Cascading Authentication System
First Claim
1. A method for authenticating a user to a target server, the method comprising:
- receiving a request from a user computer system to authenticate the user to the target server;
determining whether authenticating the user requires matching an authentication plan;
in response to determining that matching an authentication plan is required, accessing a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to user access to a different, particular server at a previous layer of authentication than the target server;
receiving an indication of the user'"'"'s current authentication plan from an authentication store, the current authentication plan having one or more authentication records each having current information relating to user access to a particular, different server at a previous layer of authentication than the target server;
comparing the stored authentication plan with the received current authentication plan to determine whether they match; and
in response to a match between the stored authentication plan and the current authentication plan, authenticating the user.
2 Assignments
0 Petitions
Accused Products
Abstract
Generally speaking, systems, methods and media for authenticating a user to a server based on previous authentications to other servers are disclosed. Embodiments of a method for authenticating a user to a server may include receiving a request to authenticate the user to the server and determining whether authenticating the user requires matching an authentication plan. If a plan is required, the method may also include accessing a stored authentication plan with authentication records each having expected information relating to user access to a different server. The method may also include receiving an indication of the user'"'"'s current authentication plan from an authentication store where the plan has authorization records each having current information relating to user access. Embodiments of the method may also include comparing the stored authentication plan with the received current authentication plan to determine whether they match and, in response to a match, authenticating the user.
56 Citations
20 Claims
-
1. A method for authenticating a user to a target server, the method comprising:
-
receiving a request from a user computer system to authenticate the user to the target server; determining whether authenticating the user requires matching an authentication plan; in response to determining that matching an authentication plan is required, accessing a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to user access to a different, particular server at a previous layer of authentication than the target server; receiving an indication of the user'"'"'s current authentication plan from an authentication store, the current authentication plan having one or more authentication records each having current information relating to user access to a particular, different server at a previous layer of authentication than the target server; comparing the stored authentication plan with the received current authentication plan to determine whether they match; and in response to a match between the stored authentication plan and the current authentication plan, authenticating the user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product comprising a computer-useable medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
-
receiving a request from a user computer system to authenticate a user to a target server; determining whether authenticating the user requires matching an authentication plan; in response to determining that matching an authentication plan is required, accessing a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to user access to a different, particular server at a previous layer of authentication than the target server; receiving an indication of the user'"'"'s current authentication plan from an authentication store, the current authentication plan having one or more authentication records each having current information relating to user access to a different, particular server at a previous layer of authentication than the target server; comparing the stored authentication plan with the received current authentication plan to determine whether they match; and in response to a match between the stored authentication plan and the current authentication plan, authenticating the user. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A cascading authentication system, the system comprising:
-
a target server having an authentication plan manager to access a stored authentication plan associated with a user requesting access to the target server, the stored authentication plan comprising one or more authentication records each having expected information relating to access by a user to a different, particular server at a previous layer of authentication than the target server; an authentication store to store a current authentication plan associated with the user, the current authentication plan comprising one or more authentication records each having current information relating to access by a user to a different, particular server at a previous layer of authentication than the target server; an authentication store manager in communication with the target server and the authentication store to provide the current authentication plan associated with a particular user to the authentication plan manager of the target server; and wherein the authentication plan manager of the target server determines whether to authenticate a user based on a comparison between the stored authentication plan and the current authentication plan. - View Dependent Claims (14, 15, 16)
-
-
17. A method for authenticating a user to a target server, the method comprising:
-
performing an authentication step for one or more servers at a previous layer of authentication to the target server; storing an authentication event record for each performed authentication step in an authentication store; attempting to authenticate to the target server, the target server requiring an authentication plan associated with the user; and receiving an indication of whether access to the target server was granted. - View Dependent Claims (18, 19, 20)
-
Specification