Abstract: A single sign-on (SSO) mechanism to enable a given user to access a target application on a target resource in a distributed computer enterprise. One or more configuration directives each identifying a given logon process and any associated methods required to access the target application on the target resource are stored in a locally accessible database (CIM). For each of a set of users, a globally-accessible database (PKM) stores user-specific and application-specific information enabling the user to access and logon to one or more target resources. During a particular session, a logon coordinator (LC) mechanism coordinates given user information with the configuration directive to enable the given user to perform a given action with respect to the target application without specifying the given logon process and the application-specific information.

Abstract: A method for searching a non-tokenized text string for matches against a keyword data structure organized as a set of one or more keyword objects. The method begins by (a) indexing into the keyword data structure using a character in the non-tokenized text string. Preferably, the character is a Unicode value. The routine then continues by (b) comparing a portion of the non-tokenized text string to a keyword object. If the portion of the non-tokenized text string matches the keyword object, the routine saves the keyword object in a match list. If, however, the portion of the non-tokenized text string does not match the keyword object and there are no other keyword objects that share a root with the non-matched keyword object, the routine repeats step (a) with a new character. These steps are then repeated until all characters in the non-tokenized text string have been analyzed against the keyword data structure.

Abstract: A method of managing passwords of users desiring access to multiple target resources in a computer enterprise environment. For each given user, each of a set of id/password pairs is associated to each of a set of one or more respective targets. Each id/password pair is normally required to access a respective target resource. The targets of each given user are stored in a globally-accessible database. In response to entry by a given user at a client machine of a single-sign on (SSO) id/password, the globally-accessible database is accessed from a personal key manager (PKM) server to retrieve the targets of the given user. The targets are returned to the PKM server, which then uses data therein to access the respective target resources on behalf of the given user at the client machine.

Abstract: A method of sharing a master key across a set of servers operating a single sign-on (SSO) mechanism in a distributed computer network. The master key is useful for encrypting user passwords for storage in a globally-accessible registry. The method begins by establishing in the registry a group identifying which of the servers in the set, if any, have a copy of the master key. At a given server, the method continues by determining whether a copy of the master key is stored at the given server and whether the group has at least one member. The master key is then generated at the given server if a copy of the key is not stored at the given server and the group does not have at least one member. Other servers in the set pull the master key as needed.

Abstract: A frames-based Web browser is used with existing distributed computing environment (DCE) interfaces to facilitate and simplify management of DCE cells. In the preferred embodiment, administration may be performed from any secure Web browser acting as a client. Management data is typically supported on a target Web server. at the browser, CGI scripts are used to dynamic generate HTML (hypertext markup language) pages based on the network administrator's selections and the current state and defined objects in the DCE cell. The result is a robust and efficient Web-based DCE management scheme.