User presence verification with single password across applications
First Claim
1. A method for dynamically verifying presence of a user at a non-server station of a distributed network system when authenticating the user to various services and applications in the system, the method comprising the steps of:
- A. entering a user password at the station during a login procedure for initially authenticating said user to begin a session;
B. generating an initial hash value of the password and storing, at said station, that initial hash value after the login procedure;
C. invoking, after beginning the session but prior to termination of the session, a first application using a distributed authentication service, the first application issuing a predetermined application programming interface (API) call that requests the user password;
D. entering the user password at the station in response to the API call and generating a subsequent hash value of the user password;
E. comparing at said station, the subsequent hash value with the initial hash value; and
F. verifying the presence of the user if the hash values match.
9 Assignments
0 Petitions
Accused Products
Abstract
A technique verifies the presence of a user to applications stored on a distributed network system using a single password. The technique generally comprises computing a one-way hash value of the password that is initially provided by the user to a workstation during a login procedure. This initial hash value is stored by the workstation so that it may be readily accessible for authenticating the user to other applications of the system. These other applications query the user as to its identity by issuing an operating system application programming interface (API) call that specifies, e.g., "quiz user for password". The API call invokes a routine that requests the user'"'"'s password and, in response to that password, hashes it and compares the resulting hash value with the stored hash value. If the values match, the user is reliably authenticated.
-
Citations
15 Claims
-
1. A method for dynamically verifying presence of a user at a non-server station of a distributed network system when authenticating the user to various services and applications in the system, the method comprising the steps of:
-
A. entering a user password at the station during a login procedure for initially authenticating said user to begin a session; B. generating an initial hash value of the password and storing, at said station, that initial hash value after the login procedure; C. invoking, after beginning the session but prior to termination of the session, a first application using a distributed authentication service, the first application issuing a predetermined application programming interface (API) call that requests the user password; D. entering the user password at the station in response to the API call and generating a subsequent hash value of the user password; E. comparing at said station, the subsequent hash value with the initial hash value; and F. verifying the presence of the user if the hash values match. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Apparatus for dynamically verifying presence of a user at a non-server node of a network, the apparatus comprising:
-
a user input device for receiving a first entry and a subsequent entry of a password from the user, said first entry being for initially authenticating the user at said node to begin a session, and said subsequent entry being for authenticating said user after said session has begun but prior to termination of said session; a processor operably connected to the input device and programmed to generate an initial hash value corresponding to the password; and a memory device operably connected to the processor for storing the initial hash value and an application programming interface executable by the processor to request the subsequent entry of the password; the processor being further programmed to generate a subsequent hash value corresponding to the subsequent entry of the password and to compare the subsequent hash value with the initial hash value to dynamically verify the presence of the user at the node; wherein the processor and the memory device are located at said node. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A memory device containing data structures for use in dynamically verifying presence of a user at non-server node of a network, comprising:
-
a password structure adaptable to be input by said user for use in initially authenticating said user to begin a session; an initial hash structure for being stored at said node and corresponding to the password structure; an application adapted to use a distributed authentication service and to use an application programming interface effective to be executed by a processor located at said node to request, after said session has begun but prior to termination of the session, a new instance of the password structure to be input by the user; a subsequent hash structure generated by the processor and corresponding to the new instance of the password structure; and a verification executable effective to be executed by the processor to compare the initial hash structure with the subsequent hash structure in order to determine whether said user is present at said node. - View Dependent Claims (13, 14, 15)
-
Specification