Centralized user authentication system apparatus and method

US 8,429,712 B2
Filed: 06/18/2006
Issued: 04/23/2013
Est. Priority Date: 06/08/2006
Status: Active Grant

First Claim

Patent Images

1. A system to authenticate a user, the system comprising:

a computer system comprising computer hardware, the computer system programmed to implement;

a directory-based authentication sever that authenticates users based on directory objects;

a non-directory based legacy identification subsystem that is not configured for directory-based authentication;

an enhanced authentication module in communication with the directory-based server and the non-directory based legacy identification subsystem wherein the enhanced authentication module obtains a directory object reference from an encrypted password field stored in the legacy identification system and provides the directory object reference to the directory-based authentication system;

wherein the non-directory based legacy identification subsystem comprises an encrypted password field having a directory object reference stored therein, the directory object reference configured to reference a directory object that is stored separately from the legacy identification system, wherein the directory object is configured to uniquely identify a specified user, and wherein the directory object reference is stored in the encrypted password field instead of storing an encrypted password in the encrypted password field;

wherein the authentication module is configured to generate a request for the encrypted password field of a specified user from the identification subsystem, and in response to receiving the contents, access the encrypted password field in the legacy system to obtain the directory object reference stored therein, andwherein the authentication module further configured to obtain the directory object reference from the encrypted password field rather than a password and to transmit the directory object reference to the directory-based authentication server; and

wherein the directory-based authentication sever accesses the directory object stored separately from the non-directory based legacy system based on the directory object reference provided by the enhanced authentication module to authenticate the specified user against the directory object.

View all claims

25 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An identification module receives a password request for a specified user and communicates an encrypted password field in response thereto, wherein the encrypted password field references a directory object corresponding to the specified user. The present invention also teaches an authentication module that communicates the password request to the identification module and receives the encrypted password field therefrom. Upon receiving the encrypted password field, the authentication module authenticates the specified user against the referenced directory object. In some embodiments, the encrypted password field is stored in an identification data store of an identification server and the directory object is stored in an authentication data store of an authentication server.

Citations

11 Claims

1. A system to authenticate a user, the system comprising:
- a computer system comprising computer hardware, the computer system programmed to implement;
  
  a directory-based authentication sever that authenticates users based on directory objects;
  
  a non-directory based legacy identification subsystem that is not configured for directory-based authentication;
  
  an enhanced authentication module in communication with the directory-based server and the non-directory based legacy identification subsystem wherein the enhanced authentication module obtains a directory object reference from an encrypted password field stored in the legacy identification system and provides the directory object reference to the directory-based authentication system;
  
  wherein the non-directory based legacy identification subsystem comprises an encrypted password field having a directory object reference stored therein, the directory object reference configured to reference a directory object that is stored separately from the legacy identification system, wherein the directory object is configured to uniquely identify a specified user, and wherein the directory object reference is stored in the encrypted password field instead of storing an encrypted password in the encrypted password field;
  
  wherein the authentication module is configured to generate a request for the encrypted password field of a specified user from the identification subsystem, and in response to receiving the contents, access the encrypted password field in the legacy system to obtain the directory object reference stored therein, andwherein the authentication module further configured to obtain the directory object reference from the encrypted password field rather than a password and to transmit the directory object reference to the directory-based authentication server; and
  
  wherein the directory-based authentication sever accesses the directory object stored separately from the non-directory based legacy system based on the directory object reference provided by the enhanced authentication module to authenticate the specified user against the directory object.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the encrypted password field comprises a principal name.
  - 3. The system of claim 1, wherein the identification subsystem is configured to identify the specified user upon receiving a username.
  - 4. The system of claim 1, wherein the authentication subsystem comprises a pluggable authentication module.
  - 5. The system of claim 1, wherein the identification subsystem comprises a plurality of identification modules selected from the group consisting of a NSS-NIS module, a NSS-LDAP module, and a NSS-File module.
  - 6. The system of claim 1, wherein the identification subsystem is configured to retrieve the encrypted password field from an identification data store.

7. A method to authenticate a user, the method comprising:
- by a computer system comprising computer hardware;
  
  modifying an encrypted password field in a legacy identification system to store a directory object reference therein, wherein the directory object reference references a directory object that is stored separately from the legacy identification system, and wherein the directory object is configured to uniquely identify a specified user within the encrypted password field instead of storing an encrypted password in the encrypted password field;
  
  providing an identification module configured to receive a password request corresponding to the specified user;
  
  accessing the encrypted password field in the legacy system to obtain the directory object reference stored therein;
  
  communicating the directory object reference stored in the encrypted password field to an authentication module in response to receiving the request; and
  
  transmitting the directory object reference from the authentication module to an authentication server configured to access the directory object stored separately from the legacy system based on the directory object reference and to authenticate the specified user against the directory object referenced by the encrypted password field.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, wherein providing an authentication module comprises providing a pluggable authentication module.
  - 9. The method of claim 7, wherein the encrypted password field comprises a principal name.
  - 10. The method of claim 7, wherein the providing an identification module comprises providing a plurality of identification modules selected from the group consisting of a NSS-NIS module, a NSS-LDAP module, and a NSS-Files module.
  - 11. The method of claim 7, wherein the providing an identification module comprises providing an identification module configured identify the specified user upon receiving the username.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
Quest Software, Inc.
Inventors
Robinson, Kyle Lane, Bowers, John Joseph
Primary Examiner(s)
Mehedi, Morshed

Application Number

US11/424,874
Publication Number

US 20070288992A1
Time in Patent Office

2,501 Days
Field of Search

713/168, 726/2, 726/4
US Class Current

726/2
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 9/3226   using a predetermined code,...

Centralized user authentication system apparatus and method

First Claim

25 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Centralized user authentication system apparatus and method

First Claim

25 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links