DE60225378D1 - Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten - Google Patents

Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten

Info

Publication number
DE60225378D1
DE60225378D1 DE60225378T DE60225378T DE60225378D1 DE 60225378 D1 DE60225378 D1 DE 60225378D1 DE 60225378 T DE60225378 T DE 60225378T DE 60225378 T DE60225378 T DE 60225378T DE 60225378 D1 DE60225378 D1 DE 60225378D1
Authority
DE
Germany
Prior art keywords
client
delegation
server
systems
controlling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE60225378T
Other languages
English (en)
Other versions
DE60225378T2 (de
Inventor
John E Brezak
Richard B Ward
Donald E Schmidt
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Application granted granted Critical
Publication of DE60225378D1 publication Critical patent/DE60225378D1/de
Publication of DE60225378T2 publication Critical patent/DE60225378T2/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Collating Specific Patterns (AREA)
DE60225378T 2001-06-20 2002-05-14 Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten Expired - Lifetime DE60225378T2 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US886146 1986-07-16
US09/886,146 US7698381B2 (en) 2001-06-20 2001-06-20 Methods and systems for controlling the scope of delegation of authentication credentials

Publications (2)

Publication Number Publication Date
DE60225378D1 true DE60225378D1 (de) 2008-04-17
DE60225378T2 DE60225378T2 (de) 2009-03-26

Family

ID=25388472

Family Applications (2)

Application Number Title Priority Date Filing Date
DE60225378T Expired - Lifetime DE60225378T2 (de) 2001-06-20 2002-05-14 Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten
DE60227427T Expired - Lifetime DE60227427D1 (de) 2001-06-20 2002-05-14 Verfahren und System zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten

Family Applications After (1)

Application Number Title Priority Date Filing Date
DE60227427T Expired - Lifetime DE60227427D1 (de) 2001-06-20 2002-05-14 Verfahren und System zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten

Country Status (6)

Country Link
US (1) US7698381B2 (de)
EP (2) EP1271882B1 (de)
JP (1) JP4298969B2 (de)
AT (2) ATE400130T1 (de)
AU (2) AU785166B2 (de)
DE (2) DE60225378T2 (de)

Families Citing this family (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7444368B1 (en) * 2000-02-29 2008-10-28 Microsoft Corporation Methods and systems for selecting methodology for authenticating computer systems on a per computer system or per user basis
US7237257B1 (en) 2001-04-11 2007-06-26 Aol Llc Leveraging a persistent connection to access a secured service
US20030236977A1 (en) * 2001-04-25 2003-12-25 Levas Robert George Method and system for providing secure access to applications
US7562146B2 (en) * 2003-10-10 2009-07-14 Citrix Systems, Inc. Encapsulating protocol for session persistence and reliability
US20050198379A1 (en) * 2001-06-13 2005-09-08 Citrix Systems, Inc. Automatically reconnecting a client across reliable and persistent communication sessions
US7698381B2 (en) 2001-06-20 2010-04-13 Microsoft Corporation Methods and systems for controlling the scope of delegation of authentication credentials
US7428749B2 (en) * 2001-08-03 2008-09-23 International Business Machines Corporation Secure delegation using public key authorization
US7818792B2 (en) * 2002-02-04 2010-10-19 General Instrument Corporation Method and system for providing third party authentication of authorization
US7661129B2 (en) * 2002-02-26 2010-02-09 Citrix Systems, Inc. Secure traversal of network components
US7984157B2 (en) * 2002-02-26 2011-07-19 Citrix Systems, Inc. Persistent and reliable session securely traversing network components using an encapsulating protocol
GB2392590B (en) * 2002-08-30 2005-02-23 Toshiba Res Europ Ltd Methods and apparatus for secure data communication links
US7546633B2 (en) 2002-10-25 2009-06-09 Microsoft Corporation Role-based authorization management framework
JP2005064770A (ja) * 2003-08-11 2005-03-10 Ricoh Co Ltd 情報処理装置、認証装置、外部装置、証明情報取得方法、認証方法、機能提供方法、証明情報取得プログラム、認証プログラム、機能提供プログラム及び記録媒体
US7827595B2 (en) * 2003-08-28 2010-11-02 Microsoft Corporation Delegated administration of a hosted resource
US8255422B2 (en) * 2004-05-28 2012-08-28 Microsoft Corporation Highly reliable and scalable architecture for data centers
US7617501B2 (en) 2004-07-09 2009-11-10 Quest Software, Inc. Apparatus, system, and method for managing policies on a computer having a foreign operating system
GB0419479D0 (en) * 2004-09-02 2004-10-06 Cryptomathic Ltd Data certification methods and apparatus
US8042165B2 (en) * 2005-01-14 2011-10-18 Citrix Systems, Inc. Method and system for requesting and granting membership in a server farm
US20060236385A1 (en) * 2005-01-14 2006-10-19 Citrix Systems, Inc. A method and system for authenticating servers in a server farm
JP4602099B2 (ja) * 2005-01-25 2010-12-22 日本電信電話株式会社 アクセスコード発行システム、アクセスコード発行方法およびアクセスコード発行プログラム
EP1955251A2 (de) 2005-10-11 2008-08-13 Citrix Systems, Inc. Systeme und verfahren zum ermöglichen einer verteilten authentifikation
US7904949B2 (en) * 2005-12-19 2011-03-08 Quest Software, Inc. Apparatus, systems and methods to provide authentication services to a legacy application
US8087075B2 (en) 2006-02-13 2011-12-27 Quest Software, Inc. Disconnected credential validation using pre-fetched service tickets
US8429712B2 (en) * 2006-06-08 2013-04-23 Quest Software, Inc. Centralized user authentication system apparatus and method
WO2008018055A2 (en) * 2006-08-09 2008-02-14 Neocleus Ltd Extranet security
JP4948119B2 (ja) * 2006-10-26 2012-06-06 株式会社リコー なりすまし防止方法、画像処理装置、なりすまし防止プログラム及び記録媒体
US8086710B2 (en) 2006-10-30 2011-12-27 Quest Software, Inc. Identity migration apparatus and method
US7895332B2 (en) * 2006-10-30 2011-02-22 Quest Software, Inc. Identity migration system apparatus and method
US7942739B2 (en) 2006-11-15 2011-05-17 Cfph, Llc Storing information from a verification device and accessing the information from a gaming device to verify that the gaming device is communicating with a server
US7942740B2 (en) 2006-11-15 2011-05-17 Cfph, Llc Verifying a first device is in communications with a server by storing a value from the first device and accessing the value from a second device
US7942742B2 (en) 2006-11-15 2011-05-17 Cfph, Llc Accessing identification information to verify a gaming device is in communications with a server
US7942741B2 (en) * 2006-11-15 2011-05-17 Cfph, Llc Verifying whether a device is communicating with a server
US7942738B2 (en) * 2006-11-15 2011-05-17 Cfph, Llc Verifying a gaming device is in communications with a gaming server
US8012015B2 (en) 2006-11-15 2011-09-06 Cfph, Llc Verifying whether a gaming device is communicating with a gaming server
US10068421B2 (en) * 2006-11-16 2018-09-04 Cfph, Llc Using a first device to verify whether a second device is communicating with a server
US9055107B2 (en) * 2006-12-01 2015-06-09 Microsoft Technology Licensing, Llc Authentication delegation based on re-verification of cryptographic evidence
WO2008114256A2 (en) * 2007-03-22 2008-09-25 Neocleus Ltd. Trusted local single sign-on
EP2043016A1 (de) * 2007-09-27 2009-04-01 Nxp B.V. Verfahren, System, zuverlässiger Dienstmanager, Dienstanbieter und Speicherelement zur Verwaltung von Zugangsrechten für zuverlässige Anwendungen
US8474037B2 (en) * 2008-01-07 2013-06-25 Intel Corporation Stateless attestation system
US9973491B2 (en) * 2008-05-16 2018-05-15 Oracle International Corporation Determining an identity of a third-party user in an SAML implementation of a web-service
US8910257B2 (en) * 2008-07-07 2014-12-09 Microsoft Corporation Representing security identities using claims
US8863234B2 (en) * 2008-08-06 2014-10-14 The Boeing Company Collaborative security and decision making in a service-oriented environment
US20100175113A1 (en) * 2009-01-05 2010-07-08 International Business Machine Corporation Secure System Access Without Password Sharing
US8255984B1 (en) 2009-07-01 2012-08-28 Quest Software, Inc. Single sign-on system for shared resource environments
US10454674B1 (en) * 2009-11-16 2019-10-22 Arm Limited System, method, and device of authenticated encryption of messages
US9231758B2 (en) * 2009-11-16 2016-01-05 Arm Technologies Israel Ltd. System, device, and method of provisioning cryptographic data to electronic devices
JP5024404B2 (ja) * 2010-03-03 2012-09-12 コニカミノルタビジネステクノロジーズ株式会社 画像処理システム、情報処理装置、プログラムおよびジョブ実行方法
US20120072972A1 (en) * 2010-09-20 2012-03-22 Microsoft Corporation Secondary credentials for batch system
AU2010246354B1 (en) * 2010-11-22 2011-11-03 Microsoft Technology Licensing, Llc Back-end constrained delegation model
US8839357B2 (en) * 2010-12-22 2014-09-16 Canon U.S.A., Inc. Method, system, and computer-readable storage medium for authenticating a computing device
US8701169B2 (en) * 2011-02-11 2014-04-15 Certicom Corp. Using a single certificate request to generate credentials with multiple ECQV certificates
US8973108B1 (en) * 2011-05-31 2015-03-03 Amazon Technologies, Inc. Use of metadata for computing resource access
US9058467B2 (en) 2011-09-01 2015-06-16 Microsoft Corporation Distributed computer systems with time-dependent credentials
US8640210B2 (en) 2011-09-01 2014-01-28 Microsoft Corporation Distributed computer systems with time-dependent credentials
US9032492B2 (en) 2011-09-01 2015-05-12 Microsoft Corporation Distributed computer systems with time-dependent credentials
US9047456B2 (en) * 2012-03-20 2015-06-02 Canon Information And Imaging Solutions, Inc. System and method for controlling access to a resource
GB2512062A (en) 2013-03-18 2014-09-24 Ibm A method for secure user authentication in a dynamic network
US9509684B1 (en) * 2015-10-14 2016-11-29 FullArmor Corporation System and method for resource access with identity impersonation
US9762563B2 (en) 2015-10-14 2017-09-12 FullArmor Corporation Resource access system and method
US9450944B1 (en) 2015-10-14 2016-09-20 FullArmor Corporation System and method for pass-through authentication
CN108737093B (zh) * 2017-04-13 2022-07-12 山东量子科学技术研究院有限公司 一种加密的方法、装置及系统

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586260A (en) 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
US5590199A (en) 1993-10-12 1996-12-31 The Mitre Corporation Electronic information network user authentication and authorization system
US5764890A (en) 1994-12-13 1998-06-09 Microsoft Corporation Method and system for adding a secure network server to an existing computer network
US5864665A (en) 1996-08-20 1999-01-26 International Business Machines Corporation Auditing login activity in a distributed computing environment
US5684950A (en) * 1996-09-23 1997-11-04 Lockheed Martin Corporation Method and system for authenticating users to multiple computer servers via a single sign-on
US5875296A (en) 1997-01-28 1999-02-23 International Business Machines Corporation Distributed file system web server user authentication with cookies
US5923756A (en) * 1997-02-12 1999-07-13 Gte Laboratories Incorporated Method for providing secure remote command execution over an insecure computer network
US6453419B1 (en) 1998-03-18 2002-09-17 Secure Computing Corporation System and method for implementing a security policy
US6199113B1 (en) * 1998-04-15 2001-03-06 Sun Microsystems, Inc. Apparatus and method for providing trusted network security
US6405312B1 (en) 1998-09-04 2002-06-11 Unisys Corporation Kerberos command structure and method for enabling specialized Kerbero service requests
US6298383B1 (en) * 1999-01-04 2001-10-02 Cisco Technology, Inc. Integration of authentication authorization and accounting service and proxy service
US6601171B1 (en) 1999-02-18 2003-07-29 Novell, Inc. Deputization in a distributed computing system
US6643774B1 (en) * 1999-04-08 2003-11-04 International Business Machines Corporation Authentication method to enable servers using public key authentication to obtain user-delegated tickets
CN1224620C (zh) 1999-05-04 2005-10-26 纳幕尔杜邦公司 生产氟化环氧化物的方法和有关聚合物
US6769068B1 (en) * 1999-09-02 2004-07-27 International Business Machines Corporation Dynamic credential refresh in a distributed system
US6401211B1 (en) * 1999-10-19 2002-06-04 Microsoft Corporation System and method of user logon in combination with user authentication for network access
US6678733B1 (en) 1999-10-26 2004-01-13 At Home Corporation Method and system for authorizing and authenticating users
US7113994B1 (en) * 2000-01-24 2006-09-26 Microsoft Corporation System and method of proxy authentication in a secured network
DE60124458D1 (de) 2000-06-30 2006-12-28 Microsoft Corp Vorrichtungen und Verfahren für delegierte Zugangsberechtigung von Zusammenfassungsinformation
US20020150253A1 (en) 2001-04-12 2002-10-17 Brezak John E. Methods and arrangements for protecting information in forwarded authentication messages
US7698381B2 (en) 2001-06-20 2010-04-13 Microsoft Corporation Methods and systems for controlling the scope of delegation of authentication credentials
US7246230B2 (en) 2002-01-29 2007-07-17 Bea Systems, Inc. Single sign-on over the internet using public-key cryptography
US20030188193A1 (en) 2002-03-28 2003-10-02 International Business Machines Corporation Single sign on for kerberos authentication
US7401235B2 (en) 2002-05-10 2008-07-15 Microsoft Corporation Persistent authorization context based on external authentication

Also Published As

Publication number Publication date
EP1271882A3 (de) 2004-09-29
DE60225378T2 (de) 2009-03-26
ATE388564T1 (de) 2008-03-15
US20030018913A1 (en) 2003-01-23
JP4298969B2 (ja) 2009-07-22
ATE400130T1 (de) 2008-07-15
EP1619856A1 (de) 2006-01-25
EP1271882B1 (de) 2008-03-05
US7698381B2 (en) 2010-04-13
DE60227427D1 (de) 2008-08-14
AU2007200114B2 (en) 2009-08-27
EP1271882A2 (de) 2003-01-02
AU785166B2 (en) 2006-10-12
AU4242502A (en) 2003-01-02
EP1619856B1 (de) 2008-07-02
JP2003099401A (ja) 2003-04-04
AU2007200114A1 (en) 2007-02-01

Similar Documents

Publication Publication Date Title
DE60225378D1 (de) Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten
DE60205289D1 (de) System und Verfahren zur gesicherte Funkübertragung von Konfigurationsdaten
DE69935030D1 (de) System und Verfahren zur Web-Server Benutzerauthentifizierung
WO2004015542A3 (en) Method for controlling access to informational objects
ATE505890T1 (de) System und verfahren zur sicheren authentifizierungsinformationsverteilung
ATE375646T1 (de) Registrierung bzw. unter-registrierung eines servers für die verwaltung digitaler rechte in einer architektur zur verwaltung digitaler rechte
ATE406748T1 (de) Gesteuerter zugriff auf informationen über datennetze
NO20032094L (no) Vedvarende autentiseringskontekst basert på ekstern autentisering
ATE508422T1 (de) Kommunikationsvorrichtung, -methode, und - programm zur überprüfung der durchführungsrechte der software
EP1320011A3 (de) Verfahren und Architektur zur durchdringenden Absicherung von digitalen Gütern
WO2003100544A3 (en) Method for authenticating a user to a service of a service provider
PL363770A1 (en) Method and system designed to authenticate user for sub-location of network location
DE60042275D1 (de) System und verfahren zur dynamischen berechtigung, authentifizierung und abrechnung in netzwerken
ATE410020T1 (de) Verfahren und system zur sicheren konfiguration eines client-gerätes
ATE433641T1 (de) Verfahren und system zur ortsbasierten kontrolle von zugangsprivilegien
WO2002023798A8 (en) System for protecting objects distributed over a network
BR0305273A (pt) Sistema e método para transmitir informação reduzida de um certificado para executar operações de criptografia
WO2006028488A3 (en) Authentication of users and computer systems
WO2004034180A3 (en) Processes and systems for enabling secure and controlled distribution and use of information
ATE516650T1 (de) Verfahren und vorrichtung zur zugangskontrolle persönlicher information
DE60040908D1 (de) Verfahren und vorrichtung zur authentifizierung und digitalen signaturerzeugung einer nachricht, mit der hilfe von kleineren challenge-daten
DE602005011816D1 (de) System und Verfahren zur Bereitstellung von Codesignierungs-Diensten
ATE321411T1 (de) Verfahren, ortungsagent, verteiltes ortungssytem und computer software produkt zur koordinierung von positionsabhängigen informationen, diensten und aufgaben
ATE374490T1 (de) Verfahren und vorrichtung zur sicheren verteilung von authentifizierungsdaten an umherstreifende teilnehmer
WO2001035565A3 (en) Method and system for authorizing and authenticating users

Legal Events

Date Code Title Description
8364 No opposition during term of opposition