The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Apr. 15, 2008
Filed:
Jun. 12, 2003
Shawn Derek Bracewell, Duvall, WA (US);
Richard B. Ward, Redmond, WA (US);
Russell Lee Simpson, Jr., Kirkland, WA (US);
Karim Michel Batthish, Seattle, WA (US);
Shawn Derek Bracewell, Duvall, WA (US);
Richard B. Ward, Redmond, WA (US);
Russell Lee Simpson, Jr., Kirkland, WA (US);
Karim Michel Batthish, Seattle, WA (US);
Microsoft Corporation, Redmond, WA (US);
Abstract
The present invention provides for securely processing client credentials used for Web-based access to resources. A login page with an interface for entering user credentials is presented at a client and entered user credentials are sent to the server. In response to receiving user credentials, the server generates a unique session identifier for the client. The server also derives a digital signature for the user credentials based on a current key in a rotating key store and the unique session identifier. The server then encrypts the digital signature and the user credentials based on an encryption key derived from the current key and the unique session identifier. When encrypted credentials are received back at the client, keys from the rotating key store are used to attempt to validate the credentials. If user credentials can not be validated, a user is again presented with the login page.