System and Method of Proxy Authentication in a Secured Network
First Claim
1. A computer-readable medium having computer-executable instructions for a client in a secured network system to perform the steps of:
- submitting a proxy request to a trusted security server, the proxy request identifying a user and a target service that the client intends to access on behalf of the user;
receiving from the trusted security server a session key encrypted with a shared secret key shared by the client and the trusted security server and a ticket for accessing the target service;
decrypting the session key with the shared secret key;
constructing an authenticator encrypted with the session key;
presenting the authenticator and the ticket to the target service for authentication of the client for access of the target service on behalf of the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of controlling access to network services enables an authorized proxy client to access a service on behalf of a user. To permit the client to function as a proxy, the user registers proxy authorization information with a trusted security server. The proxy authorization information identifies the proxy client and specifies the extent of proxy authority granted to the proxy client. When the proxy client wants to access a target service on behalf of the user, it sends a proxy request to the trusted security server. The trusted security server checks the proxy authorization information of the user to verify whether the request is within the proxy authority granted to the proxy client. If so, the trusted security server returns to the proxy client a data structure containing information recognizable by the target service to authenticate the proxy client for accessing the target service on behalf of the user.
-
Citations
9 Claims
-
1. A computer-readable medium having computer-executable instructions for a client in a secured network system to perform the steps of:
-
submitting a proxy request to a trusted security server, the proxy request identifying a user and a target service that the client intends to access on behalf of the user;
receiving from the trusted security server a session key encrypted with a shared secret key shared by the client and the trusted security server and a ticket for accessing the target service;
decrypting the session key with the shared secret key;
constructing an authenticator encrypted with the session key;
presenting the authenticator and the ticket to the target service for authentication of the client for access of the target service on behalf of the user. - View Dependent Claims (2)
-
-
3. A computer-readable medium having stored thereon a data structure containing information for proxy authorization, comprising:
-
a first data field containing an identification of a user of a secured network;
a second data field containing an identification of a security principal of the secured network authorized to act as proxy of user;
a third data field containing data identifying a duration of proxy authorization;
a fourth data field containing data specifying a restriction on the proxy authorization. - View Dependent Claims (4, 5, 6, 7)
-
-
8. A method implemented at least in part by a computing device comprising:
-
submitting a proxy request to a trusted security server, the proxy request identifying a user and a target service that the client intends to access on behalf of the user;
receiving from the trusted security server a session key encrypted with a shared secret key shared by the client and the trusted security server and a ticket for accessing the target service;
decrypting the session key with the shared secret key;
constructing an authenticator encrypted with the session key;
presenting the authenticator and the ticket to the target service for authentication of the client for access of the target service on behalf of the user. - View Dependent Claims (9)
-
Specification