logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 7434253 B1

PDFFull Text
Date of Patent:
Oct. 07, 2008

Filed:

Jul. 14, 2005

User mapping information extension for protocols

Applicants:

Christopher J. Crall, Seattle, WA (US);

Gennady Medvinsky, Issaquah, WA (US);

Joshua Ball, Lake Forest Park, WA (US);

Karthik Jaganathan, Redmond, WA (US);

Paul J. Leach, Seattle, WA (US);

Liqiang Zhu, Kirkland, WA (US);

David B. Cross, Redmond, WA (US);

Inventors:

Christopher J. Crall, Seattle, WA (US);

Gennady Medvinsky, Issaquah, WA (US);

Joshua Ball, Lake Forest Park, WA (US);

Karthik Jaganathan, Redmond, WA (US);

Paul J. Leach, Seattle, WA (US);

Liqiang Zhu, Kirkland, WA (US);

David B. Cross, Redmond, WA (US);

Assignee:

Microsoft Corporation, Redmond, WA (US);

Attorney:

Woodcock Washburn LLP

Primary Examiner:

Christian LaForgia

Int. Cl.
CPC ...
H04L 9/32 (2006.01); H04L 9/00 (2006.01);
U.S. Cl.
CPC ...
Abstract

A hint containing user mapping information is provided in messages that may be exchanged during authentication handshakes. For example, a client may provide user mapping information to the server during authentication. The hint (e.g., in the form of a TLS extension mechanism) may be used to send the domain/user name information of a client to aid the server in mapping the user's certificate to an account. The extension mechanism provides integrity and authenticity of the mapping data sent by the client. The user provides a hint as to where to find the right account or domain controller (which points to, or otherwise maintains, the correct account). Based on the hint and other information in the certificate, the user is mapped to an account. The hint may be provided by the user when he logs in. Thus, a certificate is mapped to an identity to authenticate the user. A hint is sent along with the certificate information to perform the binding. Existing protocols may be extended to communicate the additional mapping information (the hint) to perform the binding. A vendor specific extension to Kerberos is defined to obtain the authorization data based on an X.509 certificate and the mapping user name hint.

Find Patent Forward Citations

Loading…