System, method and program for user authentication, and recording medium on which the program is recorded

US 8,689,302 B2
Filed: 04/27/2010
Issued: 04/01/2014
Est. Priority Date: 03/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user, comprising:

a first server of a plurality of servers generating an authentication policy table, said generating the authentication policy table comprising (i) inserting into the authentication policy table an authentication policy of each server and a server address of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that comprises the plurality of servers, and wherein each rule for each server specifies a format to which input user authentication information subsequently received from the user must conform;

said first server storing the generated authentication policy table within the first server;

after said generating and storing the authentication policy table, said first server receiving an access request from the user to access the federated computing environment;

after said receiving the access request, said first server receiving the input authentication information from the user;

said first server ascertaining that the received input authentication information conforms to the format specified in the at least one rule, in the authentication policy table of the first server, of the authentication policy of a second server of the plurality of servers;

after said ascertaining, said first server obtaining from the authentication policy table of the first server the server address of the second server;

said first server transmitting the input authentication information to the second server via the obtained server address of the second server;

after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user; and

after said receiving the notification that the second server has successfully authorized the user, said first server permitting the user to access the federated computing environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, and system, and computer program product for authenticating a user. A first server of a plurality of servers receives an access request from the user to access a federated computing environment that comprises multiple servers. After receiving the access request, the first server: receives input authentication information from the user, obtains a server address of a second server having an authentication policy that matches an authentication policy of the first server, transmits the input authentication information to the second server via the server address of the second server, receives from the second server a notification that the second server has successfully authorized the user, and permits the user to access the federated computing environment.

36 Citations

View as Search Results

17 Claims

1. A method for authenticating a user, comprising:
- a first server of a plurality of servers generating an authentication policy table, said generating the authentication policy table comprising (i) inserting into the authentication policy table an authentication policy of each server and a server address of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that comprises the plurality of servers, and wherein each rule for each server specifies a format to which input user authentication information subsequently received from the user must conform;
  
  said first server storing the generated authentication policy table within the first server;
  
  after said generating and storing the authentication policy table, said first server receiving an access request from the user to access the federated computing environment;
  
  after said receiving the access request, said first server receiving the input authentication information from the user;
  
  said first server ascertaining that the received input authentication information conforms to the format specified in the at least one rule, in the authentication policy table of the first server, of the authentication policy of a second server of the plurality of servers;
  
  after said ascertaining, said first server obtaining from the authentication policy table of the first server the server address of the second server;
  
  said first server transmitting the input authentication information to the second server via the obtained server address of the second server;
  
  after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user; and
  
  after said receiving the notification that the second server has successfully authorized the user, said first server permitting the user to access the federated computing environment.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1,wherein the method further comprises said first server determining that the received input authentication information conforms to the format specified in the at least one rule, in the authentication policy table of the first server, of the authentication policy of at least one additional server of the plurality of servers;
    - andwherein said obtaining the server address of the second server comprises selecting the second server rather than selecting any server of the at least one additional server because the relative priority of the second server in the authentication policy table of the first server is a higher relative priority than is a relative priority of each server of at least one additional server in the authentication policy table of the first server.
  - 3. The method of claim 1, wherein before said transmitting the input authentication information to the second server, the method further comprises:
    - said first server determining that a user identification (ID) of the user is not in an exceptional ID table of the first server, wherein the exceptional ID table of the first server stores common user IDs and an indication of one or more servers associated with each common user ID stored in the exceptional ID table of the first server.
  - 4. The method of claim 1, wherein the method further comprises:
    - prior to said setting the relative priority of each server in the authentication policy table of the first server, said first server receiving manual input of the relative priority of each server.
  - 5. The method of claim 1, wherein the format specified in the at least one rule of the authentication policy of the second server is a specification of an alphanumeric format of each character contained in a user identification (ID) of the user and of each character contained in a password of the user, and wherein the alphanumeric format of each character is selected from the group consisting of an alphabetic character and a numeric character.
  - 6. The method of claim 1, wherein the format specified in the at least one rule of the authentication policy of the second server is a specified total number of bytes of binary data representing a fingerprint of the user or a voice print of the user.

7. A computer system comprising a processor, a storage device coupled to the processor, and a computer readable memory unit coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory unit to implement a method for authenticating a user, said method comprising:
- a first server of a plurality of servers generating an authentication policy table, said generating the authentication policy table comprising (i) inserting into the authentication policy table an authentication policy of each server and a server address of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that comprises the plurality of servers, and wherein each rule for each server specifies a format to which input user authentication information subsequently received from the user must conform;
  
  said first server storing the generated authentication policy table within the first server;
  
  after said generating and storing the authentication policy table, said first server receiving an access request from the user to access the federated computing environment;
  
  after said receiving the access request, said first server receiving the input authentication information from the user;
  
  said first server ascertaining that the received input authentication information conforms to the format specified in the at least one rule, in the authentication policy table of the first server, of the authentication policy of a second server of the plurality of servers;
  
  after said ascertaining, said first server obtaining from the authentication policy table of the first server the server address of the second server;
  
  said first server transmitting the input authentication information to the second server via the obtained server address of the second server;
  
  after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user; and
  
  after said receiving the notification that the second server has successfully authorized the user, said first server permitting the user to access the federated computing environment.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer system of claim 7,wherein the method further comprises said first server determining that the received input authentication information conforms to the format specified in the at least one rule, in the authentication policy table of the first server, of the authentication policy of at least one additional server of the plurality of servers;
    - andwherein said obtaining the server address of the second server comprises selecting the second server rather than selecting any server of the at least one additional server because the relative priority of the second server in the authentication policy table of the first server is a higher relative priority than is a relative priority of each server of at least one additional server in the authentication policy table of the first server.
  - 9. The computer system of claim 7, wherein before said transmitting the input authentication information to the second server, the method further comprises:
    - said first server determining that a user identification (ID) of the user is not in an exceptional ID table of the first server, wherein the exceptional ID table of the first server stores common user IDs and an indication of one or more servers associated with each common user ID stored in the exceptional ID table of the first server.
  - 10. The computer system of claim 7, wherein the method further comprises:
    - prior to said setting the relative priority of each server in the authentication policy table of the first server, said first server receiving manual input of the relative priority of each server.
  - 11. The computer system of claim 7, wherein the format specified in the at least one rule of the authentication policy of the second server is a specification of an alphanumeric format of each character contained in a user identification (ID) of the user and of each character contained in a password of the user, and wherein the alphanumeric format of each character is selected from the group consisting of an alphabetic character and a numeric character.
  - 12. The computer system of claim 7, wherein the format specified in the at least one rule of the authentication policy of the second server is a specified total number of bytes of binary data representing a fingerprint of the user or a voice print of the user.

13. A computer program product, comprising a computer readable storage device having program code stored therein, said program code configured to be executed by a computer processor to perform a method for authenticating a user, said method comprising:
- a first server of a plurality of servers generating an authentication policy table, said generating the authentication policy table comprising inserting (i) into the authentication policy table an authentication policy of each server and a server address of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that comprises the plurality of servers, and wherein each rule for each server specifies a format to which input user authentication information subsequently received from the user must conform;
  
  said first server storing the generated authentication policy table within the first server;
  
  after said generating and storing the authentication policy table, said first server receiving an access request from the user to access the federated computing environment;
  
  after said receiving the access request, said first server receiving the input authentication information from the user;
  
  said first server ascertaining that the received input authentication information conforms to the format specified in the at least one rule, in the authentication policy table of the first server, of the authentication policy of a second server of the plurality of servers;
  
  after said ascertaining, said first server obtaining from the authentication policy table of the first server the server address of the second server;
  
  said first server transmitting the input authentication information to the second server via the obtained server address of the second server;
  
  after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user; and
  
  after said receiving the notification that the second server has successfully authorized the user, said first server permitting the user to access the federated computing environment.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13,wherein the method further comprises said first server determining that the received input authentication information conforms to the format specified in the at least one rule, in the authentication policy table of the first server, of the authentication policy of at least one additional server of the plurality of servers;
    - andwherein said obtaining the server address of the second server comprises selecting the second server rather than selecting any server of the at least one additional server because the relative priority of the second server in the authentication policy table of the first server is a higher relative priority than is a relative priority of each server of at least one additional server in the authentication policy table of the first server.
  - 15. The computer program product of claim 13, wherein the method further comprises:
    - prior to said setting the relative priority of each server in the authentication policy table of the first server, said first server receiving manual input of the relative priority of each server.
  - 16. The computer program product of claim 13, wherein the format specified in the at least one rule of the authentication policy of the second server is a specification of an alphanumeric format of each character contained in a user identification (ID) of the user and of each character contained in a password of the user, and wherein the alphanumeric format of each character is selected from the group consisting of an alphabetic character and a numeric character.
  - 17. The computer program product of claim 13, wherein the format specified in the at least one rule of the authentication policy of the second server is a specified total number of bytes of binary data representing a fingerprint of the user or a voice print of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirBNB Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Takehi, Masahiro
Primary Examiner(s)
Vaughan, Michael R

Application Number

US12/767,832
Publication Number

US 20100212000A1
Time in Patent Office

1,435 Days
Field of Search

None
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

System, method and program for user authentication, and recording medium on which the program is recorded

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and program for user authentication, and recording medium on which the program is recorded

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links