Authentication server auditing of clients using cache provisioning

US 20080098120A1
Filed: 10/23/2006
Published: 04/24/2008
Est. Priority Date: 10/23/2006
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for authentication server auditing of clients, comprising:

receiving an authentication request for authenticating a client, wherein the authentication request comprises affinity information for approximating a physical locality of the client, and wherein the affinity information is unknown to the client for which the authentication request is made;

logging information associated with the authentication request in response to a successful authentication; and

in response the logged information, dynamically granting security data based on the logged information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Sharing resources on a network include, for example, a domain controller hierarchy scheme, which is used in some implementations to organize and share both secure and non-secure resources in an efficient manner. Using authentication information can be used to architect a trustworthy system to divulging sensitive client data (such as user/computer passwords) to a host system. The sensitive client data can be released to the host system when a client establishes a relationship having a degree of trust with the host.

Citations

20 Claims

1. A computer-implemented method for authentication server auditing of clients, comprising:
- receiving an authentication request for authenticating a client, wherein the authentication request comprises affinity information for approximating a physical locality of the client, and wherein the affinity information is unknown to the client for which the authentication request is made;
  
  logging information associated with the authentication request in response to a successful authentication; and
  
  in response the logged information, dynamically granting security data based on the logged information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein the authentication request is made according to the Kerberos protocol.
  - 3. The method of claim 1 wherein the authentication request causes a locator to identify a key distribution center (KDC) that has a location that is approximately in the same location as the client.
  - 4. The method of claim 1 wherein the dynamically granted security data is also granted on the basis of a list of accepted users.
  - 5. The method of claim 1 wherein the dynamically granted security data is also granted on the basis of a deny list of possible users.
  - 6. The method of claim 1 further comprising sending a session key and a ticket-granting ticket in response to the successful authentication.
  - 7. The method of claim 6 wherein the dynamically granted security data is a client user or a client computer password information.
  - 8. The method of claim 7 wherein the dynamically granted security data is granted from a full KDC.
  - 9. The method of claim 7 wherein the dynamically granted security data is received by a caching KDC.
  - 10. The method of claim 1 wherein the KDC is a read-only domain controller (RODC).
  - 11. The method of claim 1 wherein the logged information comprises a service principal name (SPN) wherein the SPN is derived from the authentication request.
  - 12. The method of claim 1 wherein the dynamically granted security data is used to allow caching in a caching KDC.
  - 13. The method of claim 1 wherein the dynamically granted security data is used to allow a caching KDC to assume the identity information of the client.
  - 14. The method of claim 13 wherein the successful authentication comprises generating a package that can only be decrypted by an entity holding the client'"'"'s password.
  - 15. The method of claim 14 wherein the package comprises a session key and a ticket-granting ticket.

16. A system for authentication server auditing of clients, comprising:
- a host for receiving and forwarding an authentication request from a client, wherein the authentication request comprises affinity information for approximating a physical locality of the client,a server for receiving and authenticating the authentication request forwarded from the client; and
  
  a cache that is associated with the host for persisting information associated with a successfully authenticated authentication requested.
- View Dependent Claims (17)
- - 17. The system of claim 16 wherein the host dynamically grants security data based on the cached information.

18. A tangible medium comprising computer-executable instructions for:
- receiving an authentication request for authentication of a client, wherein the authentication request comprises affinity information, and wherein the affinity information is unknown to the client for which the authentication request is made;
  
  logging information associated with the authentication request in response to a successful authentication; and
  
  in response the logged information, dynamically granting security data based on the logged information.
- View Dependent Claims (19, 20)
- - 19. The tangible medium of claim 18 further comprising the logging information for a service principal name (SPN) and for deriving the SPN the authentication request.
  - 20. The tangible medium of claim 18 further comprising using the logged information to dynamically grant access to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Muggli, Nathan D., Kamel, Tarek B., Johnson, Gregory C., Jack, William S.

Application Number

US11/585,739
Publication Number

US 20080098120A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

G06F 21/33   using certificates

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

Authentication server auditing of clients using cache provisioning

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication server auditing of clients using cache provisioning

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links