Multi-platform single sign-on database driver

US 20050108521A1
Filed: 07/07/2004
Published: 05/19/2005
Est. Priority Date: 07/07/2003
Status: Active Grant

First Claim

Patent Images

1. A method of automatically providing access to a database from a client application based on prior authentication of a user, the method comprising:

obtaining a login credential created responsive to input provided by the user during the prior authentication;

using the login credential to create a security context; and

using the security context to establish a secure connection to the database for communication between the client application and the database.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of performing single sign-on authentication from multiple platforms when establishing a connection to a database are described. An application can securely access a database based on user credentials provided during a prior authentication. In an embodiment, single sign-on is accomplished by relying on existing and emerging authentication, security service, security mechanism, and wire protocols, enabling the creation of drivers to accommodate various platforms and databases. In another embodiment, a pure type 4 Java Driver is used, eliminating dependencies on native operating functionality.

91 Citations

View as Search Results

29 Claims

1. A method of automatically providing access to a database from a client application based on prior authentication of a user, the method comprising:
- obtaining a login credential created responsive to input provided by the user during the prior authentication;
  
  using the login credential to create a security context; and
  
  using the security context to establish a secure connection to the database for communication between the client application and the database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 29)
- - 2. The method of claim 1 wherein the steps of obtaining a login credential and using the credential to create a security context are performed by a pure Java Type 4 driver.
  - 3. The method of claim 2 wherein the driver is a JDBC driver.
  - 4. The method of claim 1 wherein the operating platform of the client application differs from the operating platform of the database.
  - 5. The method of claim 1 wherein the operating platform of the client application is selected from the group consisting of:
    - a Unix platform, an IBM platform, and a Windows platform.
  - 6. The method of claim 1 wherein the database is a Microsoft SQL server database.
  - 7. The method of claim 1 wherein the database is a DB2 database.
  - 8. The method of claim 1 wherein the secure connection is implemented over a TCP/IP protocol.
  - 9. The method of claim 1 wherein the login credential is one selected from the group consisting of:
    - a user name, password, cryptographic data, and biologic data.
  - 10. The method of claim 1 wherein the operating environment of the client application differs from the operating environment of the database.
  - 29. The method of claim 1 wherein the log on request is further transmitted over a TCP/IP protocol.

11. A system for authenticating a client application to a database based on prior authentication of a client user using a security mechanism, the system comprising:
- an authentication module for performing authentication of an instance of the client user to the security mechanism based on a client user credential generated during the prior authentication;
  
  a client security services module for facilitating a secure connection for communications between the database and client application consistent with the security mechanism; and
  
  a driver for creating a wire protocol connection to the database from the application and for communicating requests from the client application to the database using the secure connection facilitated by the client security services module.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11 wherein the security mechanism comprises Kerberos, the authentication module comprises code for complying with the JAAS, and the client security services module comprises code for conforming with the GSS-API.
  - 13. The system of claim 11 wherein the wire protocol connection is created in accordance with a TDS protocol.
  - 14. The system of claim 11 wherein the wire protocol connection is created in accordance with a DRDA protocol.
  - 15. The system of claim 11 wherein the driver is configured to communicate requests from a plurality of client applications and further wherein the plurality of client applications are configured to operate on a plurality of different and distinct operating platforms.
  - 16. The system of claim 11 wherein the driver is a Type 4 JDBC driver.
  - 17. The system of claim 11 wherein the authentication module and security services module are supplied on the client side through a run-time environment.
  - 18. The system of claim 17 wherein the run-time environment comprises a Java run-time environment.
  - 19. The system of claim 17 wherein the run-time environment comprises .NET resources for supporting a .NET client application.

20. A method of supplying automatic access to a database from a client application based on prior authentication of a user, the method comprising:
- creating a connection object for connecting the client application to the database;
  
  using the connection object to create a secure connection based on a user credential generated during prior authentication of the user;
  
  initializing the secure connection; and
  
  communicating with the database over the initialized secure connection, wherein the client application operates in a client environment and the database operates in a database environment, and the client environment comprises a different type of environment than the database environment.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The method of claim 20 wherein the step of creating the secure connection further comprises:
    - requesting a user credential generated during prior authentication of the user;
      
      obtaining the user credential;
      
      using the user credential to generate an authentication credential; and
      
      using the user credential and the authentication credential to create a secure connection.
  - 22. The method of claim 21 wherein the step of initializing the secure connection further comprises:
    - obtaining a client token;
      
      using the client token to complete a request to log on to the database;
      
      sending the request to the database;
      
      receiving a server token;
      
      sending the server token to a client security services module for authentication of the server token;
      
      receiving a login acknowledgment from the database; and
      
      processing the login acknowledgement.
  - 23. The method of claim 20 wherein the connection object is a TDS wire connection object.
  - 24. The method of claim 20 wherein the steps of creating a connection object, using the connection object to create a secure connection, initializing the secure connection, and communicating with the database over the initialized secure connection are performed by a Type 4 JDBC driver.

25. A method of automatically providing access to a database to a user based on prior authentication of the user, the method comprising:
- receiving a log on request from a driver, wherein the log on request includes a client token and is received subsequent to establishment of a security context, the establishment of the security context accomplished using a user credential generated during prior authentication of the user;
  
  extracting the client token from the log on request;
  
  sending the client token to a security services module for authentication of the client token;
  
  and sending an acknowledgement of the log on request to the driver.
- View Dependent Claims (26, 27, 28)
- - 26. The method of claim 25, wherein the database comprises a DB2 database.
  - 27. The method of claim 25, wherein the steps of receiving a log on request from a driver, extracting the client token from the log on request, sending the client token to a security services module, and sending an acknowledgement of the log on request to the driver are performed by the database.
  - 28. The method of claim 25, wherein the driver comprises a Type 4 JDBC driver.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Progress Software Corporation
Original Assignee
Progress Software Corporation
Inventors
Voet, Dirk, Silhavy, James Walter

Granted Patent

US 8,544,073 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 21/6227   where protection concerns t...

H04L 63/08   for authentication of entit...

Multi-platform single sign-on database driver

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-platform single sign-on database driver

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links