DE60225378T2 - Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten - Google Patents

Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten Download PDF

Info

Publication number
DE60225378T2
DE60225378T2 DE60225378T DE60225378T DE60225378T2 DE 60225378 T2 DE60225378 T2 DE 60225378T2 DE 60225378 T DE60225378 T DE 60225378T DE 60225378 T DE60225378 T DE 60225378T DE 60225378 T2 DE60225378 T2 DE 60225378T2
Authority
DE
Germany
Prior art keywords
server
client
service
credential
ticket
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE60225378T
Other languages
German (de)
English (en)
Other versions
DE60225378D1 (de
Inventor
John E. Woodinville Brezak
Richard B. Redmond Ward
Donald E. Redmond Schmidt
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Application granted granted Critical
Publication of DE60225378D1 publication Critical patent/DE60225378D1/de
Publication of DE60225378T2 publication Critical patent/DE60225378T2/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Collating Specific Patterns (AREA)
DE60225378T 2001-06-20 2002-05-14 Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten Expired - Lifetime DE60225378T2 (de)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US886146 1986-07-16
US09/886,146 US7698381B2 (en) 2001-06-20 2001-06-20 Methods and systems for controlling the scope of delegation of authentication credentials

Publications (2)

Publication Number Publication Date
DE60225378D1 DE60225378D1 (de) 2008-04-17
DE60225378T2 true DE60225378T2 (de) 2009-03-26

Family

ID=25388472

Family Applications (2)

Application Number Title Priority Date Filing Date
DE60225378T Expired - Lifetime DE60225378T2 (de) 2001-06-20 2002-05-14 Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten
DE60227427T Expired - Lifetime DE60227427D1 (de) 2001-06-20 2002-05-14 Verfahren und System zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten

Family Applications After (1)

Application Number Title Priority Date Filing Date
DE60227427T Expired - Lifetime DE60227427D1 (de) 2001-06-20 2002-05-14 Verfahren und System zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten

Country Status (6)

Country Link
US (1) US7698381B2 (enExample)
EP (2) EP1619856B1 (enExample)
JP (1) JP4298969B2 (enExample)
AT (2) ATE388564T1 (enExample)
AU (2) AU785166B2 (enExample)
DE (2) DE60225378T2 (enExample)

Families Citing this family (62)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7444368B1 (en) * 2000-02-29 2008-10-28 Microsoft Corporation Methods and systems for selecting methodology for authenticating computer systems on a per computer system or per user basis
US7237257B1 (en) 2001-04-11 2007-06-26 Aol Llc Leveraging a persistent connection to access a secured service
US20030236977A1 (en) * 2001-04-25 2003-12-25 Levas Robert George Method and system for providing secure access to applications
US20050198379A1 (en) * 2001-06-13 2005-09-08 Citrix Systems, Inc. Automatically reconnecting a client across reliable and persistent communication sessions
US7562146B2 (en) * 2003-10-10 2009-07-14 Citrix Systems, Inc. Encapsulating protocol for session persistence and reliability
US7698381B2 (en) 2001-06-20 2010-04-13 Microsoft Corporation Methods and systems for controlling the scope of delegation of authentication credentials
US7428749B2 (en) * 2001-08-03 2008-09-23 International Business Machines Corporation Secure delegation using public key authorization
US7818792B2 (en) * 2002-02-04 2010-10-19 General Instrument Corporation Method and system for providing third party authentication of authorization
US7661129B2 (en) * 2002-02-26 2010-02-09 Citrix Systems, Inc. Secure traversal of network components
US7984157B2 (en) * 2002-02-26 2011-07-19 Citrix Systems, Inc. Persistent and reliable session securely traversing network components using an encapsulating protocol
GB2392590B (en) * 2002-08-30 2005-02-23 Toshiba Res Europ Ltd Methods and apparatus for secure data communication links
US7546633B2 (en) 2002-10-25 2009-06-09 Microsoft Corporation Role-based authorization management framework
JP2005064770A (ja) * 2003-08-11 2005-03-10 Ricoh Co Ltd 情報処理装置、認証装置、外部装置、証明情報取得方法、認証方法、機能提供方法、証明情報取得プログラム、認証プログラム、機能提供プログラム及び記録媒体
US7827595B2 (en) * 2003-08-28 2010-11-02 Microsoft Corporation Delegated administration of a hosted resource
US8255422B2 (en) 2004-05-28 2012-08-28 Microsoft Corporation Highly reliable and scalable architecture for data centers
US7617501B2 (en) 2004-07-09 2009-11-10 Quest Software, Inc. Apparatus, system, and method for managing policies on a computer having a foreign operating system
GB0419479D0 (en) * 2004-09-02 2004-10-06 Cryptomathic Ltd Data certification methods and apparatus
US20060236385A1 (en) * 2005-01-14 2006-10-19 Citrix Systems, Inc. A method and system for authenticating servers in a server farm
US8042165B2 (en) * 2005-01-14 2011-10-18 Citrix Systems, Inc. Method and system for requesting and granting membership in a server farm
JP4602099B2 (ja) * 2005-01-25 2010-12-22 日本電信電話株式会社 アクセスコード発行システム、アクセスコード発行方法およびアクセスコード発行プログラム
WO2007047183A2 (en) 2005-10-11 2007-04-26 Citrix Systems, Inc. Systems and methods for facilitating distributed authentication
US7904949B2 (en) * 2005-12-19 2011-03-08 Quest Software, Inc. Apparatus, systems and methods to provide authentication services to a legacy application
US8087075B2 (en) * 2006-02-13 2011-12-27 Quest Software, Inc. Disconnected credential validation using pre-fetched service tickets
US8429712B2 (en) 2006-06-08 2013-04-23 Quest Software, Inc. Centralized user authentication system apparatus and method
WO2008018055A2 (en) * 2006-08-09 2008-02-14 Neocleus Ltd Extranet security
JP4948119B2 (ja) * 2006-10-26 2012-06-06 株式会社リコー なりすまし防止方法、画像処理装置、なりすまし防止プログラム及び記録媒体
US7895332B2 (en) * 2006-10-30 2011-02-22 Quest Software, Inc. Identity migration system apparatus and method
US8086710B2 (en) 2006-10-30 2011-12-27 Quest Software, Inc. Identity migration apparatus and method
US7942739B2 (en) * 2006-11-15 2011-05-17 Cfph, Llc Storing information from a verification device and accessing the information from a gaming device to verify that the gaming device is communicating with a server
US7942740B2 (en) 2006-11-15 2011-05-17 Cfph, Llc Verifying a first device is in communications with a server by storing a value from the first device and accessing the value from a second device
US7942741B2 (en) 2006-11-15 2011-05-17 Cfph, Llc Verifying whether a device is communicating with a server
US7942742B2 (en) 2006-11-15 2011-05-17 Cfph, Llc Accessing identification information to verify a gaming device is in communications with a server
US10068421B2 (en) * 2006-11-16 2018-09-04 Cfph, Llc Using a first device to verify whether a second device is communicating with a server
US7942738B2 (en) 2006-11-15 2011-05-17 Cfph, Llc Verifying a gaming device is in communications with a gaming server
US8012015B2 (en) 2006-11-15 2011-09-06 Cfph, Llc Verifying whether a gaming device is communicating with a gaming server
US9055107B2 (en) * 2006-12-01 2015-06-09 Microsoft Technology Licensing, Llc Authentication delegation based on re-verification of cryptographic evidence
WO2008114256A2 (en) * 2007-03-22 2008-09-25 Neocleus Ltd. Trusted local single sign-on
EP2043016A1 (en) * 2007-09-27 2009-04-01 Nxp B.V. Method, system, trusted service manager, service provider and memory element for managing access rights for trusted applications
US8474037B2 (en) * 2008-01-07 2013-06-25 Intel Corporation Stateless attestation system
US9973491B2 (en) * 2008-05-16 2018-05-15 Oracle International Corporation Determining an identity of a third-party user in an SAML implementation of a web-service
US8910257B2 (en) * 2008-07-07 2014-12-09 Microsoft Corporation Representing security identities using claims
US8863234B2 (en) * 2008-08-06 2014-10-14 The Boeing Company Collaborative security and decision making in a service-oriented environment
US20100175113A1 (en) * 2009-01-05 2010-07-08 International Business Machine Corporation Secure System Access Without Password Sharing
US8255984B1 (en) 2009-07-01 2012-08-28 Quest Software, Inc. Single sign-on system for shared resource environments
US10454674B1 (en) * 2009-11-16 2019-10-22 Arm Limited System, method, and device of authenticated encryption of messages
US9231758B2 (en) * 2009-11-16 2016-01-05 Arm Technologies Israel Ltd. System, device, and method of provisioning cryptographic data to electronic devices
JP5024404B2 (ja) * 2010-03-03 2012-09-12 コニカミノルタビジネステクノロジーズ株式会社 画像処理システム、情報処理装置、プログラムおよびジョブ実行方法
US20120072972A1 (en) * 2010-09-20 2012-03-22 Microsoft Corporation Secondary credentials for batch system
AU2010246354B1 (en) * 2010-11-22 2011-11-03 Microsoft Technology Licensing, Llc Back-end constrained delegation model
US8839357B2 (en) * 2010-12-22 2014-09-16 Canon U.S.A., Inc. Method, system, and computer-readable storage medium for authenticating a computing device
US8701169B2 (en) 2011-02-11 2014-04-15 Certicom Corp. Using a single certificate request to generate credentials with multiple ECQV certificates
US8973108B1 (en) * 2011-05-31 2015-03-03 Amazon Technologies, Inc. Use of metadata for computing resource access
US8640210B2 (en) 2011-09-01 2014-01-28 Microsoft Corporation Distributed computer systems with time-dependent credentials
US9058467B2 (en) 2011-09-01 2015-06-16 Microsoft Corporation Distributed computer systems with time-dependent credentials
US9032492B2 (en) 2011-09-01 2015-05-12 Microsoft Corporation Distributed computer systems with time-dependent credentials
US9047456B2 (en) * 2012-03-20 2015-06-02 Canon Information And Imaging Solutions, Inc. System and method for controlling access to a resource
GB2512062A (en) * 2013-03-18 2014-09-24 Ibm A method for secure user authentication in a dynamic network
US9762563B2 (en) 2015-10-14 2017-09-12 FullArmor Corporation Resource access system and method
US9509684B1 (en) * 2015-10-14 2016-11-29 FullArmor Corporation System and method for resource access with identity impersonation
US9450944B1 (en) 2015-10-14 2016-09-20 FullArmor Corporation System and method for pass-through authentication
CN108737093B (zh) * 2017-04-13 2022-07-12 山东量子科学技术研究院有限公司 一种加密的方法、装置及系统
JP2024127618A (ja) 2023-03-09 2024-09-20 株式会社日立製作所 委任処理装置、委任処理方法および委任処理システム

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586260A (en) * 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
US5590199A (en) * 1993-10-12 1996-12-31 The Mitre Corporation Electronic information network user authentication and authorization system
US5764890A (en) * 1994-12-13 1998-06-09 Microsoft Corporation Method and system for adding a secure network server to an existing computer network
US5864665A (en) * 1996-08-20 1999-01-26 International Business Machines Corporation Auditing login activity in a distributed computing environment
US5684950A (en) * 1996-09-23 1997-11-04 Lockheed Martin Corporation Method and system for authenticating users to multiple computer servers via a single sign-on
US5875296A (en) * 1997-01-28 1999-02-23 International Business Machines Corporation Distributed file system web server user authentication with cookies
US5923756A (en) * 1997-02-12 1999-07-13 Gte Laboratories Incorporated Method for providing secure remote command execution over an insecure computer network
US6453419B1 (en) * 1998-03-18 2002-09-17 Secure Computing Corporation System and method for implementing a security policy
US6199113B1 (en) * 1998-04-15 2001-03-06 Sun Microsystems, Inc. Apparatus and method for providing trusted network security
US6405312B1 (en) * 1998-09-04 2002-06-11 Unisys Corporation Kerberos command structure and method for enabling specialized Kerbero service requests
US6298383B1 (en) * 1999-01-04 2001-10-02 Cisco Technology, Inc. Integration of authentication authorization and accounting service and proxy service
US6601171B1 (en) * 1999-02-18 2003-07-29 Novell, Inc. Deputization in a distributed computing system
US6643774B1 (en) * 1999-04-08 2003-11-04 International Business Machines Corporation Authentication method to enable servers using public key authentication to obtain user-delegated tickets
HK1048309A1 (zh) * 1999-05-04 2003-03-28 纳幕尔杜邦公司 多氟化环氧化物和有关聚合物以及制备方法
US6769068B1 (en) * 1999-09-02 2004-07-27 International Business Machines Corporation Dynamic credential refresh in a distributed system
US6401211B1 (en) * 1999-10-19 2002-06-04 Microsoft Corporation System and method of user logon in combination with user authentication for network access
US6678733B1 (en) * 1999-10-26 2004-01-13 At Home Corporation Method and system for authorizing and authenticating users
US7113994B1 (en) * 2000-01-24 2006-09-26 Microsoft Corporation System and method of proxy authentication in a secured network
ATE345631T1 (de) 2000-06-30 2006-12-15 Microsoft Corp Vorrichtungen und verfahren für delegierte zugangsberechtigung von zusammenfassungsinformation
US20020150253A1 (en) 2001-04-12 2002-10-17 Brezak John E. Methods and arrangements for protecting information in forwarded authentication messages
US7698381B2 (en) 2001-06-20 2010-04-13 Microsoft Corporation Methods and systems for controlling the scope of delegation of authentication credentials
US7246230B2 (en) * 2002-01-29 2007-07-17 Bea Systems, Inc. Single sign-on over the internet using public-key cryptography
US20030188193A1 (en) * 2002-03-28 2003-10-02 International Business Machines Corporation Single sign on for kerberos authentication
US7401235B2 (en) * 2002-05-10 2008-07-15 Microsoft Corporation Persistent authorization context based on external authentication

Also Published As

Publication number Publication date
ATE388564T1 (de) 2008-03-15
EP1271882B1 (en) 2008-03-05
JP4298969B2 (ja) 2009-07-22
EP1619856A1 (en) 2006-01-25
US20030018913A1 (en) 2003-01-23
JP2003099401A (ja) 2003-04-04
DE60227427D1 (de) 2008-08-14
EP1271882A2 (en) 2003-01-02
AU2007200114A1 (en) 2007-02-01
EP1271882A3 (en) 2004-09-29
AU4242502A (en) 2003-01-02
US7698381B2 (en) 2010-04-13
DE60225378D1 (de) 2008-04-17
ATE400130T1 (de) 2008-07-15
AU2007200114B2 (en) 2009-08-27
EP1619856B1 (en) 2008-07-02
AU785166B2 (en) 2006-10-12

Similar Documents

Publication Publication Date Title
DE60225378T2 (de) Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten
DE102007033615B4 (de) Verfahren und Vorrichtung zum Umwandeln von Authentisierungs-Token zur Ermöglichung von Interaktionen zwischen Anwendungen
DE602004012870T2 (de) Verfahren und system zur benutzerauthentifizierung in einer benutzer-anbieterumgebung
DE60308692T2 (de) Verfahren und system für benutzerbestimmte authentifizierung und einmalige anmeldung in einer föderalisierten umgebung
DE60214632T2 (de) Multidomäne Berechtigung und Authentifizierung
DE112020000538B4 (de) Feinkörnige zugriffskontrolle auf token-grundlage
DE60201854T2 (de) Verhandlung von sicheren Verbindungen durch einen Proxy-Server
DE602005001613T2 (de) Einrichten eines sicheren kontexts zur übermittlung von nachrichten zwischen computersystemen
DE69321654T2 (de) Einmalige Anmeldungsmittel und Verfahren für verteilte Rechnersysteme
EP3127293B1 (de) Verteiltes authentifizierungssystem und -verfahren
DE102011089580B3 (de) Verfahren zum Lesen von Attributen aus einem ID-Token
DE112017004033T5 (de) Verfahren zum Erhalten von geprüften Zertifikaten durch Mikrodienste in elastischen Cloud-Umgebungen
DE102011077218B4 (de) Zugriff auf in einer Cloud gespeicherte Daten
DE10124111A1 (de) System und Verfahren für verteilte Gruppenverwaltung
DE112012002741T5 (de) Identitäts- und Berechtigungsprüfungsverfahren für die Sicherheit einer Cloud-Datenverarbeitungsplattform
DE112011102224B4 (de) Identitätsvermittlung zwischen Client- und Server-Anwendungen
DE102014204252A1 (de) Sicherheitssystem mit Zugriffskontrolle
EP3528159B1 (de) Verfahren zur erzeugung eines pseudonyms mit hilfe eines id-tokens
EP3540623B1 (de) Verfahren zur erzeugung eines pseudonyms mit hilfe eines id-tokens
EP3117359B1 (de) Id-provider-computersystem, id-token und verfahren zur bestätigung einer digitalen identität
EP3958527A1 (de) Authentisierung eines kommunikationspartners an einem gerät
DE102017105396A1 (de) System zum elektronischen Signieren eines Dokuments
DE202020005751U1 (de) Verwalten von Benutzeridentitäten in einem verwalteten Multi-Tenant-Dienst
WO2011080079A1 (de) Verfahren und system zum bereitstellen von edrm-geschützten datenobjekten
EP3840321B1 (de) Verfahren und system zur authentifikation einer mobile-id mittels hashwerten

Legal Events

Date Code Title Description
8364 No opposition during term of opposition