System and method for authentication to an application
First Claim
Patent Images
1. A method for authenticating a first user in a protected network to an application program shared concurrently with a second user in an unprotected network, said method comprising the steps of:
- a first server within said protected network receiving a user ID and password from the first user for authentication for accessing said application, program, said application program residing in a computer on a third network configured as a buffer between said protected network and said unprotected network;
said first server determining that said userID and password are authentic, and in response, said first server forwarding to said application program an authentication key for said first user and a request by said first user for data;
said application program determining that said key is authentic, and in response, said application program complying with said request by said first user without said password being sent from said protected network into said third network; and
said application program receiving another userID and another password from the second user, said application program determining that said other userID and said other password are authentic, and in response, said application program complying with a request by said second user.
2 Assignments
0 Petitions
Accused Products
Abstract
Authenticating a first user in a protected network to an application in a DMZ network shared simultaneously with a second user in an unprotected network. The first user supplies a userID and a password to a first server within the protected network for authentication for the application. The first server checks authentication of the first user based on the userID and password. If the first user is authentic, the first server forwards to the application an authentication key for the first user and a selection by the first user pertaining to the application. The application checks authentication of the key, and if authentic, complies with the selection by the first user. The second user supplies another userID and another password to the application. If the other userID and other password are authentic, the application complies with a selection made by the second user pertaining to the application.
66 Citations
20 Claims
-
1. A method for authenticating a first user in a protected network to an application program shared concurrently with a second user in an unprotected network, said method comprising the steps of:
-
a first server within said protected network receiving a user ID and password from the first user for authentication for accessing said application, program, said application program residing in a computer on a third network configured as a buffer between said protected network and said unprotected network; said first server determining that said userID and password are authentic, and in response, said first server forwarding to said application program an authentication key for said first user and a request by said first user for data; said application program determining that said key is authentic, and in response, said application program complying with said request by said first user without said password being sent from said protected network into said third network; and said application program receiving another userID and another password from the second user, said application program determining that said other userID and said other password are authentic, and in response, said application program complying with a request by said second user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An authentication system comprising:
-
a first server residing in a first network and having a first CPU, a first computer readable memory and a first computer readable storage media; an application program stored in the first computer readable storage media for execution by the first CPU via the first computer readable storage media in the first server; a second server residing in a second, protected network and having a second CPU, a second computer readable memory and a second computer readable storage media, the second server including first program instructions for receive from a first user within said second network a userID and a password for authentication for accessing said application program, said second server including second program instructions to check authentication of said first user based on said userID and password, and if said first user is authentic, forward to said application program an authentication key for said first user and a request by said first user for data; and said application program including third program instructions to (a) check authenticate said key, and if authentic, comply with said request by said first user without said password being sent from said protected network into said first network, and (b) receive from a workstation in a third, unprotected network for a second user, another userID and another password for said second user, and determine that said other userID and other password are authentic, and in response, comply with a request by said second user, said application program being shared concurrently with said first and second users, said first network configured as a buffer between said second, protected network and said third, unprotected network. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer program product for authenticating a first user in a protected network to an application program shared simultaneously with a second user in an unprotected network, and authenticating said second user to said application program, said program product comprising:
-
first computer readable, tangible storage device; second computer readable, tangible storage device; first program instructions, for execution on a first server within said protected network, to receive from the first user a userID and a password for authentication for accessing said application program, said application program for execution on a computer residing in a third network configured as a security buffer between said protected network and said unprotected network; second program instructions, for execution on said first server, to check authentication of said first user based on said userID and password, and if said first user is authentic, to forward to said application program an authentication key for said first user and a request by said first user for data; third program instructions in said application program to check authentication of said key, and if authentic, comply with said request by said first user without said password being sent from said protected network into said third network; fourth program instructions in said application program to receive from said second user another userID and another password, determine if said other userID and other password are authentic, and if so, instruct said application program to comply with a request by said second user; and
whereinsaid first and second program instructions are stored on said first computer readable storage media, and said application program including said third and fourth program instructions are stored on said second computer readable storage media. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeWrp IP Management, LLC
-
Original AssigneeInternational Business Machines Corporation
-
InventorsBarnabo, Christopher E., Greenlee, Gordan G.
-
Primary Examiner(s)CERVETTI, DAVID GARCIA
-
Application NumberUS12/038,350Publication NumberTime in Patent Office1,063 DaysField of Search726/8, 726/27, 713/168, 713/182, 713/185US Class Current726/8CPC Class CodesH04L 63/0807 using tickets, e.g. Kerbero...H04L 63/083 using passwords cryptograph...
