AUTHENTICATION TICKET VALIDATION

US 20120272306A1
Filed: 06/26/2012
Published: 10/25/2012
Est. Priority Date: 02/29/2008
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable media having computer-usable instructions embodied thereon for performing a method of validating an authentication ticket to ensure authenticated communications between a client and an online service provider, the method comprising:

at an authentication server, receiving an authentication request from a user agent associated with the client, wherein the authentication request is a request to access a service provided by the online service provider, the authentication request including a set of identification information and a set of authentication information;

determining that the set of identification information and the set of authentication information are associated with a user;

creating the authentication ticket including a user identification and an authentication, wherein the authentication ticket indicates to the online service provider that the user is authenticated to access one or more services provided by the online service provider;

at the authentication server, embedding a validation token into the authentication ticket, the validation token providing enhanced verification that the access provided by the online service provider to the one or more services is authenticated, wherein the validation token includes a return URL address associated with a target to which the user agent will forward the authentication ticket; and

encrypting the authentication ticket using a hash of at least a portion of a URL of the online service provider as an initialization vector.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication ticket is validated to ensure authenticated communications between a client and an online service provider. In an embodiment an authentication request is received from a user agent associated with the client and the authentication request includes a set of identification information and a set of authentication information. Additionally, it is determined that the set of identification information and the set of authentication information are associated with a user and an authentication ticket is created including a user identification and an authentication, indicating to the online service provider that the user is authenticated to access one or more online services. Further, a validation token is embedded into the authentication ticket that provides enhanced verification that the access provided by the online service provider is authenticated.

57 Citations

View as Search Results

20 Claims

1. One or more computer-readable media having computer-usable instructions embodied thereon for performing a method of validating an authentication ticket to ensure authenticated communications between a client and an online service provider, the method comprising:
- at an authentication server, receiving an authentication request from a user agent associated with the client, wherein the authentication request is a request to access a service provided by the online service provider, the authentication request including a set of identification information and a set of authentication information;
  
  determining that the set of identification information and the set of authentication information are associated with a user;
  
  creating the authentication ticket including a user identification and an authentication, wherein the authentication ticket indicates to the online service provider that the user is authenticated to access one or more services provided by the online service provider;
  
  at the authentication server, embedding a validation token into the authentication ticket, the validation token providing enhanced verification that the access provided by the online service provider to the one or more services is authenticated, wherein the validation token includes a return URL address associated with a target to which the user agent will forward the authentication ticket; and
  
  encrypting the authentication ticket using a hash of at least a portion of a URL of the online service provider as an initialization vector.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-readable media of claim 1, wherein the method further comprises sending the authentication ticket to the user agent, and wherein the user agent utilizes the authentication ticket to allow the user to gain access to the one or more services.
  - 3. The computer-readable media of claim 1, wherein the online service provider ensures an authenticated connection with the client, granting access to one or more online services where the online service provider determines that the return URL address from the validation token matches a URL address associated with the online service provider.
  - 4. The computer-readable media of claim 1, wherein the online service provider rejects access to one or more online services by the client where the online service provider determines that the return URL address from the validation token does not match a URL address associated with the online service provider.
  - 5. The computer-readable media of claim 1, wherein the set of identification information includes a username and wherein the set of authentication information includes a password.
  - 6. The computer-readable media of claim 1, wherein the set of identification information includes an account number or another number associated with the user.
  - 7. The computer-readable media of claim 1, wherein the user agent is a web browser.

8. A system for validating an authentication ticket to ensure authenticated communications between a client and an online service provider, the system comprising:
- a computing device associated with one or more processors and one or more computer-storage media;
  
  a data store coupled with the computing device, wherein the data store includes a database;
  
  a receiving component configured to receive an authentication request from a user agent associated with the client, the authentication request including a set of identification information and a set of authentication information;
  
  a determining component configured to determine that the set of identification information and the set of authentication information are associated with a user;
  
  a creating component configured to create the authentication ticket including a user identification and an authentication, wherein the authentication ticket indicates to the online service provider that the user is authenticated to access one or more services provided by the online service provider;
  
  an embedding component configured to embed a validation token into the authentication ticket, the validation token providing enhanced verification that the access provided by the online service provider to the one or more services is authenticated, wherein the validation token includes a return URL address associated with a target to which the user agent will forward the authentication ticket, wherein the authentication ticket is encrypted using a hash of at least a portion of a URL of the online service provider as an initialization vector; and
  
  the database for storing information associated with validating the authentication ticket.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein the method further comprises sending the authentication ticket to the user agent, and wherein the user agent utilizes the authentication ticket to allow the user to gain access to the one or more services.
  - 10. The system of claim 8, wherein the set of identification information includes a username and wherein the set of authentication information includes a password.
  - 11. The system of claim 8, wherein the user agent is a web browser.
  - 12. The system of claim 8, wherein the online service provider ensures an authenticated connection with the client, granting access to one or more online services where the online service provider determines that the return URL address from the validation token matches a URL address associated with the online service provider.
  - 13. The system of claim 8, wherein the online service provider rejects access to one or more online services by the client where it determines that the return URL address from the validation token does not match a URL address associated with the online service provider.

14. A method of validating an authentication ticket to ensure authenticated communications between a client and an online service provider, the method comprising:
- at an authentication server, receiving an authentication request from a user agent associated with the client, wherein the authentication request is a request to access a service provided by the online service provider, the authentication request including a set of identification information and a set of authentication information;
  
  determining that the set of identification information and the set of authentication information are associated with a user;
  
  creating the authentication ticket including a user identification and an authentication, wherein the authentication ticket indicates to the online service provider that the user is authenticated to access one or more services provided by the online service provider;
  
  at the authentication server, embedding a validation token into the authentication ticket, the validation token providing enhanced verification that the access provided by the online service provider to the one or more services is authenticated, wherein the validation token includes a return URL address associated with a target to which the user agent will forward the authentication ticket; and
  
  encrypting the authentication ticket using a hash of at least a portion of a URL of the online service provider as an initialization vector.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the method further comprises sending the authentication ticket to the user agent, and wherein the user agent utilizes the authentication ticket to allow the user to gain access to the one or more services.
  - 16. The method of claim 14, wherein the online service provider ensures an authenticated connection with the client, granting access to one or more online services where the online service provider determines that the return URL address from the validation token matches a URL address associated with the online service provider.
  - 17. The method of claim 14, wherein the online service provider rejects access to one or more online services by the client where it determines that the return URL address from the validation token does not match a URL address associated with the online service provider.
  - 18. The method of claim 14, wherein the set of identification information includes a username and wherein the set of authentication information includes a password.
  - 19. The method of claim 14, wherein the set of identification information includes an account number or another number associated with the user.
  - 20. The method of claim 14, wherein the user agent is a web browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
BENALOH, JOSH D., PAYA, ISMAIL CEM

Granted Patent

US 8,621,592 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

H04L 9/3236   using cryptographic hash fu...

AUTHENTICATION TICKET VALIDATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION TICKET VALIDATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links