Method and system for authenticating users to multiple computer servers via a single sign-on

US 5,684,950 A
Filed: 09/23/1996
Issued: 11/04/1997
Est. Priority Date: 09/23/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for authenticating a user with respect to multiple computer servers within a distributed computing network, said method comprising:

providing an authentication broker within said distributed computing network;

receiving an authentication request from a workstation at said authentication broker;

issuing a Kerberos Ticket Granting Ticket to said workstation from said authentication broker after a determination that said authentication request is valid;

issuing a Kerberos Service Ticket to said workstation from said authentication broker in response to an access request from said workstation to a Kerberos Ticket-based server within said distributed computing network;

issuing a passticket to said workstation from said authentication broker in response to an access request from said workstation to a passticket-based server within said distributed computing network;

issuing a password to said workstation from said authentication broker in response to an access request from said workstation to a password-based server within said distributed computing network, such that accesses to all said servers are granted via a single network authentication request.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating an authorized user to multiple computer servers within a distributed computing environment after a single network sign-on is disclosed. In accordance with the method and system of the present invention, an authentication broker is provided within the distributed computing network. The authentication broker first receives an authentication request from a workstation. After a determination that the authentication request is valid, the authentication broker then issues a Kerberos Ticket Granting Ticket to the workstation. At this point, if there is a request by the workstation for accessing a Kerberos Ticket-based server within the distributed computing network, the authentication broker will issue a Kerberos Service Ticket to the workstation. Similarly, if there is a request by the workstation for accessing a passticket-based server within the distributed computing network, the authentication broker will issue a passticket to the workstation. Finally, if there is a request by the workstation for accessing a password-based server within the distributed computing network, the authentication broker will issue a password to the workstation. By this, accesses to all of the above servers within the distributed computing network can be granted via a single network authentication request.

Citations

15 Claims

1. A method for authenticating a user with respect to multiple computer servers within a distributed computing network, said method comprising:
- providing an authentication broker within said distributed computing network;
  
  receiving an authentication request from a workstation at said authentication broker;
  
  issuing a Kerberos Ticket Granting Ticket to said workstation from said authentication broker after a determination that said authentication request is valid;
  
  issuing a Kerberos Service Ticket to said workstation from said authentication broker in response to an access request from said workstation to a Kerberos Ticket-based server within said distributed computing network;
  
  issuing a passticket to said workstation from said authentication broker in response to an access request from said workstation to a passticket-based server within said distributed computing network;
  
  issuing a password to said workstation from said authentication broker in response to an access request from said workstation to a password-based server within said distributed computing network, such that accesses to all said servers are granted via a single network authentication request.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method for authenticating a user to multiple computer servers within a distributed computing network according to claim 1, wherein said step of receiving an authentication request further includes a step of receiving a user identification and an associated password.
  - 3. The method for authenticating a user to multiple computer servers within a distributed computing network according to claim 1, wherein said step of issuing a Kerberos Service Ticket further includes a step of exchanging said Kerberos Ticket Granting Ticket for said Kerberos Service Ticket.
  - 4. The method for authenticating a user to multiple computer servers within a distributed computing network according to claim 1, wherein said step of issuing a passticket further includes a step of exchanging said Kerberos Ticket Granting Ticket for a second Kerberos Service Ticket and a step of exchanging said second Kerberos Service Ticket for said passticket.
  - 5. The method for authenticating a user to multiple computer servers within a distributed computing network according to claim 1, wherein said step of issuing a password further includes a step of exchanging said Kerberos Ticket Granting Ticket for a third Kerberos Service Ticket and a step of exchanging said third Kerberos Service Ticket for said password.

6. A computer program product stored on a computer readable medium for authenticating a user with respect to multiple computer servers within a distributed computing network, said computer product comprising:
- program code means for receiving an authentication request from a workstation at said authentication broker;
  
  program code means for issuing a Kerberos Ticket Granting Ticket to said workstation from said authentication broker after a determination that said authentication request is valid;
  
  program code means for issuing a Kerberos Service Ticket to said workstation from said authentication broker in response to an access request from said workstation to a Kerberos Ticket-based server within said distributed computing network;
  
  program code means for issuing a passticket to said workstation from said authentication broker in response to an access request from said workstation to a passticket-based server within said distributed computing network;
  
  program code means for issuing a password to said workstation from said authentication broker in response to an access request from said workstation to a password-based server within said distributed computing network, such that accesses to all said servers are granted via a single network authentication request.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer program product for authenticating a user to multiple computer servers within a distributed computing network according to claim 6, wherein said program code means for receiving an authentication request further includes a program code means for receiving a user identification and an associated password.
  - 8. The computer program product for authenticating a user to multiple computer servers within a distributed computing network according to claim 6, wherein said program code means for issuing a Kerberos Service Ticket further includes a program code means for exchanging said Kerberos Ticket Granting Ticket for said Kerberos Service Ticket.
  - 9. The computer program product for authenticating a user to multiple computer servers within a distributed computing network according to claim 6, wherein said program code means for issuing a passticket further includes a program code means for exchanging said Kerberos Ticket Granting Ticket for a second Kerberos Service Ticket and a program code means for exchanging said second Kerberos Service Ticket for said passticket.
  - 10. The computer program product for authenticating a user to multiple computer servers within a distributed computing network according to claim 6, wherein said program code means for issuing a password further includes a program code means for exchanging said Kerberos Ticket Granting Ticket for a third Kerberos Service Ticket and a program code means for exchanging said third Kerberos Service Ticket for said password.

11. An authentication broker for authenticating a user to multiple computer servers within a distributed computing network, said authentication broker comprising:
- means for receiving an authentication request from a workstation;
  
  means for issuing a Kerberos Ticket Granting Ticket to said workstation after a determination that said authentication request is valid;
  
  means for issuing a Kerberos Service Ticket to said workstation in response to an access request from said workstation to a Kerberos Ticket-based server within said distributed computing network;
  
  means for issuing a passticket to said workstation in response to an access request from said workstation to a passticket-based server within said distributed computing network;
  
  means for issuing a password to said workstation in response to an access request from said workstation to a password-based server within said distributed computing network, such that accesses to all said servers are granted via a single network authentication request.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The authentication broker for authenticating a user to multiple computer servers within a distributed computing network according to claim 11, wherein said means for receiving an authentication request further includes a means for receiving a user identification and an associated password.
  - 13. The authentication broker for authenticating a user to multiple computer servers within a distributed computing network according to claim 11, wherein said means for issuing a Kerberos Service Ticket further includes a means for exchanging said Kerberos Ticket Granting Ticket for said Kerberos Service Ticket.
  - 14. The authentication broker for authenticating a user to multiple computer servers within a distributed computing network according to claim 11, wherein said means for issuing a passticket further includes a means for exchanging said Kerberos Ticket Granting Ticket for a second Kerberos Service Ticket and a means for exchanging said second Kerberos Service Ticket for said passticket.
  - 15. The authentication broker for authenticating a user to multiple computer servers within a distributed computing network according to claim 11, wherein said means for issuing a password further includes a means for exchanging said Kerberos Ticket Granting Ticket for a third Kerberos Service Ticket and a means for exchanging said third Kerberos Service Ticket for said password.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Leidos Innovations Technology, Inc.
Original Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Inventors
Dare, Timothy S., Ek, Eric B., Luckenbaugh, Gary L.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Palys, Joseph E.

Application Number

US08/717,961
Time in Patent Office

407 Days
Field of Search

395/187.01, 395/186, 395/188.01, 395/609, 395/610, 395/200.12, 380/3, 380/4, 380/23, 380/25
US Class Current

726/10
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

Method and system for authenticating users to multiple computer servers via a single sign-on

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authenticating users to multiple computer servers via a single sign-on

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links