Centralized user authentication system apparatus and method
First Claim
1. A system to authenticate a user, the system comprising:
- a computer system comprising computer hardware, the computer system programmed to implement;
a directory-based authentication sever that authenticates users based on directory objects;
a non-directory based legacy identification subsystem that is not configured for directory-based authentication;
an enhanced authentication module in communication with the directory-based server and the non-directory based legacy identification subsystem wherein the enhanced authentication module obtains a directory object reference from an encrypted password field stored in the legacy identification system and provides the directory object reference to the directory-based authentication system;
wherein the non-directory based legacy identification subsystem comprises an encrypted password field having a directory object reference stored therein, the directory object reference configured to reference a directory object that is stored separately from the legacy identification system, wherein the directory object is configured to uniquely identify a specified user, and wherein the directory object reference is stored in the encrypted password field instead of storing an encrypted password in the encrypted password field;
wherein the authentication module is configured to generate a request for the encrypted password field of a specified user from the identification subsystem, and in response to receiving the contents, access the encrypted password field in the legacy system to obtain the directory object reference stored therein, andwherein the authentication module further configured to obtain the directory object reference from the encrypted password field rather than a password and to transmit the directory object reference to the directory-based authentication server; and
wherein the directory-based authentication sever accesses the directory object stored separately from the non-directory based legacy system based on the directory object reference provided by the enhanced authentication module to authenticate the specified user against the directory object.
25 Assignments
0 Petitions
Accused Products
Abstract
An identification module receives a password request for a specified user and communicates an encrypted password field in response thereto, wherein the encrypted password field references a directory object corresponding to the specified user. The present invention also teaches an authentication module that communicates the password request to the identification module and receives the encrypted password field therefrom. Upon receiving the encrypted password field, the authentication module authenticates the specified user against the referenced directory object. In some embodiments, the encrypted password field is stored in an identification data store of an identification server and the directory object is stored in an authentication data store of an authentication server.
-
Citations
11 Claims
-
1. A system to authenticate a user, the system comprising:
a computer system comprising computer hardware, the computer system programmed to implement; a directory-based authentication sever that authenticates users based on directory objects; a non-directory based legacy identification subsystem that is not configured for directory-based authentication; an enhanced authentication module in communication with the directory-based server and the non-directory based legacy identification subsystem wherein the enhanced authentication module obtains a directory object reference from an encrypted password field stored in the legacy identification system and provides the directory object reference to the directory-based authentication system; wherein the non-directory based legacy identification subsystem comprises an encrypted password field having a directory object reference stored therein, the directory object reference configured to reference a directory object that is stored separately from the legacy identification system, wherein the directory object is configured to uniquely identify a specified user, and wherein the directory object reference is stored in the encrypted password field instead of storing an encrypted password in the encrypted password field; wherein the authentication module is configured to generate a request for the encrypted password field of a specified user from the identification subsystem, and in response to receiving the contents, access the encrypted password field in the legacy system to obtain the directory object reference stored therein, and wherein the authentication module further configured to obtain the directory object reference from the encrypted password field rather than a password and to transmit the directory object reference to the directory-based authentication server; and wherein the directory-based authentication sever accesses the directory object stored separately from the non-directory based legacy system based on the directory object reference provided by the enhanced authentication module to authenticate the specified user against the directory object. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A method to authenticate a user, the method comprising:
by a computer system comprising computer hardware; modifying an encrypted password field in a legacy identification system to store a directory object reference therein, wherein the directory object reference references a directory object that is stored separately from the legacy identification system, and wherein the directory object is configured to uniquely identify a specified user within the encrypted password field instead of storing an encrypted password in the encrypted password field; providing an identification module configured to receive a password request corresponding to the specified user; accessing the encrypted password field in the legacy system to obtain the directory object reference stored therein; communicating the directory object reference stored in the encrypted password field to an authentication module in response to receiving the request; and transmitting the directory object reference from the authentication module to an authentication server configured to access the directory object stored separately from the legacy system based on the directory object reference and to authenticate the specified user against the directory object referenced by the encrypted password field. - View Dependent Claims (8, 9, 10, 11)
Specification