Method and system for providing client privacy when requesting content from a public server

US 6,993,652 B2
Filed: 10/05/2001
Issued: 01/31/2006
Est. Priority Date: 10/05/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method of providing client privacy when requesting content from an application server, comprising the steps of:

receiving a request for a ticket granting ticket (TGT ticket) from a client;

generating the TGT ticket with an identity of the client encrypted therein;

sending the TGT ticket to the client;

receiving a request for a service ticket (ST ticket) for the application server from the client that includes the TGT ticket and that does not provide the identity of the client in the clear;

generating the ST ticket with the identity of the client encrypted therein; and

sending the ST ticket to the client without providing the identity of the client in the clear.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and system for providing client privacy on the Internet when the client requests content from a public application server. The method is well-suited to key management protocols that utilize the concept of tickets. The client name or identity is encrypted in all key management messages where the client is requesting a ticket for a specific application server. The key management messages are between the client and a key distribution center (KDC) and between the client and the specific application server. The KDC does not provide the client name or identity in the clear in such messages. This prevents the client'"'"'s identity from being linked with the content provided by the specific application server, which results in improved user privacy.

Citations

16 Claims

1. A method of providing client privacy when requesting content from an application server, comprising the steps of:
- receiving a request for a ticket granting ticket (TGT ticket) from a client;
  
  generating the TGT ticket with an identity of the client encrypted therein;
  
  sending the TGT ticket to the client;
  
  receiving a request for a service ticket (ST ticket) for the application server from the client that includes the TGT ticket and that does not provide the identity of the client in the clear;
  
  generating the ST ticket with the identity of the client encrypted therein; and
  
  sending the ST ticket to the client without providing the identity of the client in the clear.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 16)
- - 2. A method in accordance with claim 1, wherein the step of receiving a request for a TGT ticket comprises the step of receiving a request for a TGT ticket with an authentication server.
  - 3. A method in accordance with claim 1, wherein the step of generating the TGT ticket comprises the step of generating the TGT ticket with an authentication server.
  - 4. A method in accordance with claim 1, wherein the step of sending the TGT ticket to the client comprises the step of sending the TGT ticket to the client as part of an authentication server reply message.
  - 5. A method in accordance with claim 1, wherein the step of receiving a request for an ST ticket for the application server comprises the step of receiving a request for an ST ticket for the application server with a ticket granting server.
  - 6. A method in accordance with claim 1, wherein the request for an ST ticket for the application server specifies the application server'"'"'s identity.
  - 7. A method in accordance with claim 1, wherein the step of generating the ST ticket comprises the step of generating the ST ticket with a ticket granting server.
  - 8. A method in accordance with claim 1, wherein the step of sending the ST ticket to the client comprises the step of sending the ST ticket to the client as part of a ticket granting server reply message.
  - 9. A method in accordance with claim 1, wherein the step of sending the TGT ticket to the client comprises the step of sending the TGT ticket to the client without providing the identity of the client in the clear.
  - 10. A method in accordance with claim 1, wherein the step of sending the TGT ticket to the client comprises the step of sending the TGT ticket to the client along with a copy of the client'"'"'s own authorization data in read-only form.
  - 16. A method in accordance with claim 1, wherein the request for a ticket granting ticket is sent by the client to an authentication server, and the service ticket is sent from a ticket granting server to the client.

11. A system for providing client privacy when requesting content from an application server, comprising:
- an authentication server configured to receive a request for a ticket granting ticket (TGT ticket) from a client, generate the TGT ticket with an identity of the client encrypted therein, and send the TGT ticket to the client; and
  
  a ticket granting server configured to receive a request for a service ticket (ST ticket) for the application server from the client that includes the TGT ticket and that does not provide the identity of the client in the clear, generate the ST ticket with the identity of the client encrypted therein, and send the ST ticket to the client without providing the identity of the client in the clear.
- View Dependent Claims (12, 13, 14, 15)
- - 12. A System in accordance with claim 11, wherein the authentication server and the ticket granting server form at least part of a key distribution center (KDC).
  - 13. A system in accordance with claim 11, wherein the authentication server is further configured to send the TGT ticket to the client as part of an authentication server reply message.
  - 14. A system in accordance with claim 11, wherein the authentication server is further configured to send the TGT ticket to the client without providing the identity of the client in the clear.
  - 15. A system in accordance with claim 11, wherein the ticket granting server is further configured to send the ST ticket to the client as part of a ticket granting server reply message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Technology Holdings LLC (Alphabet Inc.)
Original Assignee
General Instrument Corporation (CommScope Holding Company, Inc.)
Inventors
Medvinsky, Alexander
Primary Examiner(s)
Darrow, Justin T.

Application Number

US09/972,523
Publication Number

US 20030070068A1
Time in Patent Office

1,579 Days
Field of Search

713/155, 713/156, 713/159, 713/161, 713/168, 713/170, 713/171, 713/172, 713/173, 713/175, 713/176, 713/181, 713/182, 713/185, 713/200, 713/201, 380/229, 380/232, 380/249, 380/258, 380/279, 705/65, 705/66, 705/67, 709/225, 709/226, 709/229
US Class Current

713/155
CPC Class Codes

G06Q 20/3678   e-cash details, e.g. blinde...

H04L 2209/60   Digital content management,...

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 9/083   involving central third par...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3297   involving time stamps, e.g....

Method and system for providing client privacy when requesting content from a public server

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing client privacy when requesting content from a public server

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links