Client authentication using multiple user certificates

Assignee

• Microsoft Corporation · US

Inventors

• Selvaraj Nalliah · Redmond, US
• Andrew S. Moss · Kirkland, US
• David Paul Limont · Vashon, US
• Gregory A. Bolles · Snohomish, US
• John Allen Atwood · Duvall, US
• Massimiliano Ciccotosto · Kirkland, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0823
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Example embodiments provide for authenticating a device to multiple servers without using delegation or having to have a password stored on the device. Multiple certificates that are typically non-delegable are used to authenticate the device to each server. One certificate is used to authenticate the client with the front-end server and a second certificate is used to authenticate the client against a back-end server. Rather than having both certificates reside with the device, however, the second certificate is originally stored by the client in the back-end. It is then retrieved “on-the-fly” by the front-end upon authentication of the client and used to authenticate itself as the client in order to act on behalf of the client when retrieving data from the back-end server.