Logon certification
First Claim
1. In a distributed system logically partitioned into domains and each user having an associated home domain, a method comprising the steps of:
- encrypting credentials about a user to produce a block of encrypted credentials information;
attaching a digital signature to the block of encrypted credentials information at the home domain for the user using a private key for the home domain;
receiving a session key from the user;
encrypting the digital signature and the block of encrypted credentials information to produce a secure package;
providing the secure package to the user to enable the user to logon to the distributed system in a domain other than the home domain.
1 Assignment
0 Petitions
Accused Products
Abstract
Logon certificates are provided to support disconnected operation within the distributed system. Each logon certificate is a secure package holding credentials information sufficient to establish the identity and rights and privileges for a user/machine in a domain that is not their home domain. When a user/machine attempts to connect to the system at a domain other than the home domain of the user/machine, the user/machine presents a logon certificate that evidences his credentials. The domain where the user/machine attempts to connect to the system, decrypts and unseals the secure package as required to obtain the credentials information contained therein. If the user/machine has sufficient credentials, the user/machine is permitted to connect to the system. If the user/machine lacks sufficient credentials, the user/machine is not permitted to connect to the system.
-
Citations
16 Claims
-
1. In a distributed system logically partitioned into domains and each user having an associated home domain, a method comprising the steps of:
-
encrypting credentials about a user to produce a block of encrypted credentials information; attaching a digital signature to the block of encrypted credentials information at the home domain for the user using a private key for the home domain; receiving a session key from the user; encrypting the digital signature and the block of encrypted credentials information to produce a secure package; providing the secure package to the user to enable the user to logon to the distributed system in a domain other than the home domain. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In a distributed system, a method comprising the steps of:
-
providing a user with a first option of logging on to the distributed system wherein a secure package holding credentials is required; providing a user with a second option of logging on to the distributed system wherein a secure package holding credentials is not required; receiving a user request to logon using the first option; examining the secure package holding credentials to determine whether the user has sufficient credentials to be permitted to logon; where it is determined that the user has sufficient credentials, permitting the user to logon; and where it is determined that the user lacks sufficient credentials, prohibiting the user from logging on.
-
-
9. In a distributed system logically partitioned into domains wherein each user has an associated home domain, a method comprising the steps of:
-
providing a secure package holding credentials to a user to allow the user to logon to the distributed system outside of the associated home domain of the user; establishing a time of expiration for the secure package holding credentials; and after the time of expiration has passed, prohibiting the user from using the secure package holding credentials to logon to a distributed system.
-
-
10. In a distributed system logically partitioned into domains wherein each user has an associated home domain, a method comprising the steps of:
-
receiving a request from a user to receive a secure package holding credentials that will enable the user to logon to the distributed system outside the associated home domain of the user; prompting the user for a password; encoding information indicative of the password in the secure package holding credentials; issuing the secure package holding credentials to the user; and requiring the user to show knowledge of the password when attempting to logon using the secure package holding credentials.
-
-
11. In a distributed system, a method comprising the steps of:
-
issuing a secure package holding credentials to a user to enable the user to logon to the distributed system using the secure package holding credentials to show that the user has sufficient credentials; revoking the secure package holding credentials so that the secure package holding credentials may no longer be used to logon to the distributed system.
-
-
12. A distributed system partitioned into domains wherein each user has an associated home domain, each domain comprising:
-
a secure package issuing facility for issuing secure packages holding credentials to users for whom the domain is the home domain; an authorization and authentication facility for determining whether a user is permitted to logon to the domain, said authorization and authentication facility comprising; a secure package examiner for examining secure packages holding credentials of users to determine whether the users are permitted to logon to the domain and using any authorization information in the secure package holding credentials to establish rights and privileges for the user. - View Dependent Claims (13, 14, 15, 16)
-
Specification