Computer system and method of updating authentication information of computer system

US 7,853,994 B2
Filed: 08/23/2006
Issued: 12/14/2010
Est. Priority Date: 06/29/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A computer system that connects a first computer device and a second computer device so that the first and second computer devices are capable of bi-directional communication, whereinthe second computer device judges whether the first computer device has legitimate access rights on the basis of authentication information received from the first computer device and, when the first computer device has legitimate access rights, permits usage of the second computer device by the first computer device,a session manager for managing a session configured in a path that connects the first and second computer devices is provided,the session manager updates the authentication information while maintaining the session between the first and second computer devices by executing data processing that is in the course of execution before the update of the authentication information is requested via a first session that is provided in the path and which uses pre-update authentication information and by executing data processing that is produced after the update of the authentication information is requested via a second session that is provided in the path and which uses updated authentication information;

whereinthe first computer device includes;

a first communication port for connecting to the second computer device;

a first communication controller for communicating with the second computer device by using a path that is configured between the first computer device and the second computer device via the first communication port;

a first session manager for managing, via the first communication controller, a data transfer that uses the session configured in the path;

a first session table that associates and manages the session configured in the path and identification information that indicates the number of commands being executed that use the session and a classification of whether the configured session is the first session or the second session; and

a first authentication information management table that manages pre-update authentication information and updated authentication information, andthe second computer device including;

a second communication port that is connected via the path to the first communication port;

a second communication controller for communicating with the first computer device via the second communication port;

a second session manager for managing data transfers using the session via the second communication controller;

a second session table that associates and manages the session configured in the path and identification information indicating a classification of whether the session is the first session or the second session; and

a second authentication information management table that manages pre-update authentication information and updated authentication information,and wherein, when the updated authentication information is input to the first computer device and the second computer device respectively, the updated authentication information is stored in each of the first authentication information management table and the second authentication information management table;

the first session manager issues a request to the second session manager to open the second session that uses the updated authentication information;

the second session manager opens the second session and registers information related to the opened second session in the second session table when authentication of the updated authentication information contained in the request from the first session manager is successful;

the first session manager registers information related to the opened second session in the first session table when the opening of the second session is confirmed;

the first session manager transmits a new command newly issued after the second session is opened to the second computer device via the second session;

the second session manager transmits a response to the old command received from the first computer device prior to the opening of the second session to the first computer device via the first session;

the first session manager issues a request to the second session manager to close the first session when all the old command-related responses are received from the second computer device; and

the second session manager closes the first session in accordance with the first session close request received from the first session manager.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The storage system of the present invention is able to update a secret while maintaining a session between a host and storage. The administrator configures a new secret for the host and the storage. The session manager issues a request to the storage to open a session that uses the new secret. The session manager opens a session that uses the new secret following authentication. A response to an old command issued prior to the secret update is transmitted from the storage to the host via a session that uses an old secret. A new command following the secret update is transmitted from the host to the storage via the session that uses the new secret. When all the old command processing is complete, the old secret using session is closed.

Citations

14 Claims

1. A computer system that connects a first computer device and a second computer device so that the first and second computer devices are capable of bi-directional communication, whereinthe second computer device judges whether the first computer device has legitimate access rights on the basis of authentication information received from the first computer device and, when the first computer device has legitimate access rights, permits usage of the second computer device by the first computer device,a session manager for managing a session configured in a path that connects the first and second computer devices is provided,the session manager updates the authentication information while maintaining the session between the first and second computer devices by executing data processing that is in the course of execution before the update of the authentication information is requested via a first session that is provided in the path and which uses pre-update authentication information and by executing data processing that is produced after the update of the authentication information is requested via a second session that is provided in the path and which uses updated authentication information;
- whereinthe first computer device includes;
  
  a first communication port for connecting to the second computer device;
  
  a first communication controller for communicating with the second computer device by using a path that is configured between the first computer device and the second computer device via the first communication port;
  
  a first session manager for managing, via the first communication controller, a data transfer that uses the session configured in the path;
  
  a first session table that associates and manages the session configured in the path and identification information that indicates the number of commands being executed that use the session and a classification of whether the configured session is the first session or the second session; and
  
  a first authentication information management table that manages pre-update authentication information and updated authentication information, andthe second computer device including;
  
  a second communication port that is connected via the path to the first communication port;
  
  a second communication controller for communicating with the first computer device via the second communication port;
  
  a second session manager for managing data transfers using the session via the second communication controller;
  
  a second session table that associates and manages the session configured in the path and identification information indicating a classification of whether the session is the first session or the second session; and
  
  a second authentication information management table that manages pre-update authentication information and updated authentication information,and wherein, when the updated authentication information is input to the first computer device and the second computer device respectively, the updated authentication information is stored in each of the first authentication information management table and the second authentication information management table;
  
  the first session manager issues a request to the second session manager to open the second session that uses the updated authentication information;
  
  the second session manager opens the second session and registers information related to the opened second session in the second session table when authentication of the updated authentication information contained in the request from the first session manager is successful;
  
  the first session manager registers information related to the opened second session in the first session table when the opening of the second session is confirmed;
  
  the first session manager transmits a new command newly issued after the second session is opened to the second computer device via the second session;
  
  the second session manager transmits a response to the old command received from the first computer device prior to the opening of the second session to the first computer device via the first session;
  
  the first session manager issues a request to the second session manager to close the first session when all the old command-related responses are received from the second computer device; and
  
  the second session manager closes the first session in accordance with the first session close request received from the first session manager.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computer system according to claim 1, wherein the session manager(1) configures a first session that uses pre-update authentication information and a second session that uses updated authentication information between the first and second computer devices;
    - (2) performs data processing in the course of execution before the update of the authentication information by using the first session and performs new data processing after the update of the authentication information by using the second session; and
      
      (3) closes the first session when the data processing in the course of execution before the update of the authentication information is complete.
  - 3. The computer system according to claim 1, wherein the first and second sessions are each provided on the same path that connects the first and second computer devices.
  - 4. The computer system according to claim 1, wherein the authentication information includes user identification information for identifying users and updatable password information that is associated with the user identification information.
  - 5. The computer system according to claim 1, wherein the first computer device is a host computer and the second computer device is a storage apparatus that provides the host computer with a storage area.
  - 6. The computer system according to claim 1, wherein the first computer device is a storage apparatus and the second computer device is another storage apparatus that provides the storage apparatus with a storage area.
  - 7. The computer system according to claim 2, wherein a third computer device for reporting the updated authentication information to the first and second computer devices respectively is connected to the first and second computer devices respectively so as to be capable of bi-directional communication;
    - and,when the updated authentication information is reported by the third computer device to the first and second computer devices respectively, the processes (1) to (3) are executed.
  - 8. The computer system according to claim 2, wherein the processes (1) to (3) are executed as a result of one of the first computer device and the second computer device reporting the updated authentication information to the other computer device.
  - 9. The computer system according to claim 1, wherein a plurality of paths are provided between the first computer device and the second computer device;
    - and the first and second sessions are provided in each of the plurality of paths.
  - 10. The computer system according to claim 2, wherein a plurality of paths are provided between the first computer device and the second computer device;
    - and the processes (1) to (3) are executed by selecting paths among the plurality of paths in order starting with the path for which the time to completion of the data processing being executed is smallest.
  - 11. The computer system according to claim 10, wherein paths are selected among the plurality of paths in order starting with the path with the smallest number of commands being executed.
  - 12. The computer system according to claim 2, wherein a plurality of paths are provided between the first computer device and the second computer device;
    - and, after configuring the first and second sessions in all of the plurality of paths by executing the process (1) for each of the plurality of paths, the process (2) and the process (3) are executed in parallel with respect to the plurality of paths.
  - 13. The computer system according to claim 2, wherein a fourth computer device for managing the authentication information is connected so as to be capable of bidirectional communication to at least the second computer device;
    - andwhen the updated authentication information is reported by the first computer device, the second computer device issues an inquiry to the fourth computer device as to whether the updated authentication information reported by the first computer device is correct and, when the fourth computer device responds to the effect that the updated authentication information is correct, the processes (1) to (3) are executed.
  - 14. The computer system according to claim 1, wherein the session manager closes the first session after the data processing that uses the first session is complete and then configures the second session in the path and, when a request to execute new data processing is received during the execution of data processing that uses the first session, the request to execute the new data processing is suspended and, after configuring the second session, the suspended execution request is processed by using the second session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Murakami, Toshihiko, Shiga, Kenta, Nakatsuka, Daiki
Primary Examiner(s)
Revak; Christopher A

Application Number

US11/508,201
Publication Number

US 20080005565A1
Time in Patent Office

1,574 Days
Field of Search

None
US Class Current

726/6
CPC Class Codes

H04L 63/0846 using time-dependent-passwo...

Computer system and method of updating authentication information of computer system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system and method of updating authentication information of computer system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links