Authentication based on previous authentications

US 9,094,393 B2
Filed: 11/11/2013
Issued: 07/28/2015
Est. Priority Date: 04/27/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating a user to a target server, the method comprising:

receiving, by a computer system having at least one processor coupled to memory, a request from a user computer system to authenticate the user for access to a target server at level N of N levels, wherein N is a positive integer of at least 2, wherein N target servers are sequentially nested at respective levels of the N levels denoted as levels 1 through N sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−

1 target servers at the respective levels 1 through N−

1 if N is at least 3;

accessing, by the computer system, a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to authentication of the user for access to the N−

1 target servers at the respective levels 1 through N−

1;

receiving, by the computer system, an indication of whether a current authentication plan exists in an authentication store, the current authentication plan having one or more authentication records, each authentication record having current information relating to authentication of the user for access to the N−

1 target servers at the respective levels 1 through N−

1;

in response to having received a determination that the current authentication plan exists, (i) requesting, by the computer system, the current authentication plan and (ii) receiving, by the computer system, the current authentication plan from the authentication store;

determining, by the computer system, that there is at least a partial match between the stored authentication plan and the current authentication plan; and

authenticating in response to said determining that there is at least the partial match, by the computer system, the user for access to the target server at level N.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authenticating a user to a target server. A request is received from a user computer system to authenticate the user for access to a target server at level N of N levels (N≧2). Each record of a stored authentication plan associated with the user has authentication records each having expected information relating to authentication of the user for access to the N−1 target servers at respective levels 1 through N−1. Each record of a received current authentication plan for the user has authentication records each having current information relating to authentication of the user for access to the N−1 target servers at respective levels 1 through N−1. It is determined that that there is at least a partial match between the stored and current authentication plans, and in response, the user is authenticated for access to the target server at level N.

44 Citations

View as Search Results

20 Claims

1. A method for authenticating a user to a target server, the method comprising:
- receiving, by a computer system having at least one processor coupled to memory, a request from a user computer system to authenticate the user for access to a target server at level N of N levels, wherein N is a positive integer of at least 2, wherein N target servers are sequentially nested at respective levels of the N levels denoted as levels 1 through N sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1 if N is at least 3;
  
  accessing, by the computer system, a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to authentication of the user for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  receiving, by the computer system, an indication of whether a current authentication plan exists in an authentication store, the current authentication plan having one or more authentication records, each authentication record having current information relating to authentication of the user for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  in response to having received a determination that the current authentication plan exists, (i) requesting, by the computer system, the current authentication plan and (ii) receiving, by the computer system, the current authentication plan from the authentication store;
  
  determining, by the computer system, that there is at least a partial match between the stored authentication plan and the current authentication plan; and
  
  authenticating in response to said determining that there is at least the partial match, by the computer system, the user for access to the target server at level N.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said determining that there is at least the partial match comprises determining that there is at least the partial match based on analyzing authentication events.
  - 3. The method of claim 1, wherein the method further comprises:
    - determining, by the computer system, that there is a mismatch between the stored authentication plan and the current authentication plan; and
      
      resolving, by the computer system, the mismatch.
  - 4. The method of claim 3, wherein said resolving the mismatch comprises requiring additional authentication information.
  - 5. The method of claim 3, wherein said resolving the mismatch comprises invoking a process to modify or create a new authentication plan.
  - 6. The method of claim 1, wherein each of the one or more authentication records of the authentication plan and the current authentication plan comprise a server identifier and an authentication event fact.
  - 7. The method of claim 1, wherein the at least the partial match is an exact match.
  - 8. The method of claim 1, wherein N is at least 3.

9. A computer program product for authenticating a user to a target server, said computer program product comprising:
- one or more computer readable storage devices and program instructions stored on the one or more storage devices, wherein the program instructions stored on the one or more storage devices comprise;
  
  program instructions to receive a request from a user computer system to authenticate the user for access to a target server at level N of N levels, wherein N is a positive integer of at least 2, wherein N target servers are sequentially nested at respective levels of the N levels denoted as levels 1 through N sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1 if N is at least 3;
  
  program instructions to access a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to authentication of the user for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  program instructions to receive an indication of whether a current authentication plan exists in an authentication store, the current authentication plan having one or more authentication records, each authentication record having current information relating to authentication of the user for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  program instructions to, in response to having received a determination that the current authentication plan exists, (i) request the current authentication plan and (ii) receive the current authentication plan from the authentication store;
  
  program instructions to determine that there is at least a partial match between the stored authentication plan and the current authentication plan; and
  
  program instructions to authenticate in response to a determination that there is at least the partial match, the user for access to the target server at level N.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer program product of claim 9, wherein the program instructions to determine that there is at least the partial match comprises program instructions to determine that there is at least the partial based on analyzing authentication events.
  - 11. The computer program product of claim 9, wherein the program instructions stored on the one or more storage devices comprise:
    - program instructions to determine that there is a mismatch between the stored authentication plan and the current authentication plan; and
      
      program instructions to resolve the mismatch.
  - 12. The computer program product of claim 11, wherein the program instructions to resolve the mismatch comprises program instructions to require additional authentication information.
  - 13. The computer program product of claim 11, wherein the program instructions to resolve the mismatch comprises program instructions to modify or create a new authentication plan.
  - 14. The computer program product of claim 9, wherein each of the one or more authentication records of the authentication plan and the current authentication plan comprise a server identifier and an authentication event fact.

15. A computer system for authenticating a user to a target server, said computer system comprising:
- one or more processors, one or more computer readable storage devices, program instructions stored on the one or more storage devices, and one or more memories, wherein the program instructions stored on the one or more storage devices are configured to be executed by the one or more processors via the one or more memories, wherein the program instructions stored on the one or more storage devices comprise;
  
  program instructions to receive a request from a user computer system to authenticate the user for access to a target server at level N of N levels, wherein N is a positive integer of at least 2, wherein N target servers are sequentially nested at respective levels of the N levels denoted as levels 1 through N sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1 if N is at least 3;
  
  program instructions to access a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to authentication of the user for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  program instructions to receive an indication of whether a current authentication plan exists in an authentication store, the current authentication plan having one or more authentication records, each authentication record having current information relating to authentication of the user for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  program instructions to, in response to having received a determination that the current authentication plan exists, (i) request the current authentication plan and (ii) receive the current authentication plan from the authentication store;
  
  program instructions to determine that there is at least a partial match between the stored authentication plan and the current authentication plan; and
  
  program instructions to authenticate in response to a determination that there is at least the partial match, the user for access to the target server at level N.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, wherein the program instructions to determine that there is at least the partial match comprises program instructions to determine that there is at least the partial based on analyzing authentication events.
  - 17. The computer system of claim 15, wherein the program instructions stored on the one or more storage devices comprise:
    - program instructions to determine that there is a mismatch between the stored authentication plan and the current authentication plan; and
      
      program instructions to resolve the mismatch.
  - 18. The computer system of claim 17, wherein the program instructions to resolve the mismatch comprises program instructions to require additional authentication information.
  - 19. The computer system of claim 17, wherein the program instructions to resolve the mismatch comprises program instructions to modify or create a new authentication plan.
  - 20. The computer system of claim 15, wherein each of the one or more authentication records of the authentication plan and the current authentication plan comprise a server identifier and an authentication event fact.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Hamilton, Rick A. II, O'Connell, Brian M., Pavesi, John R., Walker, Keith R.
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Le, Canh

Application Number

US14/076,392
Publication Number

US 20140068730A1
Time in Patent Office

624 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 67/10   in which an application is ...

Authentication based on previous authentications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication based on previous authentications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links