System and method for concurrent security connections

US 7,299,288 B2
Filed: 11/15/2005
Issued: 11/20/2007
Est. Priority Date: 01/09/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of establishing concurrent network connections from a client computer, said method comprising:

receiving a resource request at the client computer, the resource request corresponding to a first resource in a first security domain from a plurality of security domains;

in response to the receiving, searching an association table accessible from the client computer, the association table containing a plurality of stored active credentials, wherein each stored active credential includes authorization data needed to access one of the plurality of security domains;

in response to the searching, determining if an applicable active credential is found in the association table, wherein the applicable active credential corresponds to the first security domain;

in response to determining that the applicable active credential is found in the association table;

retrieving the applicable active credential from the association table;

determining that the retrieved applicable active credential includes a dynamic data field;

in response to determining that the retrieved applicable active credential includes a dynamic data field, prompting a user for dynamic input based on a dynamic data description;

storing the dynamic input in the dynamic data field within the retrieved applicable active credential; and

accessing the requested resource by using the retrieved applicable active credential to connect to a first server, wherein the first server is selected from a plurality of servers and wherein the first server manages the first security domain; and

in response to determining that the applicable active credential is not found in the association table;

defining, by the client computer, a new active credential;

accepting authorization data corresponding to a network connection;

determining that the authorization data includes dynamic data;

in response to determining that the authorization data includes dynamic data, storing the new active credential, including the authorization data and the dynamic data description, in the association table; and

accessing the requested resource by using the new active credential to connect to the first server.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for concurrent security connections is presented. An association table is used that includes a list of active credentials. An active credential includes information such as user id and password information for a given domain. The active credential may also include dynamic data that is retrieved from a user, such as a pseudo-random code or a fingerprint scan. The active credential is sent to a domain, or the managing server of the domain, when domain access is requested. This access request does not involve the user of the client unless dynamic input data is requested.

23 Citations

View as Search Results

15 Claims

1. A method of establishing concurrent network connections from a client computer, said method comprising:
- receiving a resource request at the client computer, the resource request corresponding to a first resource in a first security domain from a plurality of security domains;
  
  in response to the receiving, searching an association table accessible from the client computer, the association table containing a plurality of stored active credentials, wherein each stored active credential includes authorization data needed to access one of the plurality of security domains;
  
  in response to the searching, determining if an applicable active credential is found in the association table, wherein the applicable active credential corresponds to the first security domain;
  
  in response to determining that the applicable active credential is found in the association table;
  
  retrieving the applicable active credential from the association table;
  
  determining that the retrieved applicable active credential includes a dynamic data field;
  
  in response to determining that the retrieved applicable active credential includes a dynamic data field, prompting a user for dynamic input based on a dynamic data description;
  
  storing the dynamic input in the dynamic data field within the retrieved applicable active credential; and
  
  accessing the requested resource by using the retrieved applicable active credential to connect to a first server, wherein the first server is selected from a plurality of servers and wherein the first server manages the first security domain; and
  
  in response to determining that the applicable active credential is not found in the association table;
  
  defining, by the client computer, a new active credential;
  
  accepting authorization data corresponding to a network connection;
  
  determining that the authorization data includes dynamic data;
  
  in response to determining that the authorization data includes dynamic data, storing the new active credential, including the authorization data and the dynamic data description, in the association table; and
  
  accessing the requested resource by using the new active credential to connect to the first server.
- View Dependent Claims (2, 3, 10, 11)
- - 2. The method as described in claim 1 wherein each active credential stored in the association table includes one or more definition fields.
  - 3. The method as described in claim 2 wherein the definition fields are selected from the group consisting of a domain name, a server name, a user id, and a password.
  - 10. The method as described in claim 1 further comprising:
    - in response to prompting the user for dynamic input, receiving, from the user, a pseudo-random authorization code.
  - 11. The method as described in claim 1 further comprising:
    - in response to prompting the user for dynamic input, receiving a fingerprint scan from the user.

4. An information handling system comprising:
- one or more processors;
  
  a memory accessible by the processors;
  
  one or more nonvolatile storage devices accessible by the processors;
  
  a concurrent network connection tool to execute network connections for a client computing device, the concurrent network connection tool being effective to;
  
  receive a resource request at the client computing device, the resource request corresponding to a first resource in a first security domain from a plurality of security domains;
  
  search an association table accessible from the client computing device, the association table containing a plurality of stored active credentials, wherein each stored active credential includes authorization data needed to access one of the plurality of security domains;
  
  determine if an applicable active credential is found in the association table, wherein the applicable active credential corresponds to the first security domain;
  
  retrieve the applicable active credential from the association table in response to determining that the applicable active credential is found in the association table;
  
  determine that the retrieved applicable active credential includes a dynamic data field;
  
  prompt a user for dynamic input based on a dynamic data description in response to determining that the retrieved applicable active credential includes a dynamic data field;
  
  store the dynamic input in the dynamic data field within the retrieved applicable active credential;
  
  access the requested resource by using the retrieved applicable active credential to connect to a first server, wherein the first server is selected from a plurality of servers and wherein the first server manages the first security domain;
  
  define a new active credential in response to determining that the applicable active credential is not found in the association table;
  
  accept authorization data corresponding to a network connection;
  
  determine that the authorization data includes dynamic data;
  
  store the new active credential, including the authorization data and the dynamic data description, in the association table; and
  
  access the requested resource by using the new active credential to connect to the first server in response to defining the new active credential.
- View Dependent Claims (5, 6, 12, 13)
- - 5. The information handling system as described in claim 4 wherein each active credential stored in the association table includes one or more definition fields.
  - 6. The information handling system as described in claim 5 wherein the definition fields are selected from the group consisting of a domain name, a server name, a user id, and a password.
  - 12. The information handling system as described in claim 4 wherein the concurrent network connection tool is further effective to:
    - receive, from the user, a pseudo-random authorization code in response to prompting the user for dynamic input.
  - 13. The information handling system as described in claim 4 wherein the concurrent network connection tool is further effective to:
    - receive a fingerprint scan from the user in response to prompting the user for dynamic input.

7. A computer program product stored in a computer operable media for executing concurrent network connections, said computer program product containing instructions for execution by a client computer, which, when executed by the client computer, cause the client computer to implement a method comprising:
- receiving a resource request, the resource request corresponding to a first resource in a first security domain from a plurality of security domains;
  
  in response to the receiving, searching an association table accessible from the client computer, the association table containing a plurality of stored active credentials, wherein each stored active credential includes authorization data needed to access one of the plurality of security domains;
  
  in response to the searching, determining if an applicable active credential is found in the association table, wherein the applicable active credential corresponds to the first security domain;
  
  in response to determining that the applicable active credential is found in the association table;
  
  retrieving the applicable active credential from the association table;
  
  determining that the retrieved applicable active credential includes a dynamic data field;
  
  in resrponse to determining that the retrieved applicable active credential includes a dynamic data field, prompting a user for dynamic input based on a dynamic data description;
  
  storing the dynamic input in the dynamic data field within the retrieved applicable active credential; and
  
  accessing the requested resource by using the retrieved applicable active credential to connect to a first server, wherein the first server is selected from a plurality of servers and wherein the first server manages the first security domain; and
  
  in response to determining that the applicable active credential is not found in the association table;
  
  defining, by the client computer, a new active credential;
  
  accepting authorization data corresponding to a network connection;
  
  determining that the authorization data includes dynamic data;
  
  in response to determining that the authorization data includes dynamic data, storing the new active credential, including the authorization data and the dynamic data description, in the association table; and
  
  accessing the requested resource by using the new active credential to connect to the first server.
- View Dependent Claims (8, 9, 14, 15)
- - 8. The computer program product as described in claim 7 wherein each active credential stored in the association table includes one or more definition fields.
  - 9. The computer program product as described in claim 8 wherein the definition fields are selected from the group consisting of a domain name, a server name, a user id, and a password.
  - 14. The computer program product as described in claim 7 wherein the method further comprises:
    - in response to prompting the user for dynamic input, receiving, from the user, a pseudo-random authorization code.
  - 15. The computer program product as described in claim 7 wherein the method further comprises:
    - in response to prompting the user for dynamic input, receiving a fingerprint scan from the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chang, David Yu, Ho, Derek Wan Hok
Primary Examiner(s)
VU, VIET DUY

Application Number

US11/274,229
Publication Number

US 20060080445A1
Time in Patent Office

735 Days
Field of Search

709/217, 709/219, 709/223, 709/225, 709/227, 709/229, 709/250
US Class Current

709/229
CPC Class Codes

G06F 21/31 User authentication

System and method for concurrent security connections

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for concurrent security connections

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links