Networked computer user identification and authentication apparatus method and system

US 20050154915A1
Filed: 01/09/2004
Published: 07/14/2005
Est. Priority Date: 01/09/2004
Status: Abandoned Application

First Claim

Patent Images

1. An apparatus for authenticating and identifying users of a computer network on a local computer, the apparatus comprising:

a permission database configured to cache authentication and identification information on a local computer; and

an update module configured to retrieve an incremental update of the authentication and identification information from a domain server.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Authentication information, identification information, and domain configuration data are cached on a networked computer to provide increased reliability and performance. An update module manages a local cache containing a copy of centrally managed data from a domain server, directory server, or the like. An update request is sent to the update module in response to an information request by a local process. The update request may be a deferrable or non-deferrable request. Non-deferrable requests are immediately processed while deferrable requests may be deferred to a convenient time. The use of deferrable requests facilitates consolidation of cache updates and significantly reduces the processing and communications burden associated with maintaining the authentication information, identification information, and configuration data on the local networked computer.

Citations

33 Claims

1. An apparatus for authenticating and identifying users of a computer network on a local computer, the apparatus comprising:
- a permission database configured to cache authentication and identification information on a local computer; and
  
  an update module configured to retrieve an incremental update of the authentication and identification information from a domain server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The apparatus of claim 1, further comprising an authentication module residing on the local computer, the authentication module configured to receive a request from a local process and generate a non-deferrable update request to the update module.
  - 3. The apparatus of claim 2, wherein the authentication module is a dynamically linked module selected from the group consisting of a pluggable authentication module, and a loadable authentication module.
  - 4. The apparatus of claim 2, wherein the request from a local process is selected from the group consisting of an authentication request, a login request, a session request, an account restrictions request, and a password change request.
  - 5. The apparatus of claim 1, further comprising an identification module residing on the local computer, the identification module configured to receive an identification request from a local process and generate a deferrable update request to the update module.
  - 6. The apparatus of claim 5, wherein the identification module is a dynamically linked module.
  - 7. The apparatus of claim 1, wherein the update module is a POSIX compliant daemon.
  - 8. The apparatus of claim 1, wherein the domain server is a key distribution center.
  - 9. The apparatus of claim 1, wherein the domain server is a directory system agent.
  - 10. The apparatus of claim 1, wherein the update module is further configured to pre-load the permission database in response to joining a domain.
  - 11. The apparatus of claim 1, wherein the incremental update is tracked using a universal serial number associated with the domain server.
  - 12. The apparatus of claim 1, wherein the authentication and identification information is selected from the group consisting of user information, group information, organization unit information, container information, and domain information.
  - 13. The apparatus of claim 1, wherein the authentication and identification information comprises access-allowed information and access-denied information.
  - 14. The apparatus of claim 1, wherein the authentication information is received using KERBEROS.

15. An apparatus for authenticating users of a computer network on a local computer, the apparatus comprising:
- an authentication module residing on a local computer, the authentication module configured to receive authentication information from a domain server via a network; and
  
  a permission database configured to cache the authentication information on the local computer.

16. An apparatus for identifying users of a computer network on a local computer, the apparatus comprising:
- an identification module residing on a local computer, the identification module configured to receive identification information from a domain server via a network; and
  
  a permission database configured to cache the identification information on the local computer.

17. A method for authenticating and identifying users of a computer network on a local computer, the method comprising:
- retrieving authentication and identification information from a domain server via a network;
  
  caching the authentication and identification information on a local computer; and
  
  retrieving an incremental update of the authentication and identification information from the domain server.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. The method of claim 17, further comprising conducting a deferrable update of the authentication and identification information in response to receiving an identification request from a local process.
  - 19. The method of claim 17, further comprising conducting an immediate update of the authentication and identification information in response to receiving an authentication request from a local process.
  - 20. The method of claim 17, wherein caching the authentication and identification information comprises maintaining a permission database.
  - 21. The method of claim 17, further comprising pre-loading the permission database in response to joining a domain.
  - 22. The method of claim 17, further comprising tracking a universal serial number. associated with the domain server.
  - 23. The method of claim 17, wherein the authentication and identification information is selected from the group consisting of user information, group information, organization unit information, container information, and domain information.
  - 24. The method of claim 17, wherein the authentication and identification information comprises access-allowed information and access-denied information.
  - 25. The method of claim 17, further comprising receiving a request from a local process selected from the group consisting of a login request, a session request, an account restrictions request, and a password change request.
  - 26. The method of claim 17, further comprising communicating with the domain server using lightweight directory access protocol (LDAP).

27. An apparatus for authenticating and identifying users of a computer network on a local computer, the apparatus comprising:
- means for retrieving authentication and identification information from a domain server via a network;
  
  means for caching the authentication and identification information on a local computer;
  
  means for conducting a deferrable update of the authentication and identification information in response to receiving an identification request from a local process; and
  
  means for conducting an immediate update of the authentication and identification information in response to receiving an authentication request from a local process.

28. A computer readable storage medium comprising computer readable program code for authenticating and identifying users of a computer network on a local computer, the program code configured to conduct a method comprising:
- retrieving authentication and identification information from a domain server via a network;
  
  caching the authentication and identification information on a local computer;
  
  conducting a deferrable update of the authentication and identification information in response to receiving an identification request from a local process; and
  
  conducting an immediate update of the authentication and identification information in response to receiving an authentication request from a local process.

29. A system for authenticating and identifying users of a computer network on a local computer, the system comprising:
- a domain server; and
  
  a local computer configured to receive cache authentication and identification information from the domain server, the local computer comprising;
  
  a permission database configured to cache authentication and identification information from the domain server, the permission database comprising users-allowed information and users-denied information, and an update module configured to retrieve incremental update information from a domain server and update the permission database.
- View Dependent Claims (30, 31)
- - 30. The system of claim 29, wherein the local computer further comprises an authentication module configured to receive an authentication request from a local process and generate a non-deferrable update request to the update module.
  - 31. The system of claim 29, wherein the local computer further comprises an identification module configured to receive an identification request from a local process and generate a deferrable update request to the update module.

32. A method for centrally managing configuration data for a domain, the method comprising:
- generating remote procedure calls related to retrieving configuration data for a domain with a local process;
  
  directing the remote procedure calls to a local server process;
  
  retrieving the configuration data from a directory server; and
  
  locally caching the configuration data.
- View Dependent Claims (33)
- - 33. The method of claim 32, further comprising updating the configuration data for the domain from a directory server using a local server process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vintela, Inc. (Quest Software, Inc.), Vintela Incorporated
Original Assignee
Vintela, Inc. (Quest Software, Inc.)
Inventors
Wilkes, Charles Wynn Jr., Peterson, Matthew T.

Application Number

US10/754,215
Publication Number

US 20050154915A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/0853 using an additional device,...

Networked computer user identification and authentication apparatus method and system

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

33 Claims

Specification

Solutions

Use Cases

Quick Links

Networked computer user identification and authentication apparatus method and system

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

33 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links