Encryption key updating for multiple site automated login

US 20050235345A1
Filed: 05/24/2005
Published: 10/20/2005
Est. Priority Date: 06/15/2000
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

means for generating a first key having a first version number;

means for providing tickets encoded consistent with the first key, the ticket having a version number corresponding to the first version number;

means for generating a second key having a second version number; and

when the second key becomes current at a site, providing tickets encoded consistent with the second key, the ticket having a version number corresponding to the second version number;

wherein said keys comprise key data and executable code for decrypting tickets.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A version number is associated with an encrypted key executable to allow real time updating of keys for a system which facilitates users signing on to multiple websites on different domains using an encrypted ticket. Two keys may be used at each site during updating of keys, each having an associated one digit Hex version tag. When a key is to be updated with a new key, the existing or old key is provided an expiration time. A second key is provided from the system in a secure manner with a new version number and made the current key which provides decryption of the encrypted ticket. The system tracks both keys while they are concurrent. After the existing key expires, only the second, or updated key is used to provide login services for users. The system periodically flushes old keys.

57 Citations

View as Search Results

14 Claims

1. A system comprising:
- means for generating a first key having a first version number;
  
  means for providing tickets encoded consistent with the first key, the ticket having a version number corresponding to the first version number;
  
  means for generating a second key having a second version number; and
  
  when the second key becomes current at a site, providing tickets encoded consistent with the second key, the ticket having a version number corresponding to the second version number;
  
  wherein said keys comprise key data and executable code for decrypting tickets.
- View Dependent Claims (2, 3)
- - 2. The system of claim 1 wherein a different key is provided to each site, and wherein each key is encrypted for decoding at one site.
  - 3. The system of claim 1 and further comprising means for generating a configuration file to track keys for each site.

4. A system comprising:
- means for generating a first key in the form of an executable having a first version number;
  
  means for generating a second key in the form of an executable having a second version number; and
  
  means for providing an indication to a login server identifying which key is current for each site such that the tickets are properly encoded.
- View Dependent Claims (5, 6)
- - 5. The system of claim 4 and further comprising means for distributing the key to multiple login servers in a secure manner.
  - 6. The system of claim 4 further comprising means for updating a configuration file to track keys for each site.

7. A system comprising:
- means for generating a new key with a new version number to take the place of an old key with an old version number;
  
  means for storing the new key on a site to be logged into by a user;
  
  means for changing a current key indication to the new key;
  
  means for allowing current logged in users to continue using the old key; and
  
  means for redirecting new users to a login server to obtain a ticket consistent with the new key;
  
  wherein keys are generated in an executable form which includes key information as well as code for decrypting tickets using the key information.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The system of claim 7 wherein the old key may be used by current logged in users for a predetermined amount of time.
  - 9. The system of claim 8 wherein the predetermined amount of time is no more than a reauthorization time by which a current user is normally required to provide login information.
  - 10. The system of claim 8 wherein the predetermined amount of time may be set to zero to force all current and new users to login with a ticket consistent with the new key version.
  - 11. The system of claim 7 wherein the ticket contains a version number consistent with the version number of the key which can decrypt it.
  - 12. The method of claim 7 wherein keys are encrypted by the site using a hardware address, and stored by the site.
  - 13. The system of claim 7 wherein a new key is generated based on a request of the site.
  - 14. The system of claim 7 wherein the keys are generated by an authentication server, and are distributed to multiple login servers for providing login tickets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kunins, Jeff C., Mitchell, Christopher E., Metral, Max E.

Granted Patent

US 7,660,422 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

H04L 63/068   using time-dependent keys, ...

H04L 63/0815   providing single-sign-on or...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

H04L 9/3213   using tickets or tokens, e....

Encryption key updating for multiple site automated login

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Encryption key updating for multiple site automated login

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links