User authentication in a cloud environment

US 9,124,569 B2
Filed: 06/14/2013
Issued: 09/01/2015
Est. Priority Date: 06/14/2013
Status: Active Grant

First Claim

Patent Images

1. A client computer system comprising the following:

one or more processors;

system memory;

one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, causes the computing system to perform a method for authenticating a user to a remote application provisioning service, the method comprising the following;

an act of receiving one or more authentication credentials from a user at the client computing system to authenticate the user to a remote application provisioning service that provides virtual machine-hosted remote applications;

an act of sending the received authentication credentials to an authentication service, the authentication service being configured to generate an encrypted token based on the received authentication credentials;

an act of receiving the generated encrypted token from the authentication service;

an act of storing the received encrypted token and the received authentication credentials in a data store; and

an act of sending the encrypted token and the authentication credentials to a virtual machine that is hosting a particular application prior to the particular application being instantiated for the user, the encrypted token being used with the authentication credentials to facilitate a logon at the virtual machine.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to authenticating a user to a remote application provisioning service. In one scenario, a client computer system receives authentication credentials from a user at to authenticate the user to a remote application provisioning service that provides virtual machine-hosted remote applications. The client computer system sends the received authentication credentials to an authentication service, which is configured to generate an encrypted token based on the received authentication credentials. The client computer system then receives the generated encrypted token from the authentication service, stores the received encrypted token and the received authentication credentials in a data store, and sends the encrypted token to the remote application provisioning service. The encrypted token indicates to the remote application provisioning service that the user is a valid user.

Citations

20 Claims

1. A client computer system comprising the following:
- one or more processors;
  
  system memory;
  
  one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, causes the computing system to perform a method for authenticating a user to a remote application provisioning service, the method comprising the following;
  
  an act of receiving one or more authentication credentials from a user at the client computing system to authenticate the user to a remote application provisioning service that provides virtual machine-hosted remote applications;
  
  an act of sending the received authentication credentials to an authentication service, the authentication service being configured to generate an encrypted token based on the received authentication credentials;
  
  an act of receiving the generated encrypted token from the authentication service;
  
  an act of storing the received encrypted token and the received authentication credentials in a data store; and
  
  an act of sending the encrypted token and the authentication credentials to a virtual machine that is hosting a particular application prior to the particular application being instantiated for the user, the encrypted token being used with the authentication credentials to facilitate a logon at the virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The client computer system of claim 1, the method further comprising:
    - an act of sending the encrypted token to the remote application provisioning service, the encrypted token indicating to the remote application provisioning service that the user is a valid user;
      
      an act of receiving from the remote application provisioning service an indication of one or more remote applications the user is allowed to access, including the particular application;
      
      an act of receiving from the user an indication indicating that the particular application is to be instantiated; and
      
      upon being authenticated to the virtual machine that is hosting the specified remote application, an act of accessing the particular application.
  - 3. The client computer system of claim 2, wherein the token is encrypted such that it is only decryptable by the virtual machine that is hosting the particular application.
  - 4. The client computer system of claim 3, wherein the specified remote application is accessed using a remote desktop protocol (RDP) session established between the virtual machine and the client computer system.
  - 5. The client computer system of claim 1, wherein a previously generated, cached encrypted token is sent with the user'"'"'s authentication credentials to the remote application provisioning service.
  - 6. The client computer system of claim 1, wherein one or more portions of connection data are sent to the remote application provisioning service in addition to the encrypted token, the connection data indicating how the connection between the client computer system and the remote application provisioning service is to be established.
  - 7. The client computer system of claim 1, wherein the authentication service further verifies that the user is a member of an organization that is providing the virtual machine-hosted remote applications.
  - 8. The client computer system of claim 1, wherein the authentication credentials are received at a web page provided by the remote application provisioning service.
  - 9. The client computer system of claim 1, wherein the authentication credentials are received from a remote application that was presented in a list of remote applications to which the user is subscribed.
  - 10. The client computer system of claim 1, the method further comprising:
    - an act of determining that a specified period of time has elapsed since the encrypted token was generated; and
      
      an act of resending the user'"'"'s authentication credentials to the authentication service for reissuance of the token.
  - 11. The client computer system of claim 1, wherein the token is sent to the remote application provisioning service in a hypertext transfer protocol (HTTP) header.

12. One or more computer hardware storage device having stored computer-executable instructions that are executable by one or more processor of a computing system for implementing the following:
- receiving one or more authentication credentials from a user at the client computing system to authenticate the user to a remote application provisioning service that provides virtual machine-hosted remote applications;
  
  sending the received authentication credentials to an authentication service, the authentication service being configured to generate an encrypted token based on the received authentication credentials;
  
  receiving the generated encrypted token from the authentication service;
  
  storing the received encrypted token and the received authentication credentials in a data store; and
  
  sending the encrypted token and the authentication credentials to a virtual machine that is hosting a particular application prior to the particular application being instantiated for the user, the encrypted token being used with the authentication credentials to facilitate a logon at the virtual machine.
- View Dependent Claims (13, 14, 15)
- - 13. The one or more computer hardware storage device of claim 12, wherein the token is encrypted such that it is only decryptable by the virtual machine that is hosting the particular application.
  - 14. The one or more computer hardware storage device of claim 12, wherein a previously generated, cached encrypted token is sent with the user'"'"'s authentication credentials to the remote application provisioning service.
  - 15. The one or more computer hardware storage device of claim 12, the stored computer-executable instructions further being executable by the one or more processor for implementing the following:
    - an act of determining that a specified period of time has elapsed since the encrypted token was generated; and
      
      an act of resending the user'"'"'s authentication credentials to the authentication service for reissuance of the token.

16. A computer-implemented method for authenticating a user to a remote application provisioning service, the method comprising the following:
- receiving one or more authentication credentials from a user at the client computing system to authenticate the user to a remote application provisioning service that provides virtual machine-hosted remote applications;
  
  sending the received authentication credentials to an authentication service, the authentication service being configured to generate an encrypted token based on the received authentication credentials;
  
  receiving the generated encrypted token from the authentication service;
  
  storing the received encrypted token and the received authentication credentials in a data store; and
  
  sending the encrypted token and the authentication credentials to a virtual machine that is hosting a particular application prior to the particular application being instantiated for the user, the encrypted token being used with the authentication credentials to facilitate a logon at the virtual machine.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the token is encrypted such that it is only decryptable by the virtual machine that is hosting the particular application.
  - 18. The method of claim 16, wherein a previously generated, cached encrypted token is sent with the user'"'"'s authentication credentials to the remote application provisioning service.
  - 19. The method of claim 16, the method further comprising the following:
    - an act of determining that a specified period of time has elapsed since the encrypted token was generated; and
      
      an act of resending the user'"'"'s authentication credentials to the authentication service for reissuance of the token.
  - 20. The method of claim 16, the method further comprising:
    - an act of sending the encrypted token to the remote application provisioning service, the encrypted token indicating to the remote application provisioning service that the user is a valid user;
      
      an act of receiving from the remote application provisioning service an indication of one or more remote applications the user is allowed to access, including the particular application;
      
      an act of receiving from the user an indication indicating that the particular application is to be instantiated; and
      
      upon being authenticated to the virtual machine that is hosting the specified remote application, an act of accessing the particular application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Hussain, Amjad, Eremenko, Andrew, Alladi, Mahadeva Kumar, Sampath, Sriram, Scott, Tristan William, Howe, Travis Michael, Ben-Shachar, Ido Miles
Primary Examiner(s)
SHOLEMAN, ABU S

Application Number

US13/917,861
Publication Number

US 20140373126A1
Time in Patent Office

809 Days
Field of Search

729/8, 729/9, 729/10, 726/9, 726/22, 726/26, 713/155, 713/168, 713/183, 713/184
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 2463/062   applying encryption of the ...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

User authentication in a cloud environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication in a cloud environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links