Abstract: A method and apparatus for enabling a client to use a single set of credentials to access multiple secure applications at servers. A proxy authentication application at the server intercepts all requests for applications that require authentication, and initiates an authentication procedure with a proxy authentication application installed at the client. User credentials provided by the client authenticator are used by the server authenticator to determine the access credentials that should be forwarded to the server application on behalf of the users. The method allows per-user and per-application authentication decisions to be made at a system level rather than at an application level, even for legacy applications that are designed to require authentication at the application level, without modification to legacy client or server applications.

Abstract: This invention provides methods and apparatus for enabling access to restricted information contained at a semi-trusted web-server. Restricted information is information that is only available to a selected group of authorized clients. A client desiring access to the restricted information authenticates itself with a trusted web-server, and obtains a client credential. The client then contacts the semi-trusted web-server with the credential and obtains access to the restricted content. The restricted information may be encrypted at the semi-trusted web-server, so that the restricted information is secure even if the semi-trusted web-server is not completely secure.