Auditing login activity in a distributed computing environment

US 5,864,665 A
Filed: 08/20/1996
Issued: 01/26/1999
Est. Priority Date: 08/20/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A method of auditing login activity in a distributed computing environment in which users attempt to log into the environment from workstations using an authentication protocol in which a ticket request and pre-authentication data are communicated from the workstation to an authentication server, the pre-authentication data including information establishing an identity of the user and providing a proof that the user has entered a password during the login attempt;

comprising the steps of;

during a login routine, determining whether a ticket has been returned from the server in response to the ticket request; and

if a ticket has been returned from the server, suspending the login routine and using information derived from the pre-authentication data to initiate a login audit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of auditing login activity in a distributed computing environment in which users attempt to log into the environment from workstations using an authentication protocol in which a ticket request and pre-authentication data are communicated from the workstation to an authentication server. The pre-authentication data includes information establishing an identity of the user and providing a proof that the user has entered a password during the login attempt. The method is effected as a background process during the login, and is initiated after the ticket has been returned to the workstation from the authentication server to avoid RPC deadlock. To audit the login, information from the pre-authentication data is used to obtain a simple name of the user. The simple name is then converted into a global format and evaluated. If the name is recognized, it is passed along with the workstation address to an audit API. If the name is invalid, the audit is suspended. After the information is recorded or the audit suspended, as the case may be, process control is returned to the login routine. Preferably, the routine is implemented within the security service of the distributed computing environment.

Citations

20 Claims

1. A method of auditing login activity in a distributed computing environment in which users attempt to log into the environment from workstations using an authentication protocol in which a ticket request and pre-authentication data are communicated from the workstation to an authentication server, the pre-authentication data including information establishing an identity of the user and providing a proof that the user has entered a password during the login attempt;
- comprising the steps of;
  
  during a login routine, determining whether a ticket has been returned from the server in response to the ticket request; and
  
  if a ticket has been returned from the server, suspending the login routine and using information derived from the pre-authentication data to initiate a login audit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as described in claim 1 wherein the step of initiating a login audit includes the steps of:
    - determining whether naming information can be provided to an audit service of the distributing computing environment without causing RPC deadlock; and
      
      if the naming information can be provided without causing RPC deadlock, calling an audit API.
  - 3. The method as described in claim 2 further including the step of completing the login audit by having the audit API pass the naming information to the audit service.
  - 4. The method as described in claim 3 further including the steps of:
    - obtaining an address of a workstation at which the login attempt is occurring; and
      
      having the audit API pass the address to the audit service.
  - 5. The method as described in claim 4 further including the step of transferring process control back to the login routine after the audit API passes the naming information or the address to the audit service.
  - 6. The method as described in claim 1 wherein the authentication protocol is Kerberos.
  - 7. The method as described in claim 2 wherein the step of determining whether naming information can be provided to an audit service without causing RPC deadlock includes the steps of:
    - obtaining a name of the user in a first format;
      
      converting the user'"'"'s name from the first format to a second format; and
      
      evaluating whether the user'"'"'s name in the second format is valid.
  - 8. The method as described in claim 7 wherein the first format is an intracell name and the second format is an intercell name.

9. A method of auditing login activity in a distributed computing environment in which users attempt to log into the environment from workstations using an authentication protocol in which a ticket request and pre-authentication data are communicated from the workstation to an authentication server, the pre-authentication data including information establishing an identity of the user and providing a proof that the user has entered a password during the login attempt;
- comprising the steps of;
  
  during a login routine, determining whether a ticket has been returned from the server in response to the ticket request;
  
  if a ticket has been returned from the server, suspending the login routine and using information derived from the pre-authentication data to initiate a login audit protocol;
  
  returning process control back to the login routine after processing the login audit protocol.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method as described in claim 9 wherein the login audit protocol includes the steps of:
    - determining whether naming information can be provided to an audit service of the distributing computing environment without causing RPC deadlock;
      
      if the naming information can be provided without causing RPC deadlock, calling an audit API; and
      
      having the audit API pass the naming information to the audit service.
  - 11. The method as described in claim 9 wherein the login audit protocol includes the steps of:
    - determining whether naming information can be provided to an audit service of the distributing computing environment without causing RPC deadlock;
      
      if the naming information cannot be provided without causing RPC deadlock, suspending the audit.
  - 12. The method as described in claim 9 wherein the authentication protocol is Kerberos.
  - 13. The method as described in claim 10 wherein the step of determining whether naming information can be provided to an audit service without causing RPC deadlock includes the steps of:
    - obtaining a simple name of the user;
      
      converting the user'"'"'s simple name to a global name format; and
      
      evaluating whether the user'"'"'s global name is valid.

14. A computer connected in a distributed computing environment having an authentication server, the computer comprising:
- a processor;
  
  an operating system;
  
  program control means run by the operating system, comprising;
  
  means operative during a login routine for determining whether predetermined information has been returned from the authentication server in response to an authentication request;
  
  means responsive to the determining means for suspending the login routine and initiating a login audit protocol; and
  
  means for processing the login audit protocol; and
  
  means for returning process control back to the login routine after processing the login audit protocol.
- View Dependent Claims (15, 16, 17)
- - 15. The computer as described in claim 14 wherein the means for processing the login audit protocol includes means for controlling an audit API to pass naming information to an audit service.
  - 16. The computer as described in claim 15 wherein the means for processing the login audit protocol includes means for suspending an audit under predetermined circumstances.
  - 17. The computer as described in claim 14 wherein the authentication server uses a Kerberos authentication protocol.

18. An article of manufacture for use in a computer, comprising:
- a computer-readable storage medium having a substrate; and
  
  computer program data encoded in the substrate of the computer-readable storage medium, wherein the storage medium so configured enables a user of the computer to connect the computer into a distributed computing environment having an authentication server, the computer program data comprising;
  
  means operative during a login routine for determining whether predetermined information has been returned from the server in response to an authentication request;
  
  means responsive to the determining means for suspending the login routine and initiating a login audit protocol;
  
  means for processing the login audit protocol; and
  
  means for returning process control back to the login routine after processing the login audit protocol.
- View Dependent Claims (19, 20)
- - 19. The article of manufacture as described in claim 18 wherein the means for processing the login audit protocol includes means for controlling an audit API to pass naming information to an audit service.
  - 20. The article of manufacture as described in claim 18 wherein the means for processing the login audit protocol further includes means for suspending an audit under predetermined circumstances.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Tran, Trung M.
Primary Examiner(s)
DeCady, Albert

Application Number

US08/705,478
Time in Patent Office

889 Days
Field of Search

380/3, 380/4, 380/23, 380/25, 395/605, 395/186, 395/187.01, 395/188.01, 395/490, 395/491
US Class Current

726/10
CPC Class Codes

G06F 21/33   using certificates

G06F 21/554   involving event detection a...

G06F 2221/2141   Access rights, e.g. capabil...

Auditing login activity in a distributed computing environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Auditing login activity in a distributed computing environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links