×

Technique for synchronizing security credentials using a trusted authenticating domain

  • US 6,986,039 B1
  • Filed: 07/11/2000
  • Issued: 01/10/2006
  • Est. Priority Date: 07/11/2000
  • Status: Expired due to Fees
First Claim
Patent Images

1. In a computing environment having a plurality of secure network connections, a computer program product for securely propagating security credentials using a trusted authenticating domain, the computer program product embodied on one or more computer-readable media and comprising:

  • computer-readable program code means for receiving, by a password synchronization agent (“

    PSA”

    ) from a user at a client device over a first secure connection between the client device and the PSA on which the PSA has authenticated itself to the client device, a password propagation request providing an identifier of the user and an identifying secret of the user;

    computer-readable program code means for forwarding, by the PSA to a trusted authenticating domain over a second secure connection therebetween on which the trusted authenticating domain has authenticated itself to the PSA, the received user identifier and identifying secret, wherein the trusted authenticating domain stores identifying secrets for user identifiers only as secured, non-recoverable versions thereof;

    computer-readable program code means for receiving, by the PSA from the trusted authenticating domain over the second connection, a validation result created by the trusted authenticating domain responsive to the forwarding, the validation result being a successful result if it indicates that the trusted authenticating domain had previously stored, for the user identifier, a secured version of the identifying secret; and

    computer-readable program code means for propagating, if the validation result is the successful result, the received user identifier and identifying secret from the PSA to a master registry over a third mutually-authenticated secure connection therebetween, such that the master registry can store, for the user identifier, a secured version of the identifying secret, wherein the secured version stored by the master registry is not required to be identical to the secured version stored at the trusted authenticating domain.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×