×

Technique for handling subsequent user identification and password requests with identity change within a certificate-based host session

  • US 6,976,164 B1
  • Filed: 07/19/2000
  • Issued: 12/13/2005
  • Est. Priority Date: 07/19/2000
  • Status: Expired due to Fees
First Claim
Patent Images

1. A computer program product for enabling an identity change during a certificate-based host access session, said computer program product embodied on a computer-readable medium and comprising:

  • computer-readable program code means for processing a first sign-on during a secure session using a digital certificate, further comprising;

    computer-readable program code means for establishing said secure session from a client machine to a server machine using said digital certificate, wherein said digital certificate represents an identity of said client machine or a user thereof;

    computer-readable program code means for storing said digital certificate or a reference thereto at said server machine;

    computer-readable program code means for establishing a session from said server machine to a host system using a legacy host communication protocol, responsive to receiving, at said server machine, a first sign-on request from said client machine, wherein said first sign-on request identifies a first secure legacy host application to which said first sign-on is requested;

    computer-readable program code means for passing said stored digital certificate or said reference from said server machine to a host access security system;

    computer-readable program code means, operable in said host access security system, for authenticating said identity using said passed digital certificate or a retrieved certificate which is retrieved using said reference;

    computer-readable program code means, operable in said host access security system, for using said passed or retrieved digital certificate to locate access credentials for said user;

    computer-readable program code means, operable in said host access security system, for accessing a stored password or generating a password substitute representing said located credentials;

    computer-readable program code means, operable in said host access security system, for returning said stored password or generated password substitute to said server machine, along with a first user identifier corresponding to said located credentials;

    computer-readable program code means for requesting by said first secure legacy host application, responsive to said computer-readable program code means for establishing said session, first sign-on information for said user; and

    computer-readable program code means for responding to said request for first sign-on information by sending a first sign-on message with placeholder syntax from said client machine to said server machine, said placeholder syntax representing a user identification and a password of said user, wherein said user identification and said password are expected in said first sign-on message by said first secure legacy host application; and

    computer-readable program code means, operable in said server machine, for using said returned password or password substitute and said returned first user identifier to transparently complete said first sign-on, on behalf of said user of said client machine, to said first secure legacy host application executing at said host system by substituting said returned first user identifier and said returned password or password substitute for said placeholder syntax in said first sign-on message, thereby creating a revised first sign-on message, and forwarding said revised first sign-on message from said server machine to said first secure legacy host application; and

    computer-readable program code means for processing a second sign-on during said secure session, without requiring establishment of a new secure session between said client machine and said server machine, using a second digital certificate that represents a second identity, further comprising;

    computer-readable program code means for receiving a second sign-on request, at said server machine from said client machine, wherein;

    (1) said second sign-on request identifies a second secure legacy host application to which said second sign-on is requested;

    (2) said second sign-on request includes said second digital certificate, or a second certificate reference that references said second digital certificate, for said second identity;

    (3) said second secure legacy host application may be identical to said first secure legacy host application; and

    (4) said second identity is for a second user, wherein said second user may be identical to said user;

    computer-readable program code means for passing said second digital certificate or said second certificate reference from said server machine to said host access security system;

    computer-readable program code means, operable in said host access security system, for authenticating said second identity using said passed second digital certificate or a second retrieved certificate which is retrieved using said second certificate reference;

    computer-readable program code means, operable in said host access security system, for using said passed second digital certificate or said second retrieved certificate to locate second access credentials for said second user;

    computer-readable program code means, operable in said host access security system, for accessing a second stored password or generating a second password substitute representing said second located credentials;

    computer-readable program code means, operable in said host access security system, for returning said second stored password or second generated password substitute to said server machine, along with a second user identifier corresponding to said second located credentials; and

    computer-readable program code means, operable in said server machine, for using said returned second password or second password substitute and said returned second user identifier to transparently complete said second sign-on, on behalf of said second user of said client machine, to said second secure legacy host application executing at said host system.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×