Method and apparatus for client authentication and application configuration via smart cards
First Claim
Patent Images
1. A method in a computer system for accessing a host computer comprising the computer system implemented steps of:
- receiving a data structure at the computer system, for use in accessing a host computer;
identifying a location of a computer containing a key ring for a user using the data structure, wherein the data structure contains an identification of the location of the computer;
retrieving the key ring for the user from the computer in communication with the computer system; and
accessing the host computer using the key ring.
1 Assignment
0 Petitions
Accused Products
Abstract
A data processing system for accessing a host computer. A smart card is detected at the data processing system, which in turn queries the smart card for an indication of a location of user information. A secure channel is established with the location of user information. User information is retrieved associated with the smart card from the location. A connection is established to the host computer with the user information. Key to this invention is the ability to use this infrastructure for authentication when a smart card cannot be used at the data processing system.
-
Citations
36 Claims
-
1. A method in a computer system for accessing a host computer comprising the computer system implemented steps of:
-
receiving a data structure at the computer system, for use in accessing a host computer;
identifying a location of a computer containing a key ring for a user using the data structure, wherein the data structure contains an identification of the location of the computer;
retrieving the key ring for the user from the computer in communication with the computer system; and
accessing the host computer using the key ring. - View Dependent Claims (2, 3, 4, 5, 6)
obtaining the location of the computer from a smart card.
-
-
3. The method of claim 1, wherein the step of retrieving the key ring includes:
-
establishing a communications link to the computer;
requesting the key ring using information from the data structure; and
receiving the key ring from the computer.
-
-
4. The method of claim 1, wherein the location of the computer is identified by a directory entry name for the user located in the data structure.
-
5. The method of claim 1, wherein the host computer is located on a Systems Network Architecture network.
-
6. The method of claim 1, wherein the computer system is located on a Internet Protocol network and the host computer is located on a Systems Network Architecture network and wherein the step of accessing the host computer comprises accessing the host computer through a server acting as a gateway between the internet protocol network and the systems network architecture network.
-
7. A method in a data processing system for accessing a host computer comprising:
-
detecting a smart card at the data processing system;
querying the smart card for an indication of a location of user information;
establishing a secure channel with the location of user information;
retrieving user information associated with the smart card from the location; and
establishing a connection to the host computer with the user information. - View Dependent Claims (8, 9, 10)
-
-
11. A method in a client computer for accessing a host computer from a client computer, the method comprising the computer implemented steps of:
-
detecting, at the client computer, a storage device used to access the host computer;
accessing the storage device to obtain information from the storage device;
establishing a connection to another computer based on the information obtained from the storage device;
retrieving a key ring from another computer using the information obtained from the storage device; and
accessing the host computer using the key ring. - View Dependent Claims (12, 13, 14, 15, 16, 17)
prompting for a personal identification number;
receiving the personal identification number; and
using the personal identification number to access the data structure in the storage device.
-
-
13. The method of claim 11, wherein the information obtained from the storage device includes a certificate and private key used and wherein the step of establishing a connection comprises establishing a secure connection using the certificate and private key.
-
14. The method of claim 11, wherein the step of accessing the host using the key ring comprises accessing the host using a certificate from the key ring.
-
15. The method of claim 11, wherein the key ring includes a list of certificates and private keys.
-
16. The method of claim 15, wherein the key ring further includes a list of signing authorities.
-
17. The method of claim 11, wherein the another computer is a Lightweight Directory Access Protocol server.
-
18. A method in a client computer for accessing a host computer from a client computer, the method comprising the computer implemented steps of:
-
detecting, at the client computer, a storage device used to access the host computer;
accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry;
establishing a connection to another computer based on the information obtained from the storage device;
retrieving a key ring from another computer using the information obtained from the storage device by accessing the directory using the directory entry name to access a data structure in another computer to obtain the key ring; and
accessing the host computer using the key ring.
-
-
19. A method in a client computer for accessing a host computer from a client computer, the method comprising the computer implemented steps of:
-
detecting, at the client computer, a storage device used to access the host computer;
accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry name;
establishing a connection to another computer based on the information obtained from the storage device;
retrieving a key ring from another computer using the information obtained from the storage device by accessing the directory using the directory entry name to access a data structure in another computer to obtain the key ring;
retrieving configuration information associated with the directory entry name; and
accessing the host computer using the key ring.- View Dependent Claims (20)
-
-
21. A computer system for accessing a host computer comprising:
-
receiving means for receiving a data structure at a client computer, for use in accessing a host computer;
identifying means for identifying a location of a computer containing a key for a user using the data structure, wherein the data structure contains an identification of the location of the computer, retrieving means for retrieving the key ring for the user from the computer in communication with the computer system; and
accessing means for accessing the host computer using the key ring. - View Dependent Claims (22, 23)
obtaining means for obtaining the location of the computer from a smart card.
-
-
23. The computer system of claim 21, wherein the retrieving means includes:
-
establishing means for establishing a communications link to the computer;
requesting means for requesting the key ring using information from the data structure; and
receiving means for receiving the key ring from the computer.
-
-
24. A computer system for accessing a host computer comprising:
-
detecting means for detecting a smart card at the a data processing system;
querying means for querying the smart card for an indication of a location of user information;
establishing means for establishing a secure channel with the location of user information;
retrieving means for retrieving user information associated with the smart card from the location; and
establishing means for establishing a connection to the host computer with the user information.
-
-
25. A client computer comprising:
-
detecting means for detecting, at the client computer, a storage device used to access a host computer;
first accessing means for accessing the storage device to obtain information from the storage device;
establishing means for establishing a connection to another computer based on the information obtained from the storage device;
retrieving means for retrieving a key ring from the another computer using the information obtained from the storage device; and
second accessing means for accessing the host computer using the key ring. - View Dependent Claims (26)
prompting means for prompting for a personal identification number;
receiving means for receiving the personal identification number; and
using means for using the personal identification number to access the data structure in the storage device.
-
-
27. A client computer comprising:
-
detecting means for detecting, at the client computer, a storage device used to access the host computer;
first accessing means for accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry name;
establishing means for establishing a connection to another computer based on the information obtained from the storage device;
retrieving means for retrieving a key ring from another computer using the information obtained from the storage device, wherein the retrieving means includes second accessing means for accessing the directory entry name to access a data structure in another computer to obtain the key ring; and
third accessing means for accessing the host computer using the key ring.
-
-
28. A client computer comprising:
-
detecting means for detecting, at the client computer, a storage device used to access the host computer;
first accessing means for accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry name;
establishing means for establishing a connection to another computer based on the information obtained from the storage device;
retrieving means for retrieving a key ring from another computer using the information obtained from the storage device and further comprising;
second accessing means for accessing the directory entry name to access a data structure in another computer to obtain the key ring;
second retrieving means for retrieving configuration information associated with the directory entry name; and
third accessing means for accessing the host computer using the key ring.
-
-
29. A computer program product in a computer readable medium for accessing a host computer, the computer program product comprising:
-
first instructions for receiving a data structure at a client computer, for use in accessing a host computer;
second instructions for identifying a location of a computer containing a key ring for a user using the data structure, wherein the data structure contains an identification of the location of the computer;
third instructions for retrieving the key ring for the user from the computer in communication with the computer system; and
fourth instructions for accessing the host computer using the key ring.
-
-
30. A method in a computer system for accessing a host computer comprising the computer system implemented steps of:
-
receiving a data structure at the computer system, for use in accessing a host computer;
identifying a location of a computer containing a key ring using the data structure, wherein the data structure contains an identification of the location of the computer containing the key ring;
retrieving the key ring for the user from the computer containing the key ring; and
accessing the host computer using the key ring.
-
-
31. A data processing system in a computer system for accessing a host computer, the data processing system comprising:
-
a bus system;
a communications unit connected to the bus system;
a memory connected to the bus system, wherein the memory includes as set of instructions; and
a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to receive a data structure at the computer system, for use in accessing a host computer;
identify a location of a computer containing a key ring using tee data structure in which the data structure contains an identification of the location of the computer, retrieve the key ring for the user from a server in communication with the computer system; and
access the host computer using the key ring.
-
-
32. A data processing system in a client computer for accessing a host computer from a client computer, the data processing system comprising:
-
a bus system;
a communications unit connected to the bus system;
a memory connected to the bus system, wherein the memory includes as set of instructions; and
a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to detect, at the client computer, a storage device used to access the host computer;
access the storage device to obtain information from the storage device;
establish a connection to another computer based on the information obtained from the storage device;
retrieve a key ring from another computer using the information obtained from the storage device; and
access the host computer using the key ring.
-
-
33. A data processing system for accessing a host computer from the data processing system, the data processing system comprising:
-
a bus system;
a communications unit connected to the bus system;
a memory connected to the bus system, wherein the memory includes as set of instructions; and
a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to detect, at the client computer, a storage device used to access the host computer;
access the storage device to obtain information from the storage device in which the information obtained from the storage device includes a directory entry name;
establish a connection to another computer based on the information obtained from the storage device; and
retrieve a key ring from the another computer using the information obtained from the storage device to access a data structure in another computer to obtain the key ring and access the host computer using the key ring.
-
-
34. A data processing system for accessing a host computer from the data processing system, the data processing system comprising:
-
a bus system;
a communications unit connected to the bus system;
a memory connected to the bus system, wherein the memory includes as set of instructions; and
a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to detect, at the client computer, a storage device used to access the host computer;
access the storage device to obtain information from the storage device in which the information obtained from the storage device includes a directory entry name;
establish a connection to another computer based on the information obtained from the storage device;
retrieve a key ring from the another computer using the information obtained from the storage device to access a data structure in the another computer to obtain the key Ting; and
retrieve configuration information associated with the directory entry name; and
access the host computer using the key ring.
-
-
35. A computer program product in a computer readable medium for accessing a host computer from a client computer, the computer program product comprising:
-
first instructions for detecting, at the client computer, a storage device used to ads the host computer;
second instructions for accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry name;
third instructions for establishing a connection to another computer based on the information obtained from the storage device;
fourth instructions for retrieving a key ring from another computer using the information obtained from the storage device to access a data structure in another computer to obtain the key ring; and
fifth instructions for accessing the host computer using the key ring.
-
-
36. A computer program product in a computer readable medium for accessing a host computer from a client computer, the computer program product comprising:
-
first instructions for detecting, at the client computer, a storage device used to access the host computer;
second instructions for accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry name;
third instructions for establishing a connection to another computer based on the information obtained from the storage device;
fourth instructions for retrieving a key ring from another computer using the information obtained from the storage device to access a data structure in another computer to obtain the key ring;
fifth instructions for retrieving configuration information associated with the directory entry name; and
sixth instructions for accessing the host computer using the key ring.
-
Specification