The invention disclosed herein relates generally to membership verification and, more particularly to a method of verifying membership in order to access a secure environment.
In a typical situation, when a user wants access to a secure environment, the user exchanges information such as a user name and password with that secure environment. When the user wants access to another secure environment, the user would exchange other information, such as another user name and password, with that secure environment. An example of this scenario is where several users, each access secure environment A and secure environment B by exchange of information known to each user and to each secure environment. In this situation, prior to authentication of the user, the user is known as the claimant or party presenting an identity and claiming to be a principal. The principal is a legitimate owner of an identity. The secure environments are known as verifiers or parties that gain confidence that the claimant""s claim is legitimate.
Claimants can be authenticated using a variety of methods. Generally, there are three types or levels of authentication based on information shared with a claimant. Each of the three levels provides a different level of security. The three levels of authentication are based upon 1) xe2x80x9cwhat a claimant knowsxe2x80x9d, such as, for example, a user name and password; 2) xe2x80x9cwhat a claimant has,xe2x80x9d such as, for example, a cryptographic token or a smart card with secret information; and 3) xe2x80x9cwhat a claimant isxe2x80x9d, such as, for example, biometrics information including fingerprints and retinal prints. Each of these levels or types of authentication require that the claimant and the verifier know the information that is being used for authentication purposes.
Access to secure environments can be set up so that security requires claimants and verifiers each to know information that will be used for authentication. These shared knowledge security systems can be based upon, for example, user name and password, and user locations, etc. Administration of the shared knowledge is costly, difficult and impractical for systems with many users. For example, many large corporations have thousands of users of their computer systems. In a system using user name and password, a data base of thousands of user names and passwords must be stored and maintained. Some systems use address-based security which authenticates a claimant based on the originating address of the claimant, such as for example, the Internet Protocol Address of the claimant""s server. The problem with these systems is that the claimant frequently changes addresses and the system is costly and administratively difficult to manage. Another problem with the address-based system is that, even if the claimants do not change addresses, the number of addresses that need to be maintained could be, for a large company, too difficult and costly to manage. Another problem with the address-based system is that it is unable to provide a means of access for a mobile user, such as, for example a mobile worker.
Not only is the shared information administratively difficult and costly for the administrator of the secure environment to maintain, the information can also be cumbersome for the user to remember. This is because each user must remember information for each secure environment. In addition to being cumbersome, the situation might compromise the security of the passwords. For example, a user might write down the password in an attempt to remember it. The password could then be obtained (from the user""s written note) by an unauthorized person.
Secure environments can be secure domains such as interconnected networks. For example, a company intranet which is an interconnected collection of networks can be a secure domain. Secure domains can be interconnected by networks, such as for example, the Internet. Multiple secure domains connected to the Internet is an example of a situation where a user would need access to multiple secure domains in order to obtain services provided by those domains. Each secure domain may require some common information for authentication purposes. Thus, the situations described above are applicable to the authentication of an Internet service claimant.
In the Internet example, there are scenarios where providing access to a secure domain by use of authentication information is cumbersome and/or administratively difficult. For example, in one scenario, if a user after gaining access to a secure domain, remembers a particular URL in that domain, by use of, for example, a browser bookmark and the user would like to later gain access to that URL, the user will not be able to access the secure domain without first providing the user""s authentication information. In another scenario, if the user would like to access another secure domain, the user will not be able to access the secure domain without first providing the user""s authentication information associated with that secure domain. In yet another scenario, if secure domain A and secure domain B are associated in such a way that the administrator of secure domain A wants users of secure domain A to gain access to secure domain B or some subset of secure domain B, access to both domains would not be available without the administrative burden of maintaining a database of user authentication information at each secure domain.
Thus, one of the problems of the prior art is that providing access to a secure environment requires that the verifier know particular information about each claimant. Another problem of the prior art is that providing access to a secure environment requires that the verifier know particular information about the claimant""s address. Another problem of the prior art is that information shared between the claimant and the verifier is administratively difficult and impractical to gather and maintain for a system with, for example, thousands of claimants seeking access to the secure domain. Another problem of the prior art is that access to a URL at a secure domain requires verification of the claimant each time the URL is accessed. Another problem of the prior art is that associated secure domains each need verification information.
This invention overcomes the disadvantages of the prior art by providing a way to access a secure environment by first accessing another secure environment. The present invention is directed to, in a general aspect, a method of authenticating membership for providing access to a secure environment. The environment for which access is requested can be a network environment, such as, for example, an Internet, containing a first secure domain and a second secure domain. Network connections can be made using TCP/IP protocols (Transmission Control Protocol/Internet Protocol). Claimants inside and outside of the first secure environment are afforded access to the second secure environment, or portion thereof, by virtue of being authenticated into the first secure environment. Also, specific information can be obtained based on the knowledge that claimants have access to the first secure environment. The first secure environment uses its own authentication information, such as a database of user names and passwords, for authenticating claimants. In order for an outside claimant to gain access to the second secure environment, the outside claimant must have previously been an inside claimant that used the first secure environment and accessed to second secure environment while using the first secure environment. When the inside claimant accesses the second secure environment, the second secure environment server stores location information with the claimant""s computer. That information can be a cookie containing first secure environment""s URL. The cookie can be stored on the claimant""s computer. The information is updated each time the claimant accesses the second secure environment from inside the first secure environment. Thus, if the first secure environment location information has changed, the information stored with the claimant will be updated.
When the claimant moves outside the first secure environment and tries to access the second secure environment directly, the second secure environment server reads the first secure environment location information from the claimant""s computer and sends the claimant to the first secure environment where the claimant must provide authentication information to the first secure environment server. Once the outside claimant has gained access to the first secure environment, the outside claimant is given origin authentication information, such as, a digital signature, and the claimant is sent to the second secure environment server. Then, the second secure environment verifies the digital signature and allows the claimant access to information in the second secure environment. The claimant, upon verification, is a principal. The method allows the second secure environment administrator to xe2x80x9cpiggybackxe2x80x9d on the first secure environment""s security and avoid administrative inconveniences of implementing its own security. Thus, the second secure environment security is then, only as good as the security provided by the first secure environment.
Thus, an advantage of the method of the present invention is that it does not require the second secure environment to maintain verification information. Another advantage of the present invention is that authentication information is less costly to maintain. Another advantage of the present invention is that authentication information is less cumbersome to administer. Another advantage of the present invention is that claimants do not need multiple verification information to access associated secure environments. Another advantage of the present invention is that it provides a way to authenticate large groups of users with less administration. Other advantages of the invention will in part be obvious and will in part be apparent from the specification. The aforementioned advantages are illustrative of the advantages of the various embodiments of the present invention.