FRAMEWORK FOR NOTIFYING A DIRECTORY SERVICE OF AUTHENTICATION EVENTS PROCESSED OUTSIDE THE DIRECTORY SERVICE
First Claim
1. A method of authenticating an end user for a client application using a directory service having an authentication control policy that tracks failed authentication attempts and allows lock out of an account after a predetermined number of failures, the method comprising:
- receiving end user identity information and security information at the client application;
sending a search request to the directory service for an entry associated with the end user identity information and, if a match is found, receiving a authentication token from the directory service associated with the end user identity information;
comparing the received authentication token with the security information;
if the authentication token matches the security information, sending a request to update the directory service to indicate that successful authentication of the end user has occurred; and
if the authentication token does not match the security information, sending a request to update the directory service to indicate that a failed attempt at authentication of the end user has occurred.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and machine-readable media for authenticating an end user for a client application are disclosed. According to one embodiment of the invention, a method of authenticating an end user for a client application using a directory service having an authentication control policy that tracks failed authentication attempts and allows lock out of an account after a predetermined number of failures comprises receiving end user identity information and security information at the client application; sending a search request to the directory service for an entry associated with the end user identity information and, if a match is found, receiving a authentication token from the directory service associated with the end user identity information; comparing the received authentication token with the security information; if the authentication token matches the security information, sending a request to update the directory service to indicate that successful authentication of the end user has occurred; and if the authentication token does not match the security information, sending a request to update the directory service to indicate that a failed attempt at authentication of the end user has occurred.
-
Citations
25 Claims
-
1. A method of authenticating an end user for a client application using a directory service having an authentication control policy that tracks failed authentication attempts and allows lock out of an account after a predetermined number of failures, the method comprising:
-
receiving end user identity information and security information at the client application; sending a search request to the directory service for an entry associated with the end user identity information and, if a match is found, receiving a authentication token from the directory service associated with the end user identity information; comparing the received authentication token with the security information; if the authentication token matches the security information, sending a request to update the directory service to indicate that successful authentication of the end user has occurred; and if the authentication token does not match the security information, sending a request to update the directory service to indicate that a failed attempt at authentication of the end user has occurred. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of authenticating a user for a client application over the Internet with a directory service that implements an authentication control policy to track failed authentication attempts, the method comprising:
-
receiving account identity information and security information at the client application; sending a search request comprising the account identity information to the directory service; receiving an authentication token from the directory service associated with the account identity information if an entry associated with the account identity information exists on the directory service; comparing the received authentication token with the security information; and sending a request to update the directory service to indicate that a failed attempt at authentication of the end user has occurred if the authentication token does not match the security information. - View Dependent Claims (10, 11, 12)
-
-
13. A method of authenticating a user for a client application using a directory service having an authentication control policy that tracks failed authentication attempts and allows lock out of an account after a predetermined number of failures, the method comprising:
-
receiving a search request including user identity information at the directory service; comparing the user identity information with entries in the directory service; if a match is found, sending an authentication token associated with the user identity information to a client application; and receiving a request at the directory service to update the directory service with information that indicates whether successful authentication of the user occurred at the client application. - View Dependent Claims (14, 15)
-
-
16. A machine-readable medium for a computer system, the machine-readable medium having stored thereon a series of instructions which, when executed by a processing component of the computer system, cause the processing component to attempt authentication of a user for a client application over the Internet with a directory service that implements an authentication control policy to track failed authentication attempts by:
-
receiving account identity information and security information at the client application; sending a search request comprising the account identity information to the directory service; receiving an authentication token from the directory service associated with the account identity information if an entry associated with the account identity information exists on the directory service; comparing the received authentication token with the security information; and sending a request to update the directory service to indicate that a failed attempt at authentication of the end user has occurred if the authentication token does not match the security information. - View Dependent Claims (17, 18, 19)
-
-
20. A machine-readable medium for a computer system, the machine-readable medium having stored thereon a series of instructions which, when executed by a processing component of the computer system, cause the processing component to attempt authentication of a user for a client application using a directory service having an authentication control policy that tracks failed authentication attempts and allows lock out of an account after a predetermined number of failures by:
-
receiving a search request including user identity information at the directory service; comparing the user identity information with entries in the directory service; if a match is found, sending an authentication token associated with the user identity information to a client application; and receiving a request at the directory service to update the directory service with information that indicates whether successful authentication of the user occurred at the client application. - View Dependent Claims (21, 22)
-
-
23. A computer processing system comprising:
a directory service having an authentication control policy that tracks failed authentication attempts and allows lock out of an account after a predetermined number of failures, the directory service adapted to (i) receive a search request including user identity information;
(ii) compare the user identity information with entries in the directory service;
(iii) send an authentication token associated with the user identity information to a client application if a match is found; and
(iv) receive a request at the directory service to update the directory service with information that indicates whether successful authentication of the user occurred at the client application.- View Dependent Claims (24, 25)
Specification