Pass-thru for client authentication
First Claim
1. An apparatus comprising:
- a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that same client to a second server.
2 Assignments
0 Petitions
Accused Products
Abstract
This disclosure pertains generally to client authentication. One aspect of the disclosure relates to a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that client to a second server. Another aspect relates to the first server providing a pass-thru with evidence to a DC. The evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential. The pass-thru is used in combination with the credential to request a second authentication context from the client to a second server.
-
Citations
44 Claims
-
1. An apparatus comprising:
a first server for presenting evidence to a Domain Controller (DC) of a first authentication context being submitted from a client to the first server to obtain a delegable credential, wherein the credential can be used to request a second authentication context from that same client to a second server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
12. A method comprising:
-
a first server providing a pass-thru with evidence to a Domain Controller (DC), wherein the evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential; and
using the pass-thru in combination with the credential to request a second authentication context from the client to a second server. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An apparatus, comprising:
-
a first ticket providing a first authentication context for authenticating a client for a first server by performing authentication calculations;
a second ticket providing a second authentication context for authenticating the client for a second server, wherein the second ticket is generated based on a pass-through with evidence produced by a Domain Controller (DC). - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. A method comprising:
-
a client transmitting a request for an authentication context from a server;
the server performing authentication calculations in response to the request for authentication context;
the server transmitting the request for an authentication context to a Domain Controller (DC); and
the DC re-performing the authentication calculations associated with the client. - View Dependent Claims (32)
-
-
33. A method of authenticating a client at a Domain Controller (DC) using a Secure Sockets Layer (SSL)/Transport Layer Security (TLS) security protocol.
-
34. A method comprising:
-
authenticating a client at a server; and
proving to an authentication authority that the server authenticated, the client. - View Dependent Claims (35, 36, 37, 38)
-
-
39. A computer readable medium having computer executable instructions for performing steps comprising:
-
a first server providing a pass-thru with evidence to a Domain Controller (DC), wherein the evidence relates to a first authentication context being submitted from a client to the first server that it obtained a delegable credential; and
using the pass-thru in combination with the credential to request a second authentication context from the client to a second server.
-
-
40. A computer readable medium having computer executable instructions for performing steps comprising:
-
authenticating a client at a server; and
proving to an authentication authority that the server authenticated the client. - View Dependent Claims (41, 42, 43, 44)
-
Specification