Secure delegation using public key authentication
First Claim
Patent Images
1. A method of authenticating a client, comprising:
- receiving a pre-nonce token and a common nonce that has been signed by a client at a back-end server of a plurality of back-end servers from a middle tier server that is impersonating the client, wherein;
the pre-nonce token comprises a combination of pre-nonce contributions from the plurality of back-end servers;
the common nonce is created by hashing the pre-nonce token and is generated from an entity other than the client that the middle tier server is impersonating or the plurality of back-end servers that the middle tier server is to interact with on behalf of the client;
authenticating the client based on the received signed common nonce;
hashing the pre-nonce token using the same hashing technique used to create the common nonce from the pre-nonce token; and
verifying the middle tier server based upon a comparison of the received common nonce and hashed value of the received pre-nonce token.
0 Assignments
0 Petitions
Accused Products
Abstract
A client is impersonalized to a plurality of servers using a middle-tier server. A common nonce associated with each of the plurality of servers is obtained and the common nonce is provided to the client. The common nonce signed by the client is received at the middle-tier server and provided as a signature for transactions from the client to the plurality of servers so as to authenticate the client to the plurality of servers.
26 Citations
21 Claims
-
1. A method of authenticating a client, comprising:
-
receiving a pre-nonce token and a common nonce that has been signed by a client at a back-end server of a plurality of back-end servers from a middle tier server that is impersonating the client, wherein; the pre-nonce token comprises a combination of pre-nonce contributions from the plurality of back-end servers; the common nonce is created by hashing the pre-nonce token and is generated from an entity other than the client that the middle tier server is impersonating or the plurality of back-end servers that the middle tier server is to interact with on behalf of the client; authenticating the client based on the received signed common nonce; hashing the pre-nonce token using the same hashing technique used to create the common nonce from the pre-nonce token; and verifying the middle tier server based upon a comparison of the received common nonce and hashed value of the received pre-nonce token. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for authenticating a client, comprising:
-
a computer usable storage medium having computer readable program code embodied therein, the computer readable program code comprising; computer readable program code that receives a pre-nonce token and a common nonce that has been signed by a client at a back-end server of a plurality of back-end servers from a middle tier server that is impersonating the client, wherein; the pre-nonce token comprises a combination of pre-nonce contributions from the plurality of back-end servers; the common nonce is created by hashing the pre-nonce token and is generated from an entity other than the client that the middle tier server is impersonating or the plurality of back-end servers that the middle tier server is to interact with on behalf of the client; computer readable program code that authenticates the client based on the received signed common nonce; computer readable program code that hashes the pre-nonce token using the same hashing technique used to create the common nonce from the pre-nonce token; and computer readable program code that verifies the middle tier server based upon a comparison of the received common nonce and hashed value of the received pre-nonce token. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for authenticating a client, comprising:
-
a back-end server of a plurality of back-end servers in data communication with a middle tier server, each back-end server having a processor, memory and program code resident in the memory, where the program code resident in the memory is executable by the processor to authenticate a client by executing code configured to; receive a pre-nonce token and a common nonce that has been signed by a client at a back-end server of a plurality of back-end servers from a middle tier server that is impersonating the client, wherein; the pre-nonce token comprises a combination of pre-nonce contributions from the plurality of back-end servers; the common nonce is created by hashing the pre-nonce token and is generated from an entity other than the client that the middle tier server is impersonating or the plurality of back-end servers that the middle tier server is to interact with on behalf of the client; authenticate the client based on the received signed common nonce; hash the pre-nonce token using the same hashing technique used to create the common nonce from the pre-nonce token; and verify the middle tier server based upon a comparison of the received common nonce and hashed value of the received pre-nonce token. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification