Centralized user authentication system apparatus and method
First Claim
1. A system to authenticate a user, the system comprising:
- a computer system comprising computer hardware, the computer system programmed to implement;
a directory-based authentication server that authenticates users based on directory objects;
a non-directory based legacy identification subsystem that is not configured for directory-based authentication;
an enhanced authentication module in communication with the directory-based server and the non-directory based legacy identification subsystem wherein the enhanced authentication module obtains a directory object reference from a data field of an identification data store of the legacy identification system and provides the directory object reference to the directory-based authentication system;
wherein the non-directory based legacy identification subsystem comprises an identification data store that includes a data field having a directory object reference stored therein, the directory object reference configured to reference a directory object that is stored separately from the legacy identification system, wherein the directory object is configured to uniquely identify a specified user, and wherein the directory object reference is stored in the data field in place of authentication information native to the legacy identification system;
wherein the authentication module is configured to generate a request for authentication information of a specified user from the identification subsystem, and in response to receiving a response to the request, to access the data field in the identification data store of the legacy system to obtain the directory object reference stored therein, andwherein the authentication module further configured to obtain the directory object reference from the data field of the identification data store of the legacy system rather than authentication information native to the legacy system and to transmit the directory object reference to the directory-based authentication server; and
wherein the directory-based authentication server accesses the directory object stored separately from the non-directory based legacy system based on the directory object reference provided by the enhanced authentication module to authenticate the specified user against the directory object.
14 Assignments
0 Petitions
Accused Products
Abstract
An identification module receives a password request for a specified user and communicates an encrypted password field in response thereto, wherein the encrypted password field references a directory object corresponding to the specified user. The present invention also teaches an authentication module that communicates the password request to the identification module and receives the encrypted password field therefrom. Upon receiving the encrypted password field, the authentication module authenticates the specified user against the referenced directory object. In some embodiments, the encrypted password field is stored in an identification data store of an identification server and the directory object is stored in an authentication data store of an authentication server.
425 Citations
10 Claims
-
1. A system to authenticate a user, the system comprising:
a computer system comprising computer hardware, the computer system programmed to implement; a directory-based authentication server that authenticates users based on directory objects; a non-directory based legacy identification subsystem that is not configured for directory-based authentication; an enhanced authentication module in communication with the directory-based server and the non-directory based legacy identification subsystem wherein the enhanced authentication module obtains a directory object reference from a data field of an identification data store of the legacy identification system and provides the directory object reference to the directory-based authentication system; wherein the non-directory based legacy identification subsystem comprises an identification data store that includes a data field having a directory object reference stored therein, the directory object reference configured to reference a directory object that is stored separately from the legacy identification system, wherein the directory object is configured to uniquely identify a specified user, and wherein the directory object reference is stored in the data field in place of authentication information native to the legacy identification system; wherein the authentication module is configured to generate a request for authentication information of a specified user from the identification subsystem, and in response to receiving a response to the request, to access the data field in the identification data store of the legacy system to obtain the directory object reference stored therein, and wherein the authentication module further configured to obtain the directory object reference from the data field of the identification data store of the legacy system rather than authentication information native to the legacy system and to transmit the directory object reference to the directory-based authentication server; and wherein the directory-based authentication server accesses the directory object stored separately from the non-directory based legacy system based on the directory object reference provided by the enhanced authentication module to authenticate the specified user against the directory object. - View Dependent Claims (2, 3, 4, 5)
-
6. A method to authenticate a user, the method comprising:
by a computer system comprising computer hardware; modifying an identification data store that is configured to store authentication information native to a legacy identification system to store a directory object reference therein, wherein the directory object reference references a directory object that is stored separately from the legacy identification system, and wherein the directory object is configured to uniquely identify a specified user within the identification data store instead of storing authentication information native to the legacy identification system within the identification data store; providing an identification module configured to receive a request for authentication information corresponding to the specified user; accessing the identification data store in the legacy system to obtain the directory object reference stored therein; communicating the directory object reference stored in the identification data store to an authentication module in response to receiving the request; and transmitting the directory object reference from the authentication module to an authentication server configured to access the directory object stored separately from the legacy system based on the directory object reference and to authenticate the specified user against the directory object referenced by the identification data store. - View Dependent Claims (7, 8, 9, 10)
Specification