Authentication based on previous authentications
First Claim
Patent Images
1. A method for authenticating a user to a target server, the method comprising the steps of:
- receiving, by a computer system having at least one processor coupled to memory, a request from a user computer system to authenticate the user for access to a target server at level N of N levels, wherein N is a positive integer of at least 2, wherein N target servers are sequentially nested at respective levels of the N levels denoted as levels 1 through N sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−
1 target servers at the respective levels 1 through N−
1 if N is at least 3;
determining, by the computer system, that an authentication plan is required to authenticate the user for access to the target server at level N, wherein the authentication plan comprises one or more defined authentication steps that must be performed before the user is allowed to authenticate for access to each target server at the N levels;
in response to the step of determining that the authentication plan is required to authenticate the user for access to the target server at level N, accessing, by the computer system, a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to authentication of the user for access to the N−
1 target servers at the respective levels 1 through N−
1;
receiving, by the computer system, a current authentication plan for the user from a storage device, the current authentication plan having one or more authentication records each having current information relating to authentication of the user for access to the N−
1 target servers at the respective levels 1 through N−
1;
comparing, by the computer system, the stored authentication plan with the current authentication plan to determine, based on analyzing authentication events, whether there is at least a partial match between the stored authentication plan and the current authentication plan; and
authenticating, by the computer system, the user at level N if said comparing the stored authentication plan with the current authentication plan determines that there is at least the partial match between the stored authentication plan and the current authentication plan.
2 Assignments
0 Petitions
Accused Products
Abstract
Generally speaking, systems, methods and media for authenticating a user to a server based on previous authentications to other servers are disclosed. Embodiments of a method for authenticating a user to a server may include receiving a request to authenticate the user to the server and determining whether authenticating the user requires matching an authentication plan. If a plan is required, the method may also include accessing a stored authentication plan with authentication records each having expected information relating to user access to a different server. The method may also include receiving an indication of the user'"'"'s current authentication plan from an authentication store where the plan has authorization records each having current information relating to user access. Embodiments of the method may also include comparing the stored authentication plan with the received current authentication plan to determine whether they match and, in response to a match, authenticating the user.
50 Citations
19 Claims
-
1. A method for authenticating a user to a target server, the method comprising the steps of:
-
receiving, by a computer system having at least one processor coupled to memory, a request from a user computer system to authenticate the user for access to a target server at level N of N levels, wherein N is a positive integer of at least 2, wherein N target servers are sequentially nested at respective levels of the N levels denoted as levels 1 through N sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−
1 target servers at the respective levels 1 through N−
1 if N is at least 3;determining, by the computer system, that an authentication plan is required to authenticate the user for access to the target server at level N, wherein the authentication plan comprises one or more defined authentication steps that must be performed before the user is allowed to authenticate for access to each target server at the N levels; in response to the step of determining that the authentication plan is required to authenticate the user for access to the target server at level N, accessing, by the computer system, a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to authentication of the user for access to the N−
1 target servers at the respective levels 1 through N−
1;receiving, by the computer system, a current authentication plan for the user from a storage device, the current authentication plan having one or more authentication records each having current information relating to authentication of the user for access to the N−
1 target servers at the respective levels 1 through N−
1;comparing, by the computer system, the stored authentication plan with the current authentication plan to determine, based on analyzing authentication events, whether there is at least a partial match between the stored authentication plan and the current authentication plan; and authenticating, by the computer system, the user at level N if said comparing the stored authentication plan with the current authentication plan determines that there is at least the partial match between the stored authentication plan and the current authentication plan. - View Dependent Claims (2, 3, 4, 5, 6, 11, 12, 13, 18)
-
-
7. A computer program product for authenticating a user to a target server, the computer program product comprising:
-
one or more computer readable storage devices; program instructions, stored on at least one of the one or more storage devices, to receive a request from a user computer system to authenticate the user for access to a target server at level N of N levels, wherein N is a positive integer of at least 2, wherein N target servers are sequentially nested at respective levels of the N levels denoted as levels 1 through N sequenced from lowest level to highest level, and wherein authentication of the user for access to the target server at level N requires prior authentication of the user for access to the target server at level 1 if N is 2 or for access to the N−
1 target servers at the respective levels 1 through N−
1 if N is at least 3;program instructions, stored on at least one of the one or more storage devices, to determine that an authentication plan is required to authenticate the user for access to the target server at level N, wherein the authentication plan comprises one or more defined authentication steps that must be performed before the user is allowed to authenticate for access to each target server at the N levels; program instructions, stored on at least one of the one or more storage devices, to, in response to determining that the authentication plan is required to authenticate the user for access to the target server at level N, accessing a stored authentication plan associated with the user, the stored authentication plan having one or more authentication records each having expected information relating to authentication of the user for access to the N−
1 target servers at the respective levels 1 through N−
1;program instructions, stored on at least one of the one or more storage devices, to receive, a current authentication plan for the user from a storage device, the current authentication plan having one or more authentication records each having current information relating to authentication of the user for access to the N−
1 target servers at the respective levels 1 through N−
1;program instructions, stored on at least one of the one or more storage devices, to compare the stored authentication plan with the current authentication plan to determine, based on analyzing authentication events, whether there is at least a partial match between the stored authentication plan and the current authentication plan; and program instructions, stored on at least one of the one or more storage devices, to authenticate the user at level N if a comparison of the stored authentication plan with the current authentication plan determines that there is at least the partial match between the stored authentication plan and the current authentication plan. - View Dependent Claims (8, 9, 10, 14, 15, 16, 17, 19)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeKyndryl Incorporated
-
Original AssigneeInternational Business Machines Corporation
-
InventorsHamilton, Rick A. II, O'Connell, Brian M., Pavesi, John R., Walker, Keith R.
-
Primary Examiner(s)Pham, Luu
-
Assistant Examiner(s)Le, Canh
-
Application NumberUS11/741,516Publication NumberTime in Patent Office2,573 DaysField of Search726 1- 5, 726/11, 726/13, 713182-186, 713/150, 713/155, 713/166, 709227-229US Class Current726/3CPC Class CodesG06F 21/41 where a single sign-on prov...H04L 63/08 for authentication of entit...H04L 63/105 Multiple levels of securityH04L 63/20 for managing network securi...H04L 63/205 involving negotiation or de...H04L 67/10 in which an application is ...
