US2022103544A1PendingUtilityA1
Authentication in a computer network system
Assignee: SSH COMMUNICATIONS SECURITY OYJPriority: Mar 26, 2018Filed: Dec 9, 2021Published: Mar 31, 2022
Est. expiryMar 26, 2038(~11.7 yrs left)· nominal 20-yr term from priority
Inventors:Markku Rossi
G06F 21/44H04L 69/40H04L 63/083H04L 63/108H04L 63/105G06F 21/33H04L 63/0815H04L 63/0823H04W 4/70H04L 63/10H04L 63/168H04L 63/0272
64
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
Methods and apparatuses for authentication in a computer network system based on security credentials issued for client hosts by a remote security authority are disclosed. In response to detection that a client host is prevented from obtaining security credentials from the remote security authority for use in accessing a target host, the client host can obtain an emergency security credential from a storage of emergency security credentials. The emergency security credential with an error state indication can be send from the client host to the target host for use in the authentication.
Claims
exact text as granted — not AI-modified1 . A method for issuing security credentials by a security credential server for access authentication in a computer network, comprising:
creating an emergency security credential for use by a client host in accessing a target host when the client host cannot obtain a security credential from the security credential server, wherein the emergency security credential is configured to provide an error state indication, and sending the emergency security credential to the client host for storing in a storage of emergency security credentials.
2 . The method according to claim 1 , comprising periodically renewing the emergency security credential stored at the client host.
3 . The method according to claim 1 , comprising sending a new emergency security credential to the client host in response to a request from the client host.
4 . The method according to claim 1 , comprising sending a new emergency security credential to the client host together with a normal security credential.
5 . The method according to claim 1 , comprising responding an enquiry originating from the target host regarding use of the emergency security credential.
6 . The method according to claim 1 , wherein the emergency security credential comprises a security certificate issued by a certificate authority server.
7 . The method according to claim 6 , wherein the security certificate issued by the certificate authority server comprises an ephemeral security certificate.
8 . The method according to claim 1 , wherein the creating of the emergency security credential comprises creating an ephemeral emergency security certificate.
9 . The method according to claim 1 , comprising sending the emergency security credential for use in authentication of machine-to-machine communications.
10 . A data processing apparatus for a security credential authority apparatus for use in issuing security credentials for authentication of clients hosts in a computer network system, the data processing apparatus comprising at least one processor, and at least one memory including computer program code, wherein the at least one memory and the computer program code are configured, with the at least one processor, to cause the security credential authority apparatus to:
create an emergency security credential for use by a client host in accessing a target host when the client host cannot obtain a security credential from the security credential server, wherein the emergency security credential is configured to comprise an error state indication, and send the emergency security credential to the client host for storing in a storage of emergency security credentials.
11 . The data processing apparatus according to claim 10 , configured to periodically renew the emergency security credential stored at the client host.
12 . The data processing apparatus according to claim 10 , configured to send a new emergency security credential to the client host in response to a request from the client host.
13 . The data processing apparatus according to claim 10 , configured to send a new emergency security credential to the client host together with a normal security credential.
14 . The data processing apparatus according to claim 10 , configured to respond enquiries originating from the target host regarding use of the emergency security credential.
15 . The data processing apparatus according to claim 10 , configured to create an emergency security credential comprising a security certificate issued by a certificate authority server.
16 . The data processing apparatus according to claim 15 , wherein the security certificate issued by the certificate authority server comprises an ephemeral security certificate.
17 . The data processing apparatus according to claim 10 , configured to create an ephemeral emergency security certificate.
18 . The data processing apparatus according to claim 10 , configured to create the emergency security credential for use in authentication of machine-to-machine communications.
19 . An authentication credential issued by a security authority for use by a client host for accessing a target host in a data communication system, the authentication credential comprising at least one security feature for use in an authentication procedure between the client host and the target hosts, and an indication that the security credential is an emergency security credential used in response to detection of an error situation preventing the client host from obtaining a security credential from the security authority.
20 . The authentication credential according to claim 19 , comprising an emergency security certificate issued by a certificate authority server.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.