Method and system for maintaining client server security associations in a distributed computing system
First Claim
Patent Images
1. A method for maintaining a secure association between a client and a server in a distributed computing system, said method comprising the steps of:
- issuing a security token to the client;
sending, by the client, the security token to the server with a first request by the client to the server;
validating, for the server, the security token sent by the client;
computing a session identifier as a cryptographic signature function of the security token at the client; and
tagging each subsequent request by the client to the server with the session identifier such that the session identifier may be cryptographically verified at the server.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for maintaining a secure association between a client and a server in a distributed computing system by computing a session identifier as a function of a Kerberos-based authentication ticket. The session identifier is independently derived or verified by the client and the server upon a first request by the client to the server, and each subsequent request by the client to the server is tagged with this session identifier to provide a reliable security association.
117 Citations
12 Claims
-
1. A method for maintaining a secure association between a client and a server in a distributed computing system, said method comprising the steps of:
-
issuing a security token to the client; sending, by the client, the security token to the server with a first request by the client to the server; validating, for the server, the security token sent by the client; computing a session identifier as a cryptographic signature function of the security token at the client; and tagging each subsequent request by the client to the server with the session identifier such that the session identifier may be cryptographically verified at the server. - View Dependent Claims (2, 3, 4)
-
-
5. A distributed computing system comprising:
-
at least one client; at least one server; a communications network interconnecting the client and the server; means for issuing a security token to the client; means for sending, by the client, the security token to the server with a first request by the client to the server; means for validating, for the server, the security token sent by the client; means for computing a session identifier as a cryptographic signature function of the security token at said at least one client; and means for tagging each subsequent request by the client to the server with the session identifier such that the session identifier may be cryptographically verified at the server. - View Dependent Claims (6, 7, 8)
-
-
9. A computer readable medium comprising means for maintaining a secure association between a client and a server in a distributed computing system, including:
-
means for issuing a security token to the client; means for sending, by the client, the security token to the server with a first request by the client to the server; means for validating, for the server, the security token sent by the client; means for computing a session identifier as a cryptographic signature function of the security token at the client; and means for tagging each subsequent request by the client to the server with the session identifier such that the session identifier may be cryptographically verified at the server. - View Dependent Claims (10, 11, 12)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsRathi, Mahesh Kumar, Benantar, Messaoud, High, Robert Howard Jr.
-
Primary Examiner(s)Beausoliel, Jr., Robert W.
-
Assistant Examiner(s)Baderman, Scott T.
-
Application NumberUS08/892,222Time in Patent Office1,205 DaysField of Search395/187.01, 395/188.01, 395/186, 395/200.55, 395/200.57, 395/200.59, 395/200.58, 380/23, 380/25, 364/286.5, 713/172, 713/176, 705/65, 705/66, 705/67US Class Current726/10CPC Class CodesG06F 21/335 for accessing specific reso...
