Authentication cache and authentication on demand in a distributed network environment
First Claim
Patent Images
1. An apparatus to store authentication information, comprising:
- a first computer storing a first container hierarchy and a second container hierarchy, the first container hierarchy including at least a first container and a second container, the second container stored in the first container, and the second container hierarchy including at least a third container and a fourth container, the third container stored in the fourth container;
a user object creator to create a user object in one of the first container and the second container in the first container hierarchy using an administration policy to set access rights associated with the user object;
an authentication source separate from the first computer for authenticating a first authentication request;
a receiver/transmitter to receive the first authentication request from a second computer separate from the first computer and to forward the first authentication request to the authentication source;
a user object updater for updating the user object with authentication information including a user name and at least one of an encrypted password and an unencrypted password;
a permanent user object updater operative to store the user object in the second container hierarchy if the authentication source validates the first authentication request; and
an authenticator to compare subsequent authentication requests to the authentication information in the user object in the second container hierarchy.
11 Assignments
0 Petitions
Accused Products
Abstract
A computer receives a request for authentication from a client. The computer forwards the authentication request to an authentication source. Once the authentication source has validated the authentication request, the computer requests authentication and cache control information from the authentication source. The computer uses the authentication and cache control information to populate a user object stored in a container hierarchy and enable the computer to authenticate an authentication request without forwarding the authentication request to the authentication source.
-
Citations
25 Claims
-
1. An apparatus to store authentication information, comprising:
-
a first computer storing a first container hierarchy and a second container hierarchy, the first container hierarchy including at least a first container and a second container, the second container stored in the first container, and the second container hierarchy including at least a third container and a fourth container, the third container stored in the fourth container; a user object creator to create a user object in one of the first container and the second container in the first container hierarchy using an administration policy to set access rights associated with the user object; an authentication source separate from the first computer for authenticating a first authentication request; a receiver/transmitter to receive the first authentication request from a second computer separate from the first computer and to forward the first authentication request to the authentication source; a user object updater for updating the user object with authentication information including a user name and at least one of an encrypted password and an unencrypted password; a permanent user object updater operative to store the user object in the second container hierarchy if the authentication source validates the first authentication request; and an authenticator to compare subsequent authentication requests to the authentication information in the user object in the second container hierarchy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for caching authentication information, comprising:
-
receiving a first authentication request at a computer, the authentication request including authentication information comprising a username and an encrypted password; storing the authentication information in a temporary user object in the computer; storing the temporary user object in one of a first container and a second container, the first container residing in the second container in a first container hierarchy on the computer; authenticating the first authentication request using an authentication source separate from the computer; and if the first authentication request is successful; storing a permanent user object in one of a third container and a fourth container, the third container residing in the fourth container in a second container hierarchy on the computer; querying the authentication source for an unencrypted password corresponding to the username; updating the permanent user object with the unencrypted password; and authenticating subsequent authentication requests using at least one of the encrypted password and the unencrypted password. - View Dependent Claims (11, 12, 13, 14)
-
-
15. One or more computer-readable media containing a program to store authentication information for a user, comprising:
-
software to receive a first authentication request at a computer, the authentication request including authentication information comprising a username and an encrypted password; software to store the authentication information in a temporary user object in the computer; software to store a temporary user object in one of a first container and a second container, the first container residing in the second container in a first container hierarchy; software to authenticate the first authentication request using an authentication source separate from the computer; and software to store a permanent user object in one of a third container and a fourth container, the third container residing in the fourth container in a second container hierarchy, if the first authentication request is successful and to; query the authentication source for an unencrypted password corresponding to the username; update the permanent user object with the unencrypted password; and authenticate subsequent authentication requests using at least one of the encrypted password and the unencrypted password. - View Dependent Claims (16, 17, 18)
-
-
19. A system comprising:
-
a first computer; a first container hierarchy stored in the first computer, the first container hierarchy including a first container and a second container, the second container stored in the first container; a second container hierarchy stored in the first computer, the second container hierarchy including a third container and a fourth container; a temporary user object stored in one of the first container and the second container; a second computer in communication with the first computer for generating an authentication request, the authentication request including a user name and an encrypted password; means in the first computer for placing the authentication information in the temporary user object; an authentication source separate from the first computer and the second computer, in communication with the first computer for responding to the authentication request from the second computer; and means in the first computer for placing the authentication information in a permanent user object in a second container hierarchy on the computer, if the authentication source successfully validates the authentication request and to; query the authentication source for an unencrypted password corresponding to the username; update the permanent user object with the unencrypted password; and authenticate subsequent authentication requests using at least one of the encrypted password and the unencrypted password. - View Dependent Claims (20, 21)
-
-
22. A method for caching authentication information for a user, comprising:
-
receiving a first authentication request at a computer from a client, the first authentication request including authentication information comprising a username and an encrypted password; populating a temporary user object stored in the computer with the authentication information for the user, the temporary user object stored in one of a first container and a second container, the first container stored in the second container in a first container hierarchy; forwarding the first authentication request to an authentication source separate from the computer; receiving a response at the computer from the authentication source; and if the response from the authentication source indicates that the first authentication request succeeded; populating a permanent user object with the authentication information, wherein the authentication information includes a user name and a password; storing the permanent user object in one of a third container and a fourth container, the third container stored in the fourth container in a second container hierarchy; returning to the client a code validating the first authentication request querying the authentication source for an unencrypted password corresponding to the username; updating the permanent user object with the unencrypted password; and authenticating subsequent authentication requests using at least one of the encrypted password and the unencrypted password. - View Dependent Claims (23, 24, 25)
-
Specification