Systems, methods and computer program products for authenticating client requests with client certificate information

US 6,088,805 A
Filed: 02/13/1998
Issued: 07/11/2000
Est. Priority Date: 02/13/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of authenticating a client request to access server resources without uniquely identifying a client IP address or a user making the client request, the method comprising the steps of:

receiving at an Access Control List (ACL) a certificate associated with the user making the client request, wherein the certificate comprises a plurality of data fields, and wherein the ACL does not contain information that can uniquely identify a client IP address or a user making the client request;

selecting data from at least one of the certificate data fields; and

filtering the selected data using at least one predefined filter rule associated with the ACL to authenticate the client request without uniquely identifying a client IP address or a user making the client request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer program products authenticate client requests to access server resources. A server receives a certificate containing multiple data fields associated with the client making a request. The server selects data from at least one of the certificate data fields and filters the selected data using at least one predefined filter rule associated with the requested server resources to authenticate the client request. Combinations of filter rules may be utilized and the server may select data from various combinations of data fields.

Citations

21 Claims

1. A method of authenticating a client request to access server resources without uniquely identifying a client IP address or a user making the client request, the method comprising the steps of:
- receiving at an Access Control List (ACL) a certificate associated with the user making the client request, wherein the certificate comprises a plurality of data fields, and wherein the ACL does not contain information that can uniquely identify a client IP address or a user making the client request;
  
  selecting data from at least one of the certificate data fields; and
  
  filtering the selected data using at least one predefined filter rule associated with the ACL to authenticate the client request without uniquely identifying a client IP address or a user making the client request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1 wherein the step of selecting data from at least one of the certificate data fields comprises selecting data from a plurality of the certificate data fields.
  - 3. A method according to claim 1 wherein the step of selecting data from at least one of the certificate data fields, comprises selecting data from at least one sub-field of a certificate field.
  - 4. A method according to claim 1 wherein the at least one predefined rule comprises a plurality of predefined filter rules.
  - 5. A method according to claim 4 wherein the step of filtering comprises filtering data selected from a plurality of certificate fields using a plurality of predefined rules associated with the ACL.
  - 6. A method according to claim 1 further comprising the steps of:
    - requesting the client to send additional information to the server;
      
      receiving the additional information at the ACL; and
      
      filtering the received additional information using at least one predefined filter rule associated with the ACL.
  - 7. A method according to claim 1 wherein the step of selecting data from at least one of the certificate data fields comprises selecting data from sub-fields of a distinguished name field.

8. A data processing system for authenticating a client request to access server resources without uniquely identifying a client IP address or a user making the client request, the data processing system comprising:
- means for receiving at an Access Control List (ACL) a certificate associated with the user making the client request, wherein the certificate comprises a plurality of data fields, and wherein the ACL does not contain information that can uniquely identify a client IP address or a user making the client request;
  
  means, responsive to the certificate receiving means, for selecting data from at least one of the certificate data fields; and
  
  means, responsive to the data selecting means, for filtering the selected data using at least one predefined filter rule associated with the ACL to authenticate the client request without uniquely identifying a client IP address or a user making the client request.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A data processing system according to claim 8, wherein the means for selecting data from at least one of the certificate data fields comprises means for selecting data from a plurality of the certificate data fields.
  - 10. A data processing system according to claim 8, wherein the means for selecting data from at least one of the certificate data fields, comprises means for selecting data from at least one sub-field of a certificate field.
  - 11. A data processing system according to claim 8, wherein the at least one predefined rule comprises a plurality of predefined filter rules.
  - 12. A data processing system according to claim 8, wherein the means for filtering the selected data comprises means for filtering data selected from a plurality of certificate fields using a plurality of predefined rules associated with the ACL.
  - 13. A data processing system according to claim 8, further comprising:
    - means for requesting the client to send additional information to the server;
      
      means for receiving the additional information at the ACL; and
      
      means, responsive to the receiving means, for filtering the received additional information using at least one predefined filter rule associated with the ACL.
  - 14. A data processing system according to claim 8, wherein the means for selecting data from at least one of the certificate data fields comprises means for selecting data from sub-fields of a distinguished name field.

15. A computer program product for authenticating a client request to access server resources without uniquely identifying a client IP address or a user making the client request, the computer program product comprising:
- a computer usable medium having computer readable program code means embodied in the medium for receiving at an Access Control List (ACL) a certificate associated with the user making the client request, wherein the certificate comprises a plurality of data fields, and wherein the ACL does not contain information that can uniquely identify a client IP address or a user making the client request;
  
  the computer usable medium having computer readable program code means embodied in the medium, responsive to the certificate receiving means, for selecting data from at least one of the certificate data fields; and
  
  the computer usable medium having computer readable program code means embodied in the medium, responsive to the data selecting means, for filtering the selected data using at least one predefined filter rule associated with the ACL to authenticate the client request without uniquely identifying a client IP address or a user making the client request.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. A computer program product according to claim 15, wherein the computer readable program code means embodied in the medium for selecting data from at least one of the certificate data fields comprises computer readable program code means for selecting data from a plurality of the certificate data fields.
  - 17. A computer program product according to claim 15, wherein the computer readable program code means embodied in the medium for selecting data from at least one of the certificate data fields, comprises computer readable program code means for selecting data from at least one sub-field of a certificate field.
  - 18. A computer program product according to claim 15, wherein the at least one predefined rule comprises a plurality of predefined filter rules.
  - 19. A computer program product according to claim 15, wherein the computer readable program code means embodied in the medium for filtering the selected data comprises computer readable program code means for filtering data selected from a plurality of certificate fields using a plurality of predefined rules associated with the ACL.
  - 20. A computer program product according to claim 15, further comprising:
    - computer readable program code means embodied in the medium for requesting the client to send additional information to the server;
      
      computer readable program code means embodied in the medium for receiving the additional information at the ACL; and
      
      computer readable program code means embodied in the medium, responsive to the receiving means, for filtering the received additional information using at least one predefined filter rule associated with the ACL.
  - 21. A computer program product according to claim 15, wherein the computer readable program code means embodied in the medium for selecting data from at least one of the certificate data fields comprises computer readable program code means for selecting data from sub-fields of a distinguished name field.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Gray, Steve D., Shoriak, Timothy G., Morrison, Ian A., Kuehr-McLaren, David Gerard, Davis, Mark Charles
Primary Examiner(s)
Palys, Joseph E.
Assistant Examiner(s)
Mai, Rijue

Application Number

US09/023,863
Time in Patent Office

879 Days
Field of Search

713/200, 713/201, 713/202, 711/161, 380/21, 380/25, 380/23, 380/3, 380/4, 380/28, 380/24, 380/26, 380/30, 708/314, 395/712, 709/203, 709/223, 709/224, 709/227, 709/237, 709/389
US Class Current

726/10
CPC Class Codes

G06F 21/33 using certificates

G06F 2221/2141 Access rights, e.g. capabil...

Systems, methods and computer program products for authenticating client requests with client certificate information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods and computer program products for authenticating client requests with client certificate information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links