Security server token caching
First Claim
Patent Images
1. A method for authorizing a plurality of sessions between a client and a first server over a communications network based on one set of user identification information, comprising the computer-implemented steps of:
- receiving a first request to establish a first session between the client and the first server, wherein the request includes user identification information;
determining, based on the user identification information, whether the first session between the client and the first server should be established, and if so, authorizing the first session to be established between the client and the first server and storing the user identification information in a cache; and
authorizing a second session between the client and the first server, in response to receiving a second request, based on the user identification information from the first request that is stored in the cache.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism for establishing a plurality of sessions between a client and a first server based on a single input of user authenticating information is disclosed. A request to establish a connection between the client and the first server is received. The request includes identification information for authenticating a requesting user. Based on the identification information, a determination is made as to whether the connection between the client and the first server should be established. If it is determined that the connection between the client and the first server should be established, the identification information is cached in memory and the connection between the client and the first server is allowed to be established. Subsequent connection requests from the same client are authenticated, and further connections can be established, based on the cached identification information, without further input from the client or user.
-
Citations
27 Claims
-
1. A method for authorizing a plurality of sessions between a client and a first server over a communications network based on one set of user identification information, comprising the computer-implemented steps of:
-
receiving a first request to establish a first session between the client and the first server, wherein the request includes user identification information;
determining, based on the user identification information, whether the first session between the client and the first server should be established, and if so, authorizing the first session to be established between the client and the first server and storing the user identification information in a cache; and
authorizing a second session between the client and the first server, in response to receiving a second request, based on the user identification information from the first request that is stored in the cache. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
creating and storing a cached time value for the username and the OTP that indicates how long the username and the OTP have been stored in the cache; and
comparing the cached time value with an expiration time-out value to determine whether the username and OTP are still valid.
-
-
6. A method as recited in claim 4, wherein the step of determining whether the username and the OTP are still valid comprises determining whether an active session currently exists between the client and the first server at the time of the second request.
-
7. A method as recited in claim 1, wherein the user identification information includes a username and a one-time password (OTP), and wherein authorizing the second session further comprises the steps of:
-
generating instructions to a second server for determining whether the username and OTP are currently in a second cache of the second server; and
generating a request to a password server to authenticate the OTP; and
generating instructions to the second server for caching the username and the OTP in memory at the second server.
-
-
8. A method as recited in claim 1, wherein authorizing a second session comprises:
receiving from the first server a second request that includes the user identification information that contains a username and a second one-time password (OTP);
determining whether the username and the second OTP correspond to user identification information stored in the cache, and if so, authorizing the second session between the client and the first server.
-
9. A method as recited in claim 1, wherein receiving a first request to establish a first session between the client and the first server comprises receiving a first request in a Challenge Handshake Authentication Protocol, and before establishing the first session between the client and the first server, validating the client using the Challenge Handshake Authentication Protocol.
-
10. A method as recited in claim 1, wherein receiving a first request to establish a first session between the client and the first server comprises receiving the first request in a Password Authentication Protocol, and before establishing the first session between the client and the first server, validating the client using the Password Authentication Protocol.
-
11. A method as recited in claim 1, wherein receiving a second request to establish a second session between the client and the first server comprises receiving the second request in a Challenge Handshake Authentication Protocol, and before establishing the second session between the client and the first server, validating the client using the Challenge Handshake Authentication Protocol.
-
12. A method as recited in claim 1, wherein receiving a second request to establish a second session between the client and the first server comprises receiving the second request based a Password Authentication Protocol, and before establishing the second session between the client and the first server, validating the client using the Password Authentication Protocol.
-
13. A method as recited in claim 1, wherein receiving a first request that includes user identification information for authenticating a requesting user includes receiving a one-time password that is generated by a Token card.
-
14. A method as recited in claim 13, wherein receiving a second request that includes user identification information for authenticating a requesting user includes receiving the same one-time password as received in the first request.
-
15. A method as recited in claim 1, wherein the step of establishing the first session comprises the step of establishing a first Point-to-Point (PPP) session between the client and the first server.
-
16. A method as recited in claim 1, wherein the step of establishing the first session comprises the step of establishing a first Serial Line Internet Protocol (SLIP) session between the client and the first server.
-
17. A method as recited in claim 1, wherein the step of establishing the second session comprises the step of establishing a second Point-to-Point (PPP) session between the client and the first server.
-
18. A method as recited in claim 1, wherein the step of establishing the second-session comprises the step of establishing a second Serial Line Internet Protocol (SLIP) session between the client and the first server.
-
19. A method as recited in claim 1, wherein the first request includes a first username and a first one-time password (OTP) and the second request includes a second username and a second one-time password (OTP);
-
wherein storing the user identification information includes the step of storing the first username and the first OTP in a cache; and
wherein authorizing the second session comprises determining that the second OTP corresponds to the first OTP that is in the cache.
-
-
20. A method of establishing multiple sessions between a client and a first server over a communications network, comprising the steps of:
-
receiving a first request to establish a first session between the client and the first server, wherein the first request includes a first one-time password (OTP);
performing a first user authentication by determining whether to authorize the first session based on the first OTP;
if the first session is determined to be authorized, then carrying out the steps of sending a message authorizing the first session between the client and the first server and sending a message that causes a second server to cache the first OTP at the second server;
receiving a second request to establish a second session between the client and the first server, wherein the second request includes a second OTP;
performing a second user authentication by determining whether the second OTP matches the first OTP that is in the cache; and
authorizing the second session between the client and the first server based on whether the second OTP matches the first OTP.
-
-
21. A computer-readable medium carrying one or more sequences of instructions for establishing a plurality of sessions between a client and a first server over a communication network based on one set of user identification information, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
receiving a first request to establish a first session between the client and the first server, wherein the request includes user identification information;
determining, based on the user identification information, whether the first session between the client and the first server should be established, and if so, authorizing the first session to be established between the client and the first server and storing the user identification information in a cache; and
authorizing a second session between the client and the first server, in response to receiving a second request, based on the user identification information from the first request that is stored in the cache.
-
-
22. A computer data signal embodied in a carrier wave, the computer data signal carrying one or more sequences of instructions for establishing a plurality of sessions between a client and a first server over a communication network based on one set of user identification information, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
receiving a first request to establish a first session between the client and the first server, wherein the request includes user identification information;
determining, based on the user identification information, whether the first session between the client and the first server should be established, and if so, authorizing the first session to be established between the client and the first server and storing the user identification information in a cache; and
authorizing a second session between the client and the first server, in response to receiving a second request, based on the user identification information from the first request that is stored in the cache.
-
-
23. A computer apparatus comprising:
-
a processor; and
a memory coupled to the processor, the memory containing one or more sequences of instructions for establishing sessions between a client and a first server, wherein execution of the one or more sequences of instructions by the processor causes the processor to perform the steps of;
receiving a first request to establish a first session between the client and the first server, wherein the request includes user identification information;
determining, based on the user identification information, whether the first session between the client and the first server should be established, and if so, authorizing the first session to be established between the client and the first server and storing the user identification information in a cache; and
authorizing a second session between the client and the first server, in response to receiving a second request, based on the user identification information from the first request that is stored in the cache.
-
-
24. A system for authorizing a plurality of sessions between a client and a first server over a communications network based on one set of user identification information, the system comprising:
-
means for receiving a first request to establish a first session between the client and the first server, wherein the request includes user identification information;
means for determining, based on the user identification information, whether the first session between the client and the first server should be established;
means for authorizing the first session to be established between the client and the first server if it is determined that the first session should be established; and
means for storing the user identification information in a cache if it is determined that the first session should be established; and
means for authorizing a second session between the client and the first server, in response to receiving a second request, based on the user identification information from the first request that is stored in the cache.
-
-
25. A system for establishing multiple sessions between a client and a first server over a communications network, the system comprising:
-
means for receiving a first request to establish a first session between the client and the first server, wherein the first request includes a first one-time password (OTP);
means for performing a first user authentication by determining whether to authorize the first session based on the first OTP;
means for sending a message authorizing the first session between the client and the first server if the first session is determined to be authorized;
means for sending a message that causes a second server to cache the first OTP at the second server if the first session is determined to be authorized;
means for receiving a second request to establish a second session between the client and the first server, wherein the second request includes a second OTP;
means for performing a second user authentication by determining whether the second OTP matches the first OTP that is in the cache; and
means for authorizing the second session between the client and the first server based on whether the second OTP matches the first OTP.
-
-
26. A computer-readable medium carrying one or more sequences of instructions for establishing multiple sessions between a client and a first server over a communications network, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
-
receiving a first request to establish a first session between the client and the first server, wherein the first request includes a first one-time password (OTP);
performing a first user authentication by determining whether to authorize the first session based on the first OTP;
if the first session is determined to be authorized, then carrying out the steps of sending a message authorizing the first session between the client and the first server and sending a message that causes a second server to cache the first OTP at the second server;
receiving a second request to establish a second session between the client and the first server, wherein the second request includes a second OTP;
performing a second user authentication by determining whether the second OTP matches the first OTP that is in the cache; and
authorizing the second session between the client and the first server based on whether the second OTP matches the first OTP.
-
-
27. A computer apparatus comprising:
-
a processor; and
a memory coupled to the processor, the memory containing one or more sequences of instructions for establishing multiple sessions between a client and a first server over a communications network, wherein execution of the one or more sequences of instructions by the processor causes the processor to perform the steps of;
receiving a first request to establish a first session between the client and the first server, wherein the first request includes a first one-time password (OTP);
performing a first user authentication by determining whether to authorize the first session based on the first OTP;
if the first session is determined to be authorized, then carrying out the steps of sending a message authorizing the first session between the client and the first server and sending a message that causes a second server to cache the first OTP at the second server;
receiving a second request to establish a second session between the client and the first server, wherein the second request includes a second OTP;
performing a second user authentication by determining whether the second OTP matches the first OTP that is in the cache; and
authorizing the second session between the client and the first server based on whether the second OTP matches the first OTP.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
InventorsChang, Benjamin Ma, Guenther, David J.
-
Primary Examiner(s)Peeso, Thomas R.
-
Application NumberUS09/379,754Time in Patent Office1,680 DaysField of Search713/201, 713/160, 713/168, 713/170, 713/172, 713/178, 713/182, 713/185US Class Current726/8CPC Class CodesG06F 21/34 involving the use of extern...G06F 21/6218 to a system of files or obj...G06F 2221/2137 Time limited access, e.g. t...G06F 2221/2141 Access rights, e.g. capabil...H04L 63/02 for separating internal fro...H04L 63/083 using passwords cryptograph...
