System and method for distributed authentication service

US 7,260,836 B2
Filed: 02/26/2002
Issued: 08/21/2007
Est. Priority Date: 02/26/2002
Status: Active Grant

First Claim

Patent Images

1. In a distributed network which is registered with a unique domain name, said network comprising a number of clients and a number of authentication servers, said clients and said authentication servers being communicatively coupled to each other via a global telecommunication network, each of said authentication servers having a fully qualified domain name which is a local host name with said unique domain name appended, a distributed authentication system, wherein a given user enters a global user identification (GUID) and a password for authentication to be carried out at a target authentication server, said GUID comprising a user name, a delimitation symbol, and a domain portion which is same as the local host name of said target authentication server, said distributed authentication system comprising:

a client for parsing an entered GUID and extracting said domain portion therefrom;

means for appending said unique domain to said domain portion to form a fully qualified domain name (formed FQDN);

means for translating said FQDN to an Internet Protocol (IP) address representing said target authentication server;

means for sending said user name and password to said target authentication server for authentication;

means for carrying out said authentication at the target authentication server and generating an authentication token that is recognizable by all authentication servers registered in said distributed network;

responsive to said generating said authentication token,means for caching said authentication token on a participant authentication server; and

means for distributing said authentication token to any participant authentication server registered in said distributed network.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for distributed authentication service is disclosed, which prevents any single participant from monitoring the logon rates of other participants is disclosed. In particular, there is no single central list that is consulted to identify where the authentication should be performed. Rather, the systems keys on the domain portion of the global user ID. The client portion parses the entered ID and re-directs the submission to the appropriate authentication service. Rather than consulting a global look-up table, the domain name is pre-pended to a central host domain and DNS is consulted to find the location of the underlying authentication servers. The DNS look-up is distributed and cached and, as a result, the look-up cannot be centrally monitored.

55 Citations

View as Search Results

15 Claims

1. In a distributed network which is registered with a unique domain name, said network comprising a number of clients and a number of authentication servers, said clients and said authentication servers being communicatively coupled to each other via a global telecommunication network, each of said authentication servers having a fully qualified domain name which is a local host name with said unique domain name appended, a distributed authentication system, wherein a given user enters a global user identification (GUID) and a password for authentication to be carried out at a target authentication server, said GUID comprising a user name, a delimitation symbol, and a domain portion which is same as the local host name of said target authentication server, said distributed authentication system comprising:
- a client for parsing an entered GUID and extracting said domain portion therefrom;
  
  means for appending said unique domain to said domain portion to form a fully qualified domain name (formed FQDN);
  
  means for translating said FQDN to an Internet Protocol (IP) address representing said target authentication server;
  
  means for sending said user name and password to said target authentication server for authentication;
  
  means for carrying out said authentication at the target authentication server and generating an authentication token that is recognizable by all authentication servers registered in said distributed network;
  
  responsive to said generating said authentication token,means for caching said authentication token on a participant authentication server; and
  
  means for distributing said authentication token to any participant authentication server registered in said distributed network.
- View Dependent Claims (2, 3, 4)
- - 2. The distributed authentication system of claim 1, further comprising:
    - means for automatically mapping any unrecognized FQDN into a default server which carries out authentication on the user'"'"'s authentication request.
  - 3. The distributed authentication system of claim 1, wherein said means for translating consults a domain name system (DNS) to obtain an Internet Protocol (IP) address representing said target authentication server.
  - 4. The distributed authentication system of claim 1, wherein said means for translating consults a local mapping list to obtain an Internet Protocol (IP) address representing said target authentication server.

5. A method for providing distributed authentication service, wherein a given user enters a global user identification (GUID) and a password for authentication to be carried out at a target authentication server, said GUID comprising a user name, a delimitation symbol, and a domain portion which is same as the local host name of said target authentication server, said method comprising the computer-implemented steps of:
- entering the user'"'"'s GUID and password;
  
  parsing said entered GUID and extracting said domain portion from said GUID by a client;
  
  appending a unique domain name to said domain portion to form a fully qualified domain name (FQDN);
  
  looking up said FQDN in a domain name system (DNS) to obtain an address representing said target authentication server;
  
  sending said user name and password to said target authentication server for authentication;
  
  carrying out said authentication at the target authentication server and generating an authentication token that is recognizable by all authentication servers registered in a associated distributed network; and
  
  responsive to said generating said authentication result,caching said authentication result on a participant authentication server; and
  
  distributing said authentication token to any authentication server registered in said distributed network.
- View Dependent Claims (6)
- - 6. The method of claim 5, further comprising the steps of:
    - if said step of looking up fails, automatically mapping an unrecognized FQDN into a default server which performs authentication on the user'"'"'s authentication request.

7. In a distributed network which is registered with a unique domain name, said network comprising a number of clients and a number of authentication servers, said clients and said authentication servers being communicatively coupled to each other via a global telecommunications network, each of said authentication servers having a fully qualified domain name which is a local host name with said unique domain name appended, a method for providing distributed authentication service, wherein a given user enters a global user identification (GUID) and a password for authentication to be carried out at a target authentication sever, said GUID comprising a user name, a delimitation symbol and a domain portion which is same as the local host name of said target authentication server, said method comprising the steps of:
- entering the user'"'"'s GUID and password;
  
  parsing entered GUID and extracting said domain portion from said GUID by a client;
  
  appending said unique domain name to said domain portion to form a fully qualified domain name (FQDN);
  
  checking a local list of registered fully qualified domain names (FQDN) to obtain an Internet Protocol (IP) address for said target authentication server, wherein each FQDN in said local list is mapped to a unique P address;
  
  sending said user name and password to said target authentication server for authentication;
  
  carrying out said authentication at the target authentication server and generating an authentication token that is recognizable by all authentication servers registered in said distributed network; and
  
  responsive to said generating said authentication result,caching said authentication token on a participant authentication server; and
  
  distributing said authentication toke to any participant authentication server registered in said distributed network.
- View Dependent Claims (8)
- - 8. The method of claim 7, further comprising the step of:
    - if said step of checking fails, automatically mapping an unrecognized FQDN into a default server which performs authentication on the user'"'"'s authentication request.

9. In a distributed network which is registered with a unique domain name, said network comprising a number of clients and a number of authentication servers, said clients and said authentication servers being communicatively coupled to each other via a global telecommunications network, each of said authentication servers having a fully qualified domain name which is a local host name with said unique domain name appended, a method for providing distributed authentication service, wherein a given user enters a global user identification (GUID) and a password for authentication to be carried out at a target authentication server, said GUID comprising a user name, a delimitation symbol and a domain portion which is same as the local host name of said target authentication server, said method comprising the computer-implemented steps of:
- entering the user'"'"'s GUID and password;
  
  parsing said GUID and extracting said domain portion by a client;
  
  appending said unique domain name to said domain portion to form a fully qualified domain name (FQDN) in said unique domain;
  
  checking a local list of registered fully qualified domain names (RFQDN) to obtain an Internet Protocol (IP) address for said target authentication server, wherein each RFQDN in said local list is mapped to a unique IP address;
  
  if said step of checking fails, looking up a domain name system (DNS) to obtain an Internet Protocol (IP) address representing said FQDN;
  
  sending said user name and password to said target authentication server for authentication;
  
  carrying out said authentication at the target authentication server and generating an authentication token that is recognizable by all authentication servers registered in said distributed network; and
  
  responsive to said generating said authentication result,caching said authentication token on a participant authentication server; and
  
  distributing said authentication result to any participant authentication server registered in said distributed network.
- View Dependent Claims (10)
- - 10. The method of claim 9, further comprising the step of:
    - if said step of looking up fails, automatically mapping an unrecognized FQDN into a default server which performs authentication on the user'"'"'s authentication request.

11. A method for providing distributed authentication service, wherein a given user enters a global user identification (GUID) and a password for authentication to be carried out at a target authentication server, said GUID comprising a user name, a delimitation symbol and said target authentication server'"'"'s domain name, said method comprising the steps of:
- entering the user'"'"'s GUID and password;
  
  parsing said entered GUID and extracting said target authentication server'"'"'s domain name by said client;
  
  pre-pending said common local host name to said target authentication server'"'"'s domain name to form a fully qualified domain name (FQDN);
  
  checking a local list of registered fully qualified domain names (RFQDN) to obtain an address for said target authentication server, wherein each RFQDN in said local is mapped to a unique address;
  
  sending said user name and password to said target authentication server for authentication;
  
  carrying out said authentication at the target authentication server and generating an authentication result that is recognizable by all authentication servers registered in a associated distributed network; and
  
  responsive to said generating said authentication result,caching said authentication token on a participant authentication server; and
  
  distributing said authentication result to any authentication server registered in said distributed network.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, further comprising the step of:
    - if said step of checking fails, looking up said FQDN in a domain name system (DNS) to obtain an address representing said target authentication server.
  - 13. The method of claim 12, further comprising the steps of:
    - if said step of looking up fails, automatically mapping an unrecognized FQDN into a default server which performs authentication on the users authentication request.

14. In a distributed network comprising a number of clients and a number of authentication servers, said clients and said authentication servers being communicatively coupled to each other via a global telecommunications network, each of said authentication servers having a fully qualified domain name which is a local host name with its domain name appended, a method for providing distributed authentication service, wherein a given user enters a global user identification (GUID) and a password for authentication to be carried out at a target authentication server, said GUID comprising a user name, a delimitation symbol and said target authentication server'"'"'s domain name, said method comprising the steps of:
- entering the user'"'"'s GUID and password;
  
  parsing said entered GUID and extracting said target authentication server'"'"'s domain name by a client;
  
  checking a local list of domain names to obtain an Internet Protocol (IP) address for said target authentication server, wherein each domain name in said list is mapped to a registered authentication servers IP address;
  
  sending said user name and password to said target authentication server for authentication;
  
  carrying out said authentication at the target authentication server and generating an authentication result that is recognizable by all authentication servers registered in said associated distributed network; and
  
  responsive to said generating said authentication result,caching said authentication token on a participant authentication server; and
  
  distributing said authentication result to any participant authentication server registered in said distributed network.
- View Dependent Claims (15)
- - 15. The method of claim 14, further comprising the step of:
    - if said step of checking fails, automatically mapping an unrecognized domain name into a default server which performs authentication on the user'"'"'s authentication request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
AOL LLC (Apollo Global Management, Inc.)
Inventors
Roskind, Jim, Toomey, Chris
Primary Examiner(s)
ZIA, SYED

Application Number

US10/086,104
Publication Number

US 20030163730A1
Time in Patent Office

2,002 Days
Field of Search

713/201, 726 1- 21, 726 26- 30
US Class Current

726/4
CPC Class Codes

H04L 61/4511 using domain name system [DNS]

H04L 63/083 using passwords cryptograph...

System and method for distributed authentication service

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for distributed authentication service

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links