Mashauth: using mashssl for efficient delegated authentication
First Claim
Patent Images
1. A method for efficient delegated authentication to allow a delegator entity, to delegate authority to another delegatee entity, to obtain information from, or take actions at, a third entity, on its behalf;
- the method comprising;
configuring a processor to perform the steps of;
(a) the delegatee entity sending the first SSL Client-Hello handshake message, to the third entity, via the delegator entity, which the delegatee entity authenticates, and having the delegator entity approve the submission of the request en route;
(b) the third entity replying by sending the SSL Server-Hello handshake message to the delegatee entity, via the delegator entity which the third entity authenticates, and having the delegator entity approve the submission of the response en route;
(c) the delegatee entity replying by sending the SSL Client-Key-Exchange handshake message to the third entity, via the delegator entity;
(d) the delegatee entity and the third entity agreeing on a master-secret not known to there delegator which can be used to authenticate each other; and
(e) the third entity replying by sending the SSL Server-Finished handshake message including a delegation-ticket to the delegatee entity, via the delegator entity, wherein the ticket contains parameters to be used for a session with said delegator entity including a ticked lifetime for which the session can be reused and wherein said parameters can be reused to allow a plurality of delegated authentication sessions on behalf of, and via, a different delegator entity between said delegatee and said third entities without having to reestablished session parameters during said ticket lifetime time.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a method that allows the MashSSL protocol to be used to provide a secure and efficient way for delegated authentication. The invention allows services which already have an SSL infrastructure to reuse that infrastructure for delegated authentication, and to do so in a fashion where the cryptographic overhead is amortized across multiple users, and which provides the user with greater control of what information is shared on their behalf.
-
Citations
16 Claims
-
1. A method for efficient delegated authentication to allow a delegator entity, to delegate authority to another delegatee entity, to obtain information from, or take actions at, a third entity, on its behalf;
- the method comprising;
configuring a processor to perform the steps of; (a) the delegatee entity sending the first SSL Client-Hello handshake message, to the third entity, via the delegator entity, which the delegatee entity authenticates, and having the delegator entity approve the submission of the request en route; (b) the third entity replying by sending the SSL Server-Hello handshake message to the delegatee entity, via the delegator entity which the third entity authenticates, and having the delegator entity approve the submission of the response en route; (c) the delegatee entity replying by sending the SSL Client-Key-Exchange handshake message to the third entity, via the delegator entity; (d) the delegatee entity and the third entity agreeing on a master-secret not known to there delegator which can be used to authenticate each other; and (e) the third entity replying by sending the SSL Server-Finished handshake message including a delegation-ticket to the delegatee entity, via the delegator entity, wherein the ticket contains parameters to be used for a session with said delegator entity including a ticked lifetime for which the session can be reused and wherein said parameters can be reused to allow a plurality of delegated authentication sessions on behalf of, and via, a different delegator entity between said delegatee and said third entities without having to reestablished session parameters during said ticket lifetime time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- the method comprising;
Specification