One-time logon means and methods for distributed computing systems
First Claim
1. A distributed computing system comprising:
- a user computer comprising a communication program including a multiple logon procedure that is adapted to communicate with a remote computer and that employs a secure transport layer protocol that permits secure file transfer between computers of the distributed computing system, and that comprises a stored file including a user identification code and an encrypted password that permits access to the remote computer from the user computer;
a remote computer comprising a communication program that is adapted to respond the the communication program on the user computer and that employs the secure transport layer protocol, and that comprises a stored file including a user identification code and an encrypted password that permits access to the remote computer;
a network interconnecting the user computer and the remote computer;
and wherein a service request entered from the user computer is processed by the multiple logon procedure which accesses the stored file that contains the user identification code and encrypted password, decrypts the encrypted password of the remote computer, transfers the identification code and decrypted password to the remote computer, and logs the user computer onto the remote computer.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods of authenticating users in a distributed networked computing system. The system may comprise a central server embodiment that includes a file wherein IDs and encrypted passwords are stored, or a distributed system embodiment where IDs and encrypted passwords are stored in files at each respective computer in the system. A multiple logon procedure and secure transport layer protocol are used with a user'"'"'s communication software and network communication software. When a user desires to use a particular computer, logon requests are processed by the multiple logon procedure and it accesses the stored file that contains the user'"'"'s ID and encrypted password, decrypts the password, accesses the remote computer, and logs the user onto that computer. In the central server system all IDs and encrypted passwords are stored on a single computer (the server) that controls access to the entire distributed system. Once access is granted to a particular user, nonencrypted passwords are transmitted to the remote computers, since the server controls the entire system. In the distributed version, password files are stored in all networked computers, and once a user logs on to a computer, if the user wishes to use services at a second computer, the authentication information is forwarded to the second computer using the secure transport layer protocol to protect its integrity, and after receiving the authentication information, it is compared with authentication information for the same user stored in the second computer. If the authentication information matches, the user is logged onto the second computer.
473 Citations
7 Claims
-
1. A distributed computing system comprising:
-
a user computer comprising a communication program including a multiple logon procedure that is adapted to communicate with a remote computer and that employs a secure transport layer protocol that permits secure file transfer between computers of the distributed computing system, and that comprises a stored file including a user identification code and an encrypted password that permits access to the remote computer from the user computer; a remote computer comprising a communication program that is adapted to respond the the communication program on the user computer and that employs the secure transport layer protocol, and that comprises a stored file including a user identification code and an encrypted password that permits access to the remote computer; a network interconnecting the user computer and the remote computer; and wherein a service request entered from the user computer is processed by the multiple logon procedure which accesses the stored file that contains the user identification code and encrypted password, decrypts the encrypted password of the remote computer, transfers the identification code and decrypted password to the remote computer, and logs the user computer onto the remote computer. - View Dependent Claims (2, 3, 4)
-
-
5. A distributed computing system comprising:
-
a user computer a communication program that is adapted to communicate with a remote computer and that comprises a secure transport layer protocol that permits secure file transfer between computers of the distributed computing system; a remote computer comprising a communication program that is adapted to respond the the communication program on the user computer and that comprises the secure transport layer protocol; a network interconnecting the user computer and the remote computer; and a multiple logon server coupled to the network and interposed between the user computer and the remote computer that comprises a multiple logon procedure and communication program that employs the secure transport layer protocol and that is adapted to communicate with the user computer and the remote computer, and that comprises a stored file including a user identification code and an encrypted password that permits access to the remote computer from the user computer; and wherein a service request entered from the user computer is processed by the multiple logon procedure which accesses the stored file that contains the user identification code and encrypted password, decrypts the encrypted password of the remote computer, transfers the identification code and decrypted password to the remote computer, and logs the user computer onto the remote computer.
-
-
6. A method of authenticating users in a distributed computing system comprising a plurality of computers interconnected by way of a network, said method comprising the steps of:
-
for each user, encrypting user passwords for each computer in the distributed computing system; storing a file on a predetermined computer of the network that comprises each user identification code and encrypted passwords for all computers in the distributed computing system; processing service requests for services provided by a selected computer in the system by means of a secure transport layer protocol that permits secure file transfer between computers in the distributed system; processing the service requests using a multiple logon procedure; accessing the stored file that contains the user identification codes and encrypted passwords; accessing the remote resource and enters a user identification code and password for that computer; the remote resource interacts with the multiple logon procedure and user identification code and password file, and the multiple logon procedure decrypts the encrypted password for the particular requested computer and logs the user onto that computer.
-
-
7. A method of authenticating users in a distributed computing system comprising a plurality of workstations and remote computers interconnected by way of a network and a server interposed between the workstations and the remote computers, said method comprising the steps of:
-
storing a file on the server that comprises each user identification code and encrypted passwords for all computers in the distributed computing system; providing a predetermined multiple logon procedure that operates on a workstation that is adapted to interface between a workstation and a plurality of remote computers; using the multiple logon procedure to generate a service request at the workstation for a service available at a remote computer and transmit the service request to the server using a predetermined communication protocol; determining whether a user is connected to the server, and if the user is connected to the server, transmitting an authorization message to the workstation; using the multiple logon procedure to send a service connect request from the workstation to the remote computer to connect the workstation to the remote computer; requesting entry of a user ID and password from the workstation; using the multiple logon procedure to send an appropriate user ID and password from the workstation to the remote computer to establish connection therebetween; if the user workstation is not connected to the server, then the server requests authentication from the workstation; using the multiple logon procedure to process the authorization request and retrieve an appropriate user ID and password from the file and send a connect request to the server; upon receipt of the proper user ID and password, the server sends a service connect message to the workstation and connection is established therebetween; if the service request is accepted, the multiple logon procedure waits for a new request; if the service request is not accepted, the multiple logon procedure rejects the user and waits for the user to initiate an appropriate service authorization request.
-
Specification