TECHNIQUES TO OPERATE A SERVICE WITH MACHINE GENERATED AUTHENTICATION TOKENS

US 20150281225A1
Filed: 03/27/2014
Published: 10/01/2015
Est. Priority Date: 03/27/2014
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus, comprising:

a processor circuit; and

a server application for execution by the processor circuit, the server application comprising a management component to establish a secure connection with a client device based at least partially on client authentication information associated with a first account of the client, receive a request for account information of one or more accounts associated with the first account of the client, provide account information for a second account associated with the first account to the client via the client device, receive a request to generate an authentication token for the second account, and validate the request to generate the authentication token based on the client authentication information associated with the client.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques to operate a service with machine generated authentication tokens comprising a authentication token management component to establish a secure connection with a client device based at least partially on client authentication information associated with a first account of the client, receive a request for account information of one or more accounts associated with the first account of the client, provide account information for a second account associated with the first account to the client via the client device, receive a request to generate an authentication token for the second account, validate the request to generate the authentication token based on the client authentication information associated with the client, and a token generation component to generate the authentication token for the second account. Other embodiments are described and claimed.

139 Citations

20 Claims

1. An apparatus, comprising:
- a processor circuit; and
  
  a server application for execution by the processor circuit, the server application comprising a management component to establish a secure connection with a client device based at least partially on client authentication information associated with a first account of the client, receive a request for account information of one or more accounts associated with the first account of the client, provide account information for a second account associated with the first account to the client via the client device, receive a request to generate an authentication token for the second account, and validate the request to generate the authentication token based on the client authentication information associated with the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the server application further comprises:
    - a proxy component to request for account information of one or more accounts associated with the first account of the client by providing a portion of proxy authentication information to a token management proxy application configured to retrieve the account information of the one or more accounts managed by a directory service server device.
  - 3. The apparatus of claim 2, wherein the proxy component is to further receive the account information for a second account associated with the first account from the token management proxy application in response to the request for the account information of the one or more accounts.
  - 4. The apparatus of claim 1, wherein the server application further comprises:
    - a token generation component to generate the authentication token for the second account, anda notification component to provide the authentication token to the client via the client device over the secure connection for use by a client.
  - 5. The apparatus of claim 2, wherein the proxy component is to further provide account information associated with the second account, the generated authentication token, and a portion of the proxy authentication information to a token management proxy application configured to update the authentication token associated with the second account managed by the directory service server device.
  - 6. The apparatus of claim 1, wherein the client authentication information associated with the client account comprises a digital certificate and a personal identification number (PIN) associated with an identity token, and the authentication token is a plaintext random password generated based at least partially on a length parameter and a character class parameter.
  - 7. The apparatus of claim 1, wherein the request to generate the authentication token is associated with token request information and the token request information comprises at least the account information for the second account.

8. A computer-implemented method, comprising:
- establishing a secure connection with a client device based at least partially on client authentication information associated with a first account of the client;
  
  receiving a request for account information of one or more accounts associated with the first account of the client;
  
  providing, by circuitry, account information for a second account associated with the first account to the client via the client device;
  
  receiving a request to generate an authentication token for the second account; and
  
  validating the request to generate the authentication token based on the client authentication information associated with the client.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-implemented method of claim 8, further comprising:
    - requesting for the account information of the one or more accounts associated with the first account of the client by providing at least proxy authentication information to a token management proxy application configured to retrieve the account information of the one or more accounts managed by a directory service server device.
  - 10. The computer-implemented method of claim 9, further comprising:
    - receiving the account information for the second account associated with the first account from the token management proxy application in response to the request for account information of the one or more accounts.
  - 11. The computer-implemented method of claim 8, further comprising:
    - generating the authentication token for the second account; and
      
      providing at least the authentication token to the client via the client device over the secure connection for use by the client.
  - 12. The computer-implemented method of claim 8, further comprising:
    - providing account information associated with the second account, the generated authentication token, and a portion of proxy authentication information to a token management proxy application configured to update the authentication token associated with the second account managed by a directory service server device.
  - 13. The computer-implemented method of claim 8, wherein the client authentication information associated with the client account comprises a digital certificate and a personal identification number (PIN) associated with an identity token, and the authentication token is a random plaintext password generated based at least partially on a length parameter and a character class parameter.
  - 14. The computer-implemented method of claim 8, wherein the request to generate the authentication token is associated with token request information and the token request information comprises at least the account information for the second account.

15. At least one computer-readable storage medium comprising instructions that, when executed, cause a system to:
- establish a secure connection with the token management application based at least partially on client authentication information associated with a first account of the client;
  
  request for account information of one or more accounts associated with the first account of the client;
  
  receive account information for a second account in response to the request; and
  
  request to generate an authentication token associated with the second account.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage medium of claim 15, comprising instructions that when executed cause the system to:
    - receive an account identifier and the generated authentication token associated with the second account; and
      
      store the account identifier and the authentication token in an authentication token datastore.
  - 17. The computer-readable storage medium of claim 15, comprising instructions that, when executed, cause the system to:
    - retrieve the account identifier and the authentication token from the authentication token datastore; and
      
      access a server device utilizing the account identifier and the authentication token.
  - 18. The computer-readable storage medium of claim 16, comprising instructions that, when executed, cause the system to present the authentication token in a web browser as a visible element on a display at the request of the client.
  - 19. The computer-readable storage medium of claim 16, wherein instructions to provide the authentication token, when executed, further cause the system to receive the authentication token via the secure connection in a web browser as a hidden element for storage by an authentication token datastore.
  - 20. The computer-readable storage medium of claim 15, wherein the second account comprises a just-in-time (JIT) account with elevated access permissions and an associated limited lifetime such that the JIT account is disabled when the associated lifetime has expired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Schoen, Luke, Kumar, Santosh, Dani, Rajalakshmi, Mathur, Siddhartha, Brady, Shane, Hetherington, David, Ahuja, Vikas, Arimilli, Ramesh

Application Number

US14/227,419
Publication Number

US 20150281225A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

TECHNIQUES TO OPERATE A SERVICE WITH MACHINE GENERATED AUTHENTICATION TOKENS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

139 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES TO OPERATE A SERVICE WITH MACHINE GENERATED AUTHENTICATION TOKENS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

139 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links