Distributed authentication with data cloud
First Claim
1. A method, comprising:
- sending a client request for stored data into a data cloud in response to a need to access for a user certain stored data that requires authentication to gain access thereto, where the client request does not provide a user name and password such that the client request does not identify the user, said data cloud being a collection of resources maintained to provide geographically distributed data storage for the data;
receiving, from the data cloud, response information including at least an authentication realm, wherein the authentication realm corresponds to said geographically distributed data storage, and wherein the response information includes information identifying an authentication computer or system in the data cloud to be accessed for authentication with the authentication realm;
presenting the response information of the authentication realm to the user and prompting the user for a user name and password; and
re-sending the same client request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password, the hashed password formed using a function included with the response information,wherein the user credentials are stored in the data cloud as a <
key, value>
pair allowing multiple authorized user applications access to the user credentials, and wherein the key comprises a combination of the user name and the hashed password and the value comprises information descriptive of how many times the data has been accessed during some interval of time.
2 Assignments
0 Petitions
Accused Products
Abstract
A method includes, in response to a need to access for a user certain stored data that requires authentication, sending a request for the stored data into a data cloud, the request not identifying the user. The method further includes receiving, from the data cloud, response information descriptive of an authentication realm and a single-use nonce; presenting the information descriptive of the authentication realm to the user and prompting the user for a user name and password; re-sending the request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password; and if the user credentials are valid, receiving from the data cloud the requested stored data.
25 Citations
19 Claims
-
1. A method, comprising:
-
sending a client request for stored data into a data cloud in response to a need to access for a user certain stored data that requires authentication to gain access thereto, where the client request does not provide a user name and password such that the client request does not identify the user, said data cloud being a collection of resources maintained to provide geographically distributed data storage for the data; receiving, from the data cloud, response information including at least an authentication realm, wherein the authentication realm corresponds to said geographically distributed data storage, and wherein the response information includes information identifying an authentication computer or system in the data cloud to be accessed for authentication with the authentication realm; presenting the response information of the authentication realm to the user and prompting the user for a user name and password; and re-sending the same client request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password, the hashed password formed using a function included with the response information, wherein the user credentials are stored in the data cloud as a <
key, value>
pair allowing multiple authorized user applications access to the user credentials, and wherein the key comprises a combination of the user name and the hashed password and the value comprises information descriptive of how many times the data has been accessed during some interval of time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus, comprising:
-
a processor; and a non-transitory memory including computer program code, where the memory and computer program code are configured to, with the processor, cause the apparatus at least to perform; sending a client request for stored data into a data cloud in response to a need to access for a user certain stored data that requires authentication to gain access thereto, said data cloud being a collection of resources maintained to provide geographically distributed data storage for the data, where the client request does not provide a user name and password such that the client request does not identify the user; receiving, from the data cloud, response information including at least an authentication realm, wherein the authentication realm corresponds to said geographically distributed data storage, and wherein the response information includes information identifying an authentication computer or system in the data cloud to be accessed for authentication with the authentication realm; presenting the response information of the authentication realm to the user and prompting the user for a user name and password; and re-sending the same client request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password, the hashed password formed using a function included with the response information, wherein the user credentials are stored in the data cloud as a <
key, value>
pair allowing multiple authorized user applications access to the user credentials, and wherein the key comprises a combination of the user name and the hashed password and the value comprises information descriptive of how many times the data has been accessed during some interval of time. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory computer readable medium comprising computer program code stored thereon, the non-transitory computer readable medium and computer program code being configured to, when run on at least one processor, cause the apparatus to perform at least the following:
-
sending a client request for stored data into a data cloud in response to a need to access for a user certain stored data that requires authentication to gain access thereto, where the client request does not provide a user name and password such that the client request does not identify the user, said data cloud being a collection of resources maintained to provide geographically distributed data storage for the data; receiving, from the data cloud, response information including at least an authentication realm, wherein the authentication realm corresponds to said geographically distributed data storage, and wherein the response information includes information identifying an authentication computer or system in the data cloud to be accessed for authentication with the authentication realm; presenting the response information of the authentication realm to the user and prompting the user for a user name and password; re-sending the same client request into the data cloud with an authentication header having user credentials generated at least in part using the response information, the user credentials comprising the user name and a hashed password, the hashed password formed using a function included with the response information, wherein the user credentials are stored in the data cloud as a <
key, value>
pair allowing multiple authorized user applications access to the user credentials, and wherein the key comprises a combination of the user name and the hashed password and the value comprises information descriptive of how many times the data has been accessed during some interval of time. - View Dependent Claims (19)
-
Specification