Automatic re-authentication

US 7,383,571 B2
Filed: 01/24/2006
Issued: 06/03/2008
Est. Priority Date: 04/01/2002
Status: Expired due to Fees

First Claim

Patent Images

1. One or more computer readable storage media comprising computer executable instructions that, when executed, direct a terminal server system to:

execute multiple server sessions in conjunction with remote terminals, wherein user applications execute primarily on the terminal server system and user I/O is performed through the remote terminals;

request user credentials to authenticate a particular remote terminal for a particular server session;

share auto-reconnect data with the particular remote terminal over a secure communications channel, the auto-reconnect data comprising a first random number;

re-establish communications with the particular remote terminal after a communications failure;

share a second random number with the particular remote terminal after re-establishing communications;

receive from the particular remote terminal a session verifier that is derived at least in part from the first and second random numbers;

validate the session verifier; and

when the session verifier is successfully validated, automatically re-authenticate the particular remote terminal for the particular server session without again requesting user credentials.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Upon successfully authenticating a client device with a server system, the client device and server system share auto-reconnect data. Upon subsequently losing and re-establishing communications with the server system, the client sends an auto-authenticate request to the server. The auto-authenticate request includes a session verifier that is based at least in part on the shared auto-reconnect data. The server validates the session verifier. If the validation is successful, the server automatically re-authenticates the client device.

17 Citations

View as Search Results

20 Claims

1. One or more computer readable storage media comprising computer executable instructions that, when executed, direct a terminal server system to:
- execute multiple server sessions in conjunction with remote terminals, wherein user applications execute primarily on the terminal server system and user I/O is performed through the remote terminals;
  
  request user credentials to authenticate a particular remote terminal for a particular server session;
  
  share auto-reconnect data with the particular remote terminal over a secure communications channel, the auto-reconnect data comprising a first random number;
  
  re-establish communications with the particular remote terminal after a communications failure;
  
  share a second random number with the particular remote terminal after re-establishing communications;
  
  receive from the particular remote terminal a session verifier that is derived at least in part from the first and second random numbers;
  
  validate the session verifier; and
  
  when the session verifier is successfully validated, automatically re-authenticate the particular remote terminal for the particular server session without again requesting user credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. One or more computer readable storage media as recited in claim 1, further comprising computer executable instructions that, when executed, direct the terminal server system to receive a session ID from the particular remote terminal after communications are re-established, where the auto-reconnect data further comprises the session ID which is associated with the particular server session.
  - 3. One or more computer readable storage media as recited in claim 1, wherein the second random number is generated by the terminal server system.
  - 4. One or more computer readable storage media as recited in claim 1, wherein the session verifier is a one-way hash based at least in part on the first and second random numbers.
  - 5. One or more computer readable storage media as recited in claim 1, further comprising computer executable instructions that, when executed, direct the terminal server system to periodically change said first random number and re-send it to the particular remote terminal.
  - 6. One or more computer readable storage media as recited in claim 1, wherein validate the session verifier includes calculate the session verifier at the terminal server system and compare the calculated session verifier to the received session verifier.
  - 7. One or more computer readable storage media as recited in claim 1, further comprising computer executable instructions that, when executed, direct the terminal server system to:
    - execute one or more communication program components in a kernel mode under an operating system of the terminal server system;
      
      execute one or more server program components in a non-kernel mode under the operating system to implement server sessions; and
      
      wherein the communication program components periodically change the first random number and re-send it to the particular remote terminal without instigation by the server program components.
  - 8. One or more computer readable storage media as recited in claim 1, further comprising computer executable instructions that, when executed, direct the terminal server system to:
    - execute one or more communication program components in a kernel mode under an operating system of the terminal server system;
      
      execute one or more server program components in a non-kernel mode under the operating system to implement server sessions; and
      
      wherein the communication program components, when communicating with the particular remote terminal, (a) check to determine whether a predetermined time has elapsed since sending at the first random number, and (b) change the first random number and re-send it to the particular remote terminal without instigation by the server program components if the predetermined time has elapsed.

9. One or more computer readable storage media comprising computer executable instructions that, when executed, direct a client device to:
- provide user credentials to a server system to authenticate the client device with the server system;
  
  initiate a server session on a server system, the server session being associated with the client device;
  
  share auto-reconnect data with the server system, the auto-reconnect data comprising a session ID and a first random number;
  
  after losing communications with the server system, share a second random number with the server system;
  
  derive a session verifier at least in part from both the first and second random numbers;
  
  after losing and re-establishing communications with the server system, request automatic re-authentication by the server system without providing user credentials, wherein said request comprises sending the session verifier to the server system.
- View Dependent Claims (10, 11, 12, 13)
- - 10. One or more computer readable storage media as recited in claim 9, wherein the second random number is generated by the client device.
  - 11. One or more computer readable storage media as recited in claim 9, further comprising computer executable instructions that, when executed, direct the client device to periodically share a changed first random number with the server system.
  - 12. One or more computer readable storage media as recited in claim 9, wherein the shared auto-reconnect data comprises auto-reconnect data received by the client device from the server system.
  - 13. One or more computer readable storage media as recited in claim 9, wherein the request for automatic re-authentication includes sending a session ID to the server system.

14. One or more computer readable storage media comprising computer executable instructions that, when executed, direct a server system to:
- establish data communications between a client device and the server system;
  
  authenticate the client device for a particular server session;
  
  share auto-reconnect data between client device and the server system, the auto-reconnect data including a first random number;
  
  derive a client session verifier at the client device from at least a portion of the auto-reconnect data;
  
  re-establish data communications between the client device and the server system after a communications failure;
  
  after re-establishing data communications;
  
  share a second random number between the client device and the server system;
  
  provide the client session verifier from the client device to the server system;
  
  derive a server session verifier at the server system at least in part from the first and second random numbers;
  
  validate the client session verifier including comparing it to the server session verifier;
  
  upon successfully validation of the session verifier, automatically re-authenticate the client device for the particular server session.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. One or more computer readable storage media as recited in claim 14, wherein the automatic re-authentication of the client device is performed without requesting user credentials.
  - 16. One or more computer readable storage media as recited in claim 14, further comprising computer executable instructions that, when executed, direct the server system to share auto-reconnect data between client device and the server system, the auto-reconnect data including a session ID associated with the particular server session and a random number.
  - 17. One or more computer readable storage media as recited in claim 14, wherein at least one of the client session verifier and the server session verifier are derived at least in part from a one-way hash based on the first and second random numbers.
  - 18. One or more computer readable storage media as recited in claim 14, further comprising computer executable instructions that, when executed, direct the server system to periodically change at least a portion of the auto-reconnect data and share at least said changed portion between the client device and the server system.
  - 19. One or more computer readable storage media as recited in claim 14, further comprising computer executable instructions that, when executed, direct the server system to periodically change the first random number and share it between the client device and the server device.
  - 20. One or more computer readable storage media as recited in claim 14, further comprising computer executable instructions that, when executed, direct the server system to:
    - execute one or more communication program components in a kernel mode under an operating system;
      
      execute one or more server program components in a non-kernel mode under the operating system to implement server sessions;
      
      periodically change and resend at least a portion of the auto-reconnect data to the client device using one or more of the communication program components without instigation by the server program components.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Garms, Jason, Field, Scott A., Abdo, Nadim Y., Loh, Alvin, Overton, Adam J., Parsons, John E. Jr.
Primary Examiner(s)
Revak; Christopher A

Application Number

US11/275,681
Publication Number

US 20060101505A1
Time in Patent Office

861 Days
Field of Search

None
US Class Current

726/3
CPC Class Codes

G06F 13/107   Terminal emulation

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 67/14   Session management for real...

Automatic re-authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic re-authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links