Apparatus and method for automatically authenticating a network client
First Claim
1. An authentication system suitable for automatically providing authentication to a user at a client node, the user providing a user secret and requesting access to network resources resident at one or more server nodes in a distributed network system, said authentication system comprising:
- a local application program interface for receiving the user secret, said local application program interface in communication with a requested network resource and the client node;
a cryptography service node including means for providing a common key and algorithm, and means for providing a client/server session key and algorithm, wherein the session key is associated with a single session during a single logon of the user and if the session terminates the session key becomes invalid; and
an authentication database in communication with said local application program interface and with said cryptography service node, said authentication database includingan authentication secret associated with the user;
means for encrypting said authentication secret using said common key and algorithm; and
means for encrypting said common key using said client/server session key and algorithm;
wherein the local application program interface sends an encrypted authentication secret, an encrypted common key, and the session key to the client node for use with the requested network resource, and wherein the common key is a shared and same key, and wherein the use occurs during the single session of the user and expires when the single session expires.
7 Assignments
0 Petitions
Accused Products
Abstract
A distributed authentication system includes a cryptography service node, and a client node interface coupled to a network authentication database, for providing automatic authentication to enable the client node to access network resources, such as applications or services, resident in one or more network server nodes. Authentication secrets corresponding to the network resources are each encrypted with a respective strong key and stored in the authentication database. Authentication of the client node is accomplished with the retrieval of an authentication secret corresponding to a requested network resource. The retrieval process includes: i) decrypting the authentication secret using the strong key and encrypting the secret using a second key, and ii) sending a copy of the second key encrypted with a third key along with the encrypted secret to the requesting client node via a communication medium.
107 Citations
20 Claims
-
1. An authentication system suitable for automatically providing authentication to a user at a client node, the user providing a user secret and requesting access to network resources resident at one or more server nodes in a distributed network system, said authentication system comprising:
-
a local application program interface for receiving the user secret, said local application program interface in communication with a requested network resource and the client node; a cryptography service node including means for providing a common key and algorithm, and means for providing a client/server session key and algorithm, wherein the session key is associated with a single session during a single logon of the user and if the session terminates the session key becomes invalid; and an authentication database in communication with said local application program interface and with said cryptography service node, said authentication database including an authentication secret associated with the user; means for encrypting said authentication secret using said common key and algorithm; and means for encrypting said common key using said client/server session key and algorithm; wherein the local application program interface sends an encrypted authentication secret, an encrypted common key, and the session key to the client node for use with the requested network resource, and wherein the common key is a shared and same key, and wherein the use occurs during the single session of the user and expires when the single session expires. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for automatically authenticating a user at a network client node in a distributed network system in response to a user request for access to network resources resident in one or more server nodes, said authentication method comprising the steps of:
-
providing a network resource identifier, a network resource policy, and an authentication secret to an authentication database, said network resource identifier associated with the requested network resource; retrieving said authentication secret in response to said user request, said authentication secret associated with the user and with said network resource identifier; encrypting said authentication secret with a common key and algorithm, wherein the common key is a shared and same key; encrypting said common key and algorithm with a client/server session key and algorithm, wherein the session key is associated with a single a session of a logon of the user and when the session terminates the session key becomes invalid; and sending said encrypted authentication secret and said encrypted common key to the client node for use by the client during the single session, and wherein the use expires when the single session expires. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method for authenticating a client to a network resource, comprising:
-
receiving a client request for a network resource; authenticating the client and creating a secure session; creating an authentication secret for access to the network resource; encrypting the authentication secret within a common key, wherein the common key is a shared and same key; encrypting the common key with a session key associated with the secure session, wherein the session key becomes invalid when the secure session terminates and wherein the secure session is associated with a single login session of the client; and transmitting to the client the encrypted common key, the encrypted authentication secret, and the session key for use in accessing the network resource during the single login session, and wherein the use expires when the single login session expires. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification