Information security – Prevention of unauthorized use of data including prevention... – Access control
Reexamination Certificate
2007-02-06
2007-02-06
Smithers, Matthew (Department: 2137)
Information security
Prevention of unauthorized use of data including prevention...
Access control
C726S006000, C713S185000
Reexamination Certificate
active
10790975
ABSTRACT:
Methods and apparatuses are provided for limiting access, by users of a networked computer system, to networked services on the computer system. More specifically, the present invention facilitates limiting access by other users to a first user's credential that can be used to facilitate access to networked services. A method includes authenticating a user, determining a credential for that user, and generating a corresponding random secret. The credential is stored in memory that can only be accessed through execution of a local security authority (LSA). The random secret is written to a secret file that is readable and writeable only by the user. When the user initiates an application, a security library associated with the application reads the random secret from the secret file and passes the secret to the LSA. The LSA identifies the credential corresponding to that secret and return a credential handle to the application client via the security library. The application client can use the credential handle to have the LSA use the credential on its behalf; in the Kerberos case, the LSA obtains GSSAPI Kerberos tokens and returns them to the application. The technique is also used in combination with the Unix setuid mechanism to allow one or more programs to have all of the user's network rights while all other programs have one of one or more subsets of the user's rights. Additional embodiments of the present invention also include computer readable medium with program instructions and a computer system configured to perform the above operations.
REFERENCES:
patent: 5944824 (1999-08-01), He
patent: 6189098 (2001-02-01), Kaliski, Jr.
patent: 6349338 (2002-02-01), Seamons et al.
patent: 6510523 (2003-01-01), Perlman et al.
patent: 6775783 (2004-08-01), Trostle
Cisco Technology Inc.
Hickman Palermo & Truong & Becker LLP
Smithers Matthew
LandOfFree
Client security for networked applications does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Client security for networked applications, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Client security for networked applications will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3886651