×

Methods, devices, and computer program products for discovering authentication servers and establishing trust relationships therewith

  • US 8,220,032 B2
  • Filed: 01/29/2008
  • Issued: 07/10/2012
  • Est. Priority Date: 01/29/2008
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method for dynamically establishing a trust relationship between authentication servers, the method comprising:

  • initiating by, a first authentication server, searching for one or more additional authentication servers for the purpose of discovering one or more sources of authentication tokens, the searching comprising a processor node of the first authentication server initiating a communication exchange with at least one other processor node of the one or more additional authentication servers, and inspecting an incoming authentication request from the one or more additional authentication servers to determine if the incoming authentication request is carrying one or more authentication tokens from a newly discovered realm, wherein the first authentication server and the one or more additional authentication servers include one or more processing devices;

    responsive to the request carrying one or more authentication tokens from the newly discovered realm, determining, by the first authentication server, whether or not the newly discovered realm is trustworthy by initiating communications with at least one trusted authentication server with respect to the first authentication server to ascertain whether or not there is an existing trust relationship between the at least one trusted authentication server and the newly discovered realm;

    responsive to an existing trust relationship between the at least one trusted authentication server and the newly discovered realm, the first authentication server determining that the newly discovered realm is trustworthy;

    responsive to a trust relationship not existing between the at least one trusted authentication server and the newly discovered realm, the first authentication server determining that the newly discovered realm is not yet trustworthy, with the first authentication server making one or more attempts to use a plurality of additional authentication tokens to validate information provided by the newly discovered realm before accepting any authentications from the newly discovered realm;

    responsive to receiving a plurality of correct authentication tokens from the newly discovered realm, the first authentication server then determining that the newly discovered realm is trustworthy;

    responsive to the first authentication server determining the newly discovered realm to be trustworthy, receiving a directory schema from the newly discovered realm and comparing the received directory schema with a known directory schema retrieved by the first authentication server to identify an intersection of the received directory schema and the known directory schema;

    the first authentication server using the intersection to identify a primary key, and to identify any unique information that is specific to either the first authentication server or the newly discovered realm.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×