Authentication on demand in a distributed network environment

US 7,487,535 B1
Filed: 02/01/2002
Issued: 02/03/2009
Est. Priority Date: 02/01/2002
Status: Expired due to Term

First Claim

Patent Images

1. An apparatus to establish local authentication information, comprising:

a computer;

a memory in the computer, the memory including a container hierarchy, the container hierarchy including a first container and a second container stored in the first container;

a user object creator for creating a user object for storage in the second container in the container hierarchy;

an authentication source to authenticate a first authentication request;

a user object populator for populating the user object with identity information including a user name and an encrypted password responsive to the first authentication request, wherein the user object populator is operative to make the user object permanent responsive to a signal from the authentication source indicating a validated authentication request; and

a local administration policy for the computer to define rights for the user object independent of rights of a corresponding user object in the authentication source.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer receives an authentication request from a client. The computer creates a temporary user object and populates it with identification information from the authentication request. The computer then forwards the authentication request to an authentication source. Once the authentication source has validated the authentication request, the computer queries the authentication source for identification information, populates the temporary user object with the identification information, and makes the user object permanent.

Citations

25 Claims

1. An apparatus to establish local authentication information, comprising:
- a computer;
  
  a memory in the computer, the memory including a container hierarchy, the container hierarchy including a first container and a second container stored in the first container;
  
  a user object creator for creating a user object for storage in the second container in the container hierarchy;
  
  an authentication source to authenticate a first authentication request;
  
  a user object populator for populating the user object with identity information including a user name and an encrypted password responsive to the first authentication request, wherein the user object populator is operative to make the user object permanent responsive to a signal from the authentication source indicating a validated authentication request; and
  
  a local administration policy for the computer to define rights for the user object independent of rights of a corresponding user object in the authentication source.
- View Dependent Claims (2, 3)
- - 2. An apparatus according to claim 1, wherein the user object populator is operative to delete the user object responsive to a signal from the authentication source indicating a failed authentication request.
  - 3. An apparatus according to claim 1, further comprisingan authenticator for authenticating a second authentication request received by the computer, using the user object independently of the authentication source.

4. A method for establishing local authentication information for a user, comprising:
- receiving a first authentication request from a client, the first authentication request including a user name and an encrypted password;
  
  forwarding the first authentication request to an authentication source;
  
  receiving a response from the authentication source;
  
  forwarding the response to the client;
  
  creating a user object for the user;
  
  placing the user object in a container, the container residing in a container hierarchy;
  
  populating the user object with identification information about the user, the identification information including the user name and the encrypted password;
  
  making the user object permanent if the response from the authentication source validates the first authentication request; and
  
  applying a local administration policy defining rights for the user object independent of rights for a corresponding user object in the authentication source.
- View Dependent Claims (5, 6, 7, 8, 9, 10)
- - 5. A method according to claim 4, further comprising responding to a second authentication request from the user based on the user object.
  - 6. A method according to claim 4, further comprising deleting the user object if the response from the authentication source fails the first authentication request.
  - 7. A method according to claim 4, wherein populating the user object includes assigning a group membership to the user object.
  - 8. A method according to claim 4, wherein receiving a response includes receiving the identification information from the authentication source.
  - 9. A method according to claim 8, wherein receiving the identification information includes querying the authentication source for the identification information.
  - 10. A method according to claim 4, wherein creating a user object for the user includes creating the user object for the user responsive to the response to the first authentication request.

11. One or more computer-readable media containing a program to establish local authentication information for a user, comprising:
- software to receive a first authentication request from a client, the first authentication request including a user name and an encrypted password;
  
  software to forward the first authentication request to an authentication source;
  
  software to receive a response from the authentication source;
  
  software to forward the response to the client;
  
  software to create a user object for the user;
  
  software to place the user object in a container, the container residing in a container hierarchy;
  
  software to populate the user object with identification information about the user including the user name and the encrypted password;
  
  software to make the user object permanent if the response from the authentication source validates the first authentication request; and
  
  software to apply a local administration policy defining rights for the user object independent of rights of a corresponding user object in the authentication source.
- View Dependent Claims (12, 13, 14)
- - 12. One or more computer-readable media containing a program according to claim 11, further comprising software to respond to a second authentication request from the user based on the user object.
  - 13. One or more computer-readable media containing a program according to claim 11, wherein the software to create the user object includes software to create the user object for the user responsive to the response to the first authentication request.
  - 14. One or more computer-readable media containing a program according to claim 11, further comprising software to delete the user object if the response from the authentication source indicates that the first authentication request failed.

15. A system comprising:
- a first computer;
  
  memory in the first computer, the memory including a container hierarchy, the container hierarchy including a first container and a second container stored in the first container;
  
  a second computer in communication with the first computer for generating an authentication request;
  
  an authentication source in communication with the first computer for responding to the authentication request from the second computer;
  
  means for populating a user object stored in the second container in the container hierarchy with identification information including a user name and an encrypted password;
  
  means for making the user object permanent responsive to a signal from the authentication source indicating a validated authentication request; and
  
  a local administration policy to define rights for the user object independent of rights of a corresponding user object in the authentication source.
- View Dependent Claims (16, 17, 18)
- - 16. A system according to claim 15, wherein the means for populating a user object includes means for determining the identification information from the authentication source.
  - 17. A system according to claim 15, wherein the means for populating a user object includes means for determining the identification information from the authentication request.
  - 18. A system according to claim 15, further comprising means for deleting the user object responsive to a signal from the authentication source indicating a failed authentication request.

19. A method for establishing local authentication information for a user, comprising:
- receiving a first authentication request from a client, the first authentication request including a user name and an encrypted password;
  
  creating a temporary user object for the user;
  
  placing the temporary user object in a container, the container residing in a container hierarchy;
  
  forwarding the first authentication request to an authentication source;
  
  receiving a response from the authentication source;
  
  if the response from the authentication source indicates that the first authentication request succeeded;
  
  populating the temporary user object with identification information including the user name and the encrypted password;
  
  marking the temporary user object as permanent; and
  
  returning to the client a code validating the first authentication request.
- View Dependent Claims (20, 21, 22)
- - 20. A method according to claim 19, further comprising:
    - if the response from the authentication source indicates that the first authentication request failed;
      
      deleting the temporary user object; and
      
      returning to the client a code failing the first authentication request.
  - 21. A method according to claim 19, further comprising:
    - receiving a second authentication request from the client; and
      
      validating or failing the second authentication request based on the permanent user object.
  - 22. A method according to claim 19, further comprising applying a local administration policy defining rights for the user object independent of rights in a corresponding user object in the authentication source.

23. One or more computer-readable media containing a program to store identification information, comprising:
- software for creating a user object;
  
  software for placing the user object in a first container, the first container residing in a second container, the second container residing in a container hierarchy;
  
  software to receive a message containing the identification information including a user name and an encrypted password;
  
  software for populating the user object with the identification information including the user name and the encrypted password drawn from the message;
  
  software for making the user object permanent if a response from an authentication source validates a first authentication request; and
  
  software for applying a local administration policy defining rights for the user object independent of rights of a corresponding user object in the authentication source.
- View Dependent Claims (24, 25)
- - 24. One or more computer-readable media containing a program according to claim 23, further comprising software for defining properties for the user object.
  - 25. One or more computer-readable media containing a program according to claim 23, further comprising software for deleting the user object if the response from the authentication source fails the first authentication request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Nyland, James D. Jr., Fritch, Daniel G., Crabb, Lynn W., Isaacson, Scott A., Henderson, Larry Hal
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
Davis; Zachary A

Application Number

US10/061,895
Time in Patent Office

2,559 Days
Field of Search

726/4, 726/5, 726/1, 726/17, 713/183, 713/182, 709/219, 709/225, 709/229
US Class Current

726/4
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 9/32   including means for verifyi...

H04L 9/3226   using a predetermined code,...

H04L 9/3271   using challenge-response

Authentication on demand in a distributed network environment

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication on demand in a distributed network environment

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links