Dynamic cache lookup based on dynamic data

US 20060020813A1
Filed: 06/30/2004
Published: 01/26/2006
Est. Priority Date: 06/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method of caching authentication data on a computer network, comprising the steps of:

authenticating a logon user based on dynamic security attributes;

computing a unique cache lookup key from the dynamic security attributes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for tracking user security credentials in a distributed computing environment. The security credentials of an authenticated user includes not just his unique user identifier, but also a set of security attributes such as the time of authentication, the location where the user is authenticated (i.e., intranet user v. internet user), the authentication strength, and so on. The security attributes are used in access control decisions. The same user can be given different authorization if he has a different security attribute value. Security credentials may be generated either by WebSphere security code or by third party security provider code. This invention stores the user credentials in a distributed cache and provides a system and method to compute the unique key based on the dynamic security credentials for cache lookup

Citations

23 Claims

1. A method of caching authentication data on a computer network, comprising the steps of:
- authenticating a logon user based on dynamic security attributes;
  
  computing a unique cache lookup key from the dynamic security attributes.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein a unique cache lookup key associated with the logon user is computed by a hash function.
  - 3. The method of claim 1, wherein the dynamic security attributes are selected from the group consisting of:
    - logon time and logon location.
  - 4. The method of claim 1, wherein the dynamic security attributes are selected based on a login module.
  - 5. The method of claim 4, wherein the login module is modified to determine the security attributes.
  - 6. The method of claim 1, wherein a single accessID can be simultaneously logged into the network as two different logon users based on the dynamic security attributes.
  - 7. The method of claim 6, wherein the two different logon users have different security rights.

8. A system for authenticating a user, comprising:
- a server that generates a token that can be used to identify a unique lookup key for cached security attributes of the user wherein the security credentials include dynamic security attributes.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16)
- - 9. The system of claim 8, wherein the token is a single sign on token.
  - 10. The system of claim 8, wherein the dynamic security attributes are selected from the group consisting of:
    - login time and login location.
  - 11. The system of claim 8, wherein the unique lookup key is computed by a hash function of the dynamic security attributes.
  - 12. The system of claim 8, wherein the login module is modified to supply a unique identification based on the dynamic security attributes.
  - 13. The system of claim 8, wherein the server is a proxy server using a TrustAssociationInterceptor (TAI) interface, and wherein the TAI interface is modified to supply a unique ID based on the dynamic security attributes.
  - 14. The system of claim 8, wherein a single accessID can be simultaneously logged into the network as two different logon users based on the dynamic security attributes.
  - 15. The system of claim 14, wherein the two different logon users have different security rights.
  - 16. The system of claim 8, wherein the server creates a container, and the container contains at least one token created at the server and at least one token created by a third party JAAS LoginModule.

17. A computer program product in a computer readable medium, comprising:
- first instructions for authenticating a logon user based on dynamic security attributes;
  
  second instructions for computing a unique cache lookup key from the dynamic security attributes.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The product of claim 17, wherein a unique cache lookup key associated with the logon user is computed by a hash function.
  - 19. The product of claim 17, wherein the dynamic security attributes are selected from the group consisting of:
    - logon time and logon location.
  - 20. The product of claim 17, wherein the dynamic security attributes are selected based on a login module.
  - 21. The product of claim 20, wherein the login module is modified to determine the security attributes.
  - 22. The product of claim 17, wherein a single accessID can be simultaneously logged into the network as two different logon users based on the dynamic security attributes.
  - 23. The product of claim 22, wherein the two different logon users have different security rights.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chao, Ching-Yun, Birk, Peter Daniel, Chung, Hyen Vui

Granted Patent

US 7,487,361 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/31   User authentication

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

Dynamic cache lookup based on dynamic data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic cache lookup based on dynamic data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links