Authenticating a node requesting another node to perform work on behalf of yet another node

US 20060129685A1
Filed: 12/09/2004
Published: 06/15/2006
Est. Priority Date: 12/09/2004
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

associating a plurality of agent nodes in the network with a multi-node, wherein the agent nodes are associated with machines in the network capable of performing operations on behalf of the multi-node;

receiving, by a target node, a request from a calling node for the target node to perform operations on behalf of the multi-node, wherein the target node is one of the agent nodes associated with the multi-node;

determining, by the target node, whether the calling node is one of the agent nodes associated with the multi-node; and

determining, by the target node, whether the calling node is capable of authenticating with a server; and

performing, by the target node, the operations requested by the calling node in response to determining that the calling node is associated with the multi-node and is capable of authenticating with the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are a method, system, and program for authenticating a node requesting another node to perform work on behalf of yet another node. A plurality of agent nodes in the network are associated with a multi-node, wherein the agent nodes are associated with machines in the network capable of performing operations on behalf of the multi-node. A target node receives a request from a calling node for the target node to perform operations on behalf of the multi-node, wherein the target node is one of the agent nodes associated with the multi-node. The target node determines whether the calling node is one of the agent nodes associated with the multi-node and determines whether the calling node is capable of authenticating with a server. The target node performs the operations requested by the calling node in response to determining that the calling node is associated with the multi-node and is capable of authenticating with the server.

26 Citations

View as Search Results

39 Claims

1. A method, comprising:
- associating a plurality of agent nodes in the network with a multi-node, wherein the agent nodes are associated with machines in the network capable of performing operations on behalf of the multi-node;
  
  receiving, by a target node, a request from a calling node for the target node to perform operations on behalf of the multi-node, wherein the target node is one of the agent nodes associated with the multi-node;
  
  determining, by the target node, whether the calling node is one of the agent nodes associated with the multi-node; and
  
  determining, by the target node, whether the calling node is capable of authenticating with a server; and
  
  performing, by the target node, the operations requested by the calling node in response to determining that the calling node is associated with the multi-node and is capable of authenticating with the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - transmitting, by the target node, a request to the calling node to authenticate with the server in response to determining that the calling node is one agent node associated with the multi-node.
  - 3. The method of claim 2, further comprising:
    - presenting, by the calling node, a token to authenticate the calling node at the server in response to the request from the target node to authenticate.
  - 4. The method of claim 3, wherein presenting, by the calling node, the token to authenticate comprises passing the token to the target node, further comprising:
    - presenting, by the target node, the token from the calling node to the server; and
      
      receiving, by the target node a server token from the server, wherein the calling node authenticates with the server if the server token is valid.
  - 5. The method of claim 4, further comprising:
    - sending, by the target node, the server token to the server to request the server to indicate whether the server token is valid; and
      
      receiving, by target node a response from the server indicating whether the server token is valid.
  - 6. The method of claim 4, further comprising:
    - sending, by the target node, the server token to the calling node in response to receiving the server token from the server; and
      
      sending, by the calling node, the server token to the target node, wherein the target node sends the server token to the server in response to receiving the server token from the calling node.
  - 7. The method of claim 3, further comprising:
    - receiving, by the calling node, a new token from the server in response to presenting the token to authenticate with the server, wherein the calling node uses the new token to subsequently authenticate with the server.
  - 8. The method of claim 1, wherein the calling node authenticates with the server through a session initiated with the target node.
  - 9. The method of claim 1, wherein determining, by the target node, whether the calling node is one of the agent nodes associated with the multi-node comprises querying the server to determine from the server whether the calling node is one of the agent nodes associated with the multi-node.
  - 10. The method of claim 1, wherein the operations requested by the calling node comprise operations to backup or restore data sets associated with the multi-node.
  - 11. The method of claim 1, wherein the target node comprises one of a plurality of target nodes comprising agent nodes of the multi-node, further comprising:
    - sending, by the calling node to the target nodes requests to perform operations on behalf of the multi-node, wherein the operations of determining whether the calling node is one of the agent nodes associated with the multi-node, determining whether the calling node is capable of authenticating with a server, and the operations requested by the calling node in response to determining that the calling node is associated with the multi-node and is capable of authenticating with the server.
  - 12. The method of claim 11, wherein the calling node sends the requests to the target nodes to distribute the workload of the multi-node operations to the target nodes associated with the multi-node.
  - 13. The method of claim 1, wherein a user is logged on at the calling node, further comprising:
    - submitting to the target node, by the user of the calling node, the request for the target node to perform operations on behalf of the multi-node.

14. A system including machines communicating over a network, comprising:
- a server including information associating a plurality of agent nodes in the network with a multi-node, wherein the agent nodes are associated with machines in the network capable of performing operations on behalf of the multi-node;
  
  a calling node implemented on one machine in the network;
  
  a target node implemented on one machine in the network, wherein the target node includes a computer readable medium having code capable of causing the target node machine to perform operations, the operations comprising;
  
  (i) receiving a request from the calling node for the target node to perform operations on behalf of the multi-node, wherein the target node is one of the agent nodes associated with the multi-node;
  
  (ii) determining whether the calling node is one of the agent nodes associated with the multi-node; and
  
  (iii) determining whether the calling node is capable of authenticating with the server; and
  
  (iv) performing the operations requested by the calling node in response to determining that the calling node is associated with the multi-node and is capable of authenticating with the server.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The system of claim 14, wherein the operations performed by the target node further comprise:
    - transmitting a request to the calling node to authenticate with the server in response to determining that the calling node is one agent node associated with the multi-node.
  - 16. The system of claim 15, wherein the calling node includes a computer readable medium having code capable of causing the calling node to perform operations comprising:
    - presenting a token to authenticate the calling node at the server in response to the request from the target node to authenticate.
  - 17. The system of claim 16, wherein presenting, by the calling node, the token to authenticate comprises passing the token to the target node and wherein the operations performed by the target node further comprise:
    - presenting the token from the calling node to the server; and
      
      receiving a server token from the server, wherein the calling node authenticates with the server if the server token is valid.
  - 18. The system of claim 17, wherein the operations performed by the target node further comprise:
    - sending the server token to the server to request the server to indicate whether the server token is valid; and
      
      receiving a response from the server indicating whether the server token is valid.
  - 19. The system of claim 17, wherein the operations performed by the target node further comprise:
    - sending the server token to the calling node in response to receiving the server token from the server; and
      
      wherein the operations performed by the calling node further comprise;
      
      sending the server token to the target node, wherein the target node sends the server token to the server in response to receiving the server token from the calling node.
  - 20. The system of claim 16, wherein the operations by the calling node further comprise:
    - receiving a new token from the server in response to presenting the token to authenticate with the server, wherein the calling node uses the new token to subsequently authenticate with the server.
  - 21. The system of claim 14, wherein the calling node authenticates with the server through a session initiated with the target node.
  - 22. The system of claim 14, wherein determining, by the target node, whether the calling node is one of the agent nodes associated with the multi-node comprises querying the server to determine from the server whether the calling node is one of the agent nodes associated with the multi-node.
  - 23. The system of claim 14, wherein the operations requested by the calling node comprise operations to backup or restore data sets associated with the multi-node.
  - 24. The system of claim 14, wherein the target node comprises one of a plurality of target nodes comprising agent nodes of the multi-node, wherein the operations performed by the calling node further comprise:
    - sending to the target nodes requests to perform operations on behalf of the multi-node, wherein the operations of determining whether the calling node is one of the agent nodes associated with the multi-node, determining whether the calling node is capable of authenticating with a server, and the operations requested by the calling node in response to determining that the calling node is associated with the multi-node and is capable of authenticating with the server.
  - 25. The system of claim 24, wherein the calling node sends the requests to the target nodes to distribute the workload of the multi-node operations to the target nodes associated with the multi-node.
  - 26. The system of claim 14, wherein a user is logged on at the calling node, wherein the calling node operations in response to user action further comprise:
    - submitting to the target node the request for the target node to perform operations on behalf of the multi-node.

27. An article of manufacture comprising distributed code executed in distributed nodes in a network, including a calling node and target node, and a server, wherein the nodes are implemented on machines communicating in the network, and wherein the distributed code is capable of causing the nodes and server to perform operations, the operations comprising:
- associating, by the server, a plurality of agent nodes in the network with a multi-node, wherein the agent nodes are associated with machines in the network capable of performing operations on behalf of the multi-node;
  
  receiving, by the target node, a request from the calling node for the target node to perform operations on behalf of the multi-node, wherein the target node is one of the agent nodes associated with the multi-node;
  
  determining, by the target node, whether the calling node is one of the agent nodes associated with the multi-node; and
  
  determining, by the target node, whether the calling node is capable of authenticating with a server; and
  
  performing, by the target node, the operations requested by the calling node in response to determining that the calling node is associated with the multi-node and is capable of authenticating with the server.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 28. The article of manufacture of claim 27, wherein the operations further comprise:
    - transmitting, by the target node, a request to the calling node to authenticate with the server in response to determining that the calling node is one agent node associated with the multi-node.
  - 29. The article of manufacture of claim 28, wherein the operations further comprise:
    - presenting, by the calling node, a token to authenticate the calling node at the server in response to the request from the target node to authenticate.
  - 30. The article of manufacture of claim 29, wherein presenting, by the calling node, the token to authenticate comprises passing the token to the target node, wherein the operations further comprise:
    - presenting, by the target node, the token from the calling node to the server; and
      
      receiving, by the target node a server token from the server, wherein the calling node authenticates with the server if the server token is valid.
  - 31. The article of manufacture of claim 30, wherein the operations further comprise:
    - sending, by the target node, the server token to the server to request the server to indicate whether the server token is valid; and
      
      receiving, by target node a response from the server indicating whether the server token is valid.
  - 32. The article of manufacture of claim 27, wherein the operations further comprise:
    - sending, by the target node, the server token to the calling node in response to receiving the server token from the server; and
      
      sending, by the calling node, the server token to the target node, wherein the target node sends the server token to the server in response to receiving the server token from the calling node.
  - 33. The article of manufacture of claim 29, wherein the operations further comprise:
    - receiving, by the calling node, a new token from the server in response to presenting the token to authenticate with the server, wherein the calling node uses the new token to subsequently authenticate with the server.
  - 34. The article of manufacture of claim 27, wherein the calling node authenticates with the server through a session initiated with the target node.
  - 35. The article of manufacture of claim 27, wherein determining, by the target node, whether the calling node is one of the agent nodes associated with the multi-node comprises querying the server to determine from the server whether the calling node is one of the agent nodes associated with the multi-node.
  - 36. The article of manufacture of claim 27, wherein the operations requested by the calling node comprise operations to backup or restore data sets associated with the multi-node.
  - 37. The article of manufacture of claim 27, wherein the target node comprises one of a plurality of target nodes comprising agent nodes of the multi-node, wherein the operations further comprise:
    - sending, by the calling node to the target nodes requests to perform operations on behalf of the multi-node, wherein the operations of determining whether the calling node is one of the agent nodes associated with the multi-node, determining whether the calling node is capable of authenticating with a server, and the operations requested by the calling node in response to determining that the calling node is associated with the multi-node and is capable of authenticating with the server.
  - 38. The article of manufacture of claim 37, wherein the calling node sends the requests to the target nodes to distribute the workload of the multi-node operations to the target nodes associated with the multi-node.
  - 39. The article of manufacture of claim 27, wherein a user is logged on at the calling node, wherein the operations further comprise:
    - submitting to the target node, by the user of the calling node, the request for the target node to perform operations on behalf of the multi-node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hochberg, Avishai Haim, Hattrup, Glen, Smith, James Patrick, Edwards, Robert Clair Jr., Rasmussen, Neil Gregory

Granted Patent

US 7,730,122 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

G06F 11/1461   Backup scheduling policy

G06F 11/1464   for networked environments

G06F 21/445   by mutual authentication, e...

H04L 63/083   using passwords cryptograph...

H04L 67/1001   for accessing one among a p...

H04L 67/1038   Load balancing arrangements...

Authenticating a node requesting another node to perform work on behalf of yet another node

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating a node requesting another node to perform work on behalf of yet another node

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links