US 6,983,377 B1 | ||
Method for checking user access | ||
Neil Beesley, Issaquah, Wash. (US); Dietmar Gaertner, Ober-Ramstadt (Germany); James Holme, Bickenbach (Germany); Terence Kennedy, Darmstadt (Germany); Dieter Kessler, Weiterstadt (Germany); and Thomas Vogler, Darmstadt (Germany) | ||
Assigned to Software AG, Darmstadt (Germany) | ||
Filed on Nov. 24, 1999, as Appl. No. 9/448,991. | ||
Claims priority of application No. 99103951 (EP), filed on Mar. 08, 1999. | ||
Int. Cl. H04L 9/32 (2006.01) |
U.S. Cl. 713—201 | 13 Claims |
1. A method for checking the access of a user operating a first computer system controlled by a first security system to software
and/or data on a second computer system controlled by a second security system comprising the following steps:
a) transmitting a user-id from said first computer system to said second computer system and a challenge from said second
computer system to said first computer system,
b) transmitting said user-id and said challenge from said first computer system to said first security system,
c) transmitting said user-id from said second computer system to a trusted agent and from said trusted agent to said second
security system,
d) transmitting a shared secret, which is registered in said first security system and in said second security system, from
said second security system to said trusted agent and from said trusted agent to said second computer system,
e) calculating in said first security system a first response using said shared secret,
f) calculating in an access control unit of said second computer system, which access control unit is able to apply the rules
of the first security system to calculate a response to a challenge, a second response to said challenge using said shared
secret,
g) transmitting said first response from said first security system to said first computer system, and
h) transmitting said first response from said first computer system to said second computer system and comparing said first
response and said second response in the second computer system in order to complete the access check of said user.
|