Methods and apparatus for implementing authentication
First Claim
1. A method for authenticating communications in a respective network environment, the method comprising:
- engaging in a first set of communications to establish a first communication link with a client;
engaging in a second set of communications by utilizing security information associated with the client obtained from a resource independent from the client for purposes of establishing a set of second communication links with multiple servers on behalf of the client; and
facilitating a flow of traffic between the first communication link and the set of second communication links to enable the client to access information from the multiple servers;
wherein utilizing security information associated with the client from the resource other than the client includes on behalf of the client, communicating with an agent over a secure network connection to obtain the security information managed by a domain controller associated with the respective network environment and wherein the resource further communicates with the domain controller to obtain password based information for the client authorized to communicate with the multiple servers, wherein the password based information is used by one or more of the multiple servers to authorize the client.
2 Assignments
0 Petitions
Accused Products
Abstract
A proxy (e.g., a switch) resides in a respective network environment between one or more clients and multiple servers. One purpose of the proxy is to provide the clients a unified view of a distributed file system having respective data stored amongst multiple remote and disparate storage locations over a network. Another purpose of the proxy is to enable the clients retrieve data stored at the multiple servers. To establish a first connection between the proxy and a respective client, the proxy communicates with an authentication agent (residing at a location other than at the client) to verify a challenge response received from the client. When establishing a set of second connections with the multiple servers, the proxy communicates with the authentication agent to generate challenge responses on behalf of the client. The proxy facilitates a flow of data on the first connection and the set of second connections.
251 Citations
28 Claims
-
1. A method for authenticating communications in a respective network environment, the method comprising:
-
engaging in a first set of communications to establish a first communication link with a client; engaging in a second set of communications by utilizing security information associated with the client obtained from a resource independent from the client for purposes of establishing a set of second communication links with multiple servers on behalf of the client; and facilitating a flow of traffic between the first communication link and the set of second communication links to enable the client to access information from the multiple servers; wherein utilizing security information associated with the client from the resource other than the client includes on behalf of the client, communicating with an agent over a secure network connection to obtain the security information managed by a domain controller associated with the respective network environment and wherein the resource further communicates with the domain controller to obtain password based information for the client authorized to communicate with the multiple servers, wherein the password based information is used by one or more of the multiple servers to authorize the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer system that performs authentication procedures on behalf of a client for purposes of accessing multiple servers, the computer system comprising:
-
a processor; a memory unit that stores instructions associated with an application executed by the processor; and an interconnect coupling the processor and the memory unit, enabling the processor to execute the application and perform operations comprising; engaging in a first set of communications to establish a first communication link with the client; engaging in a second set of communications by utilizing security information associated with the client obtained from a resource independent from the client for purposes of establishing a set of second communication links with the multiple servers on behalf of the client; and facilitating a flow of traffic between the first communication link and the set of second communication links to enable the client to access information from the multiple servers; wherein utilizing security information associated with the client from the resource other than the client includes on behalf of the client, communicating with an agent over a secure network connection to obtain the security information managed by a domain controller associated with the respective network environment and wherein the resource further communicates with the domain controller to obtain password based information for the client authorized to communicate with the multiple servers, wherein the password based information is used by one or more of the multiple servers to authorize the client. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A network system comprising:
-
a client; a first set of multiple servers; a first proxy device disposed in a respective network environment between the client and the first set of multiple servers, the first proxy device supporting operations of; engaging in a first set of communications to establish a first communication link with a client; engaging in a second set of communications by utilizing security information associated with the client obtained from a resource independent from the client for purposes of establishing a set of second communication links with multiple servers on behalf of the client; and facilitating a flow of traffic between the first communication link and the set of second communication links to enable the client to access information from the multiple servers; wherein utilizing security information associated with the client from the resource other than the client includes on behalf of the client, communicating with an agent over a secure network connection to obtain the security information managed by a domain controller associated with the respective network environment and wherein the resource further communicates with a domain controller to obtain password based information for the client authorized to communicate with the multiple servers, wherein the password based information is used by one or more of the multiple servers to authorize the client. - View Dependent Claims (26, 27)
-
-
28. A non-transitory computer program product including a computer-readable medium having instructions stored thereon for processing data information, such that the instructions, when carried out by a processing device, enable the processing device to perform the steps comprising:
-
engaging in a first set of communications to authenticate and establish a first communication link associated with a client; engaging in a second set of communications by obtaining and utilizing security information on behalf of the client obtained from a resource independent from the client to authenticate and establish a set of second communication links with multiple servers; and facilitating a flow of traffic between the first communication link and the set of second communication links to enable the client to access information from the multiple servers; wherein utilizing security information associated with the client from the resource other than the client includes on behalf of the client, communicating with an agent over a secure network connection to obtain the security information managed by a domain controller associated with the respective network environment and the resource further communicates with a domain controller to obtain password based information for the client authorized to communicate with the multiple servers, wherein the password based information is used by one or more of the multiple servers to authorize the client.
-
Specification