Single sign-on over the internet using public-key cryptography
First Claim
1. A method for use in a Web server for obtaining content from a secure server, in response to a request from a client for the content, without further intervention by the user of the client, the method comprising:
- sending a request for the content to the secure server;
receiving an authentication challenge from the secure server in response to the request;
sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
receiving from the authentication server a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and
sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key of said private-public key pair corresponding to the private key of the authentication server, provides the requested content; and
whereincommunications with the client employ a generic application-layer network protocol.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer program product, apparatus, and method for use in an authentication server for obtaining access to a secure server for a client that has issued a request for access to the secure server, without further intervention by the user of the client, includes receiving an authentication challenge sent by the secure server to the client; and generating a ticket having a digital signature applied using a private key of the authentication server; and wherein the secure server, upon receiving the ticket and verifying the digital signature using a public key corresponding to the private key of the authentication server, grants access to the client.
-
Citations
64 Claims
-
1. A method for use in a Web server for obtaining content from a secure server, in response to a request from a client for the content, without further intervention by the user of the client, the method comprising:
-
sending a request for the content to the secure server; receiving an authentication challenge from the secure server in response to the request; sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; receiving from the authentication server a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key of said private-public key pair corresponding to the private key of the authentication server, provides the requested content; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (2)
-
-
3. A method for use in an authentication server for obtaining content from a secure server for a client that has issued a request for the content from the secure server, without further intervention by the user of the client, the method comprising:
-
receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; generating a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, provides the requested content; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (4, 5, 6, 7, 8)
-
-
9. A method for use in a Web server for obtaining access to a secure server, in response to a request from a client for the access, without further intervention by the user of the client, the method comprising:
-
sending a request for the content to the secure server; receiving an authentication challenge from the secure server in response to the request; sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; receiving from the authentication server a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, grants the access; and
wherein communications with the client employ a generic application-layer network protocol. - View Dependent Claims (10)
-
-
11. A method for use in an authentication server for obtaining access to a secure server for a client that has issued a request for the access, without further intervention by the user of the client, the method comprising:
- receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forward able ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
generating a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, grants the access; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (12, 13, 14, 15, 16)
- receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forward able ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server;
-
17. Computer-readable media embodying tangible digital code executable by a computer to perform a method for use in a Web server for obtaining content from a secure server, in response to a request from a client for the content, without further intervention by the user of the client, the method comprising:
-
sending a request for the content to the secure server; receiving an authentication challenge from the secure server in response to the request; sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; receiving from the authentication server a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, provides the requested content; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (18)
-
-
19. Computer-readable media embodying tangible digital code executable by a computer to perform a method for use in an authentication server for obtaining content from a secure server for a client that has issued a request for the content from the secure server, without further intervention by the user of the client, the method comprising:
-
receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; generating a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and
wherein the secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, provides the requested content; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. Computer-readable media embodying tangible digital code executable by a computer to perform a method for use in a Web server for obtaining access to a secure server, in response to a request from a client for the access, without further intervention by the user of the client, the method comprising:
-
sending a request for the content to the secure server;
receiving an authentication challenge from the secure server in response to the request;sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; receiving from the authentication server a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, grants the access; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (26)
-
-
27. Computer-readable media embodying tangible digital code executable by a computer to perform a method for use in an authentication server for obtaining access to a secure server for a client that has issued a request for the access, without further intervention by the user of the client, the method comprising:
-
receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; generating a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, grants the access; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (28, 29, 30, 31, 32)
-
-
33. An apparatus for use in a Web server for obtaining content from a secure server, in response to a request from a client for the content, without further intervention by the user of the client, the apparatus comprising:
-
means for sending a request for the content to the secure server;
means for receiving an authentication challenge from the secure server in response to the request;means for sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; means for receiving from the authentication server a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and means for sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, provides the requested content; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (34)
-
-
35. An apparatus for use in an authentication server for obtaining content from a secure server for a client that has issued a request for the content from the secure server, without further intervention by the user of the client, the apparatus comprising:
-
means for receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; means for generating a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, provides the requested content; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (36, 37, 38, 39, 40)
-
-
41. An apparatus for use in a Web server for obtaining access to a secure server, in response to a request from a client for the access, without further intervention by the user of the client, the apparatus comprising:
-
means for sending a request for the content to the secure sewer; means for receiving an authentication challenge from the secure server in response to the request; means for sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; means for receiving from the authentication server a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and means for sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, grants the access; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (42)
-
-
43. An apparatus for use in an authentication server for obtaining access to a secure server for a client that has issued a request for the access, without further intervention by the user of the client, the apparatus comprising:
-
means for receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; means for generating a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, grants the access; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (44, 45, 46, 47, 48)
-
-
49. At least one computer including a processor and one or more tangible digital storage media for programming the processor to execute a process for obtaining content from a secure server, in response to a request from a client for the content, without further intervention by the user of the client, the process comprising:
-
sending a request for the content to the secure server;
receiving an authentication challenge from the secure server in response to the request;sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; receiving from the authentication server a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, provides the requested content; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (50)
-
-
51. At least one computer including a processor and one or more tangible digital storage media for programming the processor to execute a process for obtaining content from a secure server for a client that has issued a request for the content from the secure server, without further intervention by the user of the client, the process comprising:
-
receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; generating a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key of said public-private key pair corresponding to the private key of the authentication server, provides the requested content; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (52, 53, 54, 55, 56)
-
-
57. At least one computer including a processor and one or more tangible digital storage media for programming the processor to execute a process for obtaining access to a secure server, in response to a request from a client for the access, without further intervention by the user of the client, the process comprising:
-
sending a request for the content to the secure server;
receiving an authentication challenge from the secure server in response to the request;sending a forwardable ticket to an authentication server trusted by the secure server, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server receiving from the authentication server a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and sending the ticket to the secure server, wherein the secure server, upon verifying the digital signature using a public key of a public-private key pair corresponding to the private key of the authentication server, grants the access; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (58)
-
-
59. At least one computer including a processor and one or more tangible digital storage media for programming the processor to execute a process for obtaining access to a secure server for a client that has issued a request for the access, without further intervention by the user of the client, the process comprising:
-
receiving a forwardable ticket sent by a Web server in response to a challenge issued by the secure server in response to the request, the forwardable ticket previously sent to the Web server by the authentication server based on a successful authentication of the client by the authentication server; generating a ticket having a digital signature applied using a private key of a public-private key pair of the authentication server; and
whereinthe secure server, upon verifying the digital signature using a public key of a public-private key pair corresponding to the private key of the authentication server, grants the access; and
whereincommunications with the client employ a generic application-layer network protocol. - View Dependent Claims (60, 61, 62, 63, 64)
-
Specification