HTTP distributed remote user authentication system
First Claim
1. An authentication server for use in a data network that includes a plurality of nodes connected to one another by data transmission pathways, comprising:
- a database for holding user identification data on a plurality of users that may potentially seek access to a resource at a first node accessible through the data network;
said authentication server being operable for issuing a message in the data network for prompting a user residing at a second node of the data network to enter at the second node a user identification data element;
said authentication server being operable to process the user identification data element entered by the user at the second node to determine if an access right should be granted to the user;
said authentication server being operable to direct to the first node a communication containing data permitting the first node to generate and transmit to the second node an access grant mark, the access grant mark being retained by the second node and subsequently recognizable by the first node as indication of past occurrence of access grant by said authentication server.
10 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to the field of data and computer network security. Data and computer network security is of the utmost importance to most organizations that possess such networks. One of the difficulties that users and managers of these networks face is that the users have to provide a user ID and password every time they wish to access one of the organization'"'"'s secured HTTP servers or URLs. This creates a problem for users and managers since lists of numerous user IDs and passwords need to be maintained and therefore can easily be lost or their confidentiality compromised. This invention addresses these problems by providing a transparent, scalable, single point of authentication for remote users across any number of HTTP servers anywhere on a data network, such as an Intranet, using any user ID and password scheme implemented by a main authentication HTTP server.
889 Citations
30 Claims
-
1. An authentication server for use in a data network that includes a plurality of nodes connected to one another by data transmission pathways, comprising:
-
a database for holding user identification data on a plurality of users that may potentially seek access to a resource at a first node accessible through the data network; said authentication server being operable for issuing a message in the data network for prompting a user residing at a second node of the data network to enter at the second node a user identification data element; said authentication server being operable to process the user identification data element entered by the user at the second node to determine if an access right should be granted to the user; said authentication server being operable to direct to the first node a communication containing data permitting the first node to generate and transmit to the second node an access grant mark, the access grant mark being retained by the second node and subsequently recognizable by the first node as indication of past occurrence of access grant by said authentication server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A data network, comprising:
-
a plurality of nodes connected to one another by data transmission pathways; an authentication server residing at one of said nodes; a customer server residing at another one of said nodes, said customer server supporting a certain resource; said customer server being responsive to a first message from a user at a certain node of said network requesting access to the certain resource to issue a response message to the certain node, said response message causing the certain node to initiate an access grant control transaction with said authentication server, said access grant control transaction characterised by requesting the user to provide a user identification data element; said authentication server capable to direct to the customer server a communication containing data permitting the customer server to generate and transmit to the certain node an access grant mark, the access grant mark being retained by the certain node and recognizable by the customer server as indication of past occurrence of access grant by said authentication server. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A customer server for use in a network including an authentication server, said customer server capable to support a certain resource potentially sought by a user from a certain node of the network, said customer server:
-
being responsive to a first message issued from the certain node requesting access to the certain resource to issue a response message to the certain node, the response message causing the certain node to initiate an access grant control transaction with said authentication server; and being responsive at least in part to a second message issued from the authentication server containing data permitting the customer server to generate and transmit to the certain node an access grant mark, the access grant mark being retained by the certain node and recognizable by the customer server as indication of past occurrences of access grant by said authentication server. - View Dependent Claims (22)
-
-
23. A method for access control in a data network, said data network including:
-
a plurality of nodes connected to one another by data transmission pathways; an authentication server residing at one of said nodes; a customer server residing at another one of said nodes, said customer server supporting a certain resource, said method comprising the steps of; a) receiving at said customer server a request for access by a user residing at a certain node of the data network to the certain resource; b) issuing a control message toward the certain node to cause initiation of an access grant control transaction with said authentication server, said access grant control transaction characterised by requesting the user to provide a user identification data element; c) forwarding from said authentication server to the customer server data permitting the customer server to generate and transmit to the certain node an access grant mark, the access grant mark being retained by the certain node and recognizable by the customer server as indication of past occurrence of access grant by said authentication server. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification