Backup authentication system configured to use an authentication package from a primary authentication system to authenticate a principal

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Anirban Basu · Elmsford, US
• Oren Jordan Melzer · Redmond, US
• Kamen K. Moutafov · Sammamish, US
• Victor Boctor · Bellevue, US
• Shuang Lu · Shanghai, CN
• Sarvani Kumar BHAMIDIPATI · Snoqualmie, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/56
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Techniques are described herein that are capable of using an authentication package from a primary authentication system to authenticate a principal by a backup authentication system. The authentication package includes an authentication artifact, which is signed with a cryptographic key by the primary authentication system and which includes claim(s) that are usable to authenticate the principal, and further includes metadata. The metadata includes credential verification information that is usable to verify a credential of the principal and a first principal identifier that identifies the principal. A request to authenticate the principal is received at the backup authentication system. The request includes the credential and a second principal identifier that identifies the principal. The principal is authenticated by the backup authentication system by verifying the credential using the credential verification information and further by determining that the first principal identifier corresponds to the second principal identifier.