Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network.
Type:
Grant
Filed:
June 21, 2001
Date of Patent:
March 29, 2005
Assignee:
Alcatel
Inventors:
Michael E. See, John W. Bailey, Charles L. Panza, Yuri Pikover, Geoffrey C. Stone
Abstract: A method, system, and computer program product for using a digital certificate to access legacy host applications and/or data which are protected by a host-based security system such as RACF (Resource Access Control Facility, a product offered by the IBM Corporation) and which typically require a separate user identification and password. Use of the present invention enables the client to access the host applications and/or data using a single system log on, without requiring modification to host programs.
Type:
Grant
Filed:
December 17, 1999
Date of Patent:
November 23, 2004
Assignee:
International Business Machines Corporation
Inventors:
Ronald P. Doyle, Julie H. King, Steven W. Pogue
Abstract: A multi-stage login procedure and system involves a first stage in which a login ID and a public key (encrypted) is transmitted from a client computer to a server computer and a key-exchange key (encrypted) is provided from the server computer to the client computer. In a second stage, a first split symmetric key and a server authentication string is generated and encrypted by the client computer and then transmitted to the server computer. In addition, the server computer generates a second split symmetric key and combines the same with the first split symmetric key to obtain a complete symmetric key for encrypting further communications from the server to the client computer. The server also generates a client authentication string, encrypts the same and transmits the encrypted string, the server authentication string (encrypted and incremented) and the second split symmetric key (encrypted) to the client computer.
Type:
Grant
Filed:
January 12, 2001
Date of Patent:
November 9, 2004
Assignee:
International Business Machines Corporation
Inventors:
Stephen P. Morgan, Lance W. Russell, Benjamin Clay Reed
Abstract: The disclosed parity stripping technique quickly and efficiently converts a multi-byte input stream having parity bits to an output data stream that contains the same data as the input stream but without the parity bits. The multi-byte input stream is indexed according to the number of times a loop is completed. During each iteration of the loop, a portion of the input steam having an associated parity bit, such as a byte of the input stream, has its parity bit set to zero and the portion of the input key is then shifted a number of bits equal to the number of times the loop has been completed. The shifted value is then logically ORed with the portion of the memory used to hold the output data stream.