Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
2011-03-22
2011-03-22
Vu, Kimyen (Department: 2435)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S169000, C713S171000, C726S022000, C709S229000
Reexamination Certificate
active
07913084
ABSTRACT:
A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g., a trusted subsystem of the Local Security Authority (LSA), has access to the clear text credentials such that neither the calling application of the Cred SSP APIs on the server side nor the calling application of the Cred SSP APIs on the client side have access to clear text credentials.
REFERENCES:
patent: 2002/0016777 (2002-02-01), Seamons et al.
patent: 2007/0210894 (2007-09-01), Park et al.
patent: 2008/0010377 (2008-01-01), Nissennboim
patent: 2009/0055642 (2009-02-01), Myers et al.
RFC 2712, “Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)”, Oct. 1999, Network Working Group, pp. 1-7.
RFC 4178, “The Simple and Protected Generic Security Service Application Program Interface (GSS-API) Negotiatin Mechanism”, Oct. 2005, Network Working Group, pp. 1-23.
Kagal et al., “Trust-Based Security in Pervasive Computing Environments,” In: IEEE Computer, 2001, 34(12), 154-157.
Hamada et al., “A Perspective on TINA Service Security Architecture,” Proceedings of WET ICE'96, 1996, 74-79.
Hess et al., “Advanced Client/Server Authentication in TLS,” Computer Science Department, Brigham Young University, 2002, 12 pages.
Chinese Office Action dated Feb. 12, 2010, issued in Application No. 200780018807.6, (8 pp).
Fathalla Mohamed Emad El Din
Hagiu Costin
Ilac Cristian
Kamel Tarek Bahaa El-Din Mahmoud
Leach Paul J.
Merchant & Gould P.C.
Microsoft Corporation
Nguy Chi
Vu Kimyen
LandOfFree
Policy driven, credential delegation for single sign on and... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Policy driven, credential delegation for single sign on and..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Policy driven, credential delegation for single sign on and... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2659567