System and Method of Proxy Authentication in a Secured Network

US 20060225132A1
Filed: 06/15/2006
Published: 10/05/2006
Est. Priority Date: 01/24/2000
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having computer-executable instructions for a client in a secured network system to perform the steps of:

submitting a proxy request to a trusted security server, the proxy request identifying a user and a target service that the client intends to access on behalf of the user;

receiving from the trusted security server a session key encrypted with a shared secret key shared by the client and the trusted security server and a ticket for accessing the target service;

decrypting the session key with the shared secret key;

constructing an authenticator encrypted with the session key;

presenting the authenticator and the ticket to the target service for authentication of the client for access of the target service on behalf of the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of controlling access to network services enables an authorized proxy client to access a service on behalf of a user. To permit the client to function as a proxy, the user registers proxy authorization information with a trusted security server. The proxy authorization information identifies the proxy client and specifies the extent of proxy authority granted to the proxy client. When the proxy client wants to access a target service on behalf of the user, it sends a proxy request to the trusted security server. The trusted security server checks the proxy authorization information of the user to verify whether the request is within the proxy authority granted to the proxy client. If so, the trusted security server returns to the proxy client a data structure containing information recognizable by the target service to authenticate the proxy client for accessing the target service on behalf of the user.

82 Citations

View as Search Results

9 Claims

1. A computer-readable medium having computer-executable instructions for a client in a secured network system to perform the steps of:
- submitting a proxy request to a trusted security server, the proxy request identifying a user and a target service that the client intends to access on behalf of the user;
  
  receiving from the trusted security server a session key encrypted with a shared secret key shared by the client and the trusted security server and a ticket for accessing the target service;
  
  decrypting the session key with the shared secret key;
  
  constructing an authenticator encrypted with the session key;
  
  presenting the authenticator and the ticket to the target service for authentication of the client for access of the target service on behalf of the user.
- View Dependent Claims (2)
- - 2. A computer-readable medium as in claim 1, wherein the step of submitting the proxy request includes sending a ticket issued to the client for authenticating the client to the trusted security server.

3. A computer-readable medium having stored thereon a data structure containing information for proxy authorization, comprising:
- a first data field containing an identification of a user of a secured network;
  
  a second data field containing an identification of a security principal of the secured network authorized to act as proxy of user;
  
  a third data field containing data identifying a duration of proxy authorization;
  
  a fourth data field containing data specifying a restriction on the proxy authorization.
- View Dependent Claims (4, 5, 6, 7)
- - 4. A computer-readable medium as in claim 3, wherein the data in the third data field specify an expiration date of the proxy authorization.
  - 5. A computer-readable medium as in claim 3, wherein the data in the fourth data field identify a service of the secured network that the security principal is permitted to access.
  - 6. A computer-readable medium as in claim 3, wherein the security principal is a client on the secured network.
  - 7. A computer-readable medium as in claim 3, wherein the security principal is a group on the secured network.

8. A method implemented at least in part by a computing device comprising:
- submitting a proxy request to a trusted security server, the proxy request identifying a user and a target service that the client intends to access on behalf of the user;
  
  receiving from the trusted security server a session key encrypted with a shared secret key shared by the client and the trusted security server and a ticket for accessing the target service;
  
  decrypting the session key with the shared secret key;
  
  constructing an authenticator encrypted with the session key;
  
  presenting the authenticator and the ticket to the target service for authentication of the client for access of the target service on behalf of the user.
- View Dependent Claims (9)
- - 9. A method as in claim 8, wherein the step of submitting the proxy request includes sending a ticket issued to the client for authenticating the client to the trusted security server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ward, Richard B., Amit, Neta, Swift, Michael M.

Granted Patent

US 7,716,722 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

G06F 21/33 using certificates

Y10S 707/99939 Privileged access

System and Method of Proxy Authentication in a Secured Network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

82 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method of Proxy Authentication in a Secured Network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links