Dynamic cache lookup based on dynamic data

US 7,487,361 B2
Filed: 06/30/2004
Issued: 02/03/2009
Est. Priority Date: 06/30/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method of caching authentication data on a computer network, comprising the steps of:

receiving, at a server in a computer network, an access request by a login user;

the server authenticating the login user based on security credentials forwarded by the login user and sending a token back to the login user, wherein the token comprises a single-sign on token and contains the security credentials forwarded by the login user;

the server receiving a later access request by the login user, the later access request including the token;

the server generating a unique lookup key using the token, the unique lookup key comprising a one-way hash of unique security attributes, wherein the unique security attributes comprises static security attributes including an access ID, and dynamic security attributes including a login time and a login location, and wherein the dynamic security attributes are selected based on a login module;

the server using the generated unique lookup key to find security credentials of the login user in a distributed cache; and

the server granting the later access request by granting access rights to the login user according to the security credentials in the distributed cache, wherein the security credentials in the distributed cache vary according to both the static security attributes and the dynamic security attributes, such that the login user having the same static security attributes is granted different access rights according to differences in the dynamic security attributes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for tracking user security credentials in a distributed computing environment. The security credentials of an authenticated user includes not just his unique user identifier, but also a set of security attributes such as the time of authentication, the location where the user is authenticated (i.e., intranet user v. internet user), the authentication strength, and so on. The security attributes are used in access control decisions. The same user can be given different authorization if he has a different security attribute value. Security credentials may be generated either by WebSphere security code or by third party security provider code. This invention stores the user credentials in a distributed cache and provides a system and method to compute the unique key based on the dynamic security credentials for cache lookup

15 Citations

View as Search Results

3 Claims

1. A method of caching authentication data on a computer network, comprising the steps of:
- receiving, at a server in a computer network, an access request by a login user;
  
  the server authenticating the login user based on security credentials forwarded by the login user and sending a token back to the login user, wherein the token comprises a single-sign on token and contains the security credentials forwarded by the login user;
  
  the server receiving a later access request by the login user, the later access request including the token;
  
  the server generating a unique lookup key using the token, the unique lookup key comprising a one-way hash of unique security attributes, wherein the unique security attributes comprises static security attributes including an access ID, and dynamic security attributes including a login time and a login location, and wherein the dynamic security attributes are selected based on a login module;
  
  the server using the generated unique lookup key to find security credentials of the login user in a distributed cache; and
  
  the server granting the later access request by granting access rights to the login user according to the security credentials in the distributed cache, wherein the security credentials in the distributed cache vary according to both the static security attributes and the dynamic security attributes, such that the login user having the same static security attributes is granted different access rights according to differences in the dynamic security attributes.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising:
    - providing the login module with the dynamic security attributes.
  - 3. The method of claim 1, wherein the access ID is simultaneously logged into the network as two different login users based on the dynamic security attributes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chao, Ching-Yun, Birk, Peter Daniel, Chung, Hyen Vui
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Powers; William S

Application Number

US10/881,962
Publication Number

US 20060020813A1
Time in Patent Office

1,679 Days
Field of Search

713/185, 726/2
US Class Current

713/185
CPC Class Codes

G06F 21/31   User authentication

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

Dynamic cache lookup based on dynamic data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

3 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic cache lookup based on dynamic data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

3 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links