System, method and program for user authentication, and recording medium on which the program is recorded
First Claim
1. A method for recording server authentication information, said method comprising:
- establishing, by a first server of a plurality of servers in a federated computing environment, a trusting relationship between the first server and a second server of the plurality of servers, wherein said establishing the trusting relationship comprises exchanging, by the first server, an electronic certificate of the first server with an electronic certificate of the second server in accordance with a Public Key Infrastructure (PKI) method;
after said establishing the trusting relationship, obtaining by the first server an authentication policy of the second server, wherein an authentication policy for each server of the plurality of servers is defined as at least one rule of each server for authenticating users of the federated computing environment; and
after said obtaining the authentication policy of the second server, registering by the first server the authentication policy of the second server within the first server, wherein the at least one rule consists of four rules, said four rules consisting of a number of alphabetic characters of a user identification (ID), a number of numeric characters of the user ID, a data size for fingerprint authentication, and a data size for voice print authentication.
3 Assignments
0 Petitions
Accused Products
Abstract
Method and system for user authentication in a federated computing environment. The method includes a first method for recording server authentication information, including: establishing a trusting relationship between a first and second server, obtaining an authentication policy of the second server, and registering the authentication policy of the second server within the first server. The method includes a second method for registering new user authentication information of a new user, including: verifying that the new user authentication information conforms to an authentication policy of the first server, and registering the new user authentication information in the first server. The method includes a third method for authenticating a user, including: receiving an access request from the user to access the federated computing environment, receiving notification based on input authentication information that the user has been authorized for the requested access, and permitting the user to access the federated computing environment.
-
Citations
21 Claims
-
1. A method for recording server authentication information, said method comprising:
-
establishing, by a first server of a plurality of servers in a federated computing environment, a trusting relationship between the first server and a second server of the plurality of servers, wherein said establishing the trusting relationship comprises exchanging, by the first server, an electronic certificate of the first server with an electronic certificate of the second server in accordance with a Public Key Infrastructure (PKI) method; after said establishing the trusting relationship, obtaining by the first server an authentication policy of the second server, wherein an authentication policy for each server of the plurality of servers is defined as at least one rule of each server for authenticating users of the federated computing environment; and after said obtaining the authentication policy of the second server, registering by the first server the authentication policy of the second server within the first server, wherein the at least one rule consists of four rules, said four rules consisting of a number of alphabetic characters of a user identification (ID), a number of numeric characters of the user ID, a data size for fingerprint authentication, and a data size for voice print authentication. - View Dependent Claims (2, 3)
-
-
4. A method for recording server authentication information, said method comprising:
-
establishing, by a first server of a plurality of servers in a federated computing environment, a trusting relationship between the first server and a second server of the plurality of servers, wherein said establishing the trusting relationship comprises exchanging, by the first server, an electronic certificate of the first server with an electronic certificate of the second server in accordance with a Public Key Infrastructure (PKI) method; after said establishing the trusting relationship, obtaining by the first server an authentication policy of the second server, wherein an authentication policy for each server of the plurality of servers is defined as at least one rule of each server for authenticating users of the federated computing environment; and after said obtaining the authentication policy of the second server, registering by the first server the authentication policy of the second server within the first server, wherein the method further comprises; receiving, by the first server, an access request from a user to access the federated computing environment, wherein the first server comprises an authentication policy table that comprises the authentication policy of each server of the plurality of servers registered therein; after said receiving the access request, receiving by the first server input authentication information from the user; obtaining, by the first server, a server address of the second server, wherein the authentication policy of the second server matches an authentication policy of the first server; transmitting, by the first server to the second server via the server address of the second server, the input authentication information; after said transmitting the input authentication information to the second server, receiving by the first server from the second server a notification that the second server has successfully authorized the user; and after said receiving the notification that the second server has successfully authorized the user, permitting the user to access the federated computing environment, wherein said permitting is performed by the first server. - View Dependent Claims (5, 6, 7)
-
-
8. A system for recording server authentication information, said system comprising:
-
a first server of a plurality of servers in a federated computing environment; and a computer readable storage medium; first program code for establishing, by the first server, a trusting relationship between the first server and a second server comprised by the plurality of servers, wherein said establishing the trusting relationship comprises exchanging, by the first server, an electronic certificate of the first server with an electronic certificate of the second server in accordance with a Public Key Infrastructure (PKI) method; second program code for obtaining by the first server an authentication policy of the second server after said establishing the trusting relationship, wherein an authentication policy for each server of the plurality of servers is defined as at least one rule of each server for authenticating users of the federated computing environment; and third program code for registering by the first server the authentication policy of the second server within the first server after said obtaining the authentication policy of the second server, wherein the first program code, the second program code, and the third program code are stored on the computer readable storage medium, and wherein the at least one rule consists of four rules, said four rules consisting of a number of alphabetic characters of a user identification (ID), a number of numeric characters of the user ID, a data size for fingerprint authentication, and a data size for voice print authentication. - View Dependent Claims (9, 10)
-
-
11. A system for recording server authentication information, said system comprising:
-
a first server of a plurality of servers in a federated computing environment; and a computer readable storage medium; first program code for establishing, by the first server, a trusting relationship between the first server and a second server comprised by the plurality of servers, wherein said establishing the trusting relationship comprises exchanging, by the first server, an electronic certificate of the first server with an electronic certificate of the second server in accordance with a Public Key Infrastructure (PKI) method; second program code for obtaining by the first server an authentication policy of the second server after said establishing the trusting relationship, wherein an authentication policy for each server of the plurality of servers is defined as at least one rule of each server for authenticating users of the federated computing environment; and third program code for registering by the first server the authentication policy of the second server within the first server after said obtaining the authentication policy of the second server, wherein the first program code, the second program code, and the third program code are stored on the computer readable storage medium, and wherein the system further comprises; fourth program code for receiving, by the first server, an access request from a user to access the federated computing environment, wherein the first server comprises an authentication policy table that comprises the authentication policy of each server of the plurality of servers registered therein; fifth program code for receiving by the first server input authentication information from the user after said receiving the access request; sixth program code for obtaining, by the first server, a server address of the second server, wherein the authentication policy of the second server matches an authentication policy of the first server; seventh program code for transmitting, by the first server to the second server via the server address of the second server, the input authentication information; eighth program code for receiving by the first server from the second server a notification that the second server has successfully authorized the user after said transmitting the input authentication information to the second server; and ninth program code for permitting the user to access the federated computing environment, wherein said permitting is performed by the first server after said receiving the notification that the second server has successfully authorized the user, wherein the fourth program code, the fifth program code, the sixth program code, the seventh program code, the eighth program code, and the ninth program code are stored on the computer readable storage medium. - View Dependent Claims (12, 13, 14)
-
-
15. A computer program product for recording server authentication information, said computer program product comprising:
-
a computer readable storage medium; first program code for establishing, by a first server of a plurality of servers, a trusting relationship between the first server and a second server comprised by the plurality of servers, wherein said establishing the trusting relationship comprises exchanging, by the first server, an electronic certificate of the first server with an electronic certificate of the second server in accordance with a Public Key Infrastructure (PKI) method; second program code for obtaining by the first server an authentication policy of the second server after said establishing the trusting relationship, wherein an authentication policy for each server of the plurality of servers is defined as at least one rule of each server for authenticating users of the federated computing environment; and third program code for registering by the first server the authentication policy of the second server within the first server after said obtaining the authentication policy of the second server, wherein the first program code, the second program code, and the third program code are stored on the computer readable storage medium and wherein the at least one rule consists of four rules, said four rules consisting of a number of alphabetic characters of a user identification (ID), a number of numeric characters of the user ID, a data size for fingerprint authentication, and a data size for voice print authentication. - View Dependent Claims (16, 17)
-
-
18. A computer program product for recording server authentication information, said computer program product comprising:
-
a computer readable storage medium; first program code for establishing, by a first server of a plurality of servers, a trusting relationship between the first server and a second server comprised by the plurality of servers, wherein said establishing the trusting relationship comprises exchanging, by the first server, an electronic certificate of the first server with an electronic certificate of the second server in accordance with a Public Key Infrastructure (PKI) method; second program code for obtaining by the first server an authentication policy of the second server after said establishing the trusting relationship, wherein an authentication policy for each server of the plurality of servers is defined as at least one rule of each server for authenticating users of the federated computing environment; and third program code for registering by the first server the authentication policy of the second server within the first server after said obtaining the authentication policy of the second server, wherein the first program code, the second program code, and the third program code are stored on the computer readable storage medium, and wherein the computer program product further comprises; fourth program code for receiving, by the first server, an access request from a user to access the federated computing environment, wherein the first server comprises an authentication policy table that comprises the authentication policy of each server of the plurality of servers registered therein; fifth program code for receiving by the first server input authentication information from the user after said receiving the access request; sixth program code for obtaining, by the first server, a server address of the second server, wherein the authentication policy of the second server matches an authentication policy of the first server; seventh program code for transmitting, by the first server to the second server via the server address of the second server, the input authentication information; eighth program code for receiving by the first server from the second server a notification that the second server has successfully authorized the user after said transmitting the input authentication information to the second server; and ninth program code for permitting the user to access the federated computing environment, wherein said permitting is performed by the first server after said receiving the notification that the second server has successfully authorized the user, wherein the fourth program code, the fifth program code, the sixth program code, the seventh program code, the eighth program code, and the ninth program code are stored on the computer readable storage medium. - View Dependent Claims (19, 20, 21)
-
Specification