Domain ID service

US 8,006,295 B2
Filed: 06/28/2007
Issued: 08/23/2011
Est. Priority Date: 06/28/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A domain identification system comprising at least one processor, the system comprising:

a principal from a plurality of principals;

an identifier generation component that generates, with the at least one processor, a mnemonically meaningless persistent identifier and assigns the mnemonically meaningless persistent identifier to the principal, wherein the principal is a member of a neighborhood comprising the plurality of principals;

a binding component that binds the mnemonically meaningless persistent identifier to a public key by a binding, the public key is used to authenticate the principal in a networked environment; and

a sharing component that shares the mnemonically meaningless persistent identifier and the binding with at least one another principal from the plurality of principals, wherein;

the principal is configured to receive an authentication request and query the plurality of principals in the neighborhood to determine whether at least one principal from the plurality of principals is familiar with a binding that can authenticate a source of the authentication request, andthe principal is further configured to, when the principal is a member of at least one other neighborhood and when it is determined that none of the plurality of principals in the neighborhood is familiar with the binding that can authenticate the source of the authentication request, forward the authentication request to at least one other principal in the at least one other neighborhood.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members'"'"' binding.

Citations

18 Claims

1. A domain identification system comprising at least one processor, the system comprising:
- a principal from a plurality of principals;
  
  an identifier generation component that generates, with the at least one processor, a mnemonically meaningless persistent identifier and assigns the mnemonically meaningless persistent identifier to the principal, wherein the principal is a member of a neighborhood comprising the plurality of principals;
  
  a binding component that binds the mnemonically meaningless persistent identifier to a public key by a binding, the public key is used to authenticate the principal in a networked environment; and
  
  a sharing component that shares the mnemonically meaningless persistent identifier and the binding with at least one another principal from the plurality of principals, wherein;
  
  the principal is configured to receive an authentication request and query the plurality of principals in the neighborhood to determine whether at least one principal from the plurality of principals is familiar with a binding that can authenticate a source of the authentication request, andthe principal is further configured to, when the principal is a member of at least one other neighborhood and when it is determined that none of the plurality of principals in the neighborhood is familiar with the binding that can authenticate the source of the authentication request, forward the authentication request to at least one other principal in the at least one other neighborhood.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, further comprising a uniqueness verification component that verifies the uniqueness of the mnemonically meaningless persistent identifier.
  - 3. The system of claim 1, wherein the principal is a domain controller and wherein the system assigns a relative identifier to a device authenticated to a domain controlled by the domain controller.
  - 4. The system of claim 2, wherein at least one of the identifier generation component or the uniqueness verification component resides on the principal that has been assigned the mnemonically meaningless persistent identifier.
  - 5. The system of claim 2, wherein at least one of the identifier generation component or the uniqueness verification component resides on at least one principal other than the principal that has been assigned the mnemonically meaningless persistent identifier.
  - 6. The system of claim 1, wherein the principal comprises a private key.
  - 7. The system of claim 1, wherein each of the plurality of principals in the neighborhood has a key and a mnemonically meaningless persistent identifier that is bound to the key by a binding, and wherein the principal is familiar with the mnemonically meaningless persistent identifier and the binding of each of the plurality of principals.
  - 8. The system of claim 7, wherein members of the neighborhood store the bindings of other members of the neighborhood in a library.
  - 9. The system of claim 8, wherein the principal instructs the at least one principal from the plurality of principals in the neighborhood to search a library of the at least one principal for a binding that can verify the authentication request.

10. A method for utilizing an identifier for a principal from a plurality of principals that is a member of a neighborhood comprising the plurality of principals, the method comprising:
- with at least one processor;
  
  generating a mnemonically meaningless persistent identifier for the principal;
  
  binding the mnemonically meaningless persistent identifier to a key by a binding;
  
  verifying that the mnemonically meaningless persistent identifier is different from each of a plurality of mnemonically meaningless persistent identifiers assigned to the plurality of principals in the neighborhood;
  
  when it is verified that the mnemonically meaningless persistent identifier is different from each of the plurality of mnemonically meaningless persistent identifiers, assigning the mnemonically meaningless persistent identifier and the binding to the principal;
  
  receiving an authentication request and, when the principal is not familiar with a binding that can authenticate a source of the authentication request, querying the plurality of principals in the neighborhood to determine whether at least one principal from the plurality of principals is familiar with the binding that can authenticate the source of the authentication request; and
  
  when the principal is a member of at least one other neighborhood and when it is determined that none of the plurality of principals in the neighborhood is familiar with the binding that can authenticate the source of the authentication request, forwarding the authentication request to at least one other principal in the at least one other neighborhood.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, performed by the principal that has been assigned the mnemonically meaningless identifier.
  - 12. The method of claim 10, performed by a supervising principal on behalf of another principal.
  - 13. The method of claim 10, further comprising generating a second mnemonically meaningless identifier if the mnemonically meaningless identifier has already been assigned.
  - 14. The method of claim 10, further comprising sharing the mnemonically meaningless persistent identifier and the binding assigned to the principal with the plurality of principals.
  - 15. The method of claim 14, further comprising receiving the request for authentication from the source comprising a second principal.
  - 16. The method of claim 15, wherein the second principal is a member of the neighborhood.
  - 17. The method of claim 10, wherein, when it is determined that none of the plurality of principals is familiar with the binding between the key and the identifier of the source of the authentication request, forwarding the authentication request to the at least one other principal in the at least one other neighborhood comprises requesting that the at least one another principal in the at least one other neighborhood verify the source of authentication the request.

18. A computer system for domain identification comprising at least one processor, the computer system comprising:
- means for generating, with the at least one processor, a mnemonically meaningless persistent identifier;
  
  means for verifying, with the at least one processor, that the mnemonically meaningless persistent identifier is different from each of a plurality of mnemonically meaningless persistent identifiers assigned to a plurality of principals in a neighborhood;
  
  means for assigning the generated mnemonically meaningless persistent identifier to a principal from the plurality of principals when it is verified that the mnemonically meaningless persistent identifier is different from each of the plurality of mnemonically meaningless persistent identifiers;
  
  means for binding the generated mnemonically meaningless persistent identifier to a key held by the principal;
  
  means for receiving an authentication request and querying the plurality of principals in the neighborhood to determine whether at least one principal from the plurality of principals is familiar with a binding between a key and an identifier of a source of the authentication request; and
  
  means for, when the principal is a member of at least one other neighborhood and when it is determined that none of the plurality of principals in the neighborhood is familiar with the binding between the key and the identifier of the source of the authentication request, forwarding the authentication request to at least one other principal in the at least one other neighborhood.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Lampson, Butler W., Pandya, Ravindra N., Leach, Paul J., Dunn, Melissa W., Ellison, Carl M., Kaufman, Charles W.
Primary Examiner(s)
Zee; Edward

Application Number

US11/770,677
Publication Number

US 20090007247A1
Time in Patent Office

1,517 Days
Field of Search

713168-171, 713/155, 713/156, 713/182, 713/185, 726/10, 726/5, 726/6, 380/279, 380/280, 380/282
US Class Current

726/10
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 2221/2115   Third party

G06F 2221/2129   Authenticate client device ...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

H04L 63/145   the attack involving the pr...

H04L 9/0891   Revocation or update of sec...

Domain ID service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Domain ID service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links