DE60227427D1 - Verfahren und System zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten - Google Patents

Verfahren und System zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten

Info

Publication number
DE60227427D1
DE60227427D1 DE60227427T DE60227427T DE60227427D1 DE 60227427 D1 DE60227427 D1 DE 60227427D1 DE 60227427 T DE60227427 T DE 60227427T DE 60227427 T DE60227427 T DE 60227427T DE 60227427 D1 DE60227427 D1 DE 60227427D1
Authority
DE
Germany
Prior art keywords
client
delegation
server
controlling
ticket
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
DE60227427T
Other languages
English (en)
Inventor
John E Brezak
Richard B Ward
Donald E Schmidt
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Application granted granted Critical
Publication of DE60227427D1 publication Critical patent/DE60227427D1/de
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Collating Specific Patterns (AREA)
DE60227427T 2001-06-20 2002-05-14 Verfahren und System zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten Expired - Lifetime DE60227427D1 (de)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/886,146 US7698381B2 (en) 2001-06-20 2001-06-20 Methods and systems for controlling the scope of delegation of authentication credentials

Publications (1)

Publication Number Publication Date
DE60227427D1 true DE60227427D1 (de) 2008-08-14

Family

ID=25388472

Family Applications (2)

Application Number Title Priority Date Filing Date
DE60225378T Expired - Lifetime DE60225378T2 (de) 2001-06-20 2002-05-14 Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten
DE60227427T Expired - Lifetime DE60227427D1 (de) 2001-06-20 2002-05-14 Verfahren und System zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten

Family Applications Before (1)

Application Number Title Priority Date Filing Date
DE60225378T Expired - Lifetime DE60225378T2 (de) 2001-06-20 2002-05-14 Verfahren und Systeme zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten

Country Status (6)

Country Link
US (1) US7698381B2 (de)
EP (2) EP1619856B1 (de)
JP (1) JP4298969B2 (de)
AT (2) ATE388564T1 (de)
AU (2) AU785166B2 (de)
DE (2) DE60225378T2 (de)

Families Citing this family (62)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7444368B1 (en) * 2000-02-29 2008-10-28 Microsoft Corporation Methods and systems for selecting methodology for authenticating computer systems on a per computer system or per user basis
US7237257B1 (en) * 2001-04-11 2007-06-26 Aol Llc Leveraging a persistent connection to access a secured service
US20030236977A1 (en) * 2001-04-25 2003-12-25 Levas Robert George Method and system for providing secure access to applications
US20050198379A1 (en) * 2001-06-13 2005-09-08 Citrix Systems, Inc. Automatically reconnecting a client across reliable and persistent communication sessions
US7562146B2 (en) * 2003-10-10 2009-07-14 Citrix Systems, Inc. Encapsulating protocol for session persistence and reliability
US7698381B2 (en) 2001-06-20 2010-04-13 Microsoft Corporation Methods and systems for controlling the scope of delegation of authentication credentials
US7428749B2 (en) * 2001-08-03 2008-09-23 International Business Machines Corporation Secure delegation using public key authorization
US7818792B2 (en) * 2002-02-04 2010-10-19 General Instrument Corporation Method and system for providing third party authentication of authorization
US7984157B2 (en) * 2002-02-26 2011-07-19 Citrix Systems, Inc. Persistent and reliable session securely traversing network components using an encapsulating protocol
US7661129B2 (en) * 2002-02-26 2010-02-09 Citrix Systems, Inc. Secure traversal of network components
GB2392590B (en) * 2002-08-30 2005-02-23 Toshiba Res Europ Ltd Methods and apparatus for secure data communication links
US7546633B2 (en) 2002-10-25 2009-06-09 Microsoft Corporation Role-based authorization management framework
JP2005064770A (ja) * 2003-08-11 2005-03-10 Ricoh Co Ltd 情報処理装置、認証装置、外部装置、証明情報取得方法、認証方法、機能提供方法、証明情報取得プログラム、認証プログラム、機能提供プログラム及び記録媒体
US7827595B2 (en) * 2003-08-28 2010-11-02 Microsoft Corporation Delegated administration of a hosted resource
US8255422B2 (en) 2004-05-28 2012-08-28 Microsoft Corporation Highly reliable and scalable architecture for data centers
US7617501B2 (en) 2004-07-09 2009-11-10 Quest Software, Inc. Apparatus, system, and method for managing policies on a computer having a foreign operating system
GB0419479D0 (en) * 2004-09-02 2004-10-06 Cryptomathic Ltd Data certification methods and apparatus
US8042165B2 (en) * 2005-01-14 2011-10-18 Citrix Systems, Inc. Method and system for requesting and granting membership in a server farm
US20060236385A1 (en) * 2005-01-14 2006-10-19 Citrix Systems, Inc. A method and system for authenticating servers in a server farm
JP4602099B2 (ja) * 2005-01-25 2010-12-22 日本電信電話株式会社 アクセスコード発行システム、アクセスコード発行方法およびアクセスコード発行プログラム
CA2624623A1 (en) 2005-10-11 2007-04-26 Citrix Systems, Inc. Systems and methods for facilitating distributed authentication
US7904949B2 (en) * 2005-12-19 2011-03-08 Quest Software, Inc. Apparatus, systems and methods to provide authentication services to a legacy application
US8087075B2 (en) * 2006-02-13 2011-12-27 Quest Software, Inc. Disconnected credential validation using pre-fetched service tickets
US8429712B2 (en) * 2006-06-08 2013-04-23 Quest Software, Inc. Centralized user authentication system apparatus and method
WO2008018055A2 (en) * 2006-08-09 2008-02-14 Neocleus Ltd Extranet security
JP4948119B2 (ja) * 2006-10-26 2012-06-06 株式会社リコー なりすまし防止方法、画像処理装置、なりすまし防止プログラム及び記録媒体
US8086710B2 (en) 2006-10-30 2011-12-27 Quest Software, Inc. Identity migration apparatus and method
US7895332B2 (en) * 2006-10-30 2011-02-22 Quest Software, Inc. Identity migration system apparatus and method
US7942738B2 (en) * 2006-11-15 2011-05-17 Cfph, Llc Verifying a gaming device is in communications with a gaming server
US7942742B2 (en) 2006-11-15 2011-05-17 Cfph, Llc Accessing identification information to verify a gaming device is in communications with a server
US7942739B2 (en) 2006-11-15 2011-05-17 Cfph, Llc Storing information from a verification device and accessing the information from a gaming device to verify that the gaming device is communicating with a server
US7942740B2 (en) 2006-11-15 2011-05-17 Cfph, Llc Verifying a first device is in communications with a server by storing a value from the first device and accessing the value from a second device
US8012015B2 (en) 2006-11-15 2011-09-06 Cfph, Llc Verifying whether a gaming device is communicating with a gaming server
US10068421B2 (en) * 2006-11-16 2018-09-04 Cfph, Llc Using a first device to verify whether a second device is communicating with a server
US7942741B2 (en) * 2006-11-15 2011-05-17 Cfph, Llc Verifying whether a device is communicating with a server
US9055107B2 (en) * 2006-12-01 2015-06-09 Microsoft Technology Licensing, Llc Authentication delegation based on re-verification of cryptographic evidence
WO2008114256A2 (en) * 2007-03-22 2008-09-25 Neocleus Ltd. Trusted local single sign-on
EP2043016A1 (de) * 2007-09-27 2009-04-01 Nxp B.V. Verfahren, System, zuverlässiger Dienstmanager, Dienstanbieter und Speicherelement zur Verwaltung von Zugangsrechten für zuverlässige Anwendungen
US8474037B2 (en) * 2008-01-07 2013-06-25 Intel Corporation Stateless attestation system
US9973491B2 (en) * 2008-05-16 2018-05-15 Oracle International Corporation Determining an identity of a third-party user in an SAML implementation of a web-service
US8910257B2 (en) * 2008-07-07 2014-12-09 Microsoft Corporation Representing security identities using claims
US8863234B2 (en) 2008-08-06 2014-10-14 The Boeing Company Collaborative security and decision making in a service-oriented environment
US20100175113A1 (en) * 2009-01-05 2010-07-08 International Business Machine Corporation Secure System Access Without Password Sharing
US8255984B1 (en) 2009-07-01 2012-08-28 Quest Software, Inc. Single sign-on system for shared resource environments
US10454674B1 (en) * 2009-11-16 2019-10-22 Arm Limited System, method, and device of authenticated encryption of messages
US9231758B2 (en) 2009-11-16 2016-01-05 Arm Technologies Israel Ltd. System, device, and method of provisioning cryptographic data to electronic devices
JP5024404B2 (ja) * 2010-03-03 2012-09-12 コニカミノルタビジネステクノロジーズ株式会社 画像処理システム、情報処理装置、プログラムおよびジョブ実行方法
US20120072972A1 (en) * 2010-09-20 2012-03-22 Microsoft Corporation Secondary credentials for batch system
AU2010246354B1 (en) 2010-11-22 2011-11-03 Microsoft Technology Licensing, Llc Back-end constrained delegation model
US8839357B2 (en) * 2010-12-22 2014-09-16 Canon U.S.A., Inc. Method, system, and computer-readable storage medium for authenticating a computing device
US8701169B2 (en) 2011-02-11 2014-04-15 Certicom Corp. Using a single certificate request to generate credentials with multiple ECQV certificates
US8973108B1 (en) * 2011-05-31 2015-03-03 Amazon Technologies, Inc. Use of metadata for computing resource access
US9058467B2 (en) 2011-09-01 2015-06-16 Microsoft Corporation Distributed computer systems with time-dependent credentials
US8640210B2 (en) 2011-09-01 2014-01-28 Microsoft Corporation Distributed computer systems with time-dependent credentials
US9032492B2 (en) 2011-09-01 2015-05-12 Microsoft Corporation Distributed computer systems with time-dependent credentials
US9047456B2 (en) * 2012-03-20 2015-06-02 Canon Information And Imaging Solutions, Inc. System and method for controlling access to a resource
GB2512062A (en) * 2013-03-18 2014-09-24 Ibm A method for secure user authentication in a dynamic network
US9762563B2 (en) 2015-10-14 2017-09-12 FullArmor Corporation Resource access system and method
US9450944B1 (en) 2015-10-14 2016-09-20 FullArmor Corporation System and method for pass-through authentication
US9509684B1 (en) * 2015-10-14 2016-11-29 FullArmor Corporation System and method for resource access with identity impersonation
CN108737093B (zh) * 2017-04-13 2022-07-12 山东量子科学技术研究院有限公司 一种加密的方法、装置及系统
JP2024127618A (ja) 2023-03-09 2024-09-20 株式会社日立製作所 委任処理装置、委任処理方法および委任処理システム

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586260A (en) 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
US5590199A (en) 1993-10-12 1996-12-31 The Mitre Corporation Electronic information network user authentication and authorization system
US5764890A (en) 1994-12-13 1998-06-09 Microsoft Corporation Method and system for adding a secure network server to an existing computer network
US5864665A (en) 1996-08-20 1999-01-26 International Business Machines Corporation Auditing login activity in a distributed computing environment
US5684950A (en) * 1996-09-23 1997-11-04 Lockheed Martin Corporation Method and system for authenticating users to multiple computer servers via a single sign-on
US5875296A (en) 1997-01-28 1999-02-23 International Business Machines Corporation Distributed file system web server user authentication with cookies
US5923756A (en) * 1997-02-12 1999-07-13 Gte Laboratories Incorporated Method for providing secure remote command execution over an insecure computer network
US6453419B1 (en) 1998-03-18 2002-09-17 Secure Computing Corporation System and method for implementing a security policy
US6199113B1 (en) * 1998-04-15 2001-03-06 Sun Microsystems, Inc. Apparatus and method for providing trusted network security
US6405312B1 (en) 1998-09-04 2002-06-11 Unisys Corporation Kerberos command structure and method for enabling specialized Kerbero service requests
US6298383B1 (en) * 1999-01-04 2001-10-02 Cisco Technology, Inc. Integration of authentication authorization and accounting service and proxy service
US6601171B1 (en) 1999-02-18 2003-07-29 Novell, Inc. Deputization in a distributed computing system
US6643774B1 (en) * 1999-04-08 2003-11-04 International Business Machines Corporation Authentication method to enable servers using public key authentication to obtain user-delegated tickets
IL145654A0 (en) 1999-05-04 2002-06-30 Du Pont Polyfluorinated epoxides and associated polymers and processes
US6769068B1 (en) * 1999-09-02 2004-07-27 International Business Machines Corporation Dynamic credential refresh in a distributed system
US6401211B1 (en) * 1999-10-19 2002-06-04 Microsoft Corporation System and method of user logon in combination with user authentication for network access
US6678733B1 (en) 1999-10-26 2004-01-13 At Home Corporation Method and system for authorizing and authenticating users
US7113994B1 (en) * 2000-01-24 2006-09-26 Microsoft Corporation System and method of proxy authentication in a secured network
ATE345631T1 (de) 2000-06-30 2006-12-15 Microsoft Corp Vorrichtungen und verfahren für delegierte zugangsberechtigung von zusammenfassungsinformation
US20020150253A1 (en) 2001-04-12 2002-10-17 Brezak John E. Methods and arrangements for protecting information in forwarded authentication messages
US7698381B2 (en) 2001-06-20 2010-04-13 Microsoft Corporation Methods and systems for controlling the scope of delegation of authentication credentials
US7246230B2 (en) 2002-01-29 2007-07-17 Bea Systems, Inc. Single sign-on over the internet using public-key cryptography
US20030188193A1 (en) 2002-03-28 2003-10-02 International Business Machines Corporation Single sign on for kerberos authentication
US7401235B2 (en) 2002-05-10 2008-07-15 Microsoft Corporation Persistent authorization context based on external authentication

Also Published As

Publication number Publication date
JP2003099401A (ja) 2003-04-04
ATE400130T1 (de) 2008-07-15
JP4298969B2 (ja) 2009-07-22
DE60225378T2 (de) 2009-03-26
DE60225378D1 (de) 2008-04-17
EP1271882A3 (de) 2004-09-29
US7698381B2 (en) 2010-04-13
US20030018913A1 (en) 2003-01-23
AU2007200114B2 (en) 2009-08-27
AU4242502A (en) 2003-01-02
AU785166B2 (en) 2006-10-12
EP1619856A1 (de) 2006-01-25
EP1619856B1 (de) 2008-07-02
AU2007200114A1 (en) 2007-02-01
ATE388564T1 (de) 2008-03-15
EP1271882A2 (de) 2003-01-02
EP1271882B1 (de) 2008-03-05

Similar Documents

Publication Publication Date Title
DE60227427D1 (de) Verfahren und System zur Steuerung des Umfangs der Delegierung von Authentifizierungsdaten
ATE353178T1 (de) System und verfahren zur web-server benutzerauthentifizierung
EP0813132A3 (de) Unterstützung für die Verteilung von vertrauter Software
ATE505890T1 (de) System und verfahren zur sicheren authentifizierungsinformationsverteilung
BRPI0505394A (pt) processo e sistema para provisionar com segurança um dispositivo de cliente
WO2004015542A3 (en) Method for controlling access to informational objects
ATE375646T1 (de) Registrierung bzw. unter-registrierung eines servers für die verwaltung digitaler rechte in einer architektur zur verwaltung digitaler rechte
ATE349039T1 (de) Vorrichtung und verfahren zur verteilung von zugangsdaten für inhalte
DE60042275D1 (de) System und verfahren zur dynamischen berechtigung, authentifizierung und abrechnung in netzwerken
DE60214993D1 (de) Firewall zur dynamishen Zugangsgewährung und -verweigerung auf Netzwerkressourcen
ATE313203T1 (de) Vorrichtung und verfahren zur identifizierung von klienten die an netzwer-sites zugreifen
WO2003100544A3 (en) Method for authenticating a user to a service of a service provider
ATE325375T1 (de) Verallgemeinertes benützeridentifikations- und - autentifizierungssystem
GB0106477D0 (en) A method and system to provide and manage access to internal computer systems from an external client
DE60130377D1 (de) Verfahren zur steuerung des zugriffs auf digitalen inhalt und streaming-medien
GB0122276D0 (en) Managed access to data over data networks
HK1134578A1 (en) Individual certification method
ATE334438T1 (de) Verfahren und anordnungen zum kontrollierten zugang zu ressourcen basiert auf einem authentifizierungsverfahren
EP1389752A3 (de) System und Verfahren zur Delegierung und Kontrolle von Privilegien
DE60040908D1 (de) Verfahren und vorrichtung zur authentifizierung und digitalen signaturerzeugung einer nachricht, mit der hilfe von kleineren challenge-daten
ATE326110T1 (de) Vorrichtung und verfahren zur erbringung von rechnernetzwerken
DE602005011816D1 (de) System und Verfahren zur Bereitstellung von Codesignierungs-Diensten
WO2002001408A3 (en) Method and apparatus for accessing information from a network data source
ATE374490T1 (de) Verfahren und vorrichtung zur sicheren verteilung von authentifizierungsdaten an umherstreifende teilnehmer
ATE369013T1 (de) Verfahren zur auflösung von erweitertem inhalt

Legal Events

Date Code Title Description
8364 No opposition during term of opposition