Method for and apparatus for retrieving username and password in an authentication protocol

US 8,181,236 B2
Filed: 07/10/2008
Issued: 05/15/2012
Est. Priority Date: 07/10/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method for retrieving an authentication record, the computer implemented method comprising:

a computer storing a first authentication record;

the computer generating a first authentication credential based on the first authentication record, wherein the first authentication credential is associated with a first credential expiration time;

the computer associating the first authentication record with the first credential expiration time;

the computer storing a second authentication record;

the computer generating a second authentication credential based on the second authentication record, wherein the second authentication credential is associated with a second credential expiration time;

the computer associating the second authentication record with the second credential expiration time;

the computer determining that the first credential expiration time is earlier than the second credential expiration time; and

the computer, responsive to a determination that the first credential expiration time is earlier than the second credential expiration time, caching the first authentication record to cache;

the computer, responsive to the determination that the first credential expiration time is earlier than the second credential expiration time, determining that the cache is full; and

the computer, responsive to the determination that the first credential expiration time is earlier than the second credential expiration time and responsive to the determination that the cache is full, storing the second authentication record to storage without caching the second authentication record to cache.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a computer implemented method and apparatus to retrieve authentication records required for user validation and creation of authentication credentials from an authentication server to be passed to the user. The method is comprised of the authentication server storing a first authentication record, then generating a first authentication credential based on the first authentication record. The authentication server associates the first authentication record with a first credential expiration time. The authentication server stores a second authentication record. The authentication server generates a second authentication credential based on the second authentication record, wherein the second authentication credential is associated with a second credential expiration time. Next, the authentication server associates the second authentication credential with a second credential expiration time. The authentication server determines that the first credential expiration time is earlier than the second credential expiration time and caches the first authentication record to cache.

26 Citations

View as Search Results

9 Claims

1. A computer implemented method for retrieving an authentication record, the computer implemented method comprising:
- a computer storing a first authentication record;
  
  the computer generating a first authentication credential based on the first authentication record, wherein the first authentication credential is associated with a first credential expiration time;
  
  the computer associating the first authentication record with the first credential expiration time;
  
  the computer storing a second authentication record;
  
  the computer generating a second authentication credential based on the second authentication record, wherein the second authentication credential is associated with a second credential expiration time;
  
  the computer associating the second authentication record with the second credential expiration time;
  
  the computer determining that the first credential expiration time is earlier than the second credential expiration time; and
  
  the computer, responsive to a determination that the first credential expiration time is earlier than the second credential expiration time, caching the first authentication record to cache;
  
  the computer, responsive to the determination that the first credential expiration time is earlier than the second credential expiration time, determining that the cache is full; and
  
  the computer, responsive to the determination that the first credential expiration time is earlier than the second credential expiration time and responsive to the determination that the cache is full, storing the second authentication record to storage without caching the second authentication record to cache.
- View Dependent Claims (2, 3)
- - 2. The computer implemented method of claim 1, wherein the cache comprises an ordered list of at least two authentication records arranged in order of credential expiration times associated with each authentication credential.
  - 3. The computer implemented method of claim 1, wherein the cache comprises a tree of at least two authentication records arranged in order of credential expiration times associated with each authentication credential.

4. A computer program product for retrieving authentication record, the computer program product comprising:
- a computer-readable tangible storage device having computer usable program code embodied therewith, the computer program product comprising;
  
  computer usable program code configured to store a first authentication record;
  
  computer usable program code configured to generate a first authentication credential based on the first authentication record, wherein the first authentication credential is associated with a first credential expiration time;
  
  computer usable program code configured to associate the first authentication record with the first credential expiration time;
  
  computer usable program code configured to store a second authentication record;
  
  computer usable program code configured to generate a second authentication credential based on the second authentication record, wherein the second authentication credential is associated with a second credential expiration time;
  
  computer usable program code configured to associate the second authentication record with the second credential expiration time;
  
  computer usable program code configured to determine that the first credential expiration time is earlier than the second credential expiration time;
  
  computer usable program code configured to cache the first authentication record responsive to a determination that the first credential expiration time is earlier than the second credential expiration time;
  
  computer usable program code configured to determine that the cache is full, responsive to the determination that the first credential expiration time is earlier than the second credential expiration time; and
  
  computer usable program code configured to store the second authentication record to storage without caching the second authentication record to cache responsive to the determination that the first credential expiration time is earlier than the second credential expiration time and responsive to the determination that the cache is full.
- View Dependent Claims (5, 6)
- - 5. The computer program product of claim 4, wherein the cache comprises an ordered list of at least two authentication records arranged in order of credential expiration times associated with each authentication credential.
  - 6. The computer program product of claim 4, wherein the cache comprises a tree of at least two authentication records arranged in order of credential expiration times associated with each authentication credential.

7. A data processing system comprising:
- a bus;
  
  a storage device connected to the bus, wherein computer usable code is located in the storage device;
  
  a communication unit connected to the bus; and
  
  a processing unit connected to the bus, wherein the processing unit executes the computer usable code for retrieving an authentication record, wherein the processing unit executes the computer usable program code to store a first authentication record;
  
  generate a first authentication credential based on the first authentication record, wherein the first authentication credential is associated with a first credential expiration time;
  
  associate the first authentication record with the first credential expiration time;
  
  store a second authentication record;
  
  generate a second authentication credential based on the second authentication record, wherein the second authentication credential is associated with a second credential expiration time;
  
  associate the second authentication record with the second credential expiration time;
  
  determine that the first credential expiration time is earlier than the second credential expiration time;
  
  cache the first authentication record responsive to a determination that the first credential expiration time is earlier than the second credential expiration time;
  
  determine that the cache is full, responsive to the determination that the first credential expiration time is earlier than the second credential expiration time; and
  
  store the second authentication record to storage without caching the second authentication record to cache responsive to the determination that the first credential expiration time is earlier than the second credential expiration time and responsive to the determination that the cache is full.
- View Dependent Claims (8, 9)
- - 8. The data processing system of claim 7, wherein the cache comprises an ordered list of at least two authentication records arranged in order of credential expiration times associated with each authentication credential.
  - 9. The data processing system of claim 7, wherein the cache comprises a tree of at least two authentication records arranged in order of credential expiration times associated with each authentication credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Banerjee, Dwip N., Patil, Sandeep R., Venkatsubra, Venkat, Katiyar, Manish
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US12/170,815
Publication Number

US 20100011413A1
Time in Patent Office

1,405 Days
Field of Search

726/10, 726/5, 726/6, 726/2, 713/168
US Class Current

726/10
CPC Class Codes

G06F 21/33 using certificates

H04L 63/0807 using tickets, e.g. Kerbero...

Method for and apparatus for retrieving username and password in an authentication protocol

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

9 Claims

Specification

Use Cases

Quick Links

Others

Method for and apparatus for retrieving username and password in an authentication protocol

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

9 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others