CENTRALIZED USER AUTHENTICATION SYSTEM APPARATUS AND METHOD

US 20070288992A1
Filed: 06/18/2006
Published: 12/13/2007
Est. Priority Date: 06/08/2006
Status: Active Grant

First Claim

Patent Images

1. A system to authenticate a user, the system comprising:

an identification subsystem configured to receive a password request for a specified user and communicate an encrypted password field in response thereto, wherein the encrypted password field references a directory object corresponding to the specified user; and

an authentication subsystem configured to communicate the password request to the identification subsystem and receive the encrypted password field therefrom, the authentication subsystem further configured to authenticate the specified user against the directory object.

View all claims

25 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identification module receives a password request for a specified user and communicates an encrypted password field in response thereto, wherein the encrypted password field references a directory object corresponding to the specified user. The present invention also teaches an authentication module that communicates the password request to the identification module and receives the encrypted password field therefrom. Upon receiving the encrypted password field, the authentication module authenticates the specified user against the referenced directory object. In some embodiments, the encrypted password field is stored in an identification data store of an identification server and the directory object is stored in an authentication data store of an authentication server.

119 Citations

View as Search Results

27 Claims

1. A system to authenticate a user, the system comprising:
- an identification subsystem configured to receive a password request for a specified user and communicate an encrypted password field in response thereto, wherein the encrypted password field references a directory object corresponding to the specified user; and
  
  an authentication subsystem configured to communicate the password request to the identification subsystem and receive the encrypted password field therefrom, the authentication subsystem further configured to authenticate the specified user against the directory object.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the identification subsystem is configured to retrieve the encrypted password field from an identification server configured to store the encrypted password field.
  - 3. The system of claim 1, further comprising an authentication server configured to store the directory object.
  - 4. The system of claim 1, wherein the encrypted password field comprises a KERBEROS principal name.
  - 5. The system of claim 1, wherein the identification subsystem is configured to identify the specified user upon receiving a username.
  - 6. The system of claim 1, wherein the identification subsystem and authentication subsystem are part of a LINUX computer system.
  - 7. The system of claim 1, wherein the identification subsystem and the authentication subsystem are part of a UNIX computer system.

8. An apparatus to authenticate a user, the apparatus comprising:
- an identification module configured to receive a password request for a specified user and communicate an encrypted password field in response thereto, wherein the encrypted password field references a directory object corresponding to the specified user; and
  
  an authentication module configured to communicate the password request to the identification module and receive the encrypted password field therefrom, the authentication module further configured to authenticate the specified user against the directory object.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The apparatus of claim 8, wherein the authentication module comprises a pluggable authentication module.
  - 10. The apparatus of claim 8, wherein the authentication module comprises a KERBEROS module.
  - 11. The apparatus of claim 8, wherein the identification module comprises a plurality of identification modules selected from the group consisting of a NSS-NIS module, a NSS-LDAP module, and a NSS-File module.
  - 12. The apparatus of claim 8, wherein the identification module is configured to retrieve the encrypted password field from an identification data store.
  - 13. The apparatus of claim 8, further comprising an authentication data store configured to store the directory object.
  - 14. The apparatus of claim 8, wherein the encrypted password field comprises a KERBEROS principal name.
  - 15. The apparatus of claim 8, wherein the identification module is configured identify the specified user upon receiving a username.

16. A method to authenticate a user, the method comprising:
- creating a directory object corresponding to a specified user;
  
  referencing the directory object within an encrypted password field in an identification data store;
  
  providing an identification module configured to receive a password request corresponding to the specified user and communicate the encrypted password field in response thereto; and
  
  providing an authentication module configured to communicate the password request and authenticate the specified user against the directory object.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The method of claim 16, further comprising providing an authentication data store configured to store the directory object.
  - 18. The method of claim 16, wherein providing an authentication module comprises providing a pluggable authentication module.
  - 19. The method of claim 16, wherein the encrypted password field comprises a KERBEROS principal name.
  - 20. The method of claim 16, wherein providing an authentication module comprising providing a KERBEROS module.
  - 21. The method of claim 16, wherein the providing an identification module comprises providing a plurality of identification modules selected from the group consisting of a NSS-NIS module, a NSS-LDAP module, and a NSS-Files module.
  - 22. The method of claim 16, wherein the providing an identification module comprises providing an identification module configured identify the specified user upon receiving the username.

23. A computer readable medium bearing computer readable program codes configured to carry out a method to authenticate a user, the method comprising:
- prompting a user for a username;
  
  retrieving an encrypted password field corresponding to the username, wherein the encrypted password field references a directory object corresponding to the user; and
  
  authenticating the user against the directory object.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The computer readable medium of claim 23, wherein retrieving an encrypted password field comprises accessing an identification data store configured to store the encrypted password field.
  - 25. The computer readable medium of claim 23, wherein authenticating the specified user against the directory object comprises accessing an authentication data store configured to store the directory object.
  - 26. The computer readable medium of claim 23, wherein the encrypted password field comprises a KERBEROS principal name.
  - 27. The computer readable medium of claim 23, further comprising identifying the specified user upon receiving the username.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Dell Software, Inc. (Dell Technologies Inc.)
Inventors
Bowers, John Joseph, Robinson, Kyle Lane

Granted Patent

US 8,429,712 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

CENTRALIZED USER AUTHENTICATION SYSTEM APPARATUS AND METHOD

First Claim

25 Assignments

0 Petitions

Accused Products

Abstract

119 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

CENTRALIZED USER AUTHENTICATION SYSTEM APPARATUS AND METHOD

First Claim

25 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links