Isolating multiple authentication channels, each using multiple authentication models

US 7,321,972 B2
Filed: 03/23/2004
Issued: 01/22/2008
Est. Priority Date: 02/01/2002
Status: Expired due to Term

First Claim

Patent Images

1. An application server embodied in a computer, comprising:

a user list, including a user name and a cleartext password associated with the user name;

an authenticator to authenticate the cleartext password using an authentication server;

a hasher to hash the cleartext password to produce a hashed password;

a comparator to compare the hashed password with a received hashed password; and

a client services provider to receive the received hashed password from a workstation and to transmit a result from the comparator to the workstation.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer receives a user authentication request from a client. The computer accesses a password associated with the user name, stored locally on the computer, and attempts to authenticate the password using an authentication server. If the password authentication succeeds, the computer hashes the password and compares the hashes. If the hashes match, the user authentication succeeds.

Citations

31 Claims

1. An application server embodied in a computer, comprising:
- a user list, including a user name and a cleartext password associated with the user name;
  
  an authenticator to authenticate the cleartext password using an authentication server;
  
  a hasher to hash the cleartext password to produce a hashed password;
  
  a comparator to compare the hashed password with a received hashed password; and
  
  a client services provider to receive the received hashed password from a workstation and to transmit a result from the comparator to the workstation.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. An application server according to claim 1, wherein the hasher includes a hashing algorithm associated with the workstation.
  - 3. An application server according to claim 2, wherein the hasher includes a second hashing algorithm associated with a second workstation.
  - 4. An application server according to claim 2, wherein hasher includes a second hashing algorithm associated with the workstation.
  - 5. An application server according to claim 1, wherein the client services provider is operative to receive the cleartext password from the workstation.
  - 6. An application server according to claim 1, wherein:
    - the client services provider is operative to receive a new cleartext password from the workstation; and
      
      the application server further comprises a replacer to replace the cleartext password with the new cleartext password.

7. A system, comprising:
- a network;
  
  a workstation coupled to the network, the workstation including;
  
  a first user name and a first cleartext password; and
  
  a first hasher to hash the first cleartext password to produce a first hashed password;
  
  an authentication server coupled to the network, the authentication server including a second user name and a second cleartext password associated with the second user name; and
  
  an application server coupled to the network, the application server including;
  
  a user list including a third user name and a third cleartext password associated with the third user name;
  
  an authenticator to authenticate the third cleartext password to the second cleartext password using the authentication server;
  
  a second hasher to hash the third cleartext password to produce a second hashed password;
  
  a comparator to compare the first hashed password with the second hashed password; and
  
  a client services provider to receive the received hashed password from a workstation and to transmit a result from the comparator to the workstation.
- View Dependent Claims (8, 9, 10, 11)
- - 8. A system according to claim 7, wherein:
    - the first hasher includes a first hashing algorithm; and
      
      the second hasher includes the first hashing algorithm, the first hashing algorithm associated with the workstation.
  - 9. A system according to claim 8, wherein the second hasher includes a second hashing algorithm associated with a second workstation.
  - 10. A system according to claim 7, wherein:
    - the receiver is operative to receive a new cleartext password from the workstation; and
      
      the application server further comprises a replacer to replace the cleartext password with the new cleartext password.
  - 11. A system according to claim 10, wherein the transmitter is operative to forward the new cleartext password to the authentication server.

12. A method for authenticating a user on an application server, comprising:
- receiving a user name and a hashed password from a first workstation;
  
  determining a cleartext password associated with the user name;
  
  authenticating the cleartext password to a second password using an authentication server;
  
  determining a hashing algorithm used by the first workstation;
  
  hashing the cleartext password using the hashing algorithm to produce a computed hashed password;
  
  comparing the received hashed password with the computed hashed password; and
  
  if the received hashed password matches the computed hashed password, authenticating the user.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 13. A method according to claim 12, further comprising, if the received hashed password does not match the computed hashed password, failing to authenticating the user.
  - 14. A method according to claim 12, further comprising selecting the authentication server from a plurality of authentication servers.
  - 15. A method according to claim 12, wherein authenticating the cleartext password to a second password includes binding the cleartext password to the second password on the authentication server using a Lightweight Directory Access Protocol (LDAP).
  - 16. A method according to claim 12, wherein determining a hashing algorithm used includes selecting the hashing algorithm from a plurality of hashing algorithms.
  - 17. A method according to claim 16, further comprising adding a new hashing algorithm to the plurality of hashing algorithms.
  - 18. A method according to claim 17, wherein adding a new hashing algorithm includes associating the hashing algorithm with at least one of a set of workstations, the set of workstations including the first workstation.
  - 19. A method according to claim 12, wherein determining a cleartext password includes:
    - determining that the cleartext password does not exist on the application server;
      
      requesting from the user the cleartext password; and
      
      receiving from the user the cleartext password.
  - 20. A method according to claim 12, further comprising:
    - receiving a request from the workstation to change the cleartext password to a new cleartext password; and
      
      replacing the cleartext password with the new cleartext password.
  - 21. A method according to claim 20, further comprising forwarding the new cleartext password to the authentication server.

22. An article comprising a machine-accessible medium having associated data, wherein the data, when accessed, results in a machine performing:
- receiving a user name and a hashed password from a first workstation;
  
  determining a cleartext password associated with the user name;
  
  authenticating the cleartext password to a second password using an authentication server;
  
  determining a hashing algorithm used by the first workstation;
  
  hashing the cleartext password using the hashing algorithm to produce a computed hashed password;
  
  comparing the received hashed password with the computed hashed password; and
  
  if the received hashed password matches the computed hashed password, authenticating the user.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 23. An article according to claim 22, the machine-accessible data further including associated data that, when accessed, results in, if the received hashed password does not match the computed hashed password, failing to authenticating the user.
  - 24. An article according to claim 22, the machine-accessible data further including associated data that, when accessed, results in selecting the authentication server from a plurality of authentication servers.
  - 25. An article according to claim 22, wherein authenticating the cleartext password to a second password includes binding the cleartext password to the second password on the authentication server using a Lightweight Directory Access Protocol (LDAP).
  - 26. An article according to claim 22, wherein determining a hashing algorithm used includes selecting the hashing algorithm from a plurality of hashing algorithms.
  - 27. An article according to claim 26, the machine-accessible data further including associated data that, when accessed, results in adding a new hashing algorithm to the plurality of hashing algorithms.
  - 28. An article according to claim 27, wherein adding a new hashing algorithm includes associating the hashing algorithm with at least one of a set of workstations, the set of workstations including the first workstation.
  - 29. An article according to claim 22, wherein determining a cleartext password includes:
    - determining that the cleartext password does not exist on the application server;
      
      requesting from the user the cleartext password; and
      
      receiving from the user the cleartext password.
  - 30. An article according to claim 22, the machine-accessible data further including associated data that, when accessed, results in:
    - receiving a request from the workstation to change the cleartext password to a new cleartext password; and
      
      replacing the cleartext password with the new cleartext password.
  - 31. An article according to claim 30, the machine-accessible data further including associated data that, when accessed, results in forwarding the new cleartext password to the authentication server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Isaacson, Scott A., Danoyan, Alexander Y.
Primary Examiner(s)
Peeso; Thomas R.

Application Number

US10/807,945
Publication Number

US 20050108579A1
Time in Patent Office

1,400 Days
Field of Search

713/189, 713/193, 713/194, 713/162, 713/166, 713/168
US Class Current

713/189
CPC Class Codes

G06F 21/31 User authentication

Isolating multiple authentication channels, each using multiple authentication models

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Isolating multiple authentication channels, each using multiple authentication models

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links