Abstract

A distributed authentication service that automates an authentication exchange between a user and an application program of a distributed network system. The novel distributed authentication service comprises an exchange controller coupled to an authentication database containing a group of encrypted application secrets associated with the user. Each application secret is, in turn, associated with a particular program resident in the system. According to the present invention, the controller cooperates with the database to automate the exchange procedure by (i) receiving an authentication inquiry generated by the particular program in response to the user's request to access that program and (ii) providing that program with the proper application secret retrieved from the database. The group of encrypted application secrets associated with the user is referred to as a "keychain." Each keychain is assigned a public/private key pair, with all secrets in the keychain being encrypted with the public key. The user may be associated with one or more keychains, each of which may be further associated with different secrets. Since these secrets correspond to application programs, the association of programs to keychains may be based upon various characteristics, such as the user's rights with respect to the programs. Furthermore, each application program may be accessible by the same or different users so that, e.g., those users having the same access rights for a program may utilize the same keychain containing each user's secrets for the programs.

Other References

• Netscape 2, Special Ed.; Que Corp.; Indianapolis, IN, Sep. 1, 1995
• Prc, Aps-Tr-Trg-00-06.03; Manual of the Automated Patent System, Sep. 1988
• Prc, Aps-Tr-Trg-00-06.09; Manual of the Automated Patent System, May 29, 199