H - Electricity – 04 – L
Patent
H - Electricity
04
L
H04L 9/32 (2006.01) H04L 29/06 (2006.01)
Patent
CA 2450056
The present invention provides for securely processing client credentials used for Web-based access to resources. A login page with an interface for entering user credentials is presented at a client and entered user credentials are sent to the server. In response to receiving user credentials, the server generates a unique session identifier for the client. The server also derives a digital signature for the user credentials based on a current key in a rotating key store and the unique session identifier. The server then encrypts the digital signature and the user credentials based on an encryption key derived from the current key and the unique session identifier. When encrypted credentials are received back at the client, keys from the rotating key store are used to attempt to validate the credentials. If user credentials can not be validated, a user is again presented with the login page.
Batthish Kamir Michel
Bracewell Shawn Derek
Simpson Russell Lee Jr.
Ward Richard B.
Microsoft Corporation
Smart & Biggar
LandOfFree
Securely processing client credentials used for web-based... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Securely processing client credentials used for web-based..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Securely processing client credentials used for web-based... will most certainly appreciate the feedback.
Profile ID: LFCA-PAI-O-2005689