Management of authentication discovery policy in a computer network

US 6,418,466 B1
Filed: 07/10/1997
Issued: 07/09/2002
Est. Priority Date: 07/10/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A method of managing authentication information at a client running a native operating system, the client connectable to one or more servers in a computer network, comprising the steps of:

at the client, issuing a set of calls to servers in the computer network to identify potential authentication locations;

in response to information gathered in response to the calls, generating a list identifying native server domains and non-native server domains against which a user of the client may authenticate;

displaying the list to an administrator; and

having the administrator take a given action to process the list to create an authentication policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of discovering native or non-native authentication server domains and managing information about such domains in a computer network. The various domains are “discovered” by issuing requests from the client to one or more of the servers in the network. Each response is then characterized as being from a native or non-native server, and a list of each such server type is then compiled at the client. The administrator may modify the list, for example, by adding or removing server domains, or may apply a discovery “policy” to tailor the way in which a user may access and interact with the discovered information.

90 Citations

View as Search Results

22 Claims

1. A method of managing authentication information at a client running a native operating system, the client connectable to one or more servers in a computer network, comprising the steps of:
- at the client, issuing a set of calls to servers in the computer network to identify potential authentication locations;
  
  in response to information gathered in response to the calls, generating a list identifying native server domains and non-native server domains against which a user of the client may authenticate;
  
  displaying the list to an administrator; and
  
  having the administrator take a given action to process the list to create an authentication policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein the given action modifies the list.
  - 3. The method as described in claim 2 wherein the given action removes a given server domain from the list.
  - 4. The method as described in claim 2 wherein the administrator modifies the list by adding a given server domain available for authentication.
  - 5. The method as described in claim 1 further including the step of restricting a user seeking authentication from selecting server domains that are not present on the list.
  - 6. The method as described in claim 1 wherein the list of server domains is compiled during a discovery process initiated by the administrator.
  - 7. The method as described in claim 6 further including the step of restricting a user seeking authentication from initiating a new discovery request at logon.

8. A method of managing authentication information at a client running a native operating system, the client connectable to one or more servers in a computer network, comprising the steps of:
- at the client, issuing a set of calls to servers in the computer network to identify potential authentication locations;
  
  in response to information gathered in response to the calls, generating a list identifying native server domains and non-native server domains against which a user of the client may authenticate;
  
  applying a set of one or more policies to customize the list prior to presenting the list to a user seeking authentication.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method as described in claim 8 wherein the set of one or more policies includes a policy that restricts the user from selecting server domains that are not present on the list.
  - 10. The method as described in claim 8 wherein the set of one or more policies includes a policy that restricts the user from initiating a new request for discovery.
  - 11. The method as described in claim 8 wherein the native operating system is Windows NT.
  - 12. The method as described in claim 8 herein the non-native server domains include a Server Message Block (SMB) server domain.
  - 13. The method as described in claim 8 wherein the non-native server domains include a DCE Cell.

14. A method of managing authentication information at a client running a native operating system, the client connectable to one or more servers in a computer network, comprising the steps of:
- at the client, issuing a set of calls to servers in the computer network to identify potential authentication locations;
  
  in response to information gathered in response to the calls, generating a list identifying native server domains and non-native server domains against which a user of the client may authenticate;
  
  augmenting the list of server domains to define a set of server domains for display to a user seeking authentication during a logon process; and
  
  applying a set of one or more management policies that define how the user may interact with the list of server domains.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method as described in claim 14 wherein the step of augmenting the list includes adding a server domain to the list of discovered server domains.
  - 16. The method as described in claim 14 wherein the step of augmenting the list includes removing a server domain from the list of discovered server domains.
  - 17. The method as described in claim 14 wherein the set of one or more policies includes a policy that restricts the user from selecting server domains that are not present on the list.
  - 18. The method as described in claim 14 wherein the set of one or more policies includes a policy that restricts the user from initiating a new request for discovery.

19. A computer program product in a computer-readable medium for enabling an administrator to manage authentication policy at a client running a native operating system, the client connectable to one or more servers in a computer network, the computer program product comprising:
- means for issuing a set of calls to servers in the computer network to identify potential authentication locations;
  
  means responsive to information gathered in response to the calls for generating a list identifying native server domains and non-native server domains against which a user of the client may authenticate;
  
  means for modifying how the list is presented to a user seeking authentication; and
  
  means for controlling how the user seeking to be authenticated interacts with the list.
- View Dependent Claims (20, 21)
- - 20. The computer program product as described in claim 19 wherein the modifying means comprises:
21. The computer program product as described in claim 19 wherein the controlling means comprises:
- means for enabling the administrator to select whether the user is restricted to selecting one of the locations discovered and presented in the list of server domains; and
  
  means for enabling the administrator to select whether the user is able to initiate a new discovery request from a logon panel.

22. A computer connectable to a computer network, comprising:
- a processor;
  
  a native operating system;
  
  an authentication mechanism, comprising;
  
  means for issuing a set of calls to servers in the computer network to identify potential authentication locations;
  
  means responsive to information gathered in response to the calls for generating a list identifying native server domains and non-native server domains against which a user of the client may authenticate; and
  
  means for managing the information in the list to establish an authentication policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Spooner, Courtney Joseph, Bertram, Daniel Wayne, Lenharth, Scott Alan, Rolette, James Michael Jr., Smith, Stanley Alan, Dutcher, David Paul
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
DINH, KHANH Q

Application Number

US08/890,877
Time in Patent Office

1,825 Days
Field of Search

395/187.01, 395/680, 395/188.01, 395/200.33, 395/200.59, 395/500, 380/4, 380/23, 380/25, 709/200, 709/224, 709/227, 709/221
US Class Current

709/221
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Management of authentication discovery policy in a computer network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

90 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Management of authentication discovery policy in a computer network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others