Method and apparatus for client authentication and application configuration via smart cards

US 6,438,550 B1
Filed: 12/10/1998
Issued: 08/20/2002
Est. Priority Date: 12/10/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method in a computer system for accessing a host computer comprising the computer system implemented steps of:

receiving a data structure at the computer system, for use in accessing a host computer;

identifying a location of a computer containing a key ring for a user using the data structure, wherein the data structure contains an identification of the location of the computer;

retrieving the key ring for the user from the computer in communication with the computer system; and

accessing the host computer using the key ring.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data processing system for accessing a host computer. A smart card is detected at the data processing system, which in turn queries the smart card for an indication of a location of user information. A secure channel is established with the location of user information. User information is retrieved associated with the smart card from the location. A connection is established to the host computer with the user information. Key to this invention is the ability to use this infrastructure for authentication when a smart card cannot be used at the data processing system.

Citations

36 Claims

1. A method in a computer system for accessing a host computer comprising the computer system implemented steps of:
- receiving a data structure at the computer system, for use in accessing a host computer;
  
  identifying a location of a computer containing a key ring for a user using the data structure, wherein the data structure contains an identification of the location of the computer;
  
  retrieving the key ring for the user from the computer in communication with the computer system; and
  
  accessing the host computer using the key ring.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the step of identifying a location of the computer includes:
3. The method of claim 1, wherein the step of retrieving the key ring includes:
- establishing a communications link to the computer;
  
  requesting the key ring using information from the data structure; and
  
  receiving the key ring from the computer.
4. The method of claim 1, wherein the location of the computer is identified by a directory entry name for the user located in the data structure.
5. The method of claim 1, wherein the host computer is located on a Systems Network Architecture network.
6. The method of claim 1, wherein the computer system is located on a Internet Protocol network and the host computer is located on a Systems Network Architecture network and wherein the step of accessing the host computer comprises accessing the host computer through a server acting as a gateway between the internet protocol network and the systems network architecture network.

7. A method in a data processing system for accessing a host computer comprising:
- detecting a smart card at the data processing system;
  
  querying the smart card for an indication of a location of user information;
  
  establishing a secure channel with the location of user information;
  
  retrieving user information associated with the smart card from the location; and
  
  establishing a connection to the host computer with the user information.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7, wherein the user information includes a certificate used to access the host computer and user configuration information.
  - 9. The method of claim 8, wherein the user configuration information includes an identification of the host computer.
  - 10. The method of claim 7, wherein the smart card includes an indication of the location of the user information.

11. A method in a client computer for accessing a host computer from a client computer, the method comprising the computer implemented steps of:
- detecting, at the client computer, a storage device used to access the host computer;
  
  accessing the storage device to obtain information from the storage device;
  
  establishing a connection to another computer based on the information obtained from the storage device;
  
  retrieving a key ring from another computer using the information obtained from the storage device; and
  
  accessing the host computer using the key ring.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein the step of accessing the storage device includes:
13. The method of claim 11, wherein the information obtained from the storage device includes a certificate and private key used and wherein the step of establishing a connection comprises establishing a secure connection using the certificate and private key.
14. The method of claim 11, wherein the step of accessing the host using the key ring comprises accessing the host using a certificate from the key ring.
15. The method of claim 11, wherein the key ring includes a list of certificates and private keys.
16. The method of claim 15, wherein the key ring further includes a list of signing authorities.
17. The method of claim 11, wherein the another computer is a Lightweight Directory Access Protocol server.

18. A method in a client computer for accessing a host computer from a client computer, the method comprising the computer implemented steps of:
- detecting, at the client computer, a storage device used to access the host computer;
  
  accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry;
  
  establishing a connection to another computer based on the information obtained from the storage device;
  
  retrieving a key ring from another computer using the information obtained from the storage device by accessing the directory using the directory entry name to access a data structure in another computer to obtain the key ring; and
  
  accessing the host computer using the key ring.

19. A method in a client computer for accessing a host computer from a client computer, the method comprising the computer implemented steps of:
- detecting, at the client computer, a storage device used to access the host computer;
  
  accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry name;
  
  establishing a connection to another computer based on the information obtained from the storage device;
  
  retrieving a key ring from another computer using the information obtained from the storage device by accessing the directory using the directory entry name to access a data structure in another computer to obtain the key ring;
  
  retrieving configuration information associated with the directory entry name; and
  
  accessing the host computer using the key ring.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the configuration information includes an identification of the host computer.

21. A computer system for accessing a host computer comprising:
- receiving means for receiving a data structure at a client computer, for use in accessing a host computer;
  
  identifying means for identifying a location of a computer containing a key for a user using the data structure, wherein the data structure contains an identification of the location of the computer, retrieving means for retrieving the key ring for the user from the computer in communication with the computer system; and
  
  accessing means for accessing the host computer using the key ring.
- View Dependent Claims (22, 23)
- - 22. The computer system of claim 21, wherein the identifying means includes:
23. The computer system of claim 21, wherein the retrieving means includes:
- establishing means for establishing a communications link to the computer;
  
  requesting means for requesting the key ring using information from the data structure; and
  
  receiving means for receiving the key ring from the computer.

24. A computer system for accessing a host computer comprising:
- detecting means for detecting a smart card at the a data processing system;
  
  querying means for querying the smart card for an indication of a location of user information;
  
  establishing means for establishing a secure channel with the location of user information;
  
  retrieving means for retrieving user information associated with the smart card from the location; and
  
  establishing means for establishing a connection to the host computer with the user information.

25. A client computer comprising:
- detecting means for detecting, at the client computer, a storage device used to access a host computer;
  
  first accessing means for accessing the storage device to obtain information from the storage device;
  
  establishing means for establishing a connection to another computer based on the information obtained from the storage device;
  
  retrieving means for retrieving a key ring from the another computer using the information obtained from the storage device; and
  
  second accessing means for accessing the host computer using the key ring.
- View Dependent Claims (26)
- - 26. The client computer of claim 25, wherein the first accessing means:

27. A client computer comprising:
- detecting means for detecting, at the client computer, a storage device used to access the host computer;
  
  first accessing means for accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry name;
  
  establishing means for establishing a connection to another computer based on the information obtained from the storage device;
  
  retrieving means for retrieving a key ring from another computer using the information obtained from the storage device, wherein the retrieving means includes second accessing means for accessing the directory entry name to access a data structure in another computer to obtain the key ring; and
  
  third accessing means for accessing the host computer using the key ring.

28. A client computer comprising:
- detecting means for detecting, at the client computer, a storage device used to access the host computer;
  
  first accessing means for accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry name;
  
  establishing means for establishing a connection to another computer based on the information obtained from the storage device;
  
  retrieving means for retrieving a key ring from another computer using the information obtained from the storage device and further comprising;
  
  second accessing means for accessing the directory entry name to access a data structure in another computer to obtain the key ring;
  
  second retrieving means for retrieving configuration information associated with the directory entry name; and
  
  third accessing means for accessing the host computer using the key ring.

29. A computer program product in a computer readable medium for accessing a host computer, the computer program product comprising:
- first instructions for receiving a data structure at a client computer, for use in accessing a host computer;
  
  second instructions for identifying a location of a computer containing a key ring for a user using the data structure, wherein the data structure contains an identification of the location of the computer;
  
  third instructions for retrieving the key ring for the user from the computer in communication with the computer system; and
  
  fourth instructions for accessing the host computer using the key ring.

30. A method in a computer system for accessing a host computer comprising the computer system implemented steps of:
- receiving a data structure at the computer system, for use in accessing a host computer;
  
  identifying a location of a computer containing a key ring using the data structure, wherein the data structure contains an identification of the location of the computer containing the key ring;
  
  retrieving the key ring for the user from the computer containing the key ring; and
  
  accessing the host computer using the key ring.

31. A data processing system in a computer system for accessing a host computer, the data processing system comprising:
- a bus system;
  
  a communications unit connected to the bus system;
  
  a memory connected to the bus system, wherein the memory includes as set of instructions; and
  
  a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to receive a data structure at the computer system, for use in accessing a host computer;
  
  identify a location of a computer containing a key ring using tee data structure in which the data structure contains an identification of the location of the computer, retrieve the key ring for the user from a server in communication with the computer system; and
  
  access the host computer using the key ring.

32. A data processing system in a client computer for accessing a host computer from a client computer, the data processing system comprising:
- a bus system;
  
  a communications unit connected to the bus system;
  
  a memory connected to the bus system, wherein the memory includes as set of instructions; and
  
  a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to detect, at the client computer, a storage device used to access the host computer;
  
  access the storage device to obtain information from the storage device;
  
  establish a connection to another computer based on the information obtained from the storage device;
  
  retrieve a key ring from another computer using the information obtained from the storage device; and
  
  access the host computer using the key ring.

33. A data processing system for accessing a host computer from the data processing system, the data processing system comprising:
- a bus system;
  
  a communications unit connected to the bus system;
  
  a memory connected to the bus system, wherein the memory includes as set of instructions; and
  
  a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to detect, at the client computer, a storage device used to access the host computer;
  
  access the storage device to obtain information from the storage device in which the information obtained from the storage device includes a directory entry name;
  
  establish a connection to another computer based on the information obtained from the storage device; and
  
  retrieve a key ring from the another computer using the information obtained from the storage device to access a data structure in another computer to obtain the key ring and access the host computer using the key ring.

34. A data processing system for accessing a host computer from the data processing system, the data processing system comprising:
- a bus system;
  
  a communications unit connected to the bus system;
  
  a memory connected to the bus system, wherein the memory includes as set of instructions; and
  
  a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to detect, at the client computer, a storage device used to access the host computer;
  
  access the storage device to obtain information from the storage device in which the information obtained from the storage device includes a directory entry name;
  
  establish a connection to another computer based on the information obtained from the storage device;
  
  retrieve a key ring from the another computer using the information obtained from the storage device to access a data structure in the another computer to obtain the key Ting; and
  
  retrieve configuration information associated with the directory entry name; and
  
  access the host computer using the key ring.

35. A computer program product in a computer readable medium for accessing a host computer from a client computer, the computer program product comprising:
- first instructions for detecting, at the client computer, a storage device used to ads the host computer;
  
  second instructions for accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry name;
  
  third instructions for establishing a connection to another computer based on the information obtained from the storage device;
  
  fourth instructions for retrieving a key ring from another computer using the information obtained from the storage device to access a data structure in another computer to obtain the key ring; and
  
  fifth instructions for accessing the host computer using the key ring.

36. A computer program product in a computer readable medium for accessing a host computer from a client computer, the computer program product comprising:
- first instructions for detecting, at the client computer, a storage device used to access the host computer;
  
  second instructions for accessing the storage device to obtain information from the storage device, wherein the information obtained from the storage device includes a directory entry name;
  
  third instructions for establishing a connection to another computer based on the information obtained from the storage device;
  
  fourth instructions for retrieving a key ring from another computer using the information obtained from the storage device to access a data structure in another computer to obtain the key ring;
  
  fifth instructions for retrieving configuration information associated with the directory entry name; and
  
  sixth instructions for accessing the host computer using the key ring.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
King, Julie Hayes, Hind, John Raithel, Doyle, Ronald Patrick
Primary Examiner(s)
Mizrahi, Diane D.
Assistant Examiner(s)
Veillard, Jacques

Application Number

US09/208,776
Time in Patent Office

1,349 Days
Field of Search

707/200, 707/9, 713/182, 713/200, 713/201, 713/202, 713/185, 380/30, 380/283, 380/284, 709/217, 709/219, 709/227
US Class Current

726/2
CPC Class Codes

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

H04L 63/107   wherein the security polici...

Y10S 707/959   Network

Y10S 707/99931   Database or file accessing

Y10S 707/99939   Privileged access

Y10S 707/99942   Manipulating data structure...

Method and apparatus for client authentication and application configuration via smart cards

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for client authentication and application configuration via smart cards

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links