system;
instructions for extracting a public key associated with the host from the public key certificate;
instructions for encrypting with the public key authentication data for a controlled resource at the host;
instructions for generating a request for an attribute certificate;
instructions for storing the encrypted authentication data within the request for the attribute certificate;
instructions for sending the request for the attribute certificate to an attribute-certificate-issuing authority; and
instructions for receiving an attribute certificate from the attribute-certificate-issuing authority, wherein the attribute certificate comprises the encrypted authentication data.
-
Specification