Authentication delegation based on re-verification of cryptographic evidence
First Claim
1. A method of authentication delegation between a client/user accessing service provider through a gateway, the method comprising the steps of:
- performing a TLS handshake with client authentication between the client/user and the gateway;
recording at least a sufficient portion of messages of the TLS handshake to prove that the client/user authenticated to the gateway; and
providing the recording to the service provider.
3 Assignments
0 Petitions
Accused Products
Abstract
The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.
206 Citations
20 Claims
-
1. A method of authentication delegation between a client/user accessing service provider through a gateway, the method comprising the steps of:
-
performing a TLS handshake with client authentication between the client/user and the gateway; recording at least a sufficient portion of messages of the TLS handshake to prove that the client/user authenticated to the gateway; and providing the recording to the service provider. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of granting access to a service on an end server using authentication delegation, the method comprising:
-
receiving a request at the end server to gain access to a service requested by a user; receiving a recording of at least a portion of a TLS handshake with client authentication performed between the user and the gateway/middle server at the end server; and utilizing the portion of the TLS handshake to re-verify the TLS handshake and confirm the identity of the user.
-
-
14. A method of authentication delegation between a client/user accessing a service provider through a gateway, wherein the gateway performs the method comprising:
-
performing a TLS handshake with client authentication between the client/user and the gateway; recording at least a sufficient portion of messages of the TLS handshake to prove that the client/user authenticated to the gateway; providing the recording to the third party entity; receiving user credentials from the third party entity upon confirmation by the third party entity of the validity of the recording; and authenticating the user to the service provider with the user credentials. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification