Single sign-on over the internet using public-key cryptography
First Claim
1. A method for use in an authentication server for obtaining access to a secure server for a client that has issued a request for access to the secure server, without further intervention by the user of the client, the method comprising:
- receiving an authentication challenge sent by the secure server to the client; and
generating a ticket having a digital signature applied using a private key of the authentication server; and
wherein the secure server, upon receiving the ticket and verifying the digital signature using a public key corresponding to the private key of the authentication server, grants access to the client.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer program product, apparatus, and method for use in an authentication server for obtaining access to a secure server for a client that has issued a request for access to the secure server, without further intervention by the user of the client, includes receiving an authentication challenge sent by the secure server to the client; and generating a ticket having a digital signature applied using a private key of the authentication server; and wherein the secure server, upon receiving the ticket and verifying the digital signature using a public key corresponding to the private key of the authentication server, grants access to the client.
251 Citations
104 Claims
-
1. A method for use in an authentication server for obtaining access to a secure server for a client that has issued a request for access to the secure server, without further intervention by the user of the client, the method comprising:
-
receiving an authentication challenge sent by the secure server to the client; and
generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon receiving the ticket and verifying the digital signature using a public key corresponding to the private key of the authentication server, grants access to the client. - View Dependent Claims (2, 3, 4)
-
-
5. A method for use in a secure server for granting access to the secure server, in response to a request from a client for access to the secure server, without further intervention by the user of the client, the method comprising:
-
sending an authentication challenge to the client, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the client sends the authentication challenge to the authentication server without intervention by the user;
receiving a ticket having a digital signature applied using a private key of the authentication server;
verifying the digital signature using a public key corresponding to the private key of the authentication server; and
granting access to the client upon verifying at least a portion of the ticket. - View Dependent Claims (6)
-
-
7. A method for use in a Web server for obtaining content from a secure server, in response to a request from a client for the content, without further intervention by the user of the client, the method comprising:
-
sending a request for the content to the secure server;
receiving an authentication challenge from the secure server in response to the request;
sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
receiving from the authentication server a ticket having a digital signature applied using a private key of the authentication server; and
sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, provides the requested content; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (8)
-
-
9. A method for use in an authentication server for obtaining content from a secure server for a client that has issued a request for the content from the secure server, without further intervention by the user of the client, the method comprising:
-
receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, provides the requested content; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method for use in a secure server for providing content hosted by the secure server to a client in response to a request for the content sent from the client, without further intervention by the user of the client, the request forwarded by a Web server to the secure server, the method comprising:
-
sending an authentication challenge to the Web server, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the Web server sends the authentication challenge to the authentication server;
receiving a ticket having a digital signature applied using a private key of the authentication server;
verifying the digital signature using a public key corresponding to the private key of the authentication server; and
providing the requested content to the client upon verifying at least a portion of the ticket. - View Dependent Claims (16)
-
-
17. A method for use in a Web server for obtaining access to a secure server, in response to a request from a client for the access, without further intervention by the user of the client, the method comprising:
-
sending a request for the content to the secure server;
receiving an authentication challenge from the secure server in response to the request;
sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
receiving from the authentication server a ticket having a digital signature applied using a private key of the authentication server; and
sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, grants the access; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (18)
-
-
19. A method for use in an authentication server for obtaining access to a secure server for a client that has issued a request for the access, without further intervention by the user of the client, the method comprising:
-
receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, grants the access; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A method for use in a secure server for granting access to a client in response to a request for the access sent from the client, without further intervention by the user of the client, the request forwarded by a Web server to the secure server, the method comprising:
-
sending an authentication challenge to the Web server, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the Web server sends the authentication challenge to the authentication server;
receiving a ticket having a digital signature applied using a private key of the authentication server;
verifying the digital signature using a public key corresponding to the private key of the authentication server; and
ranting the access to the client upon verifying at least a portion of the ticket. - View Dependent Claims (26)
-
-
27. Computer-readable media embodying instructions executable by a computer to perform a method for use in an authentication server for obtaining access to a secure server for a client that has issued a request for access to the secure server, without further intervention by the user of the client, the method comprising:
-
receiving an authentication challenge sent by the secure server to the client; and
generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon receiving the ticket and verifying the digital signature using a public key corresponding to the private key of the authentication server, grants access to the client. - View Dependent Claims (28, 29, 30)
-
-
31. Computer-readable media embodying instructions executable by a computer to perform a method for use in a secure server for granting access to the secure server, in response to a request from a client for access to the secure server, without further intervention by the user of the client, the method comprising:
-
sending an authentication challenge to the client, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the client sends the authentication challenge to the authentication server without intervention by the user;
receiving a ticket having a digital signature applied using a private key of the authentication server;
verifying the digital signature using a public key corresponding to the private key of the authentication server; and
granting access to the client upon verifying at least a portion of the ticket. - View Dependent Claims (32)
-
-
33. Computer-readable media embodying instructions executable by a computer to perform a method for use in a Web server for obtaining content from a secure server, in response to a request from a client for the content, without further intervention by the user of the client, the method comprising:
-
sending a request for the content to the secure server;
receiving an authentication challenge from the secure server in response to the request;
sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
receiving from the authentication server a ticket having a digital signature applied using a private key of the authentication server; and
sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, provides the requested content; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (34)
-
-
35. Computer-readable media embodying instructions executable by a computer to perform a method for use in an authentication server for obtaining content from a secure server for a client that has issued a request for the content from the secure server, without further intervention by the user of the client, the method comprising:
-
receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, provides the requested content; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (36, 37, 38, 39, 40)
-
-
41. Computer-readable media embodying instructions executable by a computer to perform a method for use in a secure server for providing content hosted by the secure server to a client in response to a request for the content sent from the client, without further intervention by the user of the client, the request forwarded by a Web server to the secure server, the method comprising:
-
sending an authentication challenge to the Web server, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the Web server sends the authentication challenge to the authentication server;
receiving a ticket having a digital signature applied using a private key of the authentication server;
verifying the digital signature using a public key corresponding to the private key of the authentication server; and
providing the requested content to the client upon verifying at least a portion of the ticket. - View Dependent Claims (42)
-
-
43. Computer-readable media embodying instructions executable by a computer to perform a method for use in a Web server for obtaining access to a secure server, in response to a request from a client for the access, without further intervention by the user of the client, the method comprising:
-
sending a request for the content to the secure server;
receiving an authentication challenge from the secure server in response to the request;
sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
receiving from the authentication server a ticket having a digital signature applied using a private key of the authentication server; and
sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, grants the access; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (44)
-
-
45. Computer-readable media embodying instructions executable by a computer to perform a method for use in an authentication server for obtaining access to a secure server for a client that has issued a request for the access, without further intervention by the user of the client, the method comprising:
-
receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, grants the access; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (46, 47, 48, 49, 50)
-
-
51. Computer-readable media embodying instructions executable by a computer to perform a method for use in a secure server for granting access to a client in response to a request for the access sent from the client, without further intervention by the user of the client, the request forwarded by a Web server to the secure server, the method comprising:
-
sending an authentication challenge to the Web server, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the Web server sends the authentication challenge to the authentication server;
receiving a ticket having a digital signature applied using a private key of the authentication server;
verifying the digital signature using a public key corresponding to the private key of the authentication server; and
ranting the access to the client upon verifying at least a portion of the ticket. - View Dependent Claims (52)
-
-
53. An apparatus for use in an authentication server for obtaining access to a secure server for a client that has issued a request for access to the secure server, without further intervention by the user of the client, the apparatus comprising:
-
means for receiving an authentication challenge sent by the secure server to the client; and
means for generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon receiving the ticket and verifying the digital signature using a public key corresponding to the private key of the authentication server, grants access to the client. - View Dependent Claims (54, 55, 56)
-
-
57. An apparatus for use in a secure server for granting access to the secure server, in response to a request from a client for access to the secure server, without further intervention by the user of the client, the apparatus comprising:
-
means for sending an authentication challenge to the client, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the client sends the authentication challenge to the authentication server without intervention by the user;
means for receiving a ticket having a digital signature applied using a private key of the authentication server;
means for verifying the digital signature using a public key corresponding to the private key of the authentication server; and
means for granting access to the client upon verifying at least a portion of the ticket. - View Dependent Claims (58)
-
-
59. An apparatus for use in a Web server for obtaining content from a secure server, in response to a request from a client for the content, without further intervention by the user of the client, the apparatus comprising:
-
means for sending a request for the content to the secure server;
means for receiving an authentication challenge from the secure server in response to the request;
means for sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
means for receiving from the authentication server a ticket having a digital signature applied using a private key of the authentication server; and
means for sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, provides the requested content; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (60)
-
-
61. An apparatus for use in an authentication server for obtaining content from a secure server for a client that has issued a request for the content from the secure server, without further intervention by the user of the client, the apparatus comprising:
-
means for receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
means for generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, provides the requested content; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (62, 63, 64, 65, 66)
-
-
67. An apparatus for use in a secure server for providing content hosted by the secure server to a client in response to a request for the content sent from the client, without further intervention by the user of the client, the request forwarded by a Web server to the secure server, the apparatus comprising:
-
means for sending an authentication challenge to the Web server, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the Web server sends the authentication challenge to the authentication server;
means for receiving a ticket having a digital signature applied using a private key of the authentication server;
means for verifying the digital signature using a public key corresponding to the private key of the authentication server; and
means for providing the requested content to the client upon verifying at least a portion of the ticket. - View Dependent Claims (68)
-
-
69. An apparatus for use in a Web server for obtaining access to a secure server, in response to a request from a client for the access, without further intervention by the user of the client, the apparatus comprising:
-
means for sending a request for the content to the secure server;
means for receiving an authentication challenge from the secure server in response to the request;
means for sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
means for receiving from the authentication server a ticket having a digital signature applied using a private key of the authentication server; and
means for sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, grants the access; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (70)
-
-
71. An apparatus for use in an authentication server for obtaining access to a secure server for a client that has issued a request for the access, without further intervention by the user of the client, the apparatus comprising:
-
means for receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
means for generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, grants the access; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (72, 73, 74, 75, 76)
-
-
77. An apparatus for use in a secure server for granting access to a client in response to a request for the access sent from the client, without further intervention by the user of the client, the request forwarded by a Web server to the secure server, the apparatus comprising:
-
means for sending an authentication challenge to the Web server, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the Web server sends the authentication challenge to the authentication server;
means for receiving a ticket having a digital signature applied using a private key of the authentication server;
means for verifying the digital signature using a public key corresponding to the private key of the authentication server; and
means for granting the access to the client upon verifying at least a portion of the ticket. - View Dependent Claims (78)
-
-
79. At least one computer programmed to execute a process for obtaining access to a secure server for a client that has issued a request for access to the secure server, without further intervention by the user of the client, the process comprising:
-
receiving an authentication challenge sent by the secure server to the client; and
generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon receiving the ticket and verifying the digital signature using a public key corresponding to the private key of the authentication server, grants access to the client. - View Dependent Claims (80, 81, 82)
-
-
83. At least one computer programmed to execute a process for granting access to the secure server, in response to a request from a client for access to the secure server, without further intervention by the user of the client, the process comprising:
-
sending an authentication challenge to the client, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the client sends the authentication challenge to the authentication server without intervention by the user;
receiving a ticket having a digital signature applied using a private key of the authentication server;
verifying the digital signature using a public key corresponding to the private key of the authentication server; and
granting access to the client upon verifying at least a portion of the ticket. - View Dependent Claims (84)
-
-
85. At least one computer programmed to execute a process for obtaining content from a secure server, in response to a request from a client for the content, without further intervention by the user of the client, the process comprising:
-
sending a request for the content to the secure server;
receiving an authentication challenge from the secure server in response to the request;
sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
receiving from the authentication server a ticket having a digital signature applied using a private key of the authentication server; and
sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, provides the requested content; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (86)
-
-
87. At least one computer programmed to execute a process for obtaining content from a secure server for a client that has issued a request for the content from the secure server, without further intervention by the user of the client, the process comprising:
-
receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, provides the requested content; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (88, 89, 90, 91, 92)
-
-
93. At least one computer programmed to execute a process for providing content hosted by the secure server to a client in response to a request for the content sent from the client, without further intervention by the user of the client, the request forwarded by a Web server to the secure server, the process comprising:
-
sending an authentication challenge to the Web server, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the Web server sends the authentication challenge to the authentication server;
receiving a ticket having a digital signature applied using a private key of the authentication server;
verifying the digital signature using a public key corresponding to the private key of the authentication server; and
providing the requested content to the client upon verifying at least a portion of the ticket. - View Dependent Claims (94)
-
-
95. At least one computer programmed to execute a process for obtaining access to a secure server, in response to a request from a client for the access, without further intervention by the user of the client, the process comprising:
-
sending a request for the content to the secure server;
receiving an authentication challenge from the secure server in response to the request;
sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
receiving from the authentication server a ticket having a digital signature applied using a private key of the authentication server; and
sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, grants the access; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (96)
-
-
97. At least one computer programmed to execute a process for obtaining access to a secure server for a client that has issued a request for the access, without further intervention by the user of the client, the process comprising:
-
receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
generating a ticket having a digital signature applied using a private key of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key corresponding to the private key of the authentication server, grants the access; and
whereinall communications with the client employ a generic application-layer network protocol. - View Dependent Claims (98, 99, 100, 101, 102)
-
-
103. At least one computer programmed to execute a process for granting access to a client in response to a request for the access sent from the client, without further intervention by the user of the client, the request forwarded by a Web server to the secure server, the process comprising:
-
sending an authentication challenge to the Web server, the authentication challenge including the identity of an authentication server trusted by the secure server, wherein the Web server sends the authentication challenge to the authentication server;
receiving a ticket having a digital signature applied using a private key of the authentication server;
verifying the digital signature using a public key corresponding to the private key of the authentication server; and
ranting the access to the client upon verifying at least a portion of the ticket. - View Dependent Claims (104)
-
Specification