公开(公告)号：WO2008127447A3

公开(公告)日：2009-03-26

申请号：PCT/US2007086122

申请日：2007-11-30

Applicant: MICROSOFT CORP

Inventor： MEDVINSKY GENNADY ,  NICE NIR ,  SHIRAN TOMER ,  TEPLITSKY ALEXANDER

IPC: H04L9/00 ,  H04L12/22

CPC classification number: H04L63/166 ,  G06F21/33 ,  G06F2221/2115 ,  H04L9/3213 ,  H04L9/3263 ,  H04L9/3271 ,  H04L29/06965 ,  H04L63/0823 ,  H04L2209/38

Abstract: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portin of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as a user.

Abstract translation: 在实体链中委托认证的方法依赖于在网关设备和用户之间记录TLS握手的至少一部分，其中用户需要访问期望的服务器。 该方法然后依赖于在TLS握手的记录端口中重新验证加密证据，TLS握手被转发到（1）到需要访问的服务器，在这种情况下，服务器重新验证记录部分以确认认证 ，或（2）到第三方实体，在这种情况下，第三方实体确认认证，并向网关服务器提供凭证，然后网关服务器使用凭证作为用户对服务器进行身份验证。

公开(公告)号：EP2098006A4

公开(公告)日：2012-07-04

申请号：EP07873646

申请日：2007-11-30

Applicant: MICROSOFT CORP

Inventor： MEDVINSKY GENNADY ,  NICE NIR ,  SHIRAN TOMER ,  TEPLITSKY ALEXANDER

IPC: H04L9/00 ,  H04L12/22

CPC classification number: H04L63/166 ,  G06F21/33 ,  G06F2221/2115 ,  H04L9/3213 ,  H04L9/3263 ,  H04L9/3271 ,  H04L29/06965 ,  H04L63/0823 ,  H04L2209/38

Abstract: The method of delegating authentication, within a chain of entities, relies upon a recording of at least a portion of a TLS handshake between a gateway device and user, in which the user needs access to a desired server. The method then relies upon re-verification of cryptographic evidence in the recorded portion of the TLS handshake, which is forwarded either (1) to the server to which access is desired, in which case the server re-verifies the recorded portion to confirm authentication, or, (2) to a third party entity, in which case the third party entity confirms authentication and provides credentials to the gateway server which then uses the credentials to authenticate to the server as the user.