Renewal of user identification information

US 9,147,062 B2
Filed: 06/29/2011
Issued: 09/29/2015
Est. Priority Date: 06/29/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method operative in association with a first application server for managing user identification information, the method comprising:

responsive to receiving, at the first application server, a token that has expired, the token received from a client that is distinct from the first application server, determining, by a processor unit having a hardware element, whether an instance of security information in use on the first application server and referenced by the token was generated by an application server compatible with the first application server, wherein a determination regarding compatibility is based on whether the first application server is of a same type or version as the application server that generated the instance of security information;

responsive to determining that the instance of the security information was generated by an application server compatible with the first application server, determining whether the instance of the security information is managed using a set of rules for a group of users of the first application server;

responsive to determining that the instance of the security information referenced by the token is managed by the set of rules for the group of users of the first application server, determining whether a user identifier from the token is authorized to access the first application server; and

responsive to determining that the user identifier is authorized to access the first application server, renewing the token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, data processing system, and computer program product for managing user identification information. A determination is made whether an instance of security information in use on the first application server and referenced by a token that has expired was generated by an application server compatible with a first application server in response to receiving the token. A determination is made whether the instance of the security information is managed by a set of rules for a group of users of the first application server. A determination is made whether a user identifier from the token is authorized to access the first application server. The token is renewed in response to determining that the user identifier is authorized to access the first application server.

Citations

25 Claims

1. A method operative in association with a first application server for managing user identification information, the method comprising:
- responsive to receiving, at the first application server, a token that has expired, the token received from a client that is distinct from the first application server, determining, by a processor unit having a hardware element, whether an instance of security information in use on the first application server and referenced by the token was generated by an application server compatible with the first application server, wherein a determination regarding compatibility is based on whether the first application server is of a same type or version as the application server that generated the instance of security information;
  
  responsive to determining that the instance of the security information was generated by an application server compatible with the first application server, determining whether the instance of the security information is managed using a set of rules for a group of users of the first application server;
  
  responsive to determining that the instance of the security information referenced by the token is managed by the set of rules for the group of users of the first application server, determining whether a user identifier from the token is authorized to access the first application server; and
  
  responsive to determining that the user identifier is authorized to access the first application server, renewing the token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein renewing the token comprises:
    - generating a new token for the user identifier; and
      
      sending the new token to a browser that the token was received from.
  - 3. The method of claim 1 further comprising:
    - receiving the token in a request during a session at the first application server;
      
      responsive to receiving the request, identifying the user identifier from the token; and
      
      identifying the instance of the security information in use on the first application server using the user identifier, wherein the instance of the security information is a current instance of the security information for the session in use by a server application running in the first application server and wherein the security information is of a user associated with the user identifier.
  - 4. The method of claim 1 further comprising:
    - receiving the token in a request at the first application server;
      
      responsive to determining that the user identifier is authorized to access the first application server, store updated security information about a user associated with the user identifier at the first application server; and
      
      performing the request at the first application server using the updated security information without requiring the user to authenticate after the token has expired.
  - 5. The method of claim 1 further comprising:
    - receiving the token in a request at the first application server;
      
      responsive to determining that the token has expired, determining whether renewal of the token is permitted for the first application server;
      
      responsive to determining that renewal of the token is not permitted for the first application server, denying the request at the first application server; and
      
      wherein determining whether the instance of the security information in use on the first application server and referenced by the token was generated by an application server compatible with the first application server comprises;
      
      determining whether the instance of the security information in use on the first application server and referenced by the token was generated by an application server compatible with the first application server in response to determining that renewal of the token is permitted for the first application server.
  - 6. The method of claim 1 further comprising:
    - receiving the token in a request at the first application server;
      
      determining whether the request was received at the first application server during a period of time that the token is valid; and
      
      wherein renewing the token comprises;
      
      generating a new token where the period of time the new token is valid to includes a present time.
  - 7. The method of claim 1, wherein the set of rules for the group of users of the first application server is a security realm of the first application server and wherein determining whether the instance referenced by the token is managed by the set of rules for the group of users of the first application server comprises:
    - determining whether the instance of the security information uses the security realm of the first application server.
  - 8. The method of claim 1, wherein determining whether the instance of the security information in use on the first application server and referenced by the token was generated by an application server compatible with the first application server comprises:
    - determining whether the application server that generated the token is a same type of application server as the first application server.
  - 9. The method of claim 1, wherein the token is encrypted information comprising the user identifier sent to a browser after a user has been authenticated.

10. An application server for managing user identification information, the application server comprising:
- an authentication system configured to receive a token that has expired in a request, the request received from a client that is distinct from the application server, determine whether an instance of security information in use on the application server and referenced by the token was generated by a type or version of application server that is compatible with the application server, determine whether the instance of the security information is managed by a set of rules for a group of users of the application server in response to determining that the instance of the security information was generated by the type of application server that is compatible with the application server, determine whether a user identifier from the token is authorized to access the application server in response to determining that the instance of the security information referenced by the token is managed by the set of rules for the group of users of the application server, and renew the token in response to determining that the user identifier is authorized to access the application server.
- View Dependent Claims (11, 12, 13)
- - 11. The application server of claim 10 further comprising:
    - a storage device configured to store updated security information about a user associated with the user identifier in response to the authentication system determining that the user identifier is authorized to access the application server; and
      
      a data processing system associated with the storage device, the data processing system configured to perform the request using the updated security information without the authentication system requiring the user to authenticate after the token expired.
  - 12. The application server of claim 10, wherein in renewing the token the authentication system is further configured to generate a new token for the user identifier and send the new token to a browser that the token was received from.
  - 13. The application server of claim 10, wherein the authentication system is further configured to identify the user identifier from the token and identify the instance of the security information in use on the application server using the user identifier, wherein the instance of the security information is a current instance of the security information for a session in use by a server application running in the application server and wherein the security information is of a user associated with the user identifier.

14. A computer program product for managing user identification information in association with a first application server, the computer program product comprising:
- a non-transitory computer readable storage medium;
  
  program code, stored on the computer readable storage medium, configured to determine whether an instance of security information in use on the first application server and referenced by a token that has expired was generated by an application server compatible with the first application server in response to receiving the token at the first application server from a client that is distinct from the first application server, wherein a determination regarding compatibility is based on whether the first application server is of a same type or version as the application server that generated the instance of security information;
  
  program code, stored on the computer readable storage medium, configured to determine whether the instance of the security information is managed by a set of rules for a group of users of the first application server in response to determining that the instance of the security information was generated by an application server compatible with the first application server;
  
  program code, stored on the computer readable storage medium, configured to determine whether a user identifier from the token is authorized to access the first application server in response to determining that the instance of the security information referenced by the token is managed by the set of rules for the group of users of the first application server; and
  
  program code, stored on the computer readable storage medium, configured to renew the token in response to determining that the user identifier is authorized to access the first application server.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer program product of claim 14, wherein the program code configured to renew the token comprises:
    - program code, stored on the computer readable storage medium, configured to generate a new token for the user identifier; and
      
      program code, stored on the computer readable storage medium, configured to send the new token to a browser that the token was received from.
  - 16. The computer program product of claim 14 further comprising:
    - program code, stored on the computer readable storage medium, configured to receive the token in a request during a session at the first application server;
      
      program code, stored on the computer readable storage medium, configured to identify the user identifier from the token in response to receiving the request; and
      
      program code, stored on the computer readable storage medium, configured to identify the instance of the security information in use on the first application server using the user identifier, wherein the instance of the security information is a current instance of the security information for the session in use by a server application running in the first application server and wherein the security information is of a user associated with the user identifier.
  - 17. The computer program product of claim 14 further comprising:
    - program code, stored on the computer readable storage medium, configured to receive the token in a request at the first application server;
      
      program code, stored on the computer readable storage medium, configured to store updated security information about a user associated with the user identifier at the first application server in response to determining that the user identifier is authorized to access the first application server; and
      
      program code, stored on the computer readable storage medium, configured to perform the request at the first application server using the updated security information without requiring the user to authenticate after the token has expired.
  - 18. The computer program product of claim 14,wherein the set of rules for the group of users of the first application server is a security realm of the first application server and wherein the program code configured to determine whether the instance referenced by the token is managed by the set of rules for the group of users of the first application server comprises:
    - program code, stored on the computer readable storage medium, configured to determine whether the instance of the security information uses the security realm of the first application server.
  - 19. The computer program product of claim 14,wherein the computer readable storage medium is in a data processing system, and the program code is downloaded over a network from a remote data processing system to the computer readable storage medium in the data processing system.
  - 20. The computer program product of claim 18,wherein the computer readable storage medium is a first computer readable storage medium, wherein the first computer readable storage medium is in a server data processing system, and wherein the program code is downloaded over a network to a remote data processing system for use in a second computer readable storage medium in the remote data processing system.

21. A data processing system operative in association with a first application server for managing user identification information, the data processing system comprising:
- a bus system;
  
  a storage device connected to the bus system, wherein the storage device includes program code; and
  
  a processor unit connected to the bus system, wherein the processor unit is configured to determine whether an instance of security information in use on the first application server and referenced by a token that has expired was generated by an application server compatible with the first application server in response to receiving the token at the first application server from a client distinct from the first application server, determine whether the instance of the security information is managed by a set of rules for a group of users of the first application server in response to determining that the instance of the security information was generated by an application server compatible with the first application server, determine whether a user identifier from the token is authorized to access the first application server in response to determining that the instance of the security information referenced by the token is managed by the set of rules for the group of users of the first application server, and renew the token in response to determining that the user identifier is authorized to access the first application server, wherein a determination regarding compatibility is based on whether the first application server is of a same type or version as the application server that generated the instance of security information.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The data processing system of claim 21, wherein, in executing the program code to renew the token, the processor unit is further configured to generate a new token for the user identifier, and send the new token to a browser that the token was received from.
  - 23. The data processing system of claim 21, wherein the processor unit is further configured to receive the token in a request during a session at the first application server, identify the user identifier from the token in response to receiving the request, and identify the instance of the security information in use on the first application server using the user identifier, wherein the instance of the security information is a current instance of the security information for the session in use by a server application running in the first application server and wherein the security information is of a user associated with the user identifier.
  - 24. The data processing system of claim 21, wherein the processor unit is further configured to receive the token in a request at the first application server, store updated security information about a user associated with the user identifier at the first application server in response to determining that the user identifier is authorized to access the first application server, and perform the request at the first application server using the updated security information without requiring the user to authenticate after the token has expired.
  - 25. The data processing system of claim 21, wherein the set of rules for the group of users of the first application server is a security realm of the first application server and wherein, in executing the program code to determine whether the instance referenced by the token is managed by the set of rules for the group of users of the first application server, the processor unit is further configured to determine whether the instance of the security information uses the security realm of the first application server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bennett, Paul W., Dettlaff, Christopher M., Ferracane, Elisa, O'Donnell, William J., Thompson, Michael C.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Truvan, Leynna

Application Number

US13/172,699
Publication Number

US 20130007856A1
Time in Patent Office

1,553 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/33 using certificates

Renewal of user identification information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Renewal of user identification information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links