AUTHENTICATION CACHE AND AUTHENTICATION ON DEMAND IN A DISTRIBUTED NETWORK ENVIRONMENT

US 20080133914A1
Filed: 02/07/2008
Published: 06/05/2008
Est. Priority Date: 02/01/2002
Status: Active Grant

First Claim

Patent Images

1. An apparatus to store authentication information, comprising:

a computer storing a first container hierarchy and a second container hierarchy, the first container hierarchy including at least a first container and a second container, the second container stored in the first container, and the second container hierarchy including at least a third container and a fourth container, the third container stored in the fourth container;

an authentication source separate from the computer for authenticating a first authentication request;

a temporary user object updater for updating a user object stored in one of the first container and the second container in the first container hierarchy with authentication information including a user name and a password responsive to the first authentication request; and

a permanent user object updater operative to permanently store the user object in the second container hierarchy if the authentication source validates the first authentication request.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer receives a request for authentication from a client. The computer forwards the authentication request to an authentication source. Once the authentication source has validated the authentication request, the computer requests authentication and cache control information from the authentication source. The computer uses the authentication and cache control information to populate a user object stored in a container hierarchy and enable the computer to authenticate an authentication request without forwarding the authentication request to the authentication source.

48 Citations

View as Search Results

32 Claims

1. An apparatus to store authentication information, comprising:
- a computer storing a first container hierarchy and a second container hierarchy, the first container hierarchy including at least a first container and a second container, the second container stored in the first container, and the second container hierarchy including at least a third container and a fourth container, the third container stored in the fourth container;
  
  an authentication source separate from the computer for authenticating a first authentication request;
  
  a temporary user object updater for updating a user object stored in one of the first container and the second container in the first container hierarchy with authentication information including a user name and a password responsive to the first authentication request; and
  
  a permanent user object updater operative to permanently store the user object in the second container hierarchy if the authentication source validates the first authentication request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. An apparatus according to claim 1, further comprising a second computer for generating the first authentication request.
  - 3. An apparatus according to claim 2, wherein:
    - the authentication source includes an encryption module for encrypting the authentication information for transmission to the computer; and
      
      the computer includes a decryption module for decrypting the encrypted authentication information.
  - 4. An apparatus according to claim 1, further comprising an authenticator for authenticating a second authentication request received by the computer, using the permanent user object in the second container hierarchy.
  - 5. An apparatus according to claim 1, wherein the temporary user object is stored in the second container.
  - 6. An apparatus according to claim 1, further comprising means for deleting the temporary user object in the first container hierarchy after the permanent user object is stored in the second container hierarchy.
  - 7. An apparatus according to claim 1, further comprising a cache storing cache control information, the cache control information including one or more of a classification level for the authentication information, an order policy, and a password change policy.

8. A method for caching authentication information, comprising:
- receiving a first authentication request at a computer, the authentication request including authentication information;
  
  storing the authentication information in a temporary user object in the computer;
  
  storing the temporary user object in one of a first container and a second container, the first container residing in the second container in a first container hierarchy on the computer;
  
  authenticating the first authentication request using an authentication source separate from the computer; and
  
  if the first authentication request is successful, storing a permanent user object in one of a third container and a fourth container, the third container residing in the fourth container in a second container hierarchy on the computer.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. A method according to claim 8, further comprising responding to a second authentication request at the computer using the permanent user object, if the permanent user object exists in the second container hierarchy.
  - 10. A method according to claim 8, wherein authenticating the first authentication request includes:
    - forwarding the first authentication request to the authentication source;
      
      receiving a challenge from the authentication source;
      
      forwarding the challenge to a client associated with the first authentication request;
      
      receiving a credential from the client;
      
      forwarding the credential to the authentication source;
      
      receiving a response from the authentication source; and
      
      forwarding the response to the client.
  - 11. A method according to claim 8, wherein storing the temporary user object includes storing the temporary user object in the first container.
  - 12. A method according to claim 8, further comprising deleting the temporary user object in the first container hierarchy after storing the permanent user object in the second container hierarchy.
  - 13. A method according to claim 8, further comprising, if the first authentication request is successful, storing cache control information in a cache, the cache control information including one or more of a classification level for the authentication information, an order policy, and a password change policy.

14. One or more computer-readable media containing a program to store authentication information for a user, comprising:
- software to receive a first authentication request at a computer, the authentication request including authentication information;
  
  software to store the authentication information in a temporary user object in the computer;
  
  software to store a temporary user object in one of a first container and a second container, the first container residing in the second container in a first container hierarchy;
  
  software to authenticate the first authentication request using an authentication source separate from the computer; and
  
  software to store a permanent user object in one of a third container and a fourth container, the third container residing in the fourth container in a second container hierarchy, if the first authentication request is successful.
- View Dependent Claims (15, 16, 17, 18)
- - 15. One or more computer-readable media containing a program according to claim 14, further comprising software to respond to a second authentication request at a computer using the permanent user object, if the permanent user object exists in the second container hierarchy.
  - 16. One or more computer-readable media containing a program according to claim 14, wherein storing the temporary user object includes storing the temporary user object in the first container.
  - 17. One or more computer-readable media containing a program according to claim 14, further comprising software to delete the temporary user object in the first container hierarchy after the permanent user object is stored in the second container hierarchy.
  - 18. One or more computer-readable media containing a program according to claim 14, further comprising software to store cache control information in a cache, the cache control information including one or more of a classification level for the authentication information, an order policy, and a password change policy.

19. A system comprising:
- a first computer;
  
  a first container hierarchy stored in the first computer, the first container hierarchy including a first container and a second container, the second container stored in the first container;
  
  a second container hierarchy stored in the first computer, the second container hierarchy including a third container and a fourth container;
  
  a temporary user object stored in one of the first container and the second container;
  
  a second computer in communication with the first computer for generating an authentication request, the authentication request including a user name and a password;
  
  means in the first computer for placing the authentication information in the temporary user object;
  
  an authentication source separate from the first computer and the second computer, in communication with the first computer for responding to the authentication request from the second computer; and
  
  means in the first computer for placing the authentication information in a permanent user object in a second container hierarchy on the computer, if the authentication source successfully validates the authentication request.
- View Dependent Claims (20, 21, 22)
- - 20. A system according to claim 19, wherein the temporary user object is stored in the second container.
  - 21. A system according to claim 19, further comprising means in the first computer for deleting the temporary user object in the first container hierarchy after the permanent user object is stored in the second container hierarchy.
  - 22. A system according to claim 19, further comprising means in the first computer for storing cache control information in a cache, the cache control information including one or more of a classification level for the authentication information, an order policy, and a password change policy.

23. A method for caching authentication information for a user, comprising:
- receiving a first authentication request at a computer from a client, the first authentication request including authentication information;
  
  populating a temporary user object stored in the computer with the authentication information for the user, the temporary user object stored in one of a first container and a second container, the first container stored in the second container in a first container hierarchy;
  
  forwarding the first authentication request to an authentication source separate from the computer;
  
  receiving a response at the computer from the authentication source; and
  
  if the response from the authentication source indicates that the first authentication request succeeded;
  
  populating a permanent user object with the authentication information, wherein the authentication information includes a user name and a password;
  
  storing the permanent user object in one of a third container and a fourth container, the third container stored in the fourth container in a second container hierarchy; and
  
  returning to the client a code validating the first authentication request.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. A method according to claim 23, further comprising, if the response from the authentication source indicates that the first authentication request failed, returning to the client a code failing the first authentication request.
  - 25. A method according to claim 23, further comprising:
    - receiving a second authentication request at the computer from the client; and
      
      validating or failing the second authentication request at the computer using the authentication information in the permanent user object.
  - 26. A method according to claim 23, wherein locating a temporary user object includes locating the temporary user object stored in the first container.
  - 27. A method according to claim 23, wherein if the response from the authentication source indicates that the first authentication request succeeded, further comprising deleting the temporary user object in the first container hierarchy.
  - 28. A method according to claim 23, wherein if the response from the authentication source indicates that the first authentication request succeeded, further comprising storing cache control information in a cache, the cache control information including one or more of a classification level for the authentication information, an order policy, and a password change policy.

29. One or more computer-readable media containing a program to store authentication information, comprising:
- software to decrypt a message from an authentication source;
  
  software to create a temporary user object in a computer separate from the authentication source with the authentication information in the decrypted message, wherein the authentication information includes a user name and a password;
  
  software to place the temporary user object in one of a first container and a second container stored on the computer, the first container residing in the second container in a first container hierarchy; and
  
  software to place a permanent user object in one of a third container and a fourth container stored on the computer, the third container residing in the fourth container in a second container hierarchy, if the authentication source validates an authentication request.
- View Dependent Claims (30, 31, 32)
- - 30. One or more computer-readable media containing a program according to claim 29, wherein the software to place the temporary user object includes software to place the temporary user object in the first container.
  - 31. One or more computer-readable media containing a program according to claim 29, further comprising software to delete the temporary user object in the first container hierarchy after the permanent user object is placed in the second container hierarchy.
  - 32. One or more computer-readable media containing a program according to claim 29, further comprising software to store cache control information in a cache, the cache control information including one or more of a classification level for the authentication information, an order policy, and a password change policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Nyland, James Duane, Isaacson, Scott Alan, Crabb, Lynn Wells, Fritch, Daniel Gene, Henderson, Larry Hal

Granted Patent

US 7,707,416 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

G06F 21/31 User authentication

AUTHENTICATION CACHE AND AUTHENTICATION ON DEMAND IN A DISTRIBUTED NETWORK ENVIRONMENT

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

32 Claims

Specification

Use Cases

Quick Links

Others

AUTHENTICATION CACHE AND AUTHENTICATION ON DEMAND IN A DISTRIBUTED NETWORK ENVIRONMENT

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

32 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others