发明授权
- 专利标题: Policy driven, credential delegation for single sign on and secure access to network resources
- 专利标题(中): 政策驱动,凭据授权单点登录和安全访问网络资源
-
申请号: US11441588申请日: 2006-05-26
-
公开(公告)号: US07913084B2公开(公告)日: 2011-03-22
- 发明人: Gennady Medvinsky , Cristian Ilac , Costin Hagiu , John E. Parsons , Mohamed Emad El Din Fathalla , Paul J. Leach , Tarek Bahaa El-Din Mahmoud Kamel
- 申请人: Gennady Medvinsky , Cristian Ilac , Costin Hagiu , John E. Parsons , Mohamed Emad El Din Fathalla , Paul J. Leach , Tarek Bahaa El-Din Mahmoud Kamel
- 申请人地址: US WA Redmond
- 专利权人: Microsoft Corporation
- 当前专利权人: Microsoft Corporation
- 当前专利权人地址: US WA Redmond
- 代理机构: Merchant & Gould, P.C.
- 主分类号: H04L9/32
- IPC分类号: H04L9/32
摘要:
A credential security support provider (Cred SSP) is provided that enables any application to securely delegate a user's credentials from the client, via client side Security Support Provider (SSP) software, to a target server, via server side SSP software in a networked computing environment. The Cred SSP of the invention provides a secure solution that is based in part upon a set of policies, including a default policy that is secure against a broad range of attacks, which are used to control and restrict the delegation of user credentials from a client to a server. The policies can be for any type of user credentials and the different policies are designed to mitigate a broad range of attacks so that appropriate delegation can occur for given delegation circumstances, network conditions, trust levels, etc. Additionally, only a trusted subsystem, e.g., a trusted subsystem of the Local Security Authority (LSA), has access to the clear text credentials such that neither the calling application of the Cred SSP APIs on the server side nor the calling application of the Cred SSP APIs on the client side have access to clear text credentials.
公开/授权文献
信息查询