`
`
`
`
`
`
`
`5,706,349
`[11] Patent Number:
`United States Patent
`
`
`
`
`
`
`
`Jan. 6, 1998
`[45] Date of Patent:
`Aditham et a1.
`_________________________.____————————
`
`
`
`[19]
`
`
`
`USOOS706349A
`
`
`
`
`
`
`
`[54] AUTHENTICATING REMOTE USERS IN A
`DISTRIBUTED ENVIRONMENT
`
`
`Inventors: Radhakrishna Aditham; Philip
`
`
`
`
`-
`.
`Ch’mg‘ bilge? 351113136“ Paul [1'
`
`
`‘1'
`Klan“
`'35
`r'
`
`[75]
`
`
`
`
`
`[73] Assignee:
`
`
`
`
`
`International Business Machines
`
`
`Corporation. Austin, Tex.
`
`
`
`
`
`
`
`
`
`5,235,642
`3/1993 Wobber et a1.
`........................... 3800.5
`
`5,249,230
`9/1993 Mihm, Jr.
`...... 380/23
`
`
`
`
`
`
`6/1994 Glaschick ..
`....... 38/0/25
`5,323,146
`
`
`
`
`
`
`31133 1122‘?
`" 323%;
`€333;
`
`
`
`
`
`
`
`g on ...............
`,
`,
`
`
`
`
`
`9/1995 Oordery et a1.
`...... 330/23
`5,454,038
`
`
`
`
`
`
`
`
`
`
`
`
`5,491,752 M996 Kaufman et a1.
`......................... 330/25
`
`
`
`Primary Examiner—Salvatore Cangialosi
`
`
`
`
`
`
`Attorney, Agent, or Firm—Jefirey S. LaBaw; David H.
`Judson
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`In a distributed computing environment, a token is issued to
`[22] Filed:
`Mar. 6’ 1995
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a remote user if a security mechanism initially can determine
`[51]
`Int. Cl.6 ........................................................ H04L 9/00
`that the remote user is who he claims to be. Thereafter. a
`
`
`
`
`
`
`
`
`
`
`
`
`
`52
`:58} Field of Search ........................................... 380/23—25
`60""6‘11011 between a ”mac “SCI and an aPP'im‘iW 86”“
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`requires the application server to first vm-ify that a token
`
`
`
`
`
`
`
`
`
`
`
`[56]
`Ref-elem” Cited
`associated with a connection request was issued by the
`
`
`
`
`
`
`
`security mechanism. If no token is associated with a con-
`
`
`
`
`
`
`
`
`
`
`
`nection request, or if any token associated with the request
`U-S‘ PATENT DOCUMENTS
`
`
`
`
`
`
`
`
`
`9/1982 Morgan et a1.
`........................... 380/25
`was 110‘ issued by the security “Chm-“IL the conned“ is
`.. 380/21
`refused.
`
`
`
`
`
`
`
`......
`3/1993 Leithet a].
`..
`380/25
`6/1993 Parker ..........
`.
`
`
`
`
`
`
`
`
`
`7/1993 Holloway .................................. 380/25
`
`
`
`
`20 Claims, 3 Drawing Sheets
`
`
`
`
`4,349,695
`
`5,196,840
`5,220,603
`
`
`5,226,079
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`74
`GeLbindingO
`
`
`
`iUnomeJJ pass .UUlDi
`
`
` Ks (session token)
`
`
`
`
`80
`
`Connect()
`
`
`
` {unomenumxsg
`
`
`ACK/NACK
`72
`
`
`
`
`
`88
`APPLICATION
`
`
`
`
`REG. API
`iUnamevU possi
`
`SERVER
`
`
`
`
`
`USER
`
`
`REGISTRY
`
`
`
`SAME MACHINE
`
`Page 1 of 9
`
`SAMSUNG EXHIBIT 1007
`
`SAMSUNG EXHIBIT 1007
`
`Page 1 of 9
`
`

`

`US. Patent
`
`
`
`
`Jan. 6, 1998
`
`
`
`
`Sheet 1 of3
`
`
`5,706,349
`
`
`
`APPLICATIONS
`
`
`
`‘7
`
`
`
`
`
`
`
`16
`
`
`
`
`
`
`
`
`4
`
`
`
` 5
`
`
`
`
`
`
`1 1 A
`
`12
`
`
`
`FIG.
`
`
`7
`
`
`
`1 7
`
`
`
`
`
`NUWORK
`
`
`
`
`
`APPLICATIONS
`
`
`
`1 7
`
`
`
`
`
`
`
` 15
`
`14
`
`
`
`PROCESSESS
`
`
`
`
`
`15
`
`
`
`
`
`
`
`
`
`
`14
`
`12
`
`
`
`APPLICATIONS
`
`
`
`PROCESSESS
`
`
`
`
`
`16
`
`
`
`15
`
`
`
`12
`
`
`
`Page 2 of 9
`
`Page 2 of 9
`
`

`

`US. Patent
`
`
`
`
`Jan. 6, 1993
`
`
`
`
`Sheet 2 of 3
`
`
`5,706,349
`
`
`
`
`
`
`DIGITAL
`
`
`SIGNAL
`
`PROCESSOR
`
`
`
`
`
`A
`
`35
`
`
`
`PRESENTATION
`
`MANAGER
`
`32
`
`
`
`
`MEMORY
`MANAGEMENT
`
`
`
`
`
`3 1
`
`
`MICRO—
`PROCESSOR
`
`
`
`42
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`37
`
`
`
`CD
`
`
`
`ROM
`
`36
`
`
`
`
`
`
`KEYBOARD
`
`DISK
`
`CONTROLLER
`
`
`
`
`
`
`HARD
`
`
`
`
`FLOPPY
`
`DISK
`
`
`
`KEYBOARD
`
`22
`
`FIG. 3
`
`25A
`
`Page 3 of 9
`
`Page 3 of 9
`
`

`

`US. Patent
`
`
`
`
`Jan. 6, 1998
`
`
`
`
`Sheet 3 of 3
`
`
`5,706,349
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`iUname-U pass .UUIDi
`GeLbindingO
`
`
`
`
`
`
`Ks (session token)
`
`
`Connect()
`.
`
`:Unomewoxs:
`
`
`
`
`APPLICATION
`
`SERVER
`
`
`FIG. 4
`
`80
`
`
`
`
`
`
`SAME MACHINE
`
`
`
`
`
`
`
`
`CLIENT
`ConnectO
`
`
`
`
`
`SOMD_CONNECT
`
`(”name-UUID.K3>
`
`
`SOMD_ACKMASK
`
`SOMD_NACK:SOMD_AUTHFAIL
`
`
`
`
`
`SERVER
`
`
`rechonnectO
`
`
`
`
`Verify_authn()
`
`
`
`
`
`
`
`FIG. 5
`
`Page 4 of 9
`
`Page 4 of 9
`
`

`

`5.706.349
`
`
`
`2
`
`
`
`
`1
`AUTHENTICATING REMOTE USERS IN A
`
`
`
`DISTRIBUTED ENVIRONMENT
`
`
`TECHNICAL FIELD
`
`
`
`
`ID
`
`
`
`
`
`20
`
`25
`
`
`
`
`
`
`
`30
`
`35
`
`
`
`
`45
`
`
`
`50
`
`55
`
`
`
`
`
`
`
`
`
`
`
`platforms without impairing interoperability among the vari-
`
`
`
`
`
`ous machines making up the network
`
`
`
`
`
`
`
`
`These and other objects are provided in a method for
`
`
`
`
`
`
`managing communications between remote users and an
`
`
`
`
`
`
`application server of a local processing system. Genaally.
`
`
`
`
`
`
`
`the method begins by authenticating one or more remote
`
`
`
`
`
`
`
`users. This authentication takes place by having a remote
`
`
`
`
`
`
`
`
`user pass its login name and password to a security mecha-
`
`
`
`
`
`
`
`
`nism running on the local processing system. The security
`
`
`
`
`
`
`mechanism preferably utilizes a local operating system
`
`
`
`
`
`
`
`authentication facility to authenticate the remote user. and
`
`
`
`
`
`
`
`
`then it returns a token to the remote user to complete the
`
`
`
`
`
`
`
`authentication. The token is typically a random string indi-
`
`
`
`
`
`
`
`
`
`
`
`cating that the remote user who receives the token has been
`
`
`
`
`
`
`authenticated for a particular communication session or for
`
`
`
`
`
`
`
`a particular communication. Thereafter. it is assumed that
`
`
`
`
`
`
`
`some remote user in the environment desires to communi-
`
`
`
`
`
`
`
`
`cate with the application server. When a connection call
`
`
`
`
`
`
`
`
`from that user is received by the application server. a
`determination is made whether a token associated with the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`call was issued by the security mechanism. This is achieved
`
`
`
`
`
`
`
`
`
`by having the application server pass the received token to
`
`
`
`
`
`
`
`
`the security mechanism. which verifies the token’s origina-
`tion. If the token associated with the connection call was
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`issued by the security mechanism. the remote user is con-
`
`
`
`
`
`
`
`nected to the application server; otherwise. the connection is
`
`
`
`
`
`refused. When the connection is successfully established.
`
`
`
`
`
`
`
`further security is provided by associating the token with
`
`
`
`
`
`
`
`
`messages that are provided from the authenticated user to
`
`
`
`the application server.
`
`
`
`
`
`
`Thus. according to the invention. a token is issued to a
`
`
`
`
`
`
`
`
`remote user if the security mechanism initially can deter-
`mine that the remote user is who he claims to be. Thereafter.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`a connection between a remote user and the application
`
`
`
`
`
`
`
`
`server requires the application server to first verify that a
`
`
`
`
`
`
`
`token associated with a connection request was issued by the
`
`
`
`
`
`
`security mechanism. If no token is associated with a con—
`
`
`
`
`
`
`
`
`nection request. or if any token associated with the request
`
`
`
`
`
`was not issued by the security mechanism. the connection is
`refused.
`
`
`
`
`
`
`
`
`
`The foregoing has outlined some of the more pertinent
`
`
`
`
`
`
`
`objects of the present invention. These objects should be
`
`
`
`
`
`
`
`
`construed to be merely illustrative of some of the more
`
`
`
`
`
`
`
`prominent features and applications of the invention. Many
`
`
`
`
`
`
`
`
`
`other beneficial results can be attained by applying the
`disclosed invention in a difierent manner or modifying the
`
`
`
`
`
`
`
`
`
`
`
`
`
`invention as will be described. Accordingly. other objects
`
`
`
`
`
`
`
`and a fuller understanding of the invention may be had by
`
`
`
`
`
`
`
`referring to the following Detailed Description of the pre-
`ferred embodiment
`
`
`BRIEF DESCRIP'I'ION OF THE DRAWINGS
`
`
`
`
`
`
`
`
`
`
`
`For a more complete understanding of the present inven—
`
`
`
`
`
`
`
`
`tion and the advantages thereof. reference should be made to
`
`
`
`
`
`
`
`the following Detailed Description taken in connection with
`
`
`
`
`the accompanying drawings in which:
`
`
`
`
`
`FIG. 1 illustrates a computer network in which the present
`
`
`invention is implemented;
`
`
`
`
`
`
`
`FIG. 2 illustrates a computer used in the computer net—
`
`
`
`
`
`
`
`work of FIG. 1 and comprising a system unit. a keyboard. a
`
`
`
`
`
`
`
`
`mouse and a display. for use in implementing the present
`invention;
`
`
`
`
`
`
`FIG. 3 is an architectural block diagram of the computer
`illustrated in FIG. 2;
`
`
`
`FIG. 4 illustrates a combined schematic and flow diagram
`
`
`
`
`
`
`
`
`
`
`
`illustrating the method for managing communications
`
`
`
`
`
`
`
`
`
`
`
`
`The present invention relates generally to computer net-
`
`
`
`
`
`
`
`works and more particularly to a method that enables
`
`
`
`
`application servers in a distributed environment to authen-
`ticate remote users.
`
`
`
`BACKGROUND OF THE INVENTION
`
`
`
`
`
`
`
`
`
`
`
`
`It
`is well known in the art to interconnect multiple
`
`
`
`
`
`
`
`
`computers into a local area network (LAN) to enable such
`
`
`
`
`
`
`computers to exchange information and share resources. A
`15
`
`
`
`
`
`
`
`local area network provides a distributed computing envi-
`ronment in which users can access distributed resources and
`
`
`
`
`
`
`
`
`
`
`
`
`process applications on multiple computers.
`
`
`
`
`
`
`
`that an
`In a distributed environment,
`it is important
`
`
`
`
`
`
`application server be able to determine unambiguously the
`
`
`
`
`
`
`
`source of a particular connection request
`In a known
`
`
`
`
`
`
`
`
`architecture. a remote usm’ sets his login name as an envi—
`
`
`
`
`
`
`
`
`ronment variable. and this variable is then passed to the
`
`
`
`
`
`
`
`application server when the user desires to connect to the
`
`
`
`
`
`
`
`
`server. In such environments. the server has no way to verify
`
`
`
`
`
`
`
`
`
`
`the identity of the remote user, i.e.. no way to determine
`whether the the user is who he claims to be. Indeed. the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`remote user can set the environment variable to any arbitrary
`
`
`
`
`
`
`
`
`
`string. which the server then has to accept. This known
`
`
`
`
`
`
`technique. which is undesirable. might be avoided by pass-
`
`
`
`
`
`
`
`
`
`
`
`ing to the server (at bind time) the client’s login name and
`
`
`
`
`
`
`
`
`password to thereby enable the server to perform some form
`
`
`
`
`
`
`
`
`of local authentication. But such an approach has a draw-
`
`
`
`
`
`
`
`
`back in that the application server must be trusted not to
`
`
`
`
`
`
`
`misuse the user's password. In many circumstances, that
`constraint cannot be enforced.
`
`
`
`
`
`
`
`
`
`There remains a need to provide a reliable way for
`
`
`
`
`
`application servers to identify remote users in a distributed
`environment.
`
`BRIEF SUMMARY OF THE INVENTION
`
`
`
`
`
`
`
`
`
`
`It is therefore a principal object of the invention to provide
`
`
`
`
`
`
`
`
`a security protocol by which application servers can deter-
`
`
`
`
`
`
`
`mine the authenticity of remote users in a distributed com-
`
`
`
`puter network environment.
`
`
`
`
`
`
`
`It is another object of the invention to enable an applica-
`tion server in a distributed environment to determine unam—
`
`
`
`
`
`
`
`
`
`
`
`
`
`biguously from whom a particular connection request was
`transmitted.
`
`
`
`
`
`
`
`
`It is a more specific object of the invention to provide a
`
`
`
`
`
`
`security mechanism that recognizes when a connection
`
`
`
`
`
`
`request from a non-authenticated remote user is being
`
`
`
`
`
`
`
`
`
`received by the application server and.
`in such event.
`
`
`
`
`
`inhibiting the connection to the server.
`
`
`
`
`
`
`
`It is a further object of the invention to provide a security
`
`
`
`
`
`
`
`mechanism that utilizes an existing local operating system
`
`
`
`
`
`
`authentication facility to initially authenticate remote users.
`
`
`
`
`
`
`
`
`It is another object to provide a method for managing
`communications between one or more remote users and an
`
`
`
`
`
`
`
`
`
`
`
`
`
`application server of a local processing system in a distrib-
`
`
`
`uting computing environment.
`
`
`
`
`
`
`
`
`It is yet another object of the invention to enable appli-
`cation servers to authenticate remote users in a distributed
`
`
`
`
`
`
`
`
`
`
`
`
`environment without the requirement of a distinct server that
`
`
`
`
`maintains a database of security information.
`
`
`
`
`
`
`Further. it is still another object to implement the security
`
`
`
`
`
`
`techniques of the invention across heterogenous computa
`
`
`
`
`
`
`
`
`
`
`65
`
`Page 5 of 9
`
`Page 5 of 9
`
`

`

`5.706.349
`
`
`
`
`4
`Details of the DSOM architecture are described in the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`User’s Guide and Reference Manual to the SOMobjectsTM
`
`
`
`
`
`
`
`Developer Toolkit. published by IBM Corporation. First
`
`
`
`
`
`
`
`Edition (1994). which are incorporated herein by reference.
`
`
`
`
`
`
`
`The above—referenced publications are available from IBM
`
`
`
`
`
`
`
`Corporation as No. SC23-2680-01 for the DSOM User’s
`Guide and No. SC23-2681-01 for the DSOM Reference
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Manual. Of course. other system architectures are likewise
`
`
`
`
`
`useful to implement the network of FIG. 1.
`
`
`
`
`
`
`
`FIG. 2 illustrates one of the computing systems of FIG. 1.
`
`
`
`
`
`
`
`The computer system 20 comprises a system unit 21. a
`
`
`
`
`
`
`
`
`keyboard 22. a mouse 23 and a display 24. The screen 26 of
`
`
`
`
`
`
`display device 24 is used to present a graphical user interface
`
`
`
`
`
`
`
`
`(GUI). The graphical user interface supported by the oper-
`
`
`
`
`
`
`
`
`
`
`ating system allows the user to use a point and shoot method
`
`
`
`
`
`
`
`
`
`of input. i.e.. by moving the mouse pointer 25 to an icon
`
`
`
`
`
`
`
`representing a data object at a particular location on the
`
`
`
`
`
`
`
`screen 26 and pressing on the mouse buttons to perform a
`user command or selection.
`
`
`
`
`
`
`
`
`
`
`FIG. 3 shows a block diagram of the components of the
`
`
`
`
`
`
`
`
`personal computer shown in FIG. 2. The system unit 21
`
`
`
`
`
`
`
`includes a system bus or plurality of system buses 31 to
`
`
`
`
`
`
`
`
`which various components are coupled and by which com—
`
`
`
`
`
`
`munication between the various components is accom-
`
`
`
`
`
`
`plished. The microprocessor 32 is connected to the system
`
`
`
`
`
`
`
`
`bus 31 and is supported by read only memory (ROM) 33 and
`
`
`
`
`
`
`
`random access memory (RAM) 34 also connected to system
`
`
`
`
`
`
`
`
`bus 31. A microprocessor in the IBM PS/2 series of com—
`
`
`
`
`
`
`
`puters is one of the Intel family of microprocessors includ-
`
`
`
`
`
`
`
`ing the 386 or 486 microprocessors. Other microprocessors
`
`
`
`
`
`
`
`
`included. but not limited to, Motorola’s family of micro-
`
`
`
`
`
`
`
`
`processors such as the 68000. 68020 or the 68030 micro-
`
`
`
`
`
`
`
`processors and various RISC microprocessors such as the
`
`
`
`
`
`
`F'owerPCTM microprocessor manufactured by IBM. and oth-
`
`
`
`
`
`
`
`
`ers made by Hewlett Packard. Sun. Intel. Motorola and
`
`
`
`
`
`
`others may be used in the specific computer.
`
`
`
`
`
`
`
`
`The ROM 33 contains among other code the Basic
`
`
`
`
`
`
`
`Input-Output system (BIOS) which controls basic hardware
`
`
`
`
`
`
`
`
`
`operations such as the interaction and the disk drives and the
`
`
`
`
`
`
`
`
`
`keyboard. The RAM 34 is the main memory into which the
`
`
`
`
`
`
`
`
`operating system and application programs are loaded. The
`
`
`
`
`
`
`
`memory management chip 35 is connected to the system bus
`
`
`
`
`
`
`
`
`31 and controls direct memory access operations including.
`
`
`
`
`
`
`
`
`
`passing data between the RAM 34 and hard disk drive 36
`
`
`
`
`
`
`
`
`
`and floppy disk drive 37. The CD ROM 42. also coupled to
`
`
`
`
`
`
`
`
`
`the system bus 31. is used to store a large amount of data.
`
`
`
`
`
`e.g.. a multimedia program or large database.
`
`
`
`
`
`
`
`
`Also connected to this system bus 31 are various IIO
`
`
`
`
`
`
`
`
`controllers: the keyboard controller 38. the mouse controller
`39, the video controller 40. and the audio controller 41. The
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`keyboard controller 38 provides the hardware interface for
`
`
`
`
`
`
`
`
`
`the keyboard 22.
`the mouse controller 39 provides the
`hardware interface for the mouse 23. the video controller 40
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`is the hardware interface for the display 24. and the audio
`controller 41 is the hardware interface for the speakers 250
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`and 25b. An I/O controller 50 such as a Token Ring Adapter
`enables communication over the local area network 56 to
`
`
`
`
`
`
`
`
`
`
`
`
`
`other similarly configured data processing systems.
`
`
`
`
`
`
`
`In the DSOM architecture. a manager process called
`
`
`
`
`
`
`
`daemon SOMDD runs on every node in the network on
`
`
`
`
`
`
`
`
`
`which an application server runs. The main task of the
`
`
`
`
`
`
`
`
`SOMDD process is to start
`the application server (if
`
`
`
`
`
`
`
`necessary) and to manage server binding handles. A binding
`
`
`
`
`
`
`
`
`
`handle specifies the location of the server process as a
`
`
`
`
`
`
`
`
`
`network address and the port number where the server
`
`
`
`
`
`
`process is running. To communicate with an application
`
`
`
`
`3
`
`
`
`
`
`
`between a remote user and an application server according
`
`
`
`
`
`to the present invention; and
`
`
`
`
`
`
`
`FIG. 5 illustrates the connection protocol that occurs
`
`
`
`
`
`
`
`
`
`between the remote user and the application server in the
`method of FIG. 4.
`
`
`DETAILED DESCRIPTION
`
`
`
`
`
`
`
`
`
`the present invention is directed
`As described above.
`
`
`
`
`
`
`generally to managing communication between client and
`
`
`
`
`
`
`server processes in a computer network providing a distrib-
`
`
`
`
`
`
`
`uting environment in which users can access distributed
`
`
`
`
`
`
`resources and process applications on multiple heterogenous
`computers.
`
`A known distributed environment is illustrated in FIG. 1
`
`
`
`
`
`
`and includes two or more nodes A. B and C connected
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`through a communication link or network 10. Each node
`
`
`
`
`
`
`
`includes a computing system comprising processing unit 12.
`
`
`
`
`
`
`
`
`
`operating system 14. one or more processes 15. disk file
`
`
`
`
`
`
`
`
`system 16 and application software 17. The network 10 can
`
`
`
`
`
`
`
`
`be a local area network (LAN) or a wide area network
`
`
`
`
`
`
`(WAN). the latter comprising a switched or leased telepro—
`
`
`
`
`
`
`cessing (TP) connection to other nodes or to a network of
`
`
`
`
`
`
`
`systems under IBM’s Systems Network Architecture (SNA).
`
`
`
`
`
`
`
`
`A simplified description of local area networks may be
`
`
`
`
`
`
`
`found in a book by Larry E. Jordan and Bruce Churchill
`
`
`
`
`
`
`
`
`entitled Communications and Networla'ng for the IBM PC.
`
`
`
`
`
`published by Robert J. Brady (a Prentice-Hall Company)
`(1983).
`
`
`
`
`
`
`
`
`Each of the computing systems may be a single user
`
`
`
`
`
`
`
`system or a mnlti—user system. although generally the
`
`
`
`
`
`
`present invention will be implemented in a multi-user sys—
`
`
`
`
`
`
`
`
`tem environment. For example. each processing system may
`
`
`
`
`
`
`
`
`be a RISC System/6000® (a reduced instruction set or
`
`
`
`
`
`
`so—called RISC-based workstation) running the ADK®
`
`
`
`
`
`
`(Advanced Interactive Executive) operating system The
`
`
`
`
`
`
`
`AD( operating system is compatible at
`the application
`
`
`
`
`
`
`
`interface level with A'I‘&T’s UN1X® operating system.
`
`
`
`
`
`
`
`
`version 5.2. The various models of the RISC-based personal
`
`
`
`
`
`
`
`computers are described in many publications of the IBM
`
`
`
`
`
`
`
`Corporation. for example. RISC System/6000. 7073 and
`7016 POWERstation and POWERserver Hardware Techni-
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`cal Reference. Order No. SA23-2644-00. The AIX operating
`
`
`
`
`
`
`
`system is described in AIX Operating System Technical
`
`
`
`
`
`
`
`Reference. published by IBM Corporation. First Edition
`
`
`
`
`
`
`(November. 1985). and other publications. A detailed
`
`
`
`
`
`
`
`description of the design of the UNIX operating system is
`
`
`
`
`
`
`
`found in a book by Maurice J. Bach. Design of the Unix
`
`
`
`
`
`
`Operating System. published by Prentice-Hall (1986). The
`
`
`
`
`
`
`
`
`invention may also be implemented on other multiuser
`
`
`
`
`
`
`
`
`machines such as the IBM AS/400® running the OS/400®
`
`
`operating system.
`
`
`
`
`
`
`In a particular implementation. not meant to be limiting.
`
`
`
`
`
`
`
`the network of FIG. 1 includes a plurality of IBM multi-user
`AS/400 workstations interconnected under IBM’s Distrib-
`
`
`
`
`
`
`
`
`
`
`
`
`
`uted System Object Model (DSOMW) architecture. which is
`
`
`
`
`
`
`
`an object-oriented programming system. This known object
`
`
`
`
`
`
`oriented programming system allows rapid development.
`
`
`
`
`
`
`implementation and customization of so-called objects.
`
`
`
`
`
`
`
`
`
`Each new object has certain data attributes and processes
`
`
`
`
`
`
`
`that operate on that data. Data is said to be “encapsulated”
`
`
`
`
`
`
`
`
`by an object and can only be modified by the object methods.
`
`
`
`
`
`
`
`
`which are invoked by sending a message to an object
`
`
`
`
`
`
`
`
`identifying the method and supplying any needed argu-
`
`
`
`
`
`
`
`ments. Methods are invoked by receiving messages from
`
`
`
`
`
`
`
`
`
`other objects. The system has a message router that routes
`
`
`
`messages between objects.
`
`Page 6 of 9
`
`10
`
`
`
`15
`
`
`
`20
`
`25
`
`
`
`30
`
`
`35
`
`
`
`45
`
`
`
`50
`
`
`
`55
`
`
`
`65
`
`
`
`Page 6 of 9
`
`

`

`5,706,349
`
`
`
`6
`
`5
`
`10
`
`
`
`15
`
`
`
`
`
`
`
`
`
`
`
`
`server. a client process (which may or may not be running
`
`
`
`
`
`
`
`
`on the same machine) needs to know the port on which the
`
`
`
`
`
`
`
`
`application server is registered. To accomplish this. the
`
`
`
`
`
`
`
`client
`issues a Get_binding() request message to the
`
`
`
`
`
`
`
`SOMDD process. which if necessary registers the applica-
`
`
`
`
`
`
`
`
`
`tion server and sends the binding information (in the form of
`
`
`
`
`
`
`
`
`
`a binding handle) to the client. After the SOMDD process
`
`
`
`
`
`
`
`
`returns the binding information to the client. subsequent
`
`
`
`
`
`
`
`
`connections between the client and the application process
`
`
`
`
`
`
`may be effected by the client issuing 3 Connect() call to the
`
`
`application server.
`
`
`
`
`
`
`
`
`With the above background. the present invention can
`
`
`
`
`
`
`
`now be described in detail. Because the application server is
`
`
`
`
`
`
`
`
`a sensitive resource, it is desired that it be able to trust clients
`
`
`
`
`
`
`
`who seek connections therewith. Although it is assumed that
`
`
`
`
`
`
`
`the network is physically secure (thus making encryption
`
`
`
`
`
`
`
`unnecessary), prior art techniques do not provide adequate
`
`
`
`
`
`
`
`security. Thus. according to the invention the SOMDD
`
`
`
`
`
`
`
`process (or some equivalent manager process) is enhanced
`20
`
`
`
`
`
`
`
`
`to include a security protocol routine that enables the
`
`
`
`
`
`
`
`application server to authenticate remote clients. The secu-
`
`
`
`
`
`
`
`
`rity protocol may be a piece of standalone code (i.e. a series
`
`
`
`
`
`
`
`of instructions) instead of part of the manager process itself.
`
`
`
`
`
`
`
`
`Typically. however, the security protocol of the present
`
`
`
`
`
`
`
`
`
`invention (with or without the manager process) will be
`
`
`
`
`
`
`
`
`
`supported on the same local processing system as the
`
`
`
`
`
`
`
`application server but will run as a standalone process.
`
`
`
`
`
`
`
`The operation of the inventive protocol in the context of
`
`
`
`
`
`
`
`a DSOM architecture is illustrated in FIG. 4. This example
`
`
`
`
`
`
`
`
`is merely representative. and the invention is not limited to
`
`
`
`
`
`
`
`
`this particular platform. The method begins at step 70 in the
`
`
`
`
`
`
`
`Get bindingO call to initialize a string. referred to herein for
`
`
`
`
`
`
`
`convenience as object { Um. Umu}. Generally. the client’s
`
`
`
`
`
`
`
`
`name and password will be stored in the system in a secure
`
`
`
`
`
`
`
`
`
`manner and thus a security scheme (such as the General
`
`
`
`
`
`
`Security Service Application Programming Interface (GSS
`
`
`
`
`
`
`
`
`API)) is called to extract the necessary information. This
`
`
`
`
`
`
`
`
`
`
`step can be omitted. At step 72. the G88 API returns to the
`
`
`
`
`
`
`
`client an initialized data string. referred to herein as {Ummg
`
`
`
`
`
`
`
`Umn}. which data string may be in object form or in the
`
`
`
`
`
`
`
`
`form of a data structure. This data string includes a login
`
`
`
`
`
`
`name {Um}. and password {Upm} in scrambled form. A
`
`
`
`
`
`
`
`universal unique identifier (UUID) is generated and added to
`
`
`
`
`
`
`
`
`the name and password suing to form a string. referred to
`
`
`
`
`
`
`
`herein as {Umw UP“. UUID}. and this string likewise
`
`
`
`
`
`
`
`may be an object or other suitable data structure. Universal
`
`
`
`
`
`
`unique identifiers (UUID’s) are created by a UUID genera-
`
`
`
`
`
`
`
`tor routine. A UUTD is essentially a long random number.
`
`
`
`
`
`
`
`
`Inclusion of the UUID insures the uniqueness of the trans—
`
`
`
`
`
`
`
`
`mitted string. At step 74, the string {Um. Up“, UUID} is
`
`
`
`
`
`
`
`
`overlaid on the Get_binding() request message to the
`
`
`SOMDD process.
`
`
`
`
`
`
`
`
`As noted above, the SOMDD process resides on each
`
`
`
`
`
`
`
`node of the network where an application server resides. The
`
`
`
`
`
`
`
`SOMDD process as shown in FIG. 4 has been enhanced
`
`
`
`
`
`
`
`
`according to the invention to include the novel security
`
`
`
`
`
`
`
`routine. As discussed above. the inventive technique may
`
`
`
`
`
`
`also be implemented in a standalone module instead of being
`
`
`
`
`
`
`
`incorporated into the SOMDD process. FIG. 4 is thus
`
`
`
`
`representative of one implementation method.
`
`
`
`
`
`
`
`
`The SOMDD process detects that there is a {Umw Up”.
`
`
`
`
`
`
`
`
`UUID} data string in the incoming message. In response. the
`
`
`
`
`
`
`SOMDD process extracts the UW and Up”, information
`
`
`
`
`
`
`
`
`and. at step ‘76. invokes an operating system specific authen-
`
`
`
`
`
`
`
`tication API using an Authn() message. In the preferred
`
`
`
`
`
`
`
`
`implementation. the inventive protocol uses the DSOM User
`
`
`
`
`
`
`
`Registry (or some equivalent user identification construct)
`
`
`
`
`
`
`
`
`
`
`
`
`that is supported by the operating system of the local
`
`
`
`
`
`
`processing system itself although. if necessary. a remote
`
`
`
`
`
`
`
`procedure call may be used to effect remote authentication
`
`
`
`
`
`
`
`
`
`if no local registry is present At step 78. the registry API
`
`
`
`
`
`
`
`returns TRUE or FALSE depending on whether the login
`
`
`
`
`
`
`
`
`
`name and valid password are defined in the User Registry.
`
`
`
`
`
`
`
`
`If the registry API is returned FALSE. the SOMDD process
`
`
`
`
`
`
`returns to the client an authentication failure message. If in
`
`
`
`
`
`
`
`step 78 the registry API is returned TRUE. the SOMDD
`
`
`
`
`
`
`
`process generates a string {K5}. which is typically random
`
`
`
`
`(but may also be deterministic).
`
`
`
`
`
`
`
`In particular. this preferably random suing is referred to
`as a “token". which functions to “confirm” that the remote
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`user bearing the token is who he claims to be (provided the
`
`
`
`
`
`
`
`
`token is recognized as will be seen). The word “token" is not
`
`
`
`
`
`
`
`
`meant to have any limiting connotation. At step 80. the
`
`
`
`
`
`
`
`
`
`SOMDD process passes the token (along with the binding
`
`
`
`
`
`
`
`
`information for the application server) back to the remote
`
`
`
`
`
`
`
`
`user. and the remote user is then said to be “authenticat
`"
`
`
`
`
`
`
`
`
`for the session or the particular communication. String {Ks}
`
`
`
`
`
`
`
`may be an 8-byte string that is unique to each session or
`
`
`
`
`
`
`communication. Each program invoked by a client may
`
`
`
`
`
`
`
`
`receive a particular token. The SOMDD process also stores
`
`
`
`
`
`
`
`
`locally both a copy of the random string {Ks} and the UUID.
`Assume now that the client DSOM runtime makes a
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Connect()call to the application server. If the client received
`
`
`
`
`
`
`
`
`
`
`a token {Ks} from the SOMDD process in step 80. it
`
`
`
`
`
`
`
`
`initializes a {UW UUID. Ks} data string (with UM,”
`
`
`
`
`
`
`
`
`being the same as originally sent to the SOMDD process)
`
`
`
`
`
`
`
`
`
`
`and. at step 82, the client sends the application server this
`
`
`
`
`
`
`
`string overlaid on a SOMD_CONNECI‘ request. The appli—
`cation server DSOM runtime code detects the {Um.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`UUID. KS} string and. at step 84. makes a call to the
`
`
`
`
`
`
`
`SOMDD process to verify if SOMDD really issued the
`
`
`
`
`
`
`
`
`token K5 for the session UUID. In particular. the SOMDD
`
`
`
`
`
`
`
`
`
`process verifies the request by searching for the same
`
`
`
`
`
`
`
`{UUID. K5} in its internal storage. The response to this
`
`
`
`
`
`
`
`inquiry is returned to the application server at step 86. If a
`
`
`
`
`
`
`
`
`match is found. the SOMDD process returns TRUE to the
`
`
`
`
`
`
`
`application server; otherwise FALSE is returned. If the
`
`
`
`
`
`
`SOMDD process returns TRUE.
`the application server
`
`
`
`
`
`
`
`
`accepts the connection. If the SOMDD process returns
`
`
`
`
`
`
`
`FALSE. an authentication failure message is sent back to the
`client and the connection is refused.
`
`
`
`
`
`
`
`
`
`
`
`One particular messaging protocol implemented upon a
`
`
`
`
`
`
`DSOM runtime connect request is illustrated in FIG. 5. As
`discussed above. when the client desires to connect to the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`application server. it transmits the {Umw UUID. Ks} string
`
`
`
`
`
`
`
`
`along with the SOMD__CONNECI‘ request. The application
`
`
`
`
`
`
`
`server issues a Verify_authn() message to the SOMDD
`
`
`
`
`
`
`
`
`
`process. which then verifies whether or not the client has
`
`
`
`
`
`
`been previously authenticated as discribed above. A TRUE
`or FALSE indication is then returned to the server. If the
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`client has been previously authenticated (i.e. if the {UUID.
`
`
`
`
`
`
`
`K5} is located in the SOMDD storage). a rechonnectO
`
`
`
`
`
`
`
`
`message SOMD_ACKMASK is sent to the client and the
`
`
`
`
`
`
`
`
`
`
`connection is accepted (see step 88). If the client has not
`
`
`
`
`
`
`
`
`been previously authenticated (i.e. if the {UUID. K5} is not
`
`
`
`
`
`located in the SOMDD storage). a rechonnectOmessage
`
`
`
`
`
`
`SOMD_NACK:SOMD_AUTI-IFAIL is sent to the client
`and the connection is refused.
`
`
`
`
`
`
`
`
`
`
`
`the
`When the connection is successfully established.
`
`
`
`
`
`
`
`DSOM runtime on the client side associates each message to
`
`
`
`
`
`
`
`
`
`the application server with the token {KS} and the DSOM
`
`
`
`
`
`
`
`
`
`
`runtime on the server side verifies this token with the
`
`
`
`
`
`
`information cached during the Connect() call.
`
`
`
`
`
`
`According to the present
`invention. each client that
`desires to talk to the server in an authenticated manner (or
`
`
`
`
`
`
`
`
`
`
`25
`
`
`
`30
`
`35
`
`
`
`
`
`45
`
`
`
`50
`
`
`
`55
`
`
`
`65
`
`
`
`Page 7 of 9
`
`Page 7 of 9
`
`

`

`5,706,349
`
`
`
`
`8
`
`
`
`
`
`
`
`
`that the invention can be practiced. with modification. in
`
`
`
`
`
`
`
`
`other and different operating systems and network architec-
`
`
`
`
`
`
`
`
`
`
`tures with the spirit and scope of the appended claims. The
`
`
`
`
`
`
`present invention. however. is not to be construed as limited
`
`
`
`
`
`
`
`
`
`to the DSOM architecture and thus in a more general sense
`
`
`
`
`
`
`
`
`the invention should be broadly construed to cover any
`
`
`
`
`
`
`
`network environment where application servers are required
`to or desire to authenticate remote users. As used herein. the
`
`
`
`
`
`
`
`
`word “remote” should not be construed as requiring the user
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`to located on a physically distinct machine. although usually
`
`
`
`
`
`
`
`
`
`that will be the case. A “remote user” may also be a client
`
`
`
`
`
`
`
`
`process running on the same local processing system as the
`
`
`application server.
`
`
`
`
`
`
`
`