Access control subsystem and method for distributed computer system using locally cached authentication credentials

US 5,235,642 A
Filed: 07/21/1992
Issued: 08/10/1993
Est. Priority Date: 07/21/1992
Status: Expired due to Term

First Claim

Patent Images

1. In a distributed computer system having a multiplicity of interconnected computers, security apparatus comprising:

a plurality of processes, each process running on one of said multiplicity of computers, said plurality of processes including requester processes and server processes;

secure channels connecting ones of said multiplicity of computers on which respective ones of said requester processes are running to second ones of said multiplicity of computers on which respective ones of said server processes are running; and

a multiplicity of authenticating agents, each running in a trusted computing base on a different one of said multiplicity of interconnected computers;

one of said multiplicity of authenticating agents, running on one of said multiplicity of computers having at least one server process running thereon, including;

local cache means for maintaining data identifying previously authenticated requests from ones of said requester processes running on other ones of said multiplicity of interconnected computers; and

received request authenticating means for authenticating, on behalf of said at least one server process, a received request when data in said received request match said data maintained by said local cache means, for obtaining credentials authenticating said received request when said first data in said received request does not match said data maintained by said local cache means, and for enabling said at least one server process to process said received request only after said received request has been authenticated.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed computer system has a number of computers coupled thereto at distinct nodes. The computer at each node of the distributed system has a trusted computing base that includes an authentication agent for authenticating requests received from principals at other nodes in the system. Requests are transmitted to servers as messages that include a first identifier provided by the requester and a second identifier provided by the authentication agent of the requester node. Each server process is provided with a local cache of authentication data that identifies requesters whose previous request messages have been authenticated. When a request is received, the server checks the request'"'"'s first and second identifiers against the entries in its local cache. If there is a match, then the request is known to be authentic. Otherwise, the server node'"'"'s authentication agent is called to obtain authentication credentials from the requester'"'"'s node to authenticate the request message. The principal identifier of the requester and the received credentials are stored in a local cache by the server node'"'"'s authentication agent. The server process also stores a record in its local cache indicating that request messages from the specified requester are known to be authentic, thereby expediting the process of authenticating received requests.

673 Citations

9 Claims

1. In a distributed computer system having a multiplicity of interconnected computers, security apparatus comprising:
- a plurality of processes, each process running on one of said multiplicity of computers, said plurality of processes including requester processes and server processes;
  
  secure channels connecting ones of said multiplicity of computers on which respective ones of said requester processes are running to second ones of said multiplicity of computers on which respective ones of said server processes are running; and
  
  a multiplicity of authenticating agents, each running in a trusted computing base on a different one of said multiplicity of interconnected computers;
  
  one of said multiplicity of authenticating agents, running on one of said multiplicity of computers having at least one server process running thereon, including;
  
  local cache means for maintaining data identifying previously authenticated requests from ones of said requester processes running on other ones of said multiplicity of interconnected computers; and
  
  received request authenticating means for authenticating, on behalf of said at least one server process, a received request when data in said received request match said data maintained by said local cache means, for obtaining credentials authenticating said received request when said first data in said received request does not match said data maintained by said local cache means, and for enabling said at least one server process to process said received request only after said received request has been authenticated.
- View Dependent Claims (2, 3)
- - 2. The security apparatus of claim 1, whereineach requester process includes means for generating a request and for initiating transmission of said request over one of said secure channels to a specified one of said server processes;
    - andeach server process includescache means for maintaining its own local cache of data identifying previously authenticated requests received by said server process; and
      
      local authenticating means for authenticating a received request when said first data in said received request matches said data maintained by its own cache means, and for requesting authentication of said received request by said authentication agent running on the same computer as said server process when said data in said received request does not match said data maintained by its own cache means.
  - 3. The security apparatus of claim 1, whereinsaid local cache means includes means for time limiting validity of said data identifying previously authenticated requests;
    - said received request authenticating means including means for not matching data in said received request match with invalid data in said local cache means.

4. In a distributed computer system having a multiplicity of interconnected computers, security apparatus comprising:
- a plurality of processes, each process running on one of said multiplicity of computers, said plurality of processes including requester processes and server processes;
  
  secure channels connecting first ones of said multiplicity of computers on which respective ones of said requester processes are running to second ones of said multiplicity of computers on which respective ones of said server processes are running;
  
  a plurality of authenticating agents, each running in a trusted computing base on a different one of said multiplicity of interconnected computers;
  
  each requester process including means for generating a request and for initiating transmission of said request over one of said secure channels to a specified one of said server processes, said request including a first datum allegedly identifying a principal associated with said requester process;
  
  each authenticating agent running on one of said multiplicity of interconnected computers having at least one requester process running thereon including;
  
  request processing means for adding a second datum to each request generated by a requester process running on the same one of said multiplicity of computers as said authenticating agent, wherein said second datum uniquely corresponds to said originating requester process; and
  
  request authenticating means for authenticating that the first datum and second datum in a previously sent request are valid;
  
  each authenticating agent running on one of said multiplicity of interconnected computers having at least one server process running thereon including;
  
  local cache means for maintaining data indicating said first datum and second datum in previously authenticated requests; and
  
  received request authenticating means for (A) authenticating, on behalf of said at least one server process, a received request when said first datum and second datum in said received request match said data maintained by said local cache means, (B) obtaining authentication of said received request from said authenticating agent running on the same computer as the requester process that sent said received request when said first datum and second datum in said received request do not match said data maintained by said local cache means, and (C) enabling said at least one server process to process said received request only after said received request has been authenticated.
- View Dependent Claims (5, 6)
- - 5. The security apparatus of claim 4, whereineach server process includescache means for maintaining its own local cache of data indicating said first datum and second datum in previously authenticated requests received by said server process;
    - andlocal authenticating means for authenticating a received request when said first datum and second datum in said received request match said data maintained by its own cache means, and for requesting authentication of said received request by said authentication agent running on the same computer as said server process when said first datum and second datum in said received request do not match said data maintained by its own cache means.
  - 6. The security apparatus of claim 4, whereinsaid local cache means includes means for time limiting validity of said data identifying previously authenticated requests;
    - said received request authenticating means including means for not matching data in said received request match with invalid data in said local cache means.

7. A method of operating a distributed computer system having a multiplicity of interconnected computers, the steps of the method comprising:
- running requester processes on at least a first subset of said multiplicity of computers and running server on at least a second subset of said multiplicity of computers;
  
  interconnecting with secure channels first ones of said multiplicity of computers on which respective ones of said requester processes are running to second ones of said multiplicity of computers on which respective ones of said server processes are running;
  
  establishing authenticating agents within a trusted computing base on each one of said multiplicity of computers;
  
  said requester processes each generating requests and initiating transmission of said requests over ones of said secure channels to specified ones of said server processes, said requests each including a first datum allegedly identifying a principal associated with said each requester process;
  
  said authenticating agents adding to each request generated by said requester processes a second datum uniquely corresponding to the one of said requester processes which generated said each request; and
  
  those of said authenticating agents established on ones of said multiplicity of computers having at least one server process running thereon (A) maintaining a local cache of data indicating said first datum and second datum in previously authenticated requests received by said at least one server process, and (B) authenticating, on behalf of said at least one server process, a received request when said first datum and second datum in said received request match said data in said local cache, (C) obtaining authentication of said received request, from said authenticating agent established on the computer running the requester process that sent said received request, when said first datum and second datum in said received request do not match said data maintained by said local cache means, and (D) for enabling said at least one server process to process said received request only after said received request has been authenticated.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7,each server process maintaining its own local cache of data indicating said first datum and second datum in previously authenticated requests received by said server process;
    - andeach server process self-authenticating a received request when said first datum and second datum in said received request match said data maintained by its own cache means, and requesting authentication of said received request by said authentication agent running on the same computer as said server process when said first datum and second datum in said received request do not match said data maintained by its own cache means.
  - 9. The method of claim 7,said authentication agents time limiting validity of said data maintained in said local cache for each said previously authenticated request;
    - said authentication agents for not authenticating, on behalf of said at least one server process, a received request when said first datum and second datum in said received request match invalid data in said local cache.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Digital Equipment Corporation (HP Inc.)
Inventors
Lampson, Butler, Birrell, Andrew, Abadi, Martin, Wobber, Edward
Primary Examiner(s)
CAIN, DAVID C

Application Number

US07/917,767
Time in Patent Office

385 Days
Field of Search

380/23, 380/25, 380/4
US Class Current

713/156
CPC Class Codes

G06F 21/31   User authentication

G06F 2211/009   Trust

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2151   Time stamp

H04L 9/3215   using a plurality of channe...

H04L 9/3297   involving time stamps, e.g....

Access control subsystem and method for distributed computer system using locally cached authentication credentials

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

673 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Access control subsystem and method for distributed computer system using locally cached authentication credentials

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

673 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links