Authentication policy usage for authenticating a user

US 9,253,217 B2
Filed: 07/22/2014
Issued: 02/02/2016
Est. Priority Date: 03/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user, comprising:

a first server of a plurality of servers receiving, by a computer processor, input authentication information from the user; and

said first server ascertaining, by the processor, that the user is authorized to access a federated computing environment that comprises the plurality of servers, wherein said ascertaining comprises determining that the received input authentication information conforms to at least one rule of an authentication policy of a second server having a highest relative priority among servers of the plurality of servers whose authentication policy'"'"'s at least one rule, in an authentication policy table within the first server, is conformed to by the received input authentication information,wherein the authentication policy table within the first server comprises (i) an authentication policy of each server of the plurality of servers and (ii) a relative priority of each server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of the federated computing environment.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authenticating a user. A first server of at least two servers receive input authentication information from the user. The first server ascertains that the user is authorized to access a federated computing environment that comprises at least two servers, which includes the first server determining that the received input authentication information conforms to at least one rule of an authentication policy of a second server having a highest relative priority among servers of the at least two servers whose authentication policy'"'"'s at least one rule, in an authentication policy table within the first server, is conformed to by the received input authentication information.

35 Citations

17 Claims

1. A method for authenticating a user, comprising:
- a first server of a plurality of servers receiving, by a computer processor, input authentication information from the user; and
  
  said first server ascertaining, by the processor, that the user is authorized to access a federated computing environment that comprises the plurality of servers, wherein said ascertaining comprises determining that the received input authentication information conforms to at least one rule of an authentication policy of a second server having a highest relative priority among servers of the plurality of servers whose authentication policy'"'"'s at least one rule, in an authentication policy table within the first server, is conformed to by the received input authentication information,wherein the authentication policy table within the first server comprises (i) an authentication policy of each server of the plurality of servers and (ii) a relative priority of each server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of the federated computing environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, said method further comprising:
    - before said receiving the input authentication information from the user, said first server storing the authentication policy table within the first server.
  - 3. The method of claim 2, said method further comprising:
    - before said storing the authentication policy table within the first server, said first server generating the authentication policy table.
  - 4. The method of claim 3, wherein said generating the authentication policy table comprises inserting a server address of each server into the authentication policy table, and wherein said determining that the user is authorized to access the federated computing environment comprises:
    - said first server obtaining from the authentication policy table of the first server the server address of the second server;
      
      said first server transmitting the input authentication information to the second server via the obtained server address of the second server; and
      
      after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user.
  - 5. The method of claim 1, said method further comprising:
    - after said ascertaining that the user is authorized to access the federated computing environment, said first server permitting, by the processor, the user to access the federated computing environment.
  - 6. The method of claim 1, wherein said determining that the received input authentication information conforms to the at least one rule of the authentication policy of the second server comprises determining that the received input authentication information conforms to a format specified in the at least one rule of the authentication policy of the second server.
  - 7. The method of claim 6, wherein the format specified in the at least one rule of the authentication policy of the second server is a specified total number of bytes of binary data representing a fingerprint of the user or a voice print of the user.

8. A computer system comprising a computer processor, a storage device coupled to the processor, and a computer readable memory unit coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory unit to implement a method for authenticating a user, said method comprising:
- a first server of a plurality of servers receiving, by the processor, input authentication information from the user; and
  
  said first server ascertaining, by the processor, that the user is authorized to access a federated computing environment that comprises the plurality of servers, wherein said ascertaining comprises determining that the received input authentication information conforms to at least one rule of an authentication policy of a second server having a highest relative priority among servers of the plurality of servers whose authentication policy'"'"'s at least one rule, in an authentication policy table within the first server, is conformed to by the received input authentication information,wherein the authentication policy table within the first server comprises (i) an authentication policy of each server of the plurality of servers and (ii) a relative priority of each server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of the federated computing environment.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computer system of claim 8, said method further comprising:
    - before said receiving the input authentication information from the user, said first server storing the authentication policy table within the first server.
  - 10. The computer system of claim 9, said method further comprising:
    - before said storing the authentication policy table within the first server, said first server generating the authentication policy table.
  - 11. The computer system of claim 10, wherein said generating the authentication policy table comprises inserting a server address of each server into the authentication policy table, and wherein said determining that the user is authorized to access the federated computing environment comprises:
    - said first server obtaining from the authentication policy table of the first server the server address of the second server;
      
      said first server transmitting the input authentication information to the second server via the obtained server address of the second server; and
      
      after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user.
  - 12. The computer system of claim 8, said method further comprising:
    - after said ascertaining that the user is authorized to access the federated computing environment, said first server permitting, by the processor, the user to access the federated computing environment.

13. A computer program product, comprising a computer readable storage device having program code stored therein, said program code configured to be executed by a computer processor to perform a method for authenticating a user, said method comprising:
- a first server of a plurality of servers receiving, by the processor, input authentication information from the user; and
  
  said first server ascertaining, by the processor, that the user is authorized to access a federated computing environment that comprises the plurality of servers, wherein said ascertaining comprises determining that the received input authentication information conforms to at least one rule of an authentication policy of a second server having a highest relative priority among servers of the plurality of servers whose authentication policy'"'"'s at least one rule, in an authentication policy table within the first server, is conformed to by the received input authentication information,wherein the authentication policy table within the first server comprises (i) an authentication policy of each server of the plurality of servers and (ii) a relative priority of each server in order of decreasing number of users registered in an authentication system of each server, wherein the authentication policy of each server is at least one rule of each server for authenticating users of the federated computing environment.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13, said method further comprising:
    - before said receiving the input authentication information from the user, said first server storing the authentication policy table within the first server.
  - 15. The computer program product of claim 14, said method further comprising:
    - before said storing the authentication policy table within the first server, said first server generating the authentication policy table.
  - 16. The computer program product of claim 15, wherein said generating the authentication policy table comprises inserting a server address of each server into the authentication policy table, and wherein said determining that the user is authorized to access the federated computing environment comprises:
    - said first server obtaining from the authentication policy table of the first server the server address of the second server;
      
      said first server transmitting the input authentication information to the second server via the obtained server address of the second server; and
      
      after said transmitting the input authentication information to the second server, said first server receiving from the second server a notification that the second server has successfully authorized the user.
  - 17. The computer program product of claim 13, said method further comprising:
    - after said ascertaining that the user is authorized to access the federated computing environment, said first server permitting, by the processor, the user to access the federated computing environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AirBNB Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Takehi, Masahiro
Primary Examiner(s)
Vaughan, Michael R

Application Number

US14/337,631
Publication Number

US 20140366083A1
Time in Patent Office

560 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Authentication policy usage for authenticating a user

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Authentication policy usage for authenticating a user

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others