Authentication of users in a computer network
US-10764263-B2 · Sep 1, 2020 · US
Accessing hosts in a computer network
US12101416B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12101416-B2 |
| Application number | US-202117154648-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 21, 2021 |
| Priority date | Nov 28, 2016 |
| Publication date | Sep 24, 2024 |
| Grant date | Sep 24, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A security function is provided by an intermediate device located between hosts and devices requesting for access to the hosts in a computerized network. The intermediate device receives a request for access to a host, and obtains at least one authenticator for use in the requested access to the host. The intermediate device then monitors for communications that use the at least one authenticator.
First claim
Opening claim text (preview).
I claim: 1. A network device comprising at least one processor, and memory storing instructions that, when executed, cause the network device to: receive, by an agent entity in the network device and from a user device, a connection request to a host; determine, by the agent entity and in response to receiving the connection request, user attributes associated with the connection request and user roles based on the determined user attributes; acquire, by the agent entity and in response to receiving the connection request, an authenticator from a security device; perform, by the agent entity, authentication with the host using the acquired authenticator; and access, by the agent entity, accounts at the host based on the user roles. 2. The network device of claim 1 , wherein the authenticator comprises a certificate and the network device is configured to acquire the certificate from a certificate authority. 3. The network device of claim 1 , wherein the user roles map to rights to access different accounts at hosts. 4. The network device of claim 3 , wherein the user roles comprise at least one of administrator, webmaster or database administrator. 5. The network device of claim 1 , wherein the instructions, when executed, cause the network device to monitor communications based on at least one condition on use of the authenticator. 6. The network device of claim 5 , wherein the instructions, when executed, cause the network device to at least one of: set, independently of the security device, the at least one condition on the use of the authenticator; or receive, from the security device, the at least one condition on the use of the authenticator. 7. The network device of claim 1 , wherein the instructions, when executed, cause the network device to acquire an ephemeral authenticator from the security device. 8. The network device of claim 1 , wherein the instructions, when executed, cause the network device to acquire a plurality of ephemeral authenticators and store the plurality of ephemeral authenticators in the memory and retrieve an ephemeral authenticator from the memory in response to receiving the connection request. 9. The network device of claim 1 , wherein the memory comprises a volatile memory. 10. The network device of claim 1 , wherein the authenticator comprises a public key, the device being configured to use a certificate that includes at least a part of the public key for authentication with the host. 11. The network device of claim 1 , wherein the instructions, when executed, cause the network device to process a first authenticator and at least one second authenticator associated with the connection request, wherein the at least one second authenticator has a restricted lifetime and/or wherein the at least one second authenticator is based on an ephemeral keypair and at least one more permanent authenticator. 12. An access method comprising: receiving, by an agent entity in a network device and from a user device, a connection request to a host; determining, by the agent entity and in response to receiving the connection request, at least one user attribute associated with the connection request and at least one user role based on the determined at least one user attribute; acquiring, by the agent entity and in response to receiving the connection request, an authenticator from a security device; performing, by the agent entity, an authentication with the host using the acquired authenticator; and accessing, by the agent entity, at least one account at the host based on the at least one user role. 13. The method of claim 12 , wherein the acquiring comprises acquiring a certificate from a certificate authority. 14. The method of claim 12 , wherein the at least one user role maps to rights to access at least one account at the host. 15. The method of claim 14 , wherein the at least one user role comprises at least one of administrator, webmaster or database administrator. 16. The method of claim 12 , comprising monitoring communications based on at least one condition for use of the authenticator. 17. The method of claim 12 , comprising acquiring an ephemeral authenticator from the security device. 18. The method of claim 12 , comprising: acquiring a plurality of ephemeral authenticators from the security device; storing the plurality of ephemeral authenticators in memory; and retrieving an ephemeral authenticator from the memory in response to receiving the connection request. 19. The method of claim 12 , wherein the authenticator comprises a public key, the method comprising using a certificate that includes at least a part of the public key for authentication with the host.
Assignees
Inventors
Classifications
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
using a plurality of keys or algorithms · CPC title
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12101416B2 cover?
- A security function is provided by an intermediate device located between hosts and devices requesting for access to the hosts in a computerized network. The intermediate device receives a request for access to a host, and obtains at least one authenticator for use in the requested access to the host. The intermediate device then monitors for communications that use the at least one authenticator.
- Who is the assignee on this patent?
- Ssh Communications Security Oyj
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0281. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 24 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).