METHODS, DEVICES, AND COMPUTER PROGRAM PRODUCTS FOR DISCOVERING AUTHENTICATION SERVERS AND ESTABLISHING TRUST RELATIONSHIPS THEREWITH

US 20090193508A1
Filed: 01/29/2008
Published: 07/30/2009
Est. Priority Date: 01/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method for using an authentication server to discover one or more additional authentication servers and to dynamically establish a trust relationship with the one or more additional authentication servers, the method including:

the authentication server searching for the one or more additional authentication servers to discover one or more sources of authentication tokens, and inspecting an incoming authentication request from the one or more additional authentication servers to determine if the request is carrying one or more authentication tokens from a newly discovered realm;

if the request is carrying one or more authentication tokens from the newly discovered realm, then the authentication server determining whether or not the newly discovered realm is trustworthy by initiating communications with at least one trusted authentication server to ascertain whether or not there is an existing trust relationship between the at least one trusted authentication server and the newly discovered realm;

if there is an existing trust relationship between the at least one trusted authentication server and the newly discovered realm, then the authentication server determining that the newly discovered realm is trustworthy;

if there is not an existing trust relationship between the at least one trusted authentication server and the newly discovered realm, then the authentication server determining that the newly discovered realm is not yet trustworthy, and making one or more attempts to use a plurality of additional authentication tokens to validate information provided by the newly discovered realm before accepting any authentications from the newly discovered realm;

the authentication server determining that the not yet trustworthy newly discovered realm is trustworthy after a plurality of correct authentication tokens are received from the newly discovered realm;

once the authentication server determining a newly discovered realm to be trustworthy, the authentication server receiving a directory schema from the newly discovered realm and comparing the received directory schema with a known directory schema retrieved by the authentication server to identify an intersection of the received directory schema and the known directory schema;

the authentication server using the intersection to identify a primary key, and to identify any unique information that is specific to either the authentication server or the newly discovered realm.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Using an authentication server to discover one or more additional authentication servers and to dynamically establish a trust relationship with the one or more additional authentication servers. The authentication server searches for the one or more additional authentication servers to discover one or more sources of authentication tokens, and inspects an incoming authentication request from the one or more additional authentication servers to determine if the request is carrying one or more authentication tokens from a newly discovered realm. Once the authentication server determines a newly discovered realm to be trustworthy, the authentication server receives a directory schema from the newly discovered realm and compares the received directory schema with a known directory schema retrieved by the authentication server to identify an intersection of the received directory schema and the known directory schema. The authentication server uses the intersection to identify a primary key, and to identify any unique information that is specific to either the authentication server or the newly discovered realm.

62 Citations

View as Search Results

18 Claims

1. A method for using an authentication server to discover one or more additional authentication servers and to dynamically establish a trust relationship with the one or more additional authentication servers, the method including:
- the authentication server searching for the one or more additional authentication servers to discover one or more sources of authentication tokens, and inspecting an incoming authentication request from the one or more additional authentication servers to determine if the request is carrying one or more authentication tokens from a newly discovered realm;
  
  if the request is carrying one or more authentication tokens from the newly discovered realm, then the authentication server determining whether or not the newly discovered realm is trustworthy by initiating communications with at least one trusted authentication server to ascertain whether or not there is an existing trust relationship between the at least one trusted authentication server and the newly discovered realm;
  
  if there is an existing trust relationship between the at least one trusted authentication server and the newly discovered realm, then the authentication server determining that the newly discovered realm is trustworthy;
  
  if there is not an existing trust relationship between the at least one trusted authentication server and the newly discovered realm, then the authentication server determining that the newly discovered realm is not yet trustworthy, and making one or more attempts to use a plurality of additional authentication tokens to validate information provided by the newly discovered realm before accepting any authentications from the newly discovered realm;
  
  the authentication server determining that the not yet trustworthy newly discovered realm is trustworthy after a plurality of correct authentication tokens are received from the newly discovered realm;
  
  once the authentication server determining a newly discovered realm to be trustworthy, the authentication server receiving a directory schema from the newly discovered realm and comparing the received directory schema with a known directory schema retrieved by the authentication server to identify an intersection of the received directory schema and the known directory schema;
  
  the authentication server using the intersection to identify a primary key, and to identify any unique information that is specific to either the authentication server or the newly discovered realm.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further including the authentication server receiving an authentication request, along with authentication data associated with the request.
  - 3. The method of claim 2 wherein the authentication data includes an authentication token that the authentication server cannot validate.
  - 4. The method of claim 3 further including the authentication server passing the authentication request to the one or more additional servers of the newly discovered realm.
  - 5. The method of claim 1 wherein the authentication server searches for the one or more additional authentication servers using a service discovery method.
  - 6. The method of claim 1 wherein, subsequent to the authentication server inspecting an incoming authentication request to determine if the request is carrying an authentication token from a newly discovered realm, the authentication server adding the newly discovered realm to a discovery list.

7. A computer program product for using an authentication server to discover one or more additional authentication servers and to dynamically establish a trust relationship with the one or more additional authentication servers, the computer program product including a storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for facilitating a method including:
- the authentication server searching for the one or more additional authentication servers to discover one or more sources of authentication tokens, and inspecting an incoming authentication request from the one or more additional authentication servers to determine if the request is carrying one or more authentication tokens from a newly discovered realm;
  
  if the request is carrying one or more authentication tokens from the newly discovered realm, then the authentication server determining whether or not the newly discovered realm is trustworthy by initiating communications with at least one trusted authentication server to ascertain whether or not there is an existing trust relationship between the at least one trusted authentication server and the newly discovered realm;
  
  if there is an existing trust relationship between the at least one trusted authentication server and the newly discovered realm, then the authentication server determining that the newly discovered realm is trustworthy;
  
  if there is not an existing trust relationship between the at least one trusted authentication server and the newly discovered realm, then the authentication server determining that the newly discovered realm is not yet trustworthy, and making one or more attempts to use a plurality of additional authentication tokens to validate information provided by the newly discovered realm before accepting any authentications from the newly discovered realm;
  
  the authentication server determining that the not yet trustworthy newly discovered realm is trustworthy after a plurality of correct authentication tokens are received from the newly discovered realm;
  
  once the authentication server determining a newly discovered realm to be trustworthy, the authentication server receiving a directory schema from the newly discovered realm and comparing the received directory schema with a known directory schema retrieved by the authentication server to identify an intersection of the received directory schema and the known directory schema;
  
  the authentication server using the intersection to identify a primary key, and to identify any unique information that is specific to either the authentication server or the newly discovered realm.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7 further including the authentication server receiving an authentication request, along with authentication data associated with the request.
  - 9. The computer program product of claim 8 wherein the authentication data includes an authentication token that the authentication server cannot validate.
  - 10. The computer program product of claim 9 further including the authentication server passing the authentication request to the one or more additional servers of the newly discovered realm.
  - 11. The computer program product of claim 7 wherein the authentication server searches for the one or more additional authentication servers using a service discovery method.
  - 12. The computer program product of claim 7 wherein, subsequent to the authentication server inspecting an incoming authentication request to determine if the request is carrying an authentication token from a newly discovered realm, the authentication server adding the newly discovered realm to a discovery list.

13. An authentication server for discovering one or more additional authentication servers and for dynamically establish a trust relationship with the one or more additional authentication servers, the authentication server including:
- a search mechanism capable of searching for the one or more additional authentication servers to discover one or more sources of authentication tokens, and inspecting an incoming authentication request from the one or more additional authentication servers to determine if the request is carrying one or more authentication tokens from a newly discovered realm;
  
  a communications mechanism wherein, if the request is carrying one or more authentication tokens from the newly discovered realm, then the authentication server determines whether or not the newly discovered realm is trustworthy by initiating communications with at least one trusted authentication server to ascertain whether or not there is an existing trust relationship between the at least one trusted authentication server and the newly discovered realm;
  
  a processing mechanism wherein, if there is an existing trust relationship between the at least one trusted authentication server and the newly discovered realm, then the processing mechanism determines that the newly discovered realm is trustworthy; and
  
  if there is not an existing trust relationship between the at least one trusted authentication server and the newly discovered realm, then the processing mechanism determines that the newly discovered realm is not yet trustworthy, and makes one or more attempts to use a plurality of additional authentication tokens to validate information provided by the newly discovered realm before accepting any authentications from the newly discovered realm;
  
  the processing mechanism determining that the not yet trustworthy newly discovered realm is trustworthy after a plurality of correct authentication tokens are received from the newly discovered realm;
  
  once the processing mechanism determines a newly discovered realm to be trustworthy, the communications mechanism receiving a directory schema from the newly discovered realm and the processing mechanism comparing the received directory schema with a known directory schema retrieved by the authentication server to identify an intersection of the received directory schema and the known directory schema;
  
  the processing mechanism using the intersection to identify a primary key, and to identify any unique information that is specific to either the authentication server or the newly discovered realm.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The authentication server of claim 13 wherein the communications mechanism receives an authentication request, along with authentication data associated with the request.
  - 15. The authentication server of claim 14 wherein the authentication data includes an authentication token that the authentication server cannot validate.
  - 16. The authentication server of claim 15 wherein the communications mechanism passes the authentication request to the one or more additional servers of the newly discovered realm.
  - 17. The authentication server of claim 13 wherein the authentication server searches for the one or more additional authentication servers using a service discovery method.
  - 18. The authentication server of claim 13 wherein, subsequent to the authentication server inspecting an incoming authentication request to determine if the request is carrying an authentication token from a newly discovered realm, the authentication server adding the newly discovered realm to a discovery list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Browne, Michael E., Huie, William J., Brenneman, Robert J., Sheppard, Sarah J., Smith, Kyle M.

Granted Patent

US 8,220,032 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06Q 20/367   involving electronic purses...

G06Q 20/382   insuring higher security of...

H04L 63/08   for authentication of entit...

H04L 63/126   the source of the received ...

H04L 67/51   Discovery or management the...

METHODS, DEVICES, AND COMPUTER PROGRAM PRODUCTS FOR DISCOVERING AUTHENTICATION SERVERS AND ESTABLISHING TRUST RELATIONSHIPS THEREWITH

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS, DEVICES, AND COMPUTER PROGRAM PRODUCTS FOR DISCOVERING AUTHENTICATION SERVERS AND ESTABLISHING TRUST RELATIONSHIPS THEREWITH

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links