Method for delegating authorization from one entity to another through the use of session encryption keys
First Claim
Patent Images
1. In a distributed computer system, a method for delegating authorization from a user to a workstation for a computing session and of terminating the delegated authorization at the end of the computing session, the method comprising the steps of:
- (a) the user initiating a computing session by logging into the computer system through the workstation;
(b) the workstation generating a public and private encryption key pair;
(c) the workstation providing the public encryption key to the user;
(d) the user certifying that the workstation possessing the private encryption key is authorized to speak on the user'"'"'s behalf; and
(e) the workstation erasing the private encryption key to terminate the the computing session.
6 Assignments
0 Petitions
Accused Products
Abstract
A method for delegating authorization from one entity in a distributed computing system to another for a computing session is disclosed wherein a session public/private encryption key pair is utilized for each computing session. The private encryption key is erased to terminate the computing session.
467 Citations
15 Claims
-
1. In a distributed computer system, a method for delegating authorization from a user to a workstation for a computing session and of terminating the delegated authorization at the end of the computing session, the method comprising the steps of:
-
(a) the user initiating a computing session by logging into the computer system through the workstation; (b) the workstation generating a public and private encryption key pair; (c) the workstation providing the public encryption key to the user; (d) the user certifying that the workstation possessing the private encryption key is authorized to speak on the user'"'"'s behalf; and (e) the workstation erasing the private encryption key to terminate the the computing session. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for authorizing a second entity in a distributed computing system to speak for a first entity in the system, the method comprising the steps of:
-
(a) the first entity issuing a nonce challenge to the second entity; (b) the second entity receiving the nonce challenge and generating in response a public and private encryption key pair; (c) the second entity issuing a response to the first entity, the response including the generated public encryption key; and (d) the first entity issuing a certificate indicating that any entity possessing the private key corresponding to the generated public key can speak on its behalf. - View Dependent Claims (7, 8, 9, 10, 11)
-
-
12. A workstation in a distributed computing system comprising:
-
(a) means for receiving a nonce challenge from a first entity in the distributed system; (b) means for generating a public and private encryption key pair in response to the received challenge; (c) means for issuing a response to the first entity, the response including the generated public encryption key; (d) means for erasing the generated private key in response to a request from the first entity. - View Dependent Claims (13, 14, 15)
-
Specification