System and method to package security credentials for later use

US 7,571,467 B1
Filed: 02/26/2002
Issued: 08/04/2009
Est. Priority Date: 02/26/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented system that facilitates processing credentials between remote entities, comprising:

a computer memory having stored thereon the following components executable by a processor;

a wrapper that packages credentials associated with resources of a service, wherein the service is a platform provisioning service associated with at least one partner, the platform provisioning service and the partner maintain an account to process the credentials, the at least one of the platform provisioning service and the partner employ a Universal Resource Locator (URL) to present the credentials to the account; and

a cryptographic wrapping key generated from a pass-phrase, the cryptographic wrapping key is utilized to generate a the wrapper that encapsulates the credentials, the pass-phrase employed to facilitate access to the credentials, the credentials employed to provide encrypted communication between a remote user and the service that facilitates access to the resources of the service, and the pass-phrase distributed separately from the credentials.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a system and methodology to facilitate communications security in a distributed computing and applications environment. A pass-phrase is generated to wrap a strong set of security credentials that are employed to establish trusted relationships between entities such as a service provider and one or more partners seeking access to the provider. The pass-phrase is generally constructed from weaker cryptographic material and is generally transported or communicated separately from the wrapped security credentials. When the partner desires to access service resources, the pass-phrase is employed to unlock the strong set of security credentials contained within the wrapper. The unlocked security credentials are then utilized to establish encrypted communications channels between the service provider and the partner.

Citations

19 Claims

1. A computer implemented system that facilitates processing credentials between remote entities, comprising:
- a computer memory having stored thereon the following components executable by a processor;
  
  a wrapper that packages credentials associated with resources of a service, wherein the service is a platform provisioning service associated with at least one partner, the platform provisioning service and the partner maintain an account to process the credentials, the at least one of the platform provisioning service and the partner employ a Universal Resource Locator (URL) to present the credentials to the account; and
  
  a cryptographic wrapping key generated from a pass-phrase, the cryptographic wrapping key is utilized to generate a the wrapper that encapsulates the credentials, the pass-phrase employed to facilitate access to the credentials, the credentials employed to provide encrypted communication between a remote user and the service that facilitates access to the resources of the service, and the pass-phrase distributed separately from the credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, the credentials providing stronger encryption than the pass-phrase.
  - 3. The system of claim 2, the credentials providing greater than 100 bits of encryption.
  - 4. The system of claim 2, the pass-phase having human-readable alpha-numeric characteristics.
  - 5. The system of claim 1, further comprising one or more partners to request access to the resources.
  - 6. The system of claim 5, at least one of the partners includes a credential store to manage the credentials.
  - 7. The system of claim 6, the at least one partner distributes the credentials to at least one other partner in order to facilitate access to the resources of the service.
  - 8. The system of claim 1, the pass-phase is at least one of spoken, displayed on a screen and typed.
  - 9. The system of claim 1, further comprising at least one of a Secure Socket Layer (SSL), a Virtual Private Network (VPN), and a dedicated line to establish connections to the service.
  - 10. The system of claim 9, further comprising a remote login utilizing a basic authentication over the SSL.
  - 11. The system of claim 9, further comprising at least one SSL certificate to establish connections to the service.
  - 12. The system of claim 1, the partner including at least one of a tenant and a service provider to form at least one of a billing, a financial, and an accounting service.
  - 13. The system of claim 12, the partner employs the pass-phrase to unlock the credentials and achieve access to the platform provisioning services.

14. A method to facilitate a security connection between remote entities, comprising:
- generating a strong password via a random generation function associated with a standard platform;
  
  generating a human-readable pass-phrase;
  
  deriving a wrapping key from the pass-phrase;
  
  wrapping the password cryptographically via the pass-phrase, wherein the wrapping key facilitates in encapsulating the password in a wrapper;
  
  storing the wrapped password in an executable;
  
  transmitting the executable and the pass-phrase to a remote user system separately via different communications mediums, wherein the remote user employs the pass-phrase to unlock the strong password stored in the executable, the strong password employed to establish a trust relationship with an entity; and
  
  requesting a Secure Sockets Layer (SSL) connection, presenting an SSL certificate in response to the request, verifying an SSL certificate, requesting a Universal Resource Locator (URL) from a listener, presenting authentication credentials to a receiver, or logging in a caller to an account.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising limiting access to the executable.
  - 16. The method of claim 14, further comprising at least one of:
    - setting up account privileges;
      
      designating account contacts; and
      
      verifying the contacts.
  - 17. The method of claim 16, further comprising verbally communicating the pass-phrase.
  - 18. The method of claim 17, further comprising transmitting and storing the password and the pass-phrase separately.

19. A computer implemented system that facilitates a security relationship between parties, comprising:
- a computer processor for executing the following means stored in computer memory;
  
  means for generating credentials comprising at least a password;
  
  means for generating a pass-phrase;
  
  means for generating a package of credentials by wrapping the credentials with a cryptographic wrapping key derived from the pass-phrase, wherein the credentials are encapsulated by the wrapper, the credentials are associated with resources of a platform provisioning service associated with at least one partner, the platform provisioning service and the partner maintain an account to process the credentials, the at least one of the platform provisioning service and the partner employ a Universal Resource Locator (URL) to present the credentials to the account;
  
  means for transmitting the package and the pass-phrase to a system via different communications mediums; and
  
  means for storing the credentials separate from the pass-phrase.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Doubrovkine, Daniel, Priestley, Matthew Charles
Primary Examiner(s)
Moazzami; Nasser G
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US10/083,010
Time in Patent Office

2,716 Days
Field of Search

713/169, 713/193, 713/194, 713/200, 713/201, 713/202, 713/165, 713/171, 713/183, 713/155, 713/156, 713/182, 713/185, 713/179, 380/30, 380/255, 380/277, 380/281, 726/5, 726/6, 726/10, 726/18, 726/8, 726/9, 726/14, 726/26, 726/27, 726/1, 726/2, 709/200, 705/18
US Class Current

726/6
CPC Class Codes

H04L 2209/56   Financial cryptography, e.g...

H04L 2463/062   applying encryption of the ...

H04L 63/065   for group communications cr...

H04L 9/3226   using a predetermined code,...

H04L 9/3263   involving certificates, e.g...

System and method to package security credentials for later use

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to package security credentials for later use

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links