Authentication policy usage for authenticating a user

US 8,839,393 B2
Filed: 07/16/2013
Issued: 09/16/2014
Est. Priority Date: 03/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user, comprising:

a first server of a plurality of servers generating, by a computer processor, an authentication policy table, said generating the authentication policy table comprising (i) inserting into the authentication policy table an authentication policy of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that comprises the plurality of servers;

said first server storing, by the processor, the generated authentication policy table within the first server;

after said generating and storing the authentication policy table, said first server receiving, by the processor, an access request from the user to access the federated computing environment;

after said receiving the access request, said first server receiving, by the processor, input authentication information from the user; and

said first server ascertaining, by the processor, that the user is authorized to access the federated computing environment, wherein said ascertaining comprises determining that the received input authentication information conforms to the at least one rule of the authentication policy of a second server having a highest relative priority among servers of the plurality of servers whose authentication policy'"'"'s at least one rule, in the authentication policy table of the first server, is conformed to by the received input authentication information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authenticating a user. A first server of multiple servers generates an authentication policy table by inserting into the authentication policy table an authentication policy of each server and setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server. The authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that includes the multiple servers. The first server receives an access request from the user to access the federated computing environment, receives input authentication information from the user, and determines from use of both the input authentication information and the at least one rule in the authentication policy table of the first server that the user is authorized to access the federated computing environment.

Citations

18 Claims

1. A method for authenticating a user, comprising:
- a first server of a plurality of servers generating, by a computer processor, an authentication policy table, said generating the authentication policy table comprising (i) inserting into the authentication policy table an authentication policy of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated computing environment that comprises the plurality of servers;
  
  said first server storing, by the processor, the generated authentication policy table within the first server;
  
  after said generating and storing the authentication policy table, said first server receiving, by the processor, an access request from the user to access the federated computing environment;
  
  after said receiving the access request, said first server receiving, by the processor, input authentication information from the user; and
  
  said first server ascertaining, by the processor, that the user is authorized to access the federated computing environment, wherein said ascertaining comprises determining that the received input authentication information conforms to the at least one rule of the authentication policy of a second server having a highest relative priority among servers of the plurality of servers whose authentication policy'"'"'s at least one rule, in the authentication policy table of the first server, is conformed to by the received input authentication information.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said determining that the received input authentication information conforms to the at least one rule of the authentication policy of the second server comprises determining that the received input authentication information conforms to a format specified in the at least one rule of the authentication policy of the second server.
  - 3. The method of claim 2, wherein the format specified in the at least one rule of the authentication policy of the second server is a specification of an alphanumeric format of each character contained in a user identification (ID) of the user and of each character contained in a password of the user, and wherein the alphanumeric format of each character is selected from the group consisting of an alphabetic character and a numeric character.
  - 4. The method of claim 2, wherein the format specified in the at least one rule of the authentication policy of the second server is a specified total number of bytes of binary data representing a fingerprint of the user or a voice print of the user.
  - 5. The method of claim 1, wherein said generating the authentication policy table further comprises inserting a server address of each server into the authentication policy table, and wherein said determining that the user is authorized to access the federated computing environment comprises:
    - said first server obtaining from the authentication policy table of the first server the server address of the second server;
      
      said first server transmitting the input authentication information to the second server via the obtained server address of the second server; and
      
      after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user.
  - 6. The method of claim 1, said method further comprising:
    - after said determining that the user is authorized to access the federated computing environment, said first server permitting, by the processor, the user to access the federated computing environment.

7. A computer system comprising a processor, a storage device coupled to the processor, and a computer readable memory unit coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory unit to implement a method for authenticating a user, said method comprising:
- a first server of a plurality of servers generating, by the processor, an authentication policy table, said generating the authentication policy table comprising (i) inserting into the authentication policy table an authentication policy of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated that comprises the plurality of servers;
  
  said first server storing, by the processor, the generated authentication policy table within the first server;
  
  after said generating and storing the authentication policy table, said first server receiving, by the processor, an access request from the user to access the federated computing environment;
  
  after said receiving the access request, said first server receiving, by the processor, input authentication information from the user; and
  
  said first server ascertaining, by the processor, that the user is authorized to access the federated computing environment, wherein said ascertaining comprises determining that the received input authentication information conforms to the at least one rule of the authentication policy of a second server having a highest relative priority among servers of the plurality of servers whose authentication policy'"'"'s at least one rule, in the authentication policy table of the first server, is conformed to by the received input authentication information.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer system of claim 7, wherein said determining that the received input authentication information conforms to the at least one rule of the authentication policy of the second server comprises determining that the received input authentication information conforms to a format specified in the at least one rule of the authentication policy of the second server.
  - 9. The computer system of claim 8, wherein the format specified in the at least one rule of the authentication policy of the second server is a specification of an alphanumeric format of each character contained in a user identification (ID) of the user and of each character contained in a password of the user, and wherein the alphanumeric format of each character is selected from the group consisting of an alphabetic character and a numeric character.
  - 10. The computer system of claim 8, wherein the format specified in the at least one rule of the authentication policy of the second server is a specified total number of bytes of binary data representing a fingerprint of the user or a voice print of the user.
  - 11. The computer system of claim 7, wherein said generating the authentication policy table further comprises inserting a server address of each server into the authentication policy table, and wherein said determining that the user is authorized to access the federated computing environment comprises:
    - said first server obtaining from the authentication policy table of the first server the server address of the second server;
      
      said first server transmitting the input authentication information to the second server via the obtained server address of the second server; and
      
      after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user.
  - 12. The computer system of claim 7, said method further comprising:
    - after said determining that the user is authorized to access the federated computing environment, said first server permitting, by the processor, the user to access the federated computing environment.

13. A computer program product, comprising a computer readable storage device having program code stored therein, said program code configured to be executed by a computer processor to perform a method for authenticating a user, said method comprising:
- a first server of a plurality of servers generating, by the processor, an authentication policy table, said generating the authentication policy table comprising (i) inserting into the authentication policy table an authentication policy of each server and (ii) setting a relative priority of each server in the authentication policy table of the first server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of a federated that comprises the plurality of servers;
  
  said first server storing, by the processor, the generated authentication policy table within the first server;
  
  after said generating and storing the authentication policy table, said first server receiving, by the processor, an access request from the user to access the federated computing environment;
  
  after said receiving the access request, said first server receiving, by the processor, input authentication information from the user; and
  
  said first server ascertaining, by the processor, that the user is authorized to access the federated computing environment, wherein said ascertaining comprises determining that the received input authentication information conforms to the at least one rule of the authentication policy of a second server having a highest relative priority among servers of the plurality of servers whose authentication policy'"'"'s at least one rule, in the authentication policy table of the first server, is conformed to by the received input authentication information.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer program product of claim 13, wherein said determining that the received input authentication information conforms to the at least one rule of the authentication policy of the second server comprises determining that the received input authentication information conforms to a format specified in the at least one rule of the authentication policy of the second server.
  - 15. The computer program product of claim 14, wherein the format specified in the at least one rule of the authentication policy of the second server is a specification of an alphanumeric format of each character contained in a user identification (ID) of the user and of each character contained in a password of the user, and wherein the alphanumeric format of each character is selected from the group consisting of an alphabetic character and a numeric character.
  - 16. The computer program product of claim 14, wherein the format specified in the at least one rule of the authentication policy of the second server is a specified total number of bytes of binary data representing a fingerprint of the user or a voice print of the user.
  - 17. The computer program product of claim 13, wherein said generating the authentication policy table further comprises inserting a server address of each server into the authentication policy table, and wherein said determining that the user is authorized to access the federated computing environment comprises:
    - said first server obtaining from the authentication policy table of the first server the server address of the second server;
      
      said first server transmitting the input authentication information to the second server via the obtained server address of the second server; and
      
      after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user.
  - 18. The computer program product of claim 13, said method further comprising:
    - after said determining that the user is authorized to access the federated computing environment, said first server permitting, by the processor, the user to access the federated computing environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirBNB Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Takehi, Masahiro
Primary Examiner(s)
Vaughan, Michael R

Application Number

US13/943,138
Publication Number

US 20130305313A1
Time in Patent Office

427 Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Authentication policy usage for authenticating a user

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication policy usage for authenticating a user

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links