Method and apparatus for password based authentication in a distributed system
First Claim
1. In a client process capable of attempting access to one or more server processes, an apparatus for enabling authentication of a password which is changed from time to time, the apparatus comprising:
- a. identification logic configured to maintain a plurality of keys associated with the client process, each of the keys associated with a password, one of the keys being designated as current and derived from a current password that is in use, other of the keys designated as non-current and derived from non-current previously-used passwords;
b. response logic configured to allow access to a server process if any one of the current and non-current keys corresponds to authentication data with which the server process challenged an access attempt by the client process; and
c. update logic configured to provide a current key identifier to the server process, if the authentication data did not correspond to the current key.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for updating the password status of one or more servers in a client/server environment utilizes multiple passwords associated with a client process, including a current password and one or more non-current passwords. Each password has associated therewith a key and a key identifier. If upon an attempted access, a server process challenges the client process with a non-current key identifier, the client process provides the corresponding key associated with the non-current password. Once access to the server is achieved, the key identifier associated with the current password is supplied to the server process by the client process. In a networked server environment, the updated server process may provide the updated key identifier to other server processes which have knowledge of the client profile.
-
Citations
26 Claims
-
1. In a client process capable of attempting access to one or more server processes, an apparatus for enabling authentication of a password which is changed from time to time, the apparatus comprising:
-
a. identification logic configured to maintain a plurality of keys associated with the client process, each of the keys associated with a password, one of the keys being designated as current and derived from a current password that is in use, other of the keys designated as non-current and derived from non-current previously-used passwords; b. response logic configured to allow access to a server process if any one of the current and non-current keys corresponds to authentication data with which the server process challenged an access attempt by the client process; and c. update logic configured to provide a current key identifier to the server process, if the authentication data did not correspond to the current key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of authenticating a password which is changed from time to time in a computer system, the computer system having at least first and second processes executable on the computer system, the second process requiring authentication to gain access thereto by the first process, the method comprising the steps of:
-
a. associating with the first process a plurality of keys, one of the keys being designated as current and derived from a current password that is in use, other of the keys designated as non-current and derived from non-current previously-used passwords, each of the keys having a key identifier associated therewith; b. presenting one of the keys to the second process, the presented key corresponding to a key identifier with which the second process challenged the first process, the second process allowing access by the first process if the presented key is any of the current and non-current keys and corresponds to authentication data in the second process; and c. supplying to the second process a key identifier associated with the current key for use in subsequent challenges, if the second process challenged with a key identifier corresponding to other than the current key. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product for authenticating a password which is changed from time to time in a computer system, the computer system having at least first and second processes executable on the computer system, the second process requiring authentication to gain access thereto by the first process, the computer program product comprising a computer usable medium having computer program code embodied therein, the program code comprising:
-
a. program code for associating with a first process, a plurality of keys, one of the keys designated as current and derived from a current password that is in use, other of the keys designated as non-current and derived from non-current previously-used passwords, each of the keys having a key identifier associated therewith; b. program code responsive to an authorization challenge from a second process, for supplying one of the keys to the second process, the key corresponding to a key identifier with which the second process presented the authorization challenge, the second process allowing access by the first process if the supplied key is any of the current and non-current keys and corresponds to authentication data in the second process; and c. program code for supplying to the second process a key identifier associated with the current key for use in subsequent challenges, if the second process presented a key identifier corresponding to other than the current key. - View Dependent Claims (22, 23, 24, 25, 26)
-
Specification