Authenticating remote users in a distributed environment

US 5,706,349 A
Filed: 03/06/1995
Issued: 01/06/1998
Est. Priority Date: 03/06/1995
Status: Expired due to Term

First Claim

Patent Images

1. A method for managing communications between remote users and an application server in a distributed computing environment, the application server supported in a local processing system having a local authentication facility, comprising the steps of:

(a) issuing a token to each remote user whose identity is authenticated in the local processing system using the local authentication facility;

(b) in response to a call from a remote user, determining whether a token associated with the call was issued to the remote user authenticated by the local authentication facility of the local processing system; and

(c) connecting the remote user to the application server if the token was issued to the remote user authenticated by the local authentication facility of the local processing system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a distributed computing environment, a token is issued to a remote user if a security mechanism initially can determine that the remote user is who he claims to be. Thereafter, a connection between a remote user and an application server requires the application server to first verify that a token associated with a connection request was issued by the security mechanism. If no token is associated with a connection request, or if any token associated with the request was not issued by the security mechanism, the connection is refused.

Citations

20 Claims

1. A method for managing communications between remote users and an application server in a distributed computing environment, the application server supported in a local processing system having a local authentication facility, comprising the steps of:
- (a) issuing a token to each remote user whose identity is authenticated in the local processing system using the local authentication facility;
  
  (b) in response to a call from a remote user, determining whether a token associated with the call was issued to the remote user authenticated by the local authentication facility of the local processing system; and
  
  (c) connecting the remote user to the application server if the token was issued to the remote user authenticated by the local authentication facility of the local processing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein the identity of the remote user is authenticated by determining whether a user name and password are present in a user registry of the local processing system.
  - 3. The method as described in claim 2 wherein the user name and password are provided to the local processing system in a data string forming a part of a binding handle request message.
  - 4. The method as described in claim 3 wherein the data string also includes a universal unique identifier (UUID).
  - 5. The method as described in claim 4 wherein the token and the UUID are stored in the local processing system to enable determination of whether the token associated with the call was issued to the remote user by the local processing system.
  - 6. The method as described in claim 1 wherein the remote user is refused connection to the application server if the token was not issued to the remote user by the local processing system.
  - 7. The method as described in claim 1 wherein the token is a random string associated with a particular computing session.

8. A method, using a security mechanism, for managing communications between remote users and an application server in a distributed computing environment, wherein the security mechanism and the application server are supported in a local processing system having a local authentication facility, comprising the steps of:
- (a) issuing one or more tokens to a remote user if the remote user'"'"'s identity is authenticated by the security mechanism using the local authentication facility;
  
  (b) in response to a call from a remote user, determining whether a token associated with the call was issued to the remote user by the security mechanism;
  
  (c) connecting the remote user to the application server if the token was issued to the remote user by the security mechanism; and
  
  (d) refusing connection to the application server if the token was not issued to the remote user by the security mechanism.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method as described in claim 8 wherein the remote user'"'"'s identity is authenticated by determining whether a user name and password are present in a user registry associated with the local authentication facility.
  - 10. The method as described in claim 9 wherein the user name and password are provided to the security mechanism in a data string forming a part of a binding handle request message.
  - 11. The method as described in claim 10 wherein the data string also includes a universal unique identifier (UUID).
  - 12. The method as described in claim 11 wherein the token and the UUID are maintained in a storage associated with the security mechanism.
  - 13. The method as described in claim 8 wherein each token issued to the remote user is a random string.
  - 14. The method as described in claim 8 wherein the step of determining whether a token associated with the call was issued to the remote user by the security mechanism comprises the steps of:
    - transmitting the token from the remote user to the application server;
      
      having the application server send the token to the security mechanism; and
      
      searching a database associated with the security mechanism to determine if the token was originated by the security mechanism.

15. A method to enable an application server in a distributed network environment to verify the identity of remote users, the application server supported in a local processing system having a local authentication facility, comprising the steps of:
- (a) having a remote user transmit a data string to a security mechanism supported in the local processing system, the data string including at least some information uniquely identifying the remote user;
  
  (b) having the security mechanism issue a token to a remote user if the remote user'"'"'s identity is authenticated by the security mechanism using the local authentication facility; and
  
  (c) using the token to control further connection of the remote user to the application server.
- View Dependent Claims (16, 17)
- - 16. The method as described in claim 15 wherein the data string includes a user name, a user password and a random bit string.
  - 17. The method as described in claim 16 wherein the data string is an object.

18. In a network providing a distributed computing environment in which users access distributed resources and process applications, the network including a local processing system supporting an application server and having a local authentication facility, comprising:
- means for issuing a token to each remote user whose identity is authenticated using the local authentication facility; and
  
  means responsive to receipt of the token by the application server for controlling subsequent connection of the remote user to the application server.

19. A computer network providing a distributed computing environment in which users access distributed resources and process applications, comprising:
- a local computer system having an application server and supporting an authentication facility;
  
  a client process;
  
  a security protocol means to enable the application server to authenticate the client process, comprising;
  
  means supported on the local computer system for issuing a token to the client process if the identity of the client process is authenticated using the authentication facility; and
  
  means responsive to receipt of the token by the application server for controlling connection of the client process to the application server.

20. A program storage device readable by a processor and tangibly embodying a program of instructions executable by the processor to perform a method for managing communications in a distributed computing environment including an application server and one or more client processes, the application server supported in a local processing system having an authentication facility, the method for managing communications comprising the steps of:
- (a) issuing a token to a client process if the identity of the client process is authenticated using the authentication facility;
  
  (b) in response to a call request from a client process, determining where a token associated with the call request originated; and
  
  (c) enabling connection of the client process to the application server if the token originated from authentication by the authentication facility.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Aditham, Radhakrishna, Chang, Philip, Kramer, Paul H.
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/398,832
Time in Patent Office

1,037 Days
Field of Search

380/23-25
US Class Current

713/159
CPC Class Codes

G06F 21/33   using certificates

G06F 21/62   Protecting access to data v...

G06F 21/6236   between heterogeneous systems

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 9/3213   using tickets or tokens, e....

Authenticating remote users in a distributed environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating remote users in a distributed environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links