Automatic re-authentication

US 20030188195A1
Filed: 04/01/2002
Published: 10/02/2003
Est. Priority Date: 04/01/2002
Status: Active Grant

First Claim

Patent Images

1. A server system programmed to perform actions comprising:

authenticating a client device for a particular server session;

sharing auto-reconnect data with the client device;

after losing communications with the client device, receiving from the client device a session verifier that is derived at least in part from the auto-reconnect data;

validating the session verifier;

upon successfully validating the session verifier, automatically re-authenticating the client device for the particular server session.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Upon successfully authenticating a client device with a server system, the client device and server system share auto-reconnect data. Upon subsequently losing and re-establishing communications with the server system, the client sends an auto-authenticate request to the server. The auto-authenticate request includes a session verifier that is based at least in part on the shared auto-reconnect data. The server validates the session verifier. If the validation is successful, the server automatically re-authenticates the client device.

Citations

54 Claims

1. A server system programmed to perform actions comprising:
- authenticating a client device for a particular server session;
  
  sharing auto-reconnect data with the client device;
  
  after losing communications with the client device, receiving from the client device a session verifier that is derived at least in part from the auto-reconnect data;
  
  validating the session verifier;
  
  upon successfully validating the session verifier, automatically re-authenticating the client device for the particular server session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. A server system as recited in claim 1, wherein said re-authenticating is performed without requesting user credentials.
  - 3. A server system as recited in claim 1, wherein sending the auto-reconnect data is performed through a secure data communications channel.
  - 4. A server system as recited in claim 1, wherein the auto-reconnect data comprises a random number.
  - 5. A server system as recited in claim 1, wherein the auto-reconnect data comprises a session ID associated with the particular server session and a random number.
  - 6. A server system as recited in claim 1, wherein:
    - the auto-reconnect data comprises a session ID associated with the particular server session and a random number;
      
      the session verifier is derived at least in part from the random number;
      
      said actions further comprise, after losing communications with the client device, receiving the session ID from the client device.
  - 7. A server system as recited in claim 1, wherein:
    - said actions further comprise, after losing communications with the client device, sharing a random number with the client device; and
      
      the session verifier is derived at least in part from the shared random number and the auto-reconnect data.
  - 8. A server system as recited in claim 1, wherein:
    - said actions further comprise, after losing communications with the client device, sharing a random number with the client device; and
      
      the session verifier is a one-way hash based at least in part on (a) the shared random number and (b) the auto-reconnect data.
  - 9. A server system as recited in claim 1, wherein:
    - the auto-reconnect data comprises a first random number;
      
      said actions further comprise, after losing communications with the client device, sharing a second random number with the client device;
      
      the session verifier is derived at least in part from the first and second random numbers.
  - 10. A server system as recited in claim 1, wherein:
    - the auto-reconnect data comprises a first random number;
      
      said actions further comprise, after losing communications with the client device, sharing a second random number with the client device;
      
      the session verifier comprises a one-way hash based at least in part on the first and second random numbers.
  - 11. A server system as recited in claim 1, wherein said actions further comprise periodically changing at least a portion of the auto-reconnect data and sending at least said changed portion to the client device.
  - 12. A server system as recited in claim 1, wherein the auto-reconnect data comprises a random number, said actions further comprising periodically changing the random number and sending it to the client device.
  - 13. A server system as recited in claim 1, wherein validating the session verifier comprises calculating the session verifier at the server system and comparing the calculated session verifier to the received session verifier.
  - 14. A server system as recited in claim 1, further comprising:
    - an operating system;
      
      one or more communication program components that execute in a kernel mode under the operating system;
      
      one or more server program components that execute in a non-kernel mode under the operating system to implement server sessions;
      
      wherein the communication program components periodically resend at least a portion of the auto-reconnect data to the client device without instigation by the server program components.
  - 15. A server system as recited in claim 1, further comprising:
    - an operating system;
      
      one or more communication program components that execute in a kernel mode under the operating system;
      
      one or more server program components that execute in a non-kernel mode under the operating system to implement server sessions;
      
      wherein the communication program components periodically change and resend at least a portion of the auto-reconnect data without instigation by the server program components.
  - 16. A server system as recited in claim 1, further comprising:
    - an operating system;
      
      one or more communication program components that execute in a kernel mode under the operating system;
      
      one or more server program components that execute in a non-kernel mode under the operating system to implement server sessions;
      
      wherein the communication program components, when communicating with the client device, (a) check to determine whether a predetermined time has elapsed since sending at least a portion of the auto-reconnect data, and (b) change and resend at least a portion of the auto-reconnect data without instigation by the server program components if the predetermined time has elapsed.
  - 17. A server system as recited in claim 1, wherein:
    - said re-authenticating is performed without requesting user credentials;
      
      the auto-reconnect data comprises a session ID associated with the particular server session and a first random number;
      
      sending the auto-reconnect data is performed through a secure data communications channel;
      
      said actions further comprise, after losing communications with the client device;
      
      receiving the session ID from the client device; and
      
      sharing a second random number with the client device;
      
      the session verifier is derived at least in part from the first and second random numbers; and
      
      validating the session verifier comprises calculating the session verifier at the server and comparing the calculated session verifier to the received session verifier.

18. A terminal server system programmed to perform actions comprising:
- executing multiple server sessions in conjunction with remote terminals, wherein user applications execute primarily on the terminal server system and user I/O is performed through the remote terminals;
  
  requesting user credentials to authenticate a particular remote terminal for a particular server session;
  
  sharing auto-reconnect data with the particular remote terminal over a secure communications channel, the auto-reconnect data comprising a first random number;
  
  re-establishing communications with the particular remote terminal after a communications failure;
  
  sharing a second random number with the particular remote terminal after re-establishing communications;
  
  receiving from the particular remote terminal a session verifier that is derived at least in part from the first and second random numbers;
  
  validating the session verifier;
  
  upon successfully validating the session verifier, automatically re-authenticating the particular remote terminal for the particular server session without again requesting user credentials.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. A server system as recited in claim 18, wherein:
    - the auto-reconnect data further comprises a session ID associated with the particular server session; and
      
      said actions further comprise, after re-establishing communications, receiving the session ID from the particular remote terminal.
  - 20. A server system as recited in claim 18, wherein the session verifier is a one-way hash based at least in part on the first random number.
  - 21. A server system as recited in claim 18, the actions further comprising:
    - after re-establishing communications, sharing a second random number with the particular remote terminal;
      
      wherein the session verifier is derived at least in part from the first and second random numbers.
  - 22. A server system as recited in claim 18, the actions further comprising:
    - after re-establishing communications, sharing a second random number with the particular remote terminal;
      
      wherein the session verifier is a one-way hash based at least in part on the first and second random numbers.
  - 23. A server system as recited in claim 18, wherein said actions further comprise periodically changing said first random number and re-sending it to the particular remote terminal.
  - 24. A server system as recited in claim 18, wherein validating the session verifier comprises calculating the session verifier at the terminal server system and comparing the calculated session verifier to the received session verifier.
  - 25. A server system as recited in claim 18, further comprising:
    - an operating system;
      
      one or more communication program components that execute in a kernel mode under the operating system;
      
      one or more server program components that execute in a non-kernel mode under the operating system to implement server sessions;
      
      wherein the communication program components periodically change the first random number and re-send it to the particular remote terminal without instigation by the server program components.
  - 26. A server system as recited in claim 18, further comprising:
    - an operating system;
      
      one or more communication program components that execute in a kernel mode under the operating system;
      
      one or more server program components that execute in a non-kernel mode under the operating system to implement server sessions;
      
      wherein the communication program components, when communicating with the particular remote terminal, (a) check to determine whether a predetermined time has elapsed since sending at the first random number, and (b) change the first random number and re-send it to the particular remote terminal without instigation by the server program components if the predetermined time has elapsed.

27. A client device programmed to perform actions comprising:
- providing user credentials to a server system to authenticate the client device with the server system;
  
  initiating a server session on a server system, the server session being associated with the client device;
  
  sharing auto-reconnect data with the server system, the auto-reconnect data comprising a session ID and a first random number;
  
  deriving a session verifier at least in part from the first random number;
  
  after losing and re-establishing communications with the server system, requesting automatic re-authentication by the server system without providing user credentials, wherein said requesting comprises sending the session verifier to the server system.
- View Dependent Claims (28, 29, 30, 31)
- - 28. A client device as recited in claim 27, wherein:
    - said actions further comprise, after losing communications with the server system, sharing a second random number with the server system;
      
      deriving the session verifier at least in part from both the first and second random numbers.
  - 29. A client device as recited in claim 27, wherein said actions further comprise periodically sharing a changed first random number with the server system:
  - 30. A client device as recited in claim 27, wherein the auto-reconnect data is received from the server system:
  - 31. A client device as recited in claim 27, wherein said requesting further comprises sending a session ID to the server system.

32. A method comprising:
- establishing data communications between a client device and a server system;
  
  authenticating the client device for a particular server session;
  
  sharing auto-reconnect data between client device and the server system;
  
  deriving a client session verifier at the client device from at least a portion of the auto-reconnect data;
  
  re-establishing data communications between the client device and the server system after a communications failure;
  
  after re-establishing data communications, providing the client session verifier from the client device to the server system;
  
  deriving a server session verifier at the server system from at least a portion of the auto-reconnect data;
  
  validating the client session verifier by comparing it to the server session verifier;
  
  upon successfully validating the session verifier, automatically re-authenticating the client device for the particular server session.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 33. A method as recited in claim 32, wherein said re-authenticating is performed without requesting user credentials.
  - 34. A method as recited in claim 32, wherein the auto-reconnect data comprises a random number.
  - 35. A method as recited in claim 32, wherein the auto-reconnect data comprises a session ID associated with the particular server session and a random number.
  - 36. A method as recited in claim 32, further comprising:
    - after re-establishing data communications, sharing a random number between the client device and the server device; and
      
      wherein the client session verifier and server session verifier are derived at least in part from the shared random number and the auto-reconnect data.
  - 37. A method as recited in claim 32, wherein:
    - the auto-reconnect data includes a first random number;
      
      the method further comprises, after re-establishing data communications, sharing a second random number between the client device and the server device; and
      
      the client session verifier and server session verifier are derived at least in part from the first and second random numbers.
  - 38. A method as recited in claim 32, wherein:
    - the auto-reconnect data includes a first random number;
      
      the method further comprises, after re-establishing data communications, sharing a second random number between the client device and the server device; and
      
      the client session verifier and server session verifier comprise a one-way hash based at least in part on the first and second random numbers.
  - 39. A method as recited in claim 32, wherein said actions further comprise periodically changing at least a portion of the auto-reconnect data and sharing at least said changed portion between the client device and the server device.
  - 40. A method as recited in claim 32, wherein the auto-reconnect data comprises a random number, said actions further comprising periodically changing the random number and sharing it between the client device and the server device.
  - 41. A method as recited in claim 32, further comprising:
    - executing one or more communication program components in a kernel mode under an operating system;
      
      executing one or more server program components in a non-kernel mode under the operating system to implement server sessions;
      
      the communication program components periodically changing and resending at least a portion of the auto-reconnect data to the client device without instigation by the server program components.
  - 42. A method as recited in claim 32, further comprising:
    - executing one or more communication program components in a kernel mode under an operating system;
      
      executing one or more server program components in a non-kernel mode under the operating system to implement server sessions;
      
      the communication program components, when communicating with the client device, (a) checking to determine whether a predetermined time has elapsed since sending at least a portion of the auto-reconnect data, and (b) changing and resending at least a portion of the auto-reconnect data without instigation by the server program components if the predetermined time has elapsed.

43. One or more computer-readable media containing instructions that are executable by a computer to perform actions comprising:
- establishing communications with a client device;
  
  requesting user credentials through the client device to authenticate the client device for a particular server session;
  
  sharing auto-reconnect data with the client device, the auto-reconnect data comprising a first random number;
  
  re-establishing communications with the client device after a communications failure;
  
  receiving from the particular client device a session verifier that is derived at least in part from the first random number;
  
  validating the received session verifier;
  
  upon successfully validating the session verifier, automatically re-authenticating the particular client device for the particular server session without again requesting user credentials.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50)
- - 44. One or more computer-readable media as recited in claim 43, wherein:
    - the auto-reconnect data further comprises a session ID associated with the particular server session; and
      
      said actions further comprise, after re-establishing communications, receiving the session ID from the client device.
  - 45. One or more computer-readable media as recited in claim 43, wherein the session verifier is a one-way hash based at least in part on the first random number.
  - 46. One or more computer-readable media as recited in claim 43, the actions further comprising:
    - after re-establishing communications, sharing a second random number with the client device;
      
      wherein the session verifier is derived at least in part on the first and second random numbers.
  - 47. One or more computer-readable media as recited in claim 43, the actions further comprising:
    - after re-establishing communications, sharing a second random number with the client device;
      
      wherein the session verifier is a one-way hash based at least in part on the first and second random numbers.
  - 48. One or more computer-readable media as recited in claim 43, wherein said actions further comprise periodically changing said first random number and re-sending it to the client device.
  - 49. One or more computer-readable media as recited in claim 43, the actions further comprising:
    - executing one or more communication program components in a kernel mode under an operating system;
      
      executing one or more server program components in a non-kernel mode under the operating system to implement server sessions;
      
      the communication program components periodically changing the first random number and re-sending it to the client device without instigation by the server program components.
  - 50. One or more computer-readable media as recited in claim 43, the actions further comprising:
    - executing one or more communication program components in a kernel mode under an operating system;
      
      executing one or more server program components in a non-kernel mode under the operating system to implement server sessions;
      
      the communication program components, when communicating with the client device, (a) checking to determine whether a predetermined time has elapsed since sending at the first random number, and (b) changing the first random number and re-sending it to the client device without instigation by the server program components if the predetermined time has elapsed.

51. One or more computer-readable media containing instructions that are executable by a client computer to perform actions comprising:
- providing user credentials to a server system to authenticate the client computer with the server system;
  
  initiating a server session on a server system, the server session being associated with the client computer;
  
  sharing auto-reconnect data with the server system, the auto-reconnect data comprising a session ID and a first random number;
  
  after losing and re-establishing communications with the server system requesting automatic re-authentication by the server system without providing user credentials, wherein said requesting comprises;
  
  sharing a second random number with the server system;
  
  deriving a session verifier at least in part from the first and second random numbers;
  
  sending the session verifier to the server system.
- View Dependent Claims (52, 53, 54)
- - 52. One or more computer-readable media as recited in claim 51, wherein said actions further comprise periodically sharing a changed first random number with the server system:
  - 53. One or more computer-readable media as recited in claim 51, wherein the auto-reconnect data is received from the server system:
  - 54. One or more computer-readable media as recited in claim 51, wherein said requesting further comprises sending a session ID to the server system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Garms, Jason, Field, Scott A., Abdo, Nadim Y., Loh, Alvin, Overton, Adam J., Parsons, John E. Jr.

Granted Patent

US 7,080,404 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 13/107   Terminal emulation

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 67/14   Session management for real...

Automatic re-authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

54 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic re-authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

54 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links