Authentication based on previous authentications

US 9,686,262 B2
Filed: 05/07/2015
Issued: 06/20/2017
Est. Priority Date: 04/27/2007
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user to a target server, said method comprising:

receiving, by one or more processors of a computer system, a request from a user computer system to authenticate the user for access to N−

1 target servers of N target servers at respective levels 1 through N−

1 of N levels, wherein N is a positive integer of at least 2, wherein the N target servers are sequentially nested at respective levels of the N levels, wherein levels 1 through N are sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−

1 target servers at the respective levels 1 through N−

1 if N is at least 3;

accessing, by the one or more processors, a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to said authentication of the user for access to the N−

1 target servers at the respective levels 1 through N−

1;

receiving, by the one or more processors, an indication that a current authentication plan exists in an authentication store, wherein the current authentication plan includes one or more authentication records, wherein each authentication record of the current authentication plan includes current information relating to authentication of the user for said access to the N−

1 target servers at the respective levels 1 through N−

1;

in response to having received the indication that the current authentication plan exists in the authentication store, (i) requesting, by the one or more processors, the current authentication plan and (ii) receiving, by the one or more processors, the current authentication plan from the authentication store;

determining, by the one or more processors, that there is at least a partial match between the current authentication plan and the stored authentication plan; and

authenticating, by the one or more processors in response to said determining that there is at least the partial match, the user for access to the target server at level N.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authenticating a user to a target server. A request is received from a user computer system to authenticate the user for access to a target server at level N of N levels (N≧2). Each record of a stored authentication plan associated with the user has authentication records each having information relating to authentication of the user for access to N−1 target servers at respective levels 1 through N−1. Each record of a received current authentication plan for the user has authentication records each having current information relating to authentication of the user for access to the N−1 target servers at respective levels 1 through N−1. It is determined that there is at least a partial match between the stored and current authentication plans, and in response, the user is authenticated for access to the target server at level N.

44 Citations

20 Claims

1. A method for authenticating a user to a target server, said method comprising:
- receiving, by one or more processors of a computer system, a request from a user computer system to authenticate the user for access to N−
  
  1 target servers of N target servers at respective levels 1 through N−
  
  1 of N levels, wherein N is a positive integer of at least 2, wherein the N target servers are sequentially nested at respective levels of the N levels, wherein levels 1 through N are sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1 if N is at least 3;
  
  accessing, by the one or more processors, a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to said authentication of the user for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  receiving, by the one or more processors, an indication that a current authentication plan exists in an authentication store, wherein the current authentication plan includes one or more authentication records, wherein each authentication record of the current authentication plan includes current information relating to authentication of the user for said access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  in response to having received the indication that the current authentication plan exists in the authentication store, (i) requesting, by the one or more processors, the current authentication plan and (ii) receiving, by the one or more processors, the current authentication plan from the authentication store;
  
  determining, by the one or more processors, that there is at least a partial match between the current authentication plan and the stored authentication plan; and
  
  authenticating, by the one or more processors in response to said determining that there is at least the partial match, the user for access to the target server at level N.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said determining that there is at least the partial match comprises determining that there is at least the partial match based on analyzing authentication events.
  - 3. The method of claim 1, wherein the method further comprises:
    - determining, by the one or more processors, that there is a mismatch between the stored authentication plan and the current authentication plan; and
      
      resolving, by the one or more processors, the mismatch.
  - 4. The method of claim 3, wherein said resolving the mismatch comprises requiring additional authentication information.
  - 5. The method of claim 3, wherein said resolving the mismatch comprises invoking a process to modify or create a new authentication plan.
  - 6. The method of claim 1, wherein each of the one or more authentication records of the authentication plan and the current authentication plan comprise a server identifier and an authentication event fact.
  - 7. The method of claim 1, wherein the at least the partial match is an exact match.
  - 8. The method of claim 1, wherein N is at least 3.

9. A computer program product, comprising one or more computer-readable hardware storage devices storing program instructions stored which, upon being executed by a computer, perform a method for authenticating a user to a target server, said method comprising:
- receiving, by one or more processors of a computer system, a request from a user computer system to authenticate the user for access to N−
  
  1 target servers of N target servers at respective levels 1 through N−
  
  1 of N levels, wherein N is a positive integer of at least 2, wherein the N target servers are sequentially nested at respective levels of the N levels, wherein levels 1 through N are sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1 if N is at least 3;
  
  accessing, by the one or more processors, a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to said authentication of the user for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  receiving, by the one or more processors, an indication that a current authentication plan exists in an authentication store, wherein the current authentication plan includes one or more authentication records, wherein each authentication record of the current authentication plan includes current information relating to authentication of the user for said access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  in response to having received the indication that the current authentication plan exists in the authentication store, (i) requesting, by the one or more processors, the current authentication plan and (ii) receiving, by the one or more processors, the current authentication plan from the authentication store;
  
  determining, by the one or more processors, that there is at least a partial match between the current authentication plan and the stored authentication plan; and
  
  authenticating, by the one or more processors in response to said determining that there is at least the partial match, the user for access to the target server at level N.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The computer program product of claim 9, wherein said determining that there is at least the partial match comprises determining that there is at least the partial match based on analyzing authentication events.
  - 11. The computer program product of claim 9, wherein the method further comprises:
    - determining, by the one or more processors, that there is a mismatch between the stored authentication plan and the current authentication plan; and
      
      resolving, by the one or more processors, the mismatch.
  - 12. The computer program product of claim 11, wherein said resolving the mismatch comprises requiring additional authentication information.
  - 13. The computer program product of claim 11, wherein said resolving the mismatch comprises invoking a process to modify or create a new authentication plan.
  - 14. The computer program product of claim 9, wherein each of the one or more authentication records of the authentication plan and the current authentication plan comprise a server identifier and an authentication event fact.

15. A computer system, comprising one or more processors, one or more memories, and one or more computer readable hardware storage devices storing program instructions which, being executed by the one or more processors via the one or more memories, perform a method for authenticating a user to a target server, said method comprising:
- receiving, by the one or more processors a request from a user computer system to authenticate the user for access to N−
  
  1 target servers of N target servers at respective levels 1 through N−
  
  1 of N levels, wherein N is a positive integer of at least 2, wherein the N target servers are sequentially nested at respective levels of the N levels, wherein levels 1 through N are sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1 if N is at least 3;
  
  accessing, by the one or more processors, a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to said authentication of the user for access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  receiving, by the one or more processors, an indication that a current authentication plan exists in an authentication store, wherein the current authentication plan includes one or more authentication records, wherein each authentication record of the current authentication plan includes current information relating to authentication of the user for said access to the N−
  
  1 target servers at the respective levels 1 through N−
  
  1;
  
  in response to having received the indication that the current authentication plan exists in the authentication store, (i) requesting, by the one or more processors, the current authentication plan and (ii) receiving, by the one or more processors, the current authentication plan from the authentication store;
  
  determining, by the one or more processors, that there is at least a partial match between the current authentication plan and the stored authentication plan; and
  
  authenticating, by the one or more processors in response to said determining that there is at least the partial match, the user for access to the target server at level N.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, wherein said determining that there is at least the partial match comprises determining that there is at least the partial match based on analyzing authentication events.
  - 17. The computer system of claim 15, wherein the method further comprises:
    - determining, by the one or more processors, that there is a mismatch between the stored authentication plan and the current authentication plan; and
      
      resolving, by the one or more processors, the mismatch.
  - 18. The computer system of claim 17, wherein said resolving the mismatch comprises requiring additional authentication information.
  - 19. The computer system of claim 17, wherein said resolving the mismatch comprises invoking a process to modify or create a new authentication plan.
  - 20. The computer system of claim 15, wherein each of the one or more authentication records of the authentication plan and the current authentication plan comprise a server identifier and an authentication event fact.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Pavesi, John R., Hamilton, II, Rick A., O'Connell, Brian M., Walker, Keith R.
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
Le, Canh

Application Number

US14/706,044
Publication Number

US 20150244701A1
Time in Patent Office

775 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

H04L 67/10   in which an application is ...

Authentication based on previous authentications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication based on previous authentications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links