US Patent Application 17732749. SECURE AUTHENTICATION ARTIFACT SIGNING SERVICE FOR AUTHENTICATION SYSTEM simplified abstract
Contents
SECURE AUTHENTICATION ARTIFACT SIGNING SERVICE FOR AUTHENTICATION SYSTEM
Organization Name
MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor(s)
Sarvani Kumar Bhamidipati of Snoqualmie WA (US)
Oren Jordan Melzer of Kirkland WA (US)
Victor William Habib Boctor of Bellevue WA (US)
SECURE AUTHENTICATION ARTIFACT SIGNING SERVICE FOR AUTHENTICATION SYSTEM - A simplified explanation of the abstract
This abstract first appeared for US patent application 17732749 titled 'SECURE AUTHENTICATION ARTIFACT SIGNING SERVICE FOR AUTHENTICATION SYSTEM
Simplified Explanation
The patent application describes a system for authenticating a user or entity.
- The system includes two authentication systems and an authentication artifact signing service.
- The first authentication system receives a request from the second authentication system, which includes an authentication artifact (a piece of information that verifies the identity of the user) and specifications for modifications to be made to it.
- The authentication artifact is generated by the second authentication system, signed using a key, and stored by the first authentication system.
- The signing service receives the request and applies the specified modifications to the authentication artifact.
- The signing service then signs the modified authentication artifact using a key from the second authentication system.
- The signed modified authentication artifact is returned to the first authentication system for use in authenticating the user.
- The first authentication system operates in a different security domain than the signing service and does not have access to the key used by the signing service.
Original Abstract Submitted
A system for authenticating a principal comprises first and second authentication systems and an authentication artifact signing service. The first authentication system issues a request comprising an authentication artifact associated with the principal and a specification of one or more modifications to be made thereto, the authentication artifact being generated by a second authentication system, signed thereby using a key, and stored by the first authentication system. The signing service receives the request and, responsive thereto: applies the modification(s) to the authentication artifact to generate a modified authentication artifact, signs the modified authentication artifact using a key of the second authentication system, and returns the signed modified authentication artifact to the first authentication system for use in authenticating the principal. The first authentication system executes in a different security domain than the signing service and is unable to access the key used thereby.
