System aand method for authentication to an application

US 20040260925A1
Filed: 06/20/2003
Published: 12/23/2004
Est. Priority Date: 06/20/2003
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a first user in a protected network to an application shared simultaneously with a second user in an unprotected network, said method comprising the steps of:

the first user supplying a userID and a password to a first server within said protected network for authentication for said application, said application residing in a third network;

said first server checking authentication of said first user based on said userID and password, and if said first user is authentic, said first server forwarding to said application an authentication key for said first user and a selection by said first user pertaining to said application; and

said application checking authentication of said key, and if authentic, complying with said selection by said first user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating a first user in a protected network to an application in a DMZ network shared simultaneously with a second user in an unprotected network. The protected network and the DMZ network are both controlled by a same entity. The first user supplies a userID and a password to a first server within the protected network for authentication for the application. The first server checks authentication of the first user based on the userID and password. If the first user is authentic, the first server forwards to the application an authentication key for the first user and a selection by the first user pertaining to the application. The application checks authentication of the key, and if authentic, complies with the selection by the first user. The second user supplies another userID and another password to the application. If the other userID and other password are authentic, the application complies with a selection made by the second user pertaining to the application.

49 Citations

View as Search Results

22 Claims

1. A method for authenticating a first user in a protected network to an application shared simultaneously with a second user in an unprotected network, said method comprising the steps of:
- the first user supplying a userID and a password to a first server within said protected network for authentication for said application, said application residing in a third network;
  
  said first server checking authentication of said first user based on said userID and password, and if said first user is authentic, said first server forwarding to said application an authentication key for said first user and a selection by said first user pertaining to said application; and
  
  said application checking authentication of said key, and if authentic, complying with said selection by said first user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. A method as set forth in claim 1 further comprising the steps of:
    - said second user supplying another userID and another password to said application;
      
      if said other userID and other password are authentic, said application complying with a selection made by said second user pertaining to said application.
  - 3. A method as set forth in claim 1 wherein said protected network and said third network are both controlled by a same entity.
  - 4. A method as set forth in claim 1 wherein said third network is a DMZ.
  - 5. A method as set forth in claim 1 wherein said unprotected network is an Internet.
  - 6. A method as set forth in claim 3 wherein said unprotected network is an Internet.
  - 7. A method as set forth in claim 4 wherein said unprotected network is an Internet.
  - 8. A method as set forth in claim 1 wherein said protected network is an intranet.
  - 9. A method as set forth in claim 3 wherein said protected network is an intranet.
  - 10. A method as set forth in claim 4 wherein said protected network is an intranet.
  - 11. A method as set forth in claim 1 wherein said application is an electronic meeting application, and both said first user and said second user simultaneously participate in a same meeting.
  - 12. A method as set forth in claim 11 wherein said selection by said first user is a selection of an electronic meeting in which to participate.
  - 13. A method as set forth in claim 1 further comprising the step of said application sending to said first server said authentication key before the step of said first server forwarding to said application said authentication key.
  - 14. A method as set forth in claim 1 wherein said authentication key is self authenticating based on whether a period during which the key is valid matches a scheduled period of use of said application, and whether an IP address of said first user is from said protected network.
  - 15. A method as set forth in claim 1 further comprising the step of authenticating said second user to said application.

16. A authentication system comprising:
- an application on a first server in a first network;
  
  a second server in a second, protected network to receive from a first user within said second network a userID and a password for authentication for said application, said second server checking authentication of said first user based on said userID and password, and if said first user is authentic, said second server forwarding to said application an authentication key for said first user and a selection by said first user pertaining to said application; and
  
  said application checking authentication of said key, and if authentic, complying with said selection by said first user; and
  
  a workstation in a third, unprotected network for a second user, said application being shared simultaneously with said first and second users.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A system as set forth in claim 16 wherein:
    - said application receives from said second user another userID and another password, and if said other userID and other password are authentic, said application complies with a selection made by said second user pertaining to said application.
  - 18. A system as set forth in claim 16 wherein said first and second servers and said first and second networks are all controlled by a same entity.
  - 19. A system as set forth in claim 16 wherein said first network is a DMZ.
  - 20. A system as set forth in claim 16 wherein said unprotected network is an Internet.

21. A computer program product for authenticating a first user in a protected network to an application shared simultaneously with a second user in an unprotected network, said program product comprising:
- a computer readable medium;
  
  first program instructions, to execute on a first server within said protected network, to receive from the first user a userID and a password for authentication for said application, said application residing in a third network;
  
  second program instructions, to execute on said first server, to check authentication of said first user based on said userID and password, and if said first user is authentic, to forward to said application an authentication key for said first user and a selection by said first user pertaining to said application; and
  
  third program instructions in said application to check authentication of said key, and if authentic, comply with said selection by said first user; and
  
  wherein said first, second and third program instructions are recorded on said medium.
- View Dependent Claims (22)
- - 22. A computer program product as set forth in claim 21 further comprising:
    - fourth program instructions in said application to receive from said second user another userID and another password, and if said other userID and other password are authentic, to instruct said application to comply with a selection made by said second user pertaining to said application; and
      
      wherein said fourth program instructions are recorded on said medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Barnabo, Christopher E., Greenlee, Gordan G.

Granted Patent

US 7,356,697 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/0807 using tickets, e.g. Kerbero...

H04L 63/083 using passwords cryptograph...

System aand method for authentication to an application

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

System aand method for authentication to an application

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others