Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
1998-12-16
2001-09-18
Lee, Thomas (Department: 2182)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
C709S217000, C709S223000, C709S225000, C713S152000, C713S152000, C713S152000, C714S006130
Reexamination Certificate
active
06292904
ABSTRACT:
BACKGROUND OF THE INVENTION
This invention relates to a system for ensuring secure access to a network. More specifically, this invention relates to a password generation and management system running as an application on a network server, and which permits access to a secured database by remote users (including users communicating with the server over the Internet).
It is often desirable for a corporation to make its internal databases available to external users (for example, subscribers on the World Wide Web or “Extranet” as opposed to the corporation's “Intranet”). In particular, two business partners (each with its own “Intranet”)may wish to share sensitive information. In these situations, providing secure access to databases (and maintaining the integrity of the content of those databases) is of great concern.
FIG. 1
shows schematically a networking arrangement with users belonging to different organizations. A corporate intranet
110
has a number of servers
130
-
1
to
130
-n connected thereto, along with a number of users
120
-
1
,
120
-
2
, . . . ,
120
-n. Various applications running on servers
130
provide security for the intranet and its users. These applications, familiar to those skilled in the art, are collectively termed a “firewall,” shown schematically as a wall
140
surrounding the organization. The users
120
may also connect to the Internet
100
, to which a number of other servers
101
-
1
to
101
-n are also connected.
Another user
105
, though not part of the same organization as users
120
, may still communicate with users
120
by connecting to the Internet
100
. Users
120
may of course communicate with each other over the intranet
110
. In both of these cases, access to databases on servers
130
must be controlled, and the security of the data must be assured. In particular, when user
120
-
1
(for example) establishes a link
141
extending past the firewall
140
to the Internet
100
and to user
105
(for example, a customer or business partner), it is necessary to ensure that no unauthorized access to the data residing on servers
130
occurs.
Accordingly, there is a need for a system that provides secure account management and content protection in a networking environment where both internal and external users have access to an organization's internal databases.
SUMMARY OF THE INVENTION
In accordance with the present invention, a method is described for providing secure user account identifiers and passwords to facilitate sharing by users of data between a secure internal server and an external server accessible over the Internet. A request for a user account identifier and password is received from a requestor; the request includes a requester identifier. Information regarding the requestor is retrieved from a directory on the internal server. A user account identifier is then generated in accordance with the request, and a user account password associated with the user account identifier is assigned. The user account identifier and user account password are communicated to the requester, and the user account identifier and user account password are stored in a user account identifier database on the internal server . A user account identifier database for an external user (that is, a user who communicates with the external server and does not appear in the directory) is replicated to the external server. Accordingly, the external user may obtain access to data replicated from the internal server to the external server.
The user account identifiers have different formats. When the user account identifier is for the requestor's own use, the user account identifier has a format determined by a type of user account (such as Lotus Notes) already owned by the requestor. However, when the user account identifier is requested for an external user, the user account identifier has a format determined by the external user's Internet identifier. This arrangement provides a unique user account identifier for each user.
According to another aspect of the invention, a system is provided for generating user account identifiers and passwords using the method described just above.
According to a further aspect of the invention, a computer-readable medium is provided, having stored therein instructions for performing the above-described method for generating user account identifiers and passwords.
REFERENCES:
patent: 5675782 (1997-10-01), Montague et al.
patent: 5805803 (1998-09-01), Birrell et al.
patent: 5822518 (1998-10-01), Ooki et al.
patent: 6161185 (2000-12-01), Guthrie et al.
patent: 6170017 (2001-01-01), Dias et al.
patent: 6175831 (2001-01-01), Weinreich et al.
patent: 6216162 (2001-04-01), Dutcher et al.
patent: WO98/07088 (1998-02-01), None
Broomhall Matthew
Landau Lauri Jackson
Anderson Jay H.
International Business Machines - Corporation
Lee Thomas
Peyton Tammara
LandOfFree
Client account generation and authentication system for a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Client account generation and authentication system for a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Client account generation and authentication system for a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2464351