Dynamic creation of temporary isolated environment in an interactive communication environment
US-2024411860-A1 · Dec 12, 2024 · US
System, method, and apparatus for secure identity authentication
US11146554B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11146554-B2 |
| Application number | US-201615141042-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 28, 2016 |
| Priority date | Apr 30, 2015 |
| Publication date | Oct 12, 2021 |
| Grant date | Oct 12, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for authentication is disclosed. The method may be implemented by a terminal device. The method may comprise generating, by a starting unit of the terminal device, process information of a process of the terminal device before starting the process, transmitting, by the starting unit, the process information to an authentication proxy of the terminal device, requesting, by the process, the authentication proxy to authenticate the process after the process is started, obtaining, by the authentication proxy and from system resources of the terminal device, process information corresponding to the process, and determining, by the authentication proxy, that the process is legal if the obtained process information is the same as the process information transmitted to the authentication proxy.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for authentication, implemented by a terminal device, comprising: generating, by a parent process of the terminal device, process information of a process of the terminal device before starting the process; transmitting, by the parent process, the process information to an authentication proxy of the terminal device; after the process is started, requesting, by the process, the authentication proxy to authenticate the process; determining, by the authentication proxy, a path tracing the process to the authentication proxy, wherein the path comprises the parent process and the process; obtaining, by the authentication proxy and from the terminal device, process information corresponding to the process, wherein the process information corresponding to the process comprises the path tracing the process to the authentication proxy; and determining, by the authentication proxy, that the process is authenticated, if the obtained process information corresponding to the process that has been started matches the process information transmitted to the authentication proxy before the process having been started. 2. The method for authentication of claim 1 , wherein the process information includes at least one of a process ID of the process, an access path of the process's execution file, or a signature value of the process's execution file. 3. The method for authentication of claim 1 , further comprising: generating, by the parent process, an original secret key of the process; transmitting, by the parent process, the original secret key to the authentication proxy; starting, by the parent process, the process; transmitting, by the parent process, the original secret key to the process; authenticating, by the authentication proxy, a secret key transmitted by the process against the original secret key transmitted by the parent process; and determining that the process is legal, if the authentication is passed. 4. The method for authentication of claim 1 , further comprising: using, by the authentication proxy, the path as the only identification of the process. 5. The method for authentication of claim 1 , further comprising negotiating, by the authentication proxy, a first secret key for secure communication between the authentication proxy and the process, if the process is determined legal. 6. The method for authentication of claim 5 , further comprising: requesting, by the process, communication with a target process on a second terminal device; negotiating, by the authentication proxy, a communication secret key with a target authentication proxy of the second terminal device, in response to the request; encrypting, by the authentication proxy, the communication secret key with the first secret key to obtain a first ticket; transmitting, by the authentication proxy, the first ticket to the process; and decrypting, by the process, the first ticket with the first secret key to obtain the communication secret key for secure communication between the process and the target process. 7. The method for authentication of claim 6 , further comprising: after negotiating the communication secret key with the target authentication proxy of the second terminal device, receiving, by the authentication proxy, a second ticket transmitted by the target authentication proxy; and transmitting, by the authentication proxy, the second ticket to the process, the second ticket being obtained by encrypting the communication secret key with the second secret key, and the second secret key being used for communication between the target process and the target authentication proxy. 8. The method for authentication of claim 6 , further comprising obtaining, by the authentication proxy, an identification of the target process from the target authentication proxy, and wherein: encrypting, by the authentication proxy, the communication secret key with the first secret key to obtain the first ticket comprises encrypting, by the authentication proxy, the communication secret key and the identification of the target process with the first secret key to obtain a first ticket and transmitting the first ticket to the process, and decrypting, by the process, the first ticket with the first secret key to obtain the communication secret key comprises decrypting, by the process, the first ticket with the first secret key to obtain the communication secret key and the identification. 9. The method for authentication of claim 8 , further comprising: before communicating with the target process with the communication secret key, determining, by the process, if the target process is an expected communication target based on the identification of the target process; and communicating, by the process, with the target process with the communication secret key, if the target process is the expected communication target. 10. A non-transitory computer-readable medium storing one or more programs, the one or more programs comprising instructions which, when executed by a processor of a first terminal device, cause the first terminal device to perform a method comprising: generating, by a parent process of the first terminal device, process information of a process of the first computer system before starting the process; transmitting, by the parent process, the process information to an authentication proxy of the first terminal device; after the process is started, requesting, by the process, the authentication proxy to authenticate the process; determining, by the authentication proxy, a path tracing the process to the authentication proxy, wherein the path comprises the parent process and the process; obtaining, by the authentication proxy and from the first terminal device, process information corresponding to the process; and determining, by the authentication proxy, that the process is authenticated, if the obtained process information corresponding to the process that has been started matches the process information transmitted to the authentication proxy before the process having been started. 11. The non-transitory computer-readable medium of claim 10 , wherein the process information includes at least one of a process ID of the process, an access path of the process's execution file, or a signature value of the process's execution file. 12. The non-transitory computer-readable medium of claim 10 , wherein the method further comprises: generating, by the parent process, an original secret key of the process; transmitting, by the parent process, the original secret key to the authentication proxy; starting, by the parent process, the process; transmitting, by the original secret key to the process; authenticating, by the authentication proxy, a secret key transmitted by the process against the original secret key transmitted by the parent process; and determining that the process is legal, if the authentication is passed. 13. The non-transitory computer-readable medium of claim 10 , further comprising: using, by the authentication proxy, the path as the only identification of the process. 14. The non-transitory computer-readable medium of claim 10 , further comprising: negotiating, by the authentication proxy, a first secret key for secure communication between the authentication proxy and the process, if the process is determined legal; requesting, by the process, communication with a target process on a second terminal device; negotiating, by the authentication proxy, a communication secret key with a target authentication proxy of the second terminal device; encrypting, by the authentication
Assignees
Inventors
Classifications
Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy · CPC title
Authenticate client device independently of the user · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Program or device authentication · CPC title
- H04L63/0884Primary
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11146554B2 cover?
- A method for authentication is disclosed. The method may be implemented by a terminal device. The method may comprise generating, by a starting unit of the terminal device, process information of a process of the terminal device before starting the process, transmitting, by the starting unit, the process information to an authentication proxy of the terminal device, requesting, by the process, …
- Who is the assignee on this patent?
- Alibaba Group Holding Ltd
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0884. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Oct 12 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).