authentication credentials from legacy applications are translated to kerberos authentication requests. authentication credentials from the legacy application are directed to an authentication proxy module. The authentication proxy module acts as a credential translator for the application by receiving a set of credentials such as a user name and password, then managing the process of authenticating to a kerberos server and obtaining services from one or more Kerberized applications, including kerberos session encryption. A credential binding module associates a user corresponding to authentication credentials from a legacy authentication protocol with one or more kerberos credentials. Anonymous authentication credentials may be translated to authentication requests for a network directory services object, such as a computer object or service object.
|
0. 31. An apparatus to provide authentication services to legacy applications, the apparatus comprising:
at least one computing device comprising computer hardware, including at least one computer processor, that:
executes an authentication proxy module stored in computer memory, thereby causing the computer hardware to receive, from one or more legacy applications executing on an application server, legacy authentication credentials corresponding to a legacy authentication protocol selected from the group consisting of RADIUS, TACACS, LDAP, SQL and ODBC, wherein the one or more legacy applications are not configured to use a kerberos authentication protocol to authenticate a user; and
executes a credential binding module stored in computer memory and in communication with the authentication proxy module, thereby causing the computer hardware to associate the legacy authentication credentials with a kerberos credential;
and wherein execution of the authentication proxy module by the computing device further causes the computer hardware to: (i) authenticate a user corresponding to the legacy authentication credentials using a kerberos authentication protocol by invoking a kerberos authentication request to a kerberos server, and (ii) use the kerberos credential received from the credential binding module to authenticate the user when the kerberos server is temporarily unavailable.
0. 25. A system to provide authentication services to legacy applications, the system comprising:
an application server comprising computer hardware including at least one computer processor and executing one or more legacy applications configured to authenticate a user based on one or more user credentials received from a client using a legacy authentication protocol selected from the group consisting of RADIUS, TACACS, LDAP, SQL and ODBC, wherein the one or more legacy applications are not configured to authenticate using a kerberos authentication protocol;
at least one computing device comprising computer hardware, including at least one computer processor, that:
executes an authentication proxy module stored in computer memory, thereby causing the computer hardware to receive legacy authentication credentials from the one or more legacy applications corresponding to the legacy authentication protocol, wherein the legacy authentication credentials are associated with the one or more user credentials; and
executes a credential binding module stored in computer memory and in communication with the authentication proxy module, thereby causing the computer hardware to associate the legacy authentication credentials with a cached kerberos credential;
and wherein execution of the authentication proxy module further causes the computer hardware to: (i) authenticate the user corresponding to the legacy authentication credentials using a kerberos authentication protocol by invoking a kerberos authentication request to a kerberos server, and (ii) use the cached kerberos credential received from the credential binding module to authenticate the user when the kerberos server is temporarily unavailable.
0. 1. A system to provide authentication services to legacy applications, the system comprising:
one or more legacy applications executing on an application server and configured to authenticate a user based on one or more user credentials received from a client using a legacy authentication protocol, wherein the one or more legacy applications are not configured to authenticate using a kerberos authentication protocol;
an authentication proxy module executing on a computing device and configured to receive legacy authentication credentials from the one or more legacy applications corresponding to the legacy authentication protocol, wherein the legacy authentication credentials are associated with the one or more user credentials; and
a credential binding module in communication with the authentication proxy module and configured to associated the legacy authentication credentials with a cached kerberos credential,
and wherein the authentication proxy module is further configured to: (i) authenticate the user corresponding to the legacy authentication credentials using a kerberos authentication protocol by invoking a kerberos authentication request to a kerberos server, and (ii) use the cached kerberos credential received from the credential binding module to authenticate the user when the kerberos server is temporarily unavailable.
2. The system of
one or more legacy applications executing on an application server and configured to authenticate a user based on one or more user credentials received from a client, wherein the one or more legacy applications are not configured to authenticate using a kerberos authentication protocol;
an authentication proxy module executing on a computing device and configured to receive legacy authentication credentials from the one or more legacy applications, wherein the legacy authentication credentials are associated with the one or more user credentials; and
a credential binding module in communication with the authentication proxy module and configured to associate the legacy authentication credentials with a cached kerberos credential,
wherein the authentication proxy module is further configured to: (i) authenticate the user corresponding to the legacy authentication credentials using a kerberos authentication protocol by invoking a kerberos authentication request to a kerberos server, and (ii) use the cached kerberos credential received from the credential binding module to authenticate the user when the kerberos server is temporarily unavailable;
wherein the cached kerberos credential comprises a previously-generated kerberos credential, and wherein the authentication proxy module is further configured to use the previously-generated kerberos credential to authenticate a user that has not previously been authenticated by the one or more legacy applications, when the kerberos server is temporarily unavailable.
3. The system of
one or more legacy applications executing on an application server and configured to authenticate a user based on one or more user credentials received from a client using a legacy authentication protocol, wherein the one or more legacy applications are not configured to authenticate using a kerberos authentication protocol;
an authentication proxy module executing on a computing device and configured to receive legacy authentication credentials from the one or more legacy applications corresponding to the legacy authentication protocol, wherein the legacy authentication credentials are associated with the one or more user credentials; and
a credential binding module in communication with the authentication proxy module and configured to associate the legacy authentication credentials with a cached kerberos credential,
wherein the authentication proxy module is further configured to: (i) authenticate the user corresponding to the legacy authentication credentials using a kerberos authentication protocol by invoking a kerberos authentication request to a kerberos server, and (ii) use the cached kerberos credential received from the credential binding module to authenticate the user when the kerberos server is temporarily unavailable;
and wherein the authentication proxy module is further configured to eliminate anonymous binds by authenticating as a network directory services object as a proxy for an anonymous user.
0. 4. The system of
5. The system of
one or more legacy applications executing on an application server and configured to authenticate a user based on one or more user credentials received from a client using a legacy authentication protocol wherein the one or more legacy applications are not configured to authenticate using a kerberos authentication protocol;
an authentication proxy module executing on a computing device and configured to receive legacy authentication credentials from the one or more legacy applications corresponding to the legacy authentication protocol, wherein the legacy authentication credentials are associated with the one or more user credentials; and
a credential binding module in communication with the authentication proxy module and configured to associate the legacy authentication credentials with a cached kerberos credential,
wherein the authentication proxy module is further configured to: (i) authenticate the user corresponding to the legacy authentication credentials using a kerberos authentication protocol by invoking a kerberos authentication request to a kerberos server, and (ii) use the cached kerberos credential received from the credential binding module to authenticate the user when the kerberos server is temporarily unavailable;
and wherein the legacy authentication credentials comprise a biometric.
0. 6. The system of
0. 7. The system of
0. 8. The system of
0. 9. The system of
0. 10. An apparatus to provide authentication services to legacy applications, the apparatus comprising:
an authentication proxy module executing on a computing device and configured to receive from one or more legacy applications executing on an application server legacy authentication credentials corresponding to a legacy authentication protocol, wherein the one or more legacy applications are not configured to use a kerberos authentication protocol to authenticate a user; and
a credential binding module in communication with the authentication proxy module and configured to associate the legacy authentication credentials with a kerberos credential,
and wherein the authentication proxy module is further configured to: (i) authenticate a user corresponding to the legacy authentication credentials using a kerberos authentication protocol by invoking a kerberos authentication request to a kerberos server, and (ii) use the kerberos credential received from the credential binding module to authenticate the user when the kerberos server is temporarily unavailable.
11. The apparatus of
one or more legacy applications executing on an application server and configured to authenticate a user based on one or more user credentials received from a client using a legacy authentication protocol, wherein the one or more legacy applications are not configured to authenticate using a kerberos authentication protocol;
an authentication proxy module executing on a computing device and configured to receive legacy authentication credentials from the one or more legacy applications corresponding to the legacy authentication protocol, wherein the legacy authentication credentials are associated with the one or more user credentials; and
a credential binding module in communication with the authentication proxy module and configured to associate the legacy authentication credentials with a cached kerberos credential,
wherein the authentication proxy module is further configured to: (i) authenticate the user corresponding to the legacy authentication credentials using a kerberos authentication protocol by invoking a kerberos authentication request to a kerberos server, and (ii) use the cached kerberos credential received from the credential binding module to authenticate the user when the kerberos server is temporarily unavailable;
wherein the kerberos credential comprises a previously-generated kerberos credential, and wherein the authentication proxy module is further configured to use the previously-generated kerberos credential to authenticate a user that has not previously been authenticated by the one or more legacy applications, when kerberos authentication services are temporarily unavailable.
12. The apparatus of
one or more legacy applications executing on an application server and configured to authenticate a user based on one or more user credentials received from a client using a legacy authentication protocol, wherein the one or more legacy applications are not configured to authenticate using a kerberos authentication protocol;
an authentication proxy module executing on a computing device and configured to receive legacy authentication credentials from the one or more legacy applications corresponding to the legacy authentication protocol, wherein the legacy authentication credentials are associated with the one or more user credentials; and
a credential binding module in communication with the authentication proxy module and configured to associate the legacy authentication credentials with a cached kerberos credential,
wherein the authentication proxy module is further configured to: (i) authenticate the user corresponding to the legacy authentication credentials using a kerberos authentication protocol by invoking a kerberos authentication request to a kerberos server, and (ii) use the cached kerberos credential received from the credential binding module to authenticate the user when the kerberos server is temporarily unavailable;
and wherein the authentication proxy module is further configured to eliminate anonymous binds by authenticating an anonymous user as a network directory services object.
0. 13. The apparatus of
14. The apparatus of
one or more legacy applications executing on an application server and configured to authenticate a user based on one or more user credentials received from a client using a legacy authentication protocol, wherein the one or more legacy applications are not configured to authenticate using a kerberos authentication protocol;
an authentication proxy module executing on a computing device and configured to receive legacy authentication credentials from the one or more legacy applications corresponding to the legacy authentication protocol, wherein the legacy authentication credentials are associated with the one or more user credentials; and
a credential binding module in communication with the authentication proxy module and configured to associate the legacy authentication credentials with a cached kerberos credential,
wherein the authentication proxy module is further configured to: (i) authenticate the user corresponding to the legacy authentication credentials using a kerberos authentication protocol by invoking a kerberos authentication request to a kerberos server, and (ii) use the cached kerberos credential received from the credential binding module to authenticate the user when the kerberos server is temporarily unavailable;
and wherein the legacy authentication credentials comprise a biometric.
0. 15. The apparatus of
0. 16. A method of providing authentication services to legacy applications, the method comprising:
directing from one or more legacy applications executing on an application server legacy authentication credentials corresponding to a legacy authentication protocol to a local authentication process executing on a computing device, wherein the one or more legacy applications are not configured to use a kerberos authentication protocol to authenticate a user;
receiving the legacy authentication credentials with the local authentication process;
associating with a binding module the legacy authentication credentials with a kerberos credential; and
with the local authorization process: (i) when a kerberos server coupled to the computing device is available, authenticating a user corresponding to the legacy authentication credentials using a kerberos authentication protocol in response to receiving the authentication credentials by invoking a kerberos authentication request to the kerberos server, and (ii) using the kerberos credential received from the binding module to authenticate the user when the kerberos server is unavailable.
17. The method of
directing from one or more legacy applications executing on an application server legacy authentication credentials corresponding to a legacy authentication protocol to a local authentication process executing on a computing device, wherein the one or more legacy applications are not configured to use a kerberos authentication protocol to authenticate a user;
receiving the legacy authentication credentials with the local authentication process;
associating with a binding module the legacy authentication credentials with a kerberos credential;
with the local authorization process: (i) when a kerberos server coupled to the computing device is available, authenticating a user corresponding to the legacy authentication credentials using a kerberos authentication protocol in response to receiving the authentication credentials by invoking a kerberos authentication request to the kerberos server, and (ii) using the kerberos credential received from the binding module to authenticate the user when the kerberos server is unavailable; and
eliminating anonymous binds by authenticating an anonymous user as a network directory services object.
0. 18. The method of
0. 19. The method of
0. 20. The method of
21. The method of
directing from one or more legacy applications executing on an application server legacy authentication credentials corresponding to a legacy authentication protocol to a local authentication process executing on a computing device, wherein the one or more legacy applications are not configured to use a kerberos authentication protocol to authenticate a user;
receiving the legacy authentication credentials with the local authentication process;
associating with a binding module the legacy authentication credentials with a kerberos credential that comprises a kerberos ticket;
with the local authorization process: (i) when a kerberos server coupled to the computing device is available, authenticating a user corresponding to the legacy authentication credentials using a kerberos authentication protocol in response to receiving the authentication credentials by invoking a kerberos authentication request to the kerberos server, and (ii) using the kerberos credential received from the binding module to authenticate the user when the kerberos server is unavailable; and
using the kerberos ticket received from the binding module to authenticate the user following expiration of the kerberos ticket, wherein using the kerberos credential received from the binding module to authenticate the user comprises decrypting the kerberos ticket using user-submitted credentials associated with the legacy authentication credentials.
0. 22. The method of
0. 23. A computer readable storage medium comprising computer readable program code configured to execute on a processor to carry out a method to providing authentication services to legacy applications, the method comprising:
directing from one or more legacy applications on an application server legacy authentication credentials corresponding to a legacy authentication protocol to a local authentication process executing on a computing device, wherein the one or more legacy applications are not configured to use a kerberos authentication protocol to authenticate a user;
receiving the legacy authentication credentials with the local authentication process;
associating with a binding module the legacy authentication credentials with a kerberos credential; and
with the local authorization process: (i) when a kerberos server coupled to the computing device is available, authenticating a user corresponding to the legacy authentication credentials using a kerberos authentication protocol in response to receiving the authentication credentials by invoking a kerberos authentication request to the kerberos server, and (ii) using the kerberos credential received from the binding module to authenticate the user when the kerberos server is unavailable.
24. The computer readable storage medium of
directing, from one or more legacy applications on an application server, legacy authentication credentials corresponding to a legacy authentication protocol, to a local authentication process executing on a computing device, wherein the one or more legacy applications are not configured to use a kerberos authentication protocol to authenticate a user;
receiving the legacy authentication credentials with the local authentication process;
associating with a binding module the legacy authentication credentials with a kerberos credential;
with the local authorization process: (i) when a kerberos server coupled to the computing device is available, authenticating a user corresponding to the legacy authentication credentials using a kerberos authentication protocol in response to receiving the authentication credentials by invoking a kerberos authentication request to the kerberos server, and (ii) using the kerberos credential received from the binding module to authenticate the user when the kerberos server is unavailable; and
eliminating anonymous binds by authenticating an anonymous user as a network directory services object.
0. 26. The system of claim 25, wherein the legacy authentication protocol is RADIUS.
0. 27. The system of claim 25, wherein the legacy authentication protocol is TACACS.
0. 28. The system of claim 25, wherein the legacy authentication protocol is LDAP.
0. 29. The system of claim 25, wherein the legacy authentication protocol is SQL.
0. 30. The system of claim 25, wherein the legacy authentication protocol is ODBC.
0. 32. The apparatus of claim 31, wherein the legacy authentication protocol is RADIUS.
0. 33. The apparatus of claim 31, wherein the legacy authentication protocol is TACACS.
0. 34. The apparatus of claim 31, wherein the legacy authentication protocol is LDAP.
0. 35. The apparatus of claim 31, wherein the legacy authentication protocol is SQL.
0. 36. The apparatus of claim 31, wherein the legacy authentication protocol is ODBC.
|
1. Field of the Invention
The present invention relates to computer network authentication services. Specifically, the invention relates to apparatus, methods, and systems for providing authentication services to legacy applications.
2. Description of the Related Art
In recent years, computer networks have been increasingly significant in terms of the quantity and sensitivity of the data communicated. Once used primarily for academic purposes, the Internet has become a vehicle for communicating such confidential information as credit card transactions, bank account transactions, and corporate intellectual property. The same applies to proprietary corporate networks. As the quantity and value of the data being communicated has increased, the threats to the security of this data have increased proportionately.
One of the technologies developed to address data security threats is Kerberos authentication. Kerberos provides a means for sensitive data to be communicated securely across an insecure network. Kerberos authentication relies on the existence of a Kerberos server that certifies a user's identity to network services utilized by an application the user is running. Services that use Kerberos to authenticate users are said to be “Kerberized.”
Many organizations use legacy applications that are not capable of using Kerberized services. These organizations face the dilemma of undergoing an expensive upgrade or rewriting of their legacy applications, or facing the increasing threats to the security of their data.
Given the aforementioned issues and challenges related to providing authentication services and the shortcomings of currently available solutions, a need exists for an apparatus, method, and system for providing authentication services to legacy applications. Beneficially, such an apparatus, method, and system would translate legacy authentication services to Kerberos authentication services.
The present invention has been developed in response to the present state of the art, and in particular, in response to the problems and needs in the art that have not yet been fully solved by currently available authentication services. Accordingly, the present invention has been developed to provide an apparatus, method, and system for providing authentication services to legacy applications that overcome many or all of the above-discussed shortcomings in the art.
In one aspect of the present invention, an apparatus for providing authentication services to legacy applications includes an authentication translation module that receives authentication credentials corresponding to a legacy authentication protocol with the authentication proxy module further configured to authenticate the user corresponding to the received credentials using the Kerberos authentication protocol. The authentication proxy module may be further configured to authenticate users in circumstances where Kerberos authentication services are temporarily unavailable. In some embodiments, the apparatus for providing authentication services to legacy applications includes a credential binding module configured to associate legacy authentication credentials with corresponding Kerberos credentials.
In another aspect of the present invention, a method for providing authentication services to legacy applications includes directing authentication legacy authentication protocol credentials to a local authentication process that authenticates the user corresponding to the credentials, using the Kerberos authentication protocol. In one embodiment, the method further includes associating a plurality of users with corresponding legacy authentication credentials and Kerberos credentials. In another embodiment, the method further includes translating anonymous authentication requests to authentication requests for network directory services computer objects or service objects. This embodiment provides additional network security benefits by facilitating configuring network directory servers to prevent anonymous users from searching the network directory.
Various elements of the present invention may be combined into a system arranged to carry out the functions or steps presented above. In one embodiment, the system includes a client configured to authenticate using a legacy authentication protocol, an application configured to receive credentials from the client and direct them to an authentication proxy module, the authentication proxy module, a Kerberos server, and an application server that provides a Kerberos-secured service. Legacy authentication credentials are transmitted from the client to the authentication proxy module, which authenticates the user to the Kerberos server and passes the Kerberos credentials corresponding to the user to the Kerberos-secured service.
In some embodiments, the system may further include a credential binding module that associates each user with the corresponding legacy authentication credentials and one or more Kerberos credentials. In various embodiments, the legacy authentication credentials may include a user name, password, biometric, or the like. In various embodiments, the legacy authentication protocol may be RADIUS, TACACS, or the like, or may be a data access protocol that involves authentication such as ftp, LDAP, SQL, ODBC, or the like.
The present invention facilitates providing authentication services to legacy applications. These and other features and advantages of the present invention will become more fully apparent from the following description and appended claims, or may be learned by the practice of the invention as set forth hereinafter.
It should be noted that reference throughout this specification to features, advantages, or similar language does not imply that all of the features and advantages that may be realized with the present invention should be or are in any single embodiment of the invention. Rather, language referring to the features and advantages is understood to mean that a specific feature, advantage, or characteristic described in connection with an embodiment is included in at least one embodiment of the present invention. Thus, discussion of the features and advantages, and similar language, throughout this specification may, but do not necessarily, refer to the same embodiment.
Furthermore, the described features, advantages, and characteristics of the invention may be combined in any suitable manner in one or more embodiments. One skilled in the relevant art will recognize that the invention can be practiced without one or more of the specific features or advantages of a particular embodiment. In other instances, additional features and advantages may be recognized in certain embodiments that may not be present in all embodiments of the invention.
In order that the advantages of the invention will be readily understood, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments that are illustrated in the appended drawings. Understanding that these drawings depict only typical embodiments of the invention and are not therefore to be considered to be limiting of its scope, the invention will be described and explained with additional specificity and detail through the use of the accompanying drawings, in which:
It will be readily understood that the components of the present invention, as generally described and illustrated in the Figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following more detailed description of the embodiments of the apparatus, method, and system of the present invention, as represented in
Many of the functional units described in this specification have been labeled as modules, in order to more particularly emphasize their implementation independence. For example, a module may be implemented as a hardware circuit comprising custom VLSI circuits or gate arrays, off-the-shelf semiconductors such as logic chips, transistors, or other discrete components. A module may also be implemented in programmable hardware devices such as field programmable gate arrays, programmable array logic, programmable logic devices or the like.
Modules may also be implemented in software for execution by various types of processors. An identified module of executable code may, for instance, comprise one or more physical or logical blocks of computer instructions which may, for instance, be organized as an object, procedure, or function. Nevertheless, the executables of an identified module need not be physically located together, but may comprise disparate instructions stored in different locations which, when joined logically together, comprise the module and achieve the stated purpose for the module.
Indeed, a module of executable code could be a single instruction, or many instructions, and may even be distributed over several different code segments, among different programs, and across several memory devices, such as a computer readable storage medium. Similarly, operational data may be identified and illustrated herein within modules, and may be embodied in any suitable form and organized within any suitable type of data structure. The operational data may be collected as a single data set, or may be distributed over different locations including over different storage devices, and may exist, at least partially, merely as electronic signals on a system or network.
In the following description, numerous specific details are provided, such as examples of programming, software modules, user selections, network transactions, database queries, database structures, hardware modules, hardware circuits, hardware chips, etc., to provide a thorough understanding of embodiments of the invention. One skilled in the relevant art will recognize, however, that the invention can be practiced without one or more of the specific details, or with other methods, components, materials, and so forth. In other instances, well-known structures, materials, or operations are not shown or described in detail to avoid obscuring aspects of the invention.
The features, structures, or characteristics of the invention described throughout this specification may be combined in any suitable manner in one or more embodiments. For example, reference throughout this specification to “one embodiment,” “an embodiment,” or similar language means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, appearances of the phrases “in one embodiment,” “in an embodiment,” or similar language throughout this specification do not necessarily all refer to the same embodiment and the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
The present invention sets forth an apparatus, system and method for providing authentication services to legacy applications. Authentication requests from legacy applications are directed to an authentication proxy module that translates authentication requests to authenticate to Kerberized services. From the user's standpoint, there is no change in the authentication process, nor is any modification required to the legacy application.
The user 110 enters a credential 130 at the client 120 at the request of the application 150 running on the application server 140. The credential 130 typically consists of a user name and password. The application 150 utilizes services provided by the service provider 170 and authenticates to it by passing the authentication credential 160. The service provider returns service data 180 to the application 150. The cycle completes when the application 150 returns application data 190 to the client 120. In other embodiments, application data 190 may be stored in a database or directed to another process or service.
Because the authentication credential 160 may be transmitted across an unsecured network, it is subject to eaves-dropping attacks in which an unauthorized user copies the authentication credential 160 as it is transmitted, or spoofing attacks in which an unauthorized user intercepts the authentication credential 160 by emulating the service provider 170. Replacing the service provider 170 with a Kerberized service may prevent such attacks, but the legacy application 150 is not configured to authenticate using Kerberos. Because the Kerberos authentication algorithm is more complex than older authentication protocols, it is typically not possible to reconfigure a legacy application 150 to use Kerberos authentication, and rewriting a legacy application 150 to authenticate using Kerberos typically involves a considerable investment of cost and time. A further advantage to replacing service provider 170 with a Kerberized service is that duplicate user accounts on servers in an organization's network may be consolidated, thereby reducing the administrative overhead required.
In one embodiment, legacy authentication credentials 160 are configured to be submitted from the application 150 to the authentication proxy module 210. The authentication proxy module 210 receives the authentication credential 160 from the application 150 and invokes a corresponding Kerberos authentication request 230 for the Kerberos server 240. The Kerberos server 240 returns a Kerberos ticket 260 to the authentication proxy module 210, which then submits an authentication credential 270 to the Kerberized service provider 280. Once authentication to the Kerberized service provider 280 has completed successfully, service data 290 may be returned to the legacy application 150. In the embodiment depicted in
The Kerberos protocol is actually more complex than represented in
In some embodiments, a credential binding module 220 includes an association between the legacy authentication protocol credentials for each user 110 and the corresponding Kerberos authentication credentials. In other embodiments, the association between the legacy and corresponding Kerberos credentials for each user 110 may be intrinsic to the authentication proxy module 210. In some embodiments, the credential binding module associates credentials corresponding to a legacy authentication protocol with a Kerberos identity, rather than a cached Kerberos ticket 260.
The configure application operation 310 initializes the authentication proxy module 210 by directing the authentication credential 160 from the service provider 170 to the authentication proxy module 210. The authentication proxy module 210 thereafter is configured to receive a legacy authentication credential from the application 150 and intermediate between the legacy application 150 and the Kerberized service provider 280. In some embodiments, the legacy application 150 is configured to submit the authentication credential 160 to the authentication proxy module 210, rather than the service provider 170. In some embodiments, the configure application operation 310 is a setup program for the authentication protocol translation apparatus comprising the authentication proxy module 210 and the credential binding module 220.
The receive legacy authentication credential operation 320 receives an authentication credential 160 directed to the authentication proxy module 210. The authentication credential 160 may include a user name and password passed in clear text. In some embodiments, the receive legacy authentication credential operation 320 enters the authentication credential 160 into a table or database for later association with the corresponding Kerberos ticket 260. In some embodiments, the authentication credential 160 is stored in encrypted form. In some embodiments, the authentication credential 160 may be associated with a Kerberos identity.
In some embodiments, the authentication credential 160 may be stored in a database in clear text or encrypted form or be newly-assigned for the user 110. The receive legacy authentication credential operation 320 may receive the legacy authentication credential 160 from a database or user account initialization process to obtain a corresponding Kerberos ticket 260. Although the Kerberos ticket 260 may be expired when the user 110 subsequently authenticates, successfully decrypting the Kerberos ticket 260 using the authentication credential 160 submitted by the user 110 demonstrates that the authentication credential provided is correct. Generating the Kerberos ticket 260 prior to user 110 authentication facilitates subsequent authentication of the user 110 when the Kerberos server 240 is not available, even though the user 110 may never have previously authenticated to the network.
The authenticate to Kerberos test 330 determines whether the user 110 can be authenticated to the Kerberos server 240 after submitting a Kerberos authentication request 230. If the Kerberos server 240 returns a Kerberos ticket 260 to the authentication proxy module 210, the authentication protocol translation method 300 continues with the cache Kerberos credential operation 340. Otherwise, the authentication protocol translation method 300 continues with the return failure status operation 380.
The cache Kerberos credential operation 340 associates the Kerberos ticket 260 with the authentication credential 160 corresponding to the user 110. In some embodiments, the cache Kerberos credential operation 340 enters the Kerberos ticket 260 into the table or database utilized by the legacy authentication credential operation 320. In various embodiments, the table or database may be intrinsic to the authentication proxy module 210 or may be included in the credential binding module 220.
The request service operation 350 submits an authentication credential 270 in accordance with the Kerberos authentication protocol to the Kerberized service provider 280 and receives any service data 290 returned by the Kerberized service provider 280. The service data 290 is then redirected to the legacy application 150. The service data 290 returned by the Kerberized service provider 280 is returned in encrypted form, using a temporary service key provided by the Kerberos server 240. Transmitting the service data in encrypted form increases the security of the service provided by the Kerberized service provider 280. In some embodiments, the authentication proxy module 210 receives service data 290 and returns the service data 290 to the application 150 as a proxy for the non-Kerberized service provider 170. Upon completion of the request service operation, the authentication protocol translation method 300 ends 390.
The Kerberos service available test 360 determines whether Kerberos authentication failed because the Kerberos server did not respond, due to a network error, hardware failure, or the like. If authentication failed because the Kerberos service was not available, the authentication protocol translation method 300 continues with the obtain cached credential procedure 370. Otherwise, the authentication protocol translation method 300 continues with the return failure status operation 380.
The obtain cached credential operation 370 obtains the cached Kerberos ticket 260 with the authentication credential 160 corresponding to the user 110. The authentication credential 160 may be considered valid if the cached Kerberos ticket 260 can be successfully decrypted using the authentication credential 160. Using the cached Kerberos ticket 260 facilitates uninterrupted access to services provided by the Kerberized service provider 280 when the Kerberos server 240 is unavailable due to network failure or the like. In some embodiments, the authentication protocol translation method 300 provides the cached Kerberos ticket 260 as long as the ticket remains valid, thus reducing the number of authentication requests submitted to the Kerberos server 240.
The return failure status operation 380 reports a failure to authenticate to the Kerberos server 240 to the legacy application 150. In some embodiments, the return failure status operation 380 may delete the authentication credential 160 from the table or database in which it was stored by the receive legacy authentication credential operation 320. Upon completion of the return failure status operation 360, the authentication protocol translation method 300 ends 390.
The anonymous user authentication protocol translation method 400 translates anonymous bind requests into Kerberos authentication requests for the computer object or service object associated with the client 120 from which the anonymous bind request originates. The Kerberos server 240 can be configured to not accept anonymous bind requests, thus protecting the Kerberos server 240 from attack from foreign network addresses. Once the client 120 has authenticated as a computer object or service object, the client 120 may then be permitted to search the network directory. For example, the user 110 may enter a common name and password, which the authentication proxy module 210 may use to search the directory to obtain the distinguished name associated with the common name, so that the user 110 may be authenticated using the associated distinguished name and password.
Since there are no network directory objects associated with anonymous binds, there is no mechanism for the network administrator to manage computers that connect using anonymous binds. Converting anonymous binds to computer object authentications facilitates management of the associated computers using network directory services prior to authentication. For example, a computer object can be assigned to an organizational unit, so that a login script associated with the organizational unit is executed when the computer object authenticates. Additionally, converting anonymous binds to computer object authentications increases network security by allowing only a trusted client 120 to access network directory services. For example, when unauthorized users are permitted to bind to the network directory service anonymously, they may obtain user names that may be used with a dictionary attack to obtain unauthorized access to the network.
The receive anonymous authentication credential operation 410 receives an anonymous authentication credential corresponding to the authentication credential 160. In some embodiments, an anonymous authentication credential 160 may include a common name and network password of a user to be authenticated using the distinguished name associated with the common name.
The valid origin test 420 verifies that the authentication credential 160 originated from a trusted source. In some embodiments, the application server 140 may be configured such that the authentication credential 160 is received from a secure network. If the authentication credential 160 originated from a trusted source, the anonymous user authentication protocol translation method 400 continues with the authenticate to Kerberos as computer test 430. Otherwise, the anonymous user authentication protocol translation method 400 continues with the return failure status procedure 380.
The authenticate to Kerberos as computer test 430 determines whether the authentication proxy module 210, acting as a proxy for the client 120, can authenticate to Kerberos as a computer object. In some embodiments, the authentication proxy module 210 uses one service account for a plurality of clients 120. Authentication may not be possible if the Kerberos server is unavailable due to a network failure. If the authentication proxy module 210 authenticates to Kerberos, the anonymous user authentication protocol translation method 400 continues with the cache Kerberos credential procedure 340. Otherwise, the anonymous user authentication protocol translation method 400 continues with the return failure status procedure 380.
The present invention facilitates providing authentication services to legacy applications. The present invention may be embodied in other specific forms without departing from its spirit or essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore, indicated by the appended claims rather than by the foregoing description. All changes which come within the meaning and range of equivalency of the claims are to be embraced within their scope.
Peterson, Matthew T, Bowers, John Joseph
Patent | Priority | Assignee | Title |
11120057, | Apr 17 2017 | MICROSTRATEGY INCORPORATED | Metadata indexing |
11516213, | Sep 18 2019 | MICROSTRATEGY INCORPORATED | Authentication for requests from third-party interfaces |
Patent | Priority | Assignee | Title |
4109237, | Jan 17 1977 | EYEDENTIFY, INC , A CORP OF OR | Apparatus and method for identifying individuals through their retinal vasculature patterns |
4370707, | Aug 03 1971 | EIBEN, MICHAEL R , CHICAGO, ILL ; GOLDBERG, BERTRAND, CHICAGO, ILL | Computer system for generating architectural specifications and project control instructions |
4694397, | Dec 27 1984 | The Advest Group, Inc.; ADVEST GROUP, INC THE | Banking/brokerage computer interface system |
5222018, | Jul 18 1985 | Pitney Bowes Inc. | System for centralized processing of accounting and payment functions |
5267865, | Feb 11 1992 | JRL ENTERPRISES, INC | Interactive computer aided natural learning method and apparatus |
5302132, | Apr 01 1992 | Instructional system and method for improving communication skills | |
5310349, | Apr 30 1992 | COMPASSLEARNING, INC | Instructional management system |
5313465, | May 13 1992 | ENTERASYS NETWORKS, INC | Method of merging networks across a common backbone network |
5333302, | Feb 28 1991 | Texas Instruments Incorporated | Filtering event capture data for computer software evaluation |
5339435, | Feb 28 1991 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Heterogenous software configuration management apparatus |
5367698, | Oct 31 1991 | EPOCH SYSTEMS, INC | Network file migration system |
5371852, | Oct 14 1992 | International Business Machines Corporation | Method and apparatus for making a cluster of computers appear as a single host on a network |
5387104, | Apr 01 1992 | Instructional system for improving communication skills | |
5410703, | Jul 01 1992 | Telefonaktiebolaget L M Ericsson | System for changing software during computer operation |
5423032, | Oct 31 1991 | International Business Machines Corporation; INTERNATIONAL BUSINESS MACHINES CORPORATION A CORP OF NEW YORK | Method for extracting multi-word technical terms from text |
5437027, | May 30 1990 | Texas Instruments Incorporated | System and method for database management supporting object-oriented programming |
5437555, | May 02 1991 | Educational Testing Service | Remote teaching system |
5440719, | Oct 27 1992 | Cadence Design Systems, INC | Method simulating data traffic on network in accordance with a client/sewer paradigm |
5441415, | Feb 11 1992 | JRL ENTERPRISES, INC | Interactive computer aided natural learning method and apparatus |
5497486, | Mar 15 1994 | LOT 19 ACQUISITION FOUNDATION, LLC | Method of merging large databases in parallel |
5497492, | Sep 04 1990 | Microsoft Technology Licensing, LLC | System and method for loading an operating system through use of a fire system |
5499379, | Jun 30 1988 | Hitachi, Ltd. | Input/output execution apparatus for a plural-OS run system |
5530829, | Dec 17 1992 | International Business Machines Corporation | Track and record mode caching scheme for a storage system employing a scatter index table with pointer and a track directory |
5550968, | Apr 12 1994 | International Business Machines Corporation | Method and system for providing access security to controls in a graphical user interface |
5550976, | Dec 08 1992 | NMETRIC, LLC | Decentralized distributed asynchronous object oriented system and method for electronic data management, storage, and communication |
5553291, | Sep 16 1992 | Hitachi, Ltd. | Virtual machine control method and virtual machine system |
5586304, | Sep 08 1994 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Automatic computer upgrading |
5590360, | Oct 19 1992 | International Business Machines Corporation | Apparatus and method for gathering and entering data requirements from multiple users in the building of process models and data models |
5600833, | Sep 17 1993 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Attribute portion based document retrieval system with system query language interface |
5608874, | Dec 02 1994 | AUTOENTRY ONLINE, INC | System and method for automatic data file format translation and transmission having advanced features |
5608903, | Dec 15 1994 | Oracle International Corporation | Method and apparatus for moving subtrees in a distributed network directory |
5613090, | Oct 05 1993 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Computer system for disparate windowing environments which translates requests and replies between the disparate environments |
5623601, | Nov 21 1994 | RPX Corporation | Apparatus and method for providing a secure gateway for communication and data exchanges between networks |
5630069, | Jan 15 1993 | ACTION TECHNOLOGIES, INC | Method and apparatus for creating workflow maps of business processes |
5630131, | Nov 14 1994 | Apple Inc | Method and apparatus for importing and exporting archive files for a graphical user interface |
5659735, | Dec 09 1994 | Apple Inc | Object-oriented system for program version and history database management system for various program components |
5659736, | Nov 29 1993 | Mitsubishi Denki Kabushiki Kaisha | Management information base and method in an OSI management system |
5666502, | Aug 07 1995 | Apple Inc | Graphical user interface using historical lists with field classes |
5671428, | Aug 28 1991 | Kabushiki Kaisha Toshiba | Collaborative document processing system with version and comment management |
5673386, | Jun 29 1994 | Qwest Communications International Inc | Method and system for identification of software application faults |
5673387, | May 16 1994 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | System and method for selecting test units to be re-run in software regression testing |
5675782, | Jun 06 1995 | Microsoft Technology Licensing, LLC | Controlling access to objects on multiple operating systems |
5677997, | Jan 09 1995 | Visa International Service Association; VISA U S A INC | Method and apparatus for automated conformance and enforcement of behavior in application processing systems |
5680586, | Apr 18 1995 | International Business Machines Corporation | Method and system for storing and accessing user-defined attributes within a data processing system |
5684950, | Sep 23 1996 | ABACUS INNOVATIONS TECHNOLOGY, INC ; LEIDOS INNOVATIONS TECHNOLOGY, INC | Method and system for authenticating users to multiple computer servers via a single sign-on |
5692132, | Jun 07 1995 | MASTERCARD INTERNATIONAL INC | System and method for conducting cashless transactions on a computer network |
5692902, | Mar 24 1995 | Maillefer Instruments S.A. | Set of instruments for the boring of radicular dental canals |
5694540, | Dec 15 1994 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | Automated software regression test and compilation system |
5706502, | Mar 26 1996 | Oracle America, Inc | Internet-enabled portfolio manager system and method |
5708812, | Jan 18 1996 | Microsoft Technology Licensing, LLC | Method and apparatus for Migrating from a source domain network controller to a target domain network controller |
5708828, | May 25 1995 | BMC SOFTWARE, INC | System for converting data from input data environment using first format to output data environment using second format by executing the associations between their fields |
5710884, | Mar 29 1995 | Intel Corporation | System for automatically updating personal profile server with updates to additional user information gathered from monitoring user's electronic consuming habits generated on computer during use |
5711671, | Jul 08 1994 | The Board of Regents Of Oklahoma State University | Automated cognitive rehabilitation system and method for treating brain injured patients |
5724521, | Nov 03 1994 | Intel Corporation | Method and apparatus for providing electronic advertisements to end users in a consumer best-fit pricing manner |
5727145, | Jun 26 1996 | Oracle America, Inc | Mechanism for locating objects in a secure fashion |
5727951, | May 28 1996 | IpLearn, LLC | Relationship-based computer-aided-educational system |
5740427, | Dec 29 1994 | Modular automated account maintenance system | |
5743746, | Apr 17 1996 | IpLearn, LLC | Reward enriched learning system and method |
5745113, | Apr 03 1996 | Verizon Patent and Licensing Inc | Representing work practices |
5745902, | Jul 06 1992 | Microsoft Technology Licensing, LLC | Method and system for accessing a file using file names having different file name formats |
5752042, | Jun 07 1996 | International Business Machines Corporation | Server computer for selecting program updates for a client computer based on results of recognizer program(s) furnished to the client computer |
5754173, | Feb 28 1996 | Oracle America, Inc | Method and system for creating user interface independent programs with a user interface provider |
5754938, | Nov 29 1994 | Pinpoint Incorporated | Pseudonymous server for system for customized electronic identification of desirable objects |
5758062, | Apr 30 1996 | Oracle International Corporation | Method and apparatus for regression testing of application logic |
5758074, | Nov 04 1994 | International Business Machines Corp | System for extending the desktop management interface at one node to a network by using pseudo management interface, pseudo component interface and network server interface |
5758344, | Dec 15 1994 | Oracle International Corporation | Method and apparatus for moving subtrees in a distributed network directory |
5764897, | Feb 25 1993 | Sun Microsystems, Inc. | Method and apparatus for managing transactions in an object-oriented distributed system |
5765140, | Nov 17 1995 | Verizon Patent and Licensing Inc | Dynamic project management system |
5768519, | Jan 18 1996 | Microsoft Technology Licensing, LLC | Method and apparatus for merging user accounts from a source security domain into a target security domain |
5774551, | Aug 07 1995 | Oracle America, Inc | Pluggable account management interface with unified login and logout and multiple user authentication services |
5778169, | Aug 07 1995 | Synopsys, Inc.; Synopsys, Inc | Computer system having improved regression testing |
5784553, | Feb 12 1996 | Parasoft Corporation | Method and system for generating a computer program test suite using dynamic symbolic execution of JAVA programs |
5784643, | Mar 28 1996 | International Business Machines Corporation; IBM Corporation | System incorporating program for intercepting and interpreting or altering commands for generating I/O activity for enabling real-time user feedback by sending substitute characters to modem |
5790801, | May 26 1995 | SHARP KABUSIKI KAISHA | Data management system |
5796393, | Nov 08 1996 | Meta Platforms, Inc | System for intergrating an on-line service community with a foreign service |
5806075, | Sep 24 1993 | Oracle International Corporation | Method and apparatus for peer-to-peer data replication |
5812669, | Jul 19 1995 | CLASSIFIELD INFORMATION, INC | Method and system for providing secure EDI over an open network |
5812865, | Dec 03 1993 | UBICOMM, LLC | Specifying and establishing communication data paths between particular media devices in multiple media device computing systems based on context of a user or users |
5815657, | Apr 26 1996 | Hewlett Packard Enterprise Development LP | System, method and article of manufacture for network electronic authorization utilizing an authorization instrument |
5819265, | Jul 12 1996 | International Business Machines Corporation; IBM Corporation | Processing names in a text |
5819281, | Feb 26 1996 | Hewlett Packard Enterprise Development LP | Notification of aspect value change in object-oriented programming |
5819295, | Oct 30 1995 | Matsushita Electric Industrial Co., Ltd. | Document storing and managing system |
5822518, | Nov 29 1995 | Hitachi, Ltd. | Method for accessing information |
5835087, | Nov 29 1994 | Pinpoint Incorporated | System for generation of object profiles for a system for customized electronic identification of desirable objects |
5835911, | Feb 08 1995 | Fujitsu Limited | Software distribution and maintenance system and method |
5838918, | Dec 13 1993 | International Business Machines Corporation | Distributing system configuration information from a manager machine to subscribed endpoint machines in a distrubuted computing environment |
5844508, | Dec 01 1995 | Fujitsu Limited | Data coding method, data decoding method, data compression apparatus, and data decompression apparatus |
5848396, | Apr 26 1996 | Conversant, LLC | Method and apparatus for determining behavioral profile of a computer user |
5859972, | May 10 1996 | The Board of Trustees of the University of Illinois | Multiple server repository and multiple server remote application virtual client computer |
5872928, | Feb 24 1995 | CONCORD COMMUNICATIONS, INC ; Computer Associates Think, Inc | Method and apparatus for defining and enforcing policies for configuration management in communications networks |
5872973, | Oct 26 1995 | VIEWSOFT, INC | Method for managing dynamic relations between objects in dynamic object-oriented languages |
5878432, | Oct 29 1996 | International Business Machines Corporation | Object oriented framework mechanism for a source code repository |
5889520, | Nov 13 1997 | International Business Machines Corporation | Topological view of a multi-tier network |
5890161, | Oct 28 1997 | Microsoft Technology Licensing, LLC | Automatic transaction processing of component-based server applications |
5890175, | Sep 25 1996 | IXL ENTERPRISES, INC | Dynamic generation and display of catalogs |
5892898, | Oct 04 1996 | Honeywell INC | Error management system for supporting the identification and logging of error messages |
5893074, | Jan 29 1996 | Jet Propulsion Laboratory | Network based task management |
5893076, | Jan 16 1996 | International Business Machines Corporation | Supplier driven commerce transaction processing system and methodology |
5893916, | Dec 13 1996 | PROOSTDAM OFFSHORE BV, L L C | Method of converting man pages to help topic files |
5930512, | Oct 18 1996 | International Business Machines Corporation | Method and apparatus for building and running workflow process models using a hypertext markup language |
5937165, | Sep 10 1996 | IXIA | Systems, methods and computer program products for applications traffic based communications network performance testing |
5948064, | Jul 07 1997 | International Business Machines Corporation | Discovery of authentication server domains in a computer network |
5949419, | May 13 1996 | HANGER SOLUTIONS, LLC | Web browser detection and default home page modification device |
5956732, | Feb 28 1994 | NEC Corporation | Software system management device for maintaining revisions of a source code |
5956736, | Sep 27 1996 | Apple Inc | Object-oriented editor for creating world wide web documents |
5960200, | May 03 1996 | i-CUBE | System to transition an enterprise to a distributed infrastructure |
5968176, | May 29 1997 | Hewlett Packard Enterprise Development LP | Multilayer firewall system |
5987247, | May 09 1997 | International Business Machines Corporation | Systems, methods and computer program products for building frameworks in an object oriented environment |
5995114, | Sep 10 1997 | INTERGRAPH HARDWARE TECHNOLOGIES COMPANY INC | Applying numerical approximation to general graph drawing |
6002868, | Dec 31 1996 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Test definition tool |
6003047, | Dec 30 1996 | EMC IP HOLDING COMPANY LLC | Non-hierarchical application interface for HTML-based network storage management programs |
6014669, | Oct 01 1997 | Oracle America, Inc | Highly-available distributed cluster configuration database |
6014712, | May 21 1996 | GOOGLE LLC | Network system |
6016495, | Sep 19 1997 | International Business Machines Corporation | Object-oriented framework mechanism for providing persistent storage |
6016501, | Mar 18 1998 | Informatica LLC | Enterprise data movement system and method which performs data load and changed data propagation operations |
6021496, | Jul 07 1997 | International Business Machines Corporation | User authentication from non-native server domains in a computer network |
6029178, | Mar 18 1998 | Informatica LLC | Enterprise data movement system and method which maintains and compares edition levels for consistency of replicated data |
6029195, | Nov 29 1994 | Pinpoint Incorporated | System for customized electronic identification of desirable objects |
6029247, | Dec 09 1996 | RPX Corporation | Method and apparatus for transmitting secured data |
6035323, | Oct 24 1997 | HANGER SOLUTIONS, LLC | Methods and apparatuses for distributing a collection of digital media over a network with automatic generation of presentable media |
6041344, | Jun 23 1997 | Oracle International Corporation | Apparatus and method for passing statements to foreign databases by using a virtual package |
6044368, | Apr 30 1998 | Genesys Telecommunications Laboratories, Inc | Method and apparatus for multiple agent commitment tracking and notification |
6044465, | Jul 07 1997 | International Business Machines Corporation | User profile storage on and retrieval from a non-native server domain for use in a client running a native operating system |
6049822, | Oct 31 1997 | DETERMINE INC | Method for generating and updating knowledge-based configurators that are multi platform and multi language capable |
6052512, | Dec 22 1997 | Scientific Learning Corp. | Migration mechanism for user data from one client computer system to another |
6055538, | Dec 22 1997 | Hewlett Packard Enterprise Development LP | Methods and system for using web browser to search large collections of documents |
6058260, | Jun 12 1995 | GOVERNMENT OF THE UNITED STATES OF AMERICAS AS REPRESENTED BY THE SECRETARY OF THE ARMY, THE | Methods and apparatus for planning and managing a communications network |
6058379, | Jul 11 1997 | HANGER SOLUTIONS, LLC | Real-time network exchange with seller specified exchange parameters and interactive seller participation |
6061643, | Jul 07 1998 | VERSATA, INC | Method for defining durable data for regression testing |
6061650, | Sep 10 1996 | Nortel Networks Limited | Method and apparatus for transparently providing mobile network functionality |
6067568, | Dec 10 1996 | International Business Machines Corporation | Automatic setup of services for computer system users |
6070184, | Aug 28 1997 | International Business Machines Corporation | Server-side asynchronous form management |
6076166, | Jan 17 1997 | U S PHILIPS CORPORATION | Personalizing hospital intranet web sites |
6079020, | Jan 27 1998 | AVAYA Inc | Method and apparatus for managing a virtual private network |
6092199, | Jul 07 1997 | International Business Machines Corporation | Dynamic creation of a user account in a client following authentication from a non-native server domain |
6101481, | Jan 25 1996 | TASKEY PTY LTD | Task management system |
6101503, | Mar 02 1998 | International Business Machines Corp. | Active markup--a system and method for navigating through text collections |
6108649, | Mar 03 1998 | RPX Corporation | Method and system for supplanting a first name base with a second name base |
6108670, | Nov 24 1997 | International Business Machines Corporation | Checking and enabling database updates with a dynamic, multi-modal, rule based system |
6112228, | Feb 13 1998 | JPMORGAN CHASE BANK, N A , AS SUCCESSOR AGENT | Client inherited functionally derived from a proxy topology where each proxy is independently configured |
6112240, | Sep 03 1997 | International Business Machines Corporation | Web site client information tracker |
6115040, | Sep 26 1997 | Verizon Patent and Licensing Inc | Graphical user interface for Web enabled applications |
6115544, | Sep 03 1992 | International Business Machines Corporation | Method and system for displaying error messages |
6134548, | Nov 19 1998 | KNAPP INVESTMENT COMPANY LIMITED | System, method and article of manufacture for advanced mobile bargain shopping |
6137869, | Sep 16 1997 | Verizon Patent and Licensing Inc | Network session management |
6138086, | Dec 24 1996 | International Business Machines Corporation | Encoding of language, country and character formats for multiple language display and transmission |
6141006, | Feb 11 1999 | QuickBuy, Inc. | Methods for executing commercial transactions in a network system using visual link objects |
6141010, | Jul 17 1998 | B E TECHNOLOGY, LLC | Computer interface method and apparatus with targeted advertising |
6141647, | Oct 20 1995 | DOW CHEMICAL COMPANY, THE | System and method for integrating a business environment, a process control environment, and a laboratory environment |
6151600, | Nov 03 1994 | Intel Corporation | Electronic information appraisal agent |
6151610, | Dec 27 1993 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Document display system using a scripting language having container variables setting document attributes |
6161176, | Nov 20 1998 | Microsoft Technology Licensing, LLC | System and method for storing configuration settings for transfer from a first system to a second system |
6167445, | Oct 26 1998 | Cisco Technology, Inc. | Method and apparatus for defining and implementing high-level quality of service policies in computer networks |
6167564, | Sep 17 1998 | Unisys Corp.; Unisys Corporation | Software system development framework |
6170009, | Jul 17 1998 | Oracle America, Inc | Controlling devices on a network through policies |
6182212, | Dec 14 1998 | Lenovo PC International | Method and system for automated migration of user settings to a replacement computer system |
6182226, | Mar 18 1998 | JPMORGAN CHASE BANK, N A ; MORGAN STANLEY SENIOR FUNDING, INC | System and method for controlling interactions between networks |
6185625, | Dec 20 1996 | Intel Corporation | Scaling proxy server sending to the client a graphical user interface for establishing object encoding preferences after receiving the client's request for the object |
6195794, | Aug 12 1997 | International Business Machines Corp | Method and apparatus for distributing templates in a component system |
6199068, | Sep 11 1997 | Elster Electricity, LLC | Mapping interface for a distributed server to translate between dissimilar file formats |
6199079, | Mar 09 1998 | Amazon Technologies, Inc | Method and system for automatically filling forms in an integrated network based transaction environment |
6202051, | Apr 26 1995 | EBAY, INC | Facilitating internet commerce through internetworked auctions |
6205480, | Aug 19 1998 | GOOGLE LLC | System and method for web server user authentication |
6208345, | Apr 15 1998 | CommScope EMEA Limited; CommScope Technologies LLC | Visual data integration system and method |
6209000, | Oct 31 1997 | Oracle International Corporation | Tracking storage for data items |
6209033, | Feb 01 1995 | CONCORD COMMUNICATIONS, INC ; Computer Associates Think, Inc | Apparatus and method for network capacity evaluation and planning |
6222535, | Oct 23 1997 | WSOU Investments, LLC | System and method for facilitating issue tracking |
6223221, | Feb 05 1998 | International Business Machines Corporation | System and method for calculating the transfer rate across a communication medium using a downloaded test program and transferring data accordingly |
6226649, | Jun 23 1997 | ORACLE INTERNATIONAL CORPORATION OIC | Apparatus and method for transparent access of foreign databases in a heterogeneous database system |
6230160, | Jul 17 1997 | International Business Machines Corporation | Creating proxies for distributed beans and event objects |
6230194, | Jul 14 1997 | ARRIS Enterprises, Inc | Upgrading a secure network interface |
6230309, | Apr 25 1997 | Computer Associates Think, Inc | Method and system for assembling and utilizing components in component object systems |
6233584, | Sep 09 1997 | International Business Machines Corporation; IBM Corporation | Technique for providing a universal query for multiple different databases |
6237114, | May 13 1998 | Oracle America, Inc | System and method for evaluating monitored computer systems |
6246410, | Jan 19 1996 | International Business Machines Corp. | Method and system for database access |
6249905, | Jan 16 1998 | Kabushiki Kaisha Toshiba; Ralph E., Johnson | Computerized accounting system implemented in an object-oriented programming environment |
6256637, | May 05 1998 | VMWARE, INC | Transactional virtual machine architecture |
6256659, | Dec 09 1997 | Verizon Patent and Licensing Inc | System and method for performing hybrid preemptive and cooperative multi-tasking in a computer system |
6256678, | Nov 17 1994 | Computer Associates Think, Inc | Object oriented method and system for providing a common communications interface between software application programs |
6260068, | Jun 10 1998 | Hewlett Packard Enterprise Development LP | Method and apparatus for migrating resources in a multi-processor computer system |
6263352, | Nov 14 1997 | Microsoft Technology Licensing, LLC | Automated web site creation using template driven generation of active server page applications |
6266666, | Sep 08 1998 | SYBASE, INC | Component transaction server for developing and deploying transaction- intensive business applications |
6269405, | Oct 19 1998 | International Business Machines Corporation | User account establishment and synchronization in heterogeneous networks |
6269406, | Oct 19 1998 | International Business Machines Corporation | User group synchronization to manage capabilities in heterogeneous networks |
6272673, | Nov 25 1997 | International Business Machines Corporation | Mechanism for automatically establishing connections between executable components of a hypertext-based application |
6272678, | Nov 05 1997 | Hitachi, LTD | Version and configuration management method and apparatus and computer readable recording medium for recording therein version and configuration management program |
6279030, | Nov 12 1998 | International Business Machines Corporation | Dynamic JAVAâ„¢ class selection and download based on changeable attributes |
6282576, | Sep 21 1998 | Unisys Corporation | Method of transferring heterogeneous data with meaningful interrelationships between incompatible computers |
6282605, | Apr 26 1999 | MCCI Corporation | File system for non-volatile computer memory |
6286028, | Dec 01 1998 | International Business Machines Corporation | Method and apparatus for conducting electronic commerce |
6286104, | Aug 04 1999 | Oracle International Corporation | Authentication and authorization in a multi-tier relational database management system |
6301601, | Oct 28 1997 | Microsoft Technology Licensing, LLC | Disabling and enabling transaction committal in transactional application components |
6304893, | Jul 01 1996 | Oracle America, Inc | Object-oriented system, method and article of manufacture for a client-server event driven message framework in an interprise computing framework system |
6308164, | Apr 28 1997 | Distributed project management system and method | |
6308188, | Jun 19 1997 | International Business Machines Corporation | System and method for building a web site with automated workflow |
6308273, | Jun 12 1998 | Microsoft Technology Licensing, LLC | Method and system of security location discrimination |
6313835, | Apr 09 1999 | DG HOLDINGS, INC | Simplified on-line preparation of dynamic web sites |
6314434, | Apr 15 1998 | Fujitsu Limited | Structured data management system and computer-readable method for storing structured data management program |
6327677, | Apr 27 1998 | BMC SOFTWARE, INC | Method and apparatus for monitoring a network environment |
6330566, | Jun 22 1998 | NBCUniversal Media LLC | Apparatus and method for optimizing client-state data storage |
6336118, | Dec 03 1998 | International Business Machines Corporation | Framework within a data processing system for manipulating program objects |
6341287, | Dec 18 1998 | Applications in Internet Time, LLC | Integrated change management unit |
6345239, | Aug 31 1999 | Accenture Global Services Limited | Remote demonstration of business capabilities in an e-commerce environment |
6349287, | Aug 01 1997 | Fuji Xerox Co., Ltd. | Work-flow support system |
6363398, | Nov 25 1997 | WEB COM GROUP, INC | Database access using active server pages |
6370573, | Aug 31 1999 | Accenture Global Services Limited | System, method and article of manufacture for managing an environment of a development architecture framework |
6370646, | Feb 16 2000 | CA, INC | Method and apparatus for multiplatform migration |
6381579, | Dec 23 1998 | TWITTER, INC | System and method to provide secure navigation to resources on the internet |
6389589, | Sep 21 1998 | Microsoft Technology Licensing, LLC | Class store schema |
6401085, | Mar 05 1999 | Accenture Global Services Limited | Mobile communication and computing system and method |
6401211, | Oct 19 1999 | Microsoft Technology Licensing, LLC | System and method of user logon in combination with user authentication for network access |
6405364, | Aug 31 1999 | Accenture Global Services Limited | Building techniques in a development architecture framework |
6430556, | Nov 01 1999 | Oracle America, Inc | System and method for providing a query object development environment |
6438514, | Dec 29 1998 | STMicroelectronics Limited | Generation of a system model |
6442620, | Aug 17 1998 | Microsoft Technology Licensing, LLC | Environment extensibility and automatic services for component applications using contexts, policies and activators |
6446096, | Sep 11 1998 | International Business Machines Corporation | Method and system for providing device-specific key control using role-based HTML element tags |
6453317, | Sep 29 1998 | Verizon Patent and Licensing Inc | Customer information storage and delivery system |
6457130, | Mar 03 1998 | NetApp, Inc | File access control in a multi-protocol file server |
6466932, | Aug 14 1998 | Microsoft Technology Licensing, LLC | System and method for implementing group policy |
6469713, | Dec 15 1998 | International Business Machines Corporation | Method, system and computer program product for dynamic language switching via messaging |
6473794, | May 27 1999 | Accenture Global Services Limited | System for establishing plan to test components of web based framework by displaying pictorial representation and conveying indicia coded components of existing network framework |
6496847, | May 15 1998 | VMware, Inc.; VMWARE, INC | System and method for virtualizing computer systems |
6567818, | Jun 14 1999 | International Business Machines Corporation | Employing management policies to manage instances of objects |
6587876, | Aug 24 1999 | HEWLETT-PACKARD DEVELOPMENT COMPANY, L P | Grouping targets of management policies |
6615258, | Nov 01 1997 | Verizon Patent and Licensing Inc | Integrated customer interface for web based data management |
6625622, | May 14 1999 | Microsoft Technology Licensing, LLC | Apparatus and method for transfering information between platforms |
6658625, | Apr 14 1999 | International Business Machines Corporation | Apparatus and method for generic data conversion |
6678714, | Nov 16 1998 | TASKSERVER INC | Computer-implemented task management system |
6715128, | Nov 27 1998 | Hitachi, Ltd.; Hitachi Software Engineering Co., Ltd. | Method for converting directory data, and program and device therefor |
6728877, | Apr 28 1999 | Tranxition Corporation | Method and system for automatically transitioning of configuration settings among computer systems |
6735691, | Jan 27 2000 | Microsoft Technology Licensing, LLC | System and method for the automated migration of configuration information |
6757696, | Jan 25 2000 | Synchronoss Technologies, Inc | Management server for synchronization system |
6760761, | Mar 27 2000 | Raytheon BBN Technologies Corp | Systems and methods for standardizing network devices |
6795835, | May 19 2000 | WINDSTREAM INTELLECTUAL PROPERTY SERVICES, LLC | Migration of computer personalization information |
6801946, | Jun 15 2000 | International Business Machines Corporation | Open architecture global sign-on apparatus and method therefor |
6817017, | Apr 24 2000 | Leotel, Technologies, Inc.; LEOTEL TECHNOLOGIES, INC | Universal interface system |
6839766, | Jan 14 2000 | Cisco Technology, Inc | Method and apparatus for communicating cops protocol policies to non-cops-enabled network devices |
6880005, | Mar 31 2000 | Hewlett Packard Enterprise Development LP | Managing policy rules in a network |
6925477, | Mar 31 1998 | Intellisync Corporation | Transferring records between two databases |
6938158, | Jul 14 2000 | Motorola Mobility, Inc | Single sign-on system and single sign-on method for a web site and recording medium |
6941465, | Jul 26 1999 | Microsoft Technology Licensing, LLC | Method of enforcing a policy on a computer network |
6944183, | Jun 10 1999 | Alcatel-Lucent USA Inc | Object model for network policy management |
6950818, | Aug 14 1998 | Microsoft Technology Licensing, LLC | System and method for implementing group policy |
6950935, | Apr 21 2000 | Oracle America, Inc | Pluggable authentication modules for telecommunications management network |
6968370, | Jan 17 2001 | OL SECURITY LIMITED LIABILITY COMPANY | Method of transferring resources between different operation systems |
6973488, | Mar 31 2000 | Intel Corporation | Providing policy information to a remote device |
6976090, | Apr 20 2000 | Cisco Technology, Inc | Differentiated content and application delivery via internet |
7028079, | May 25 2001 | Lenovo PC International | Method and apparatus for the automatic migration of applications and their associated data and configuration files |
7062781, | Feb 12 1997 | HANGER SOLUTIONS, LLC | Method for providing simultaneous parallel secure command execution on multiple remote hosts |
7080077, | Jul 10 2000 | ORACLE, USA; Oracle International Corporation; Oracle Corporation | Localized access |
7089584, | May 24 2000 | Oracle America, Inc | Security architecture for integration of enterprise information system with J2EE platform |
7100195, | Jul 30 1999 | Accenture Global Services Limited | Managing user information on an e-commerce system |
7117486, | Apr 25 2003 | Oracle America, Inc | System and method for migration of software |
7133984, | Apr 11 2003 | T-MOBILE INNOVATIONS LLC | Method and system for migrating data |
7139973, | Nov 20 2000 | Cisco Technology, Inc. | Dynamic information object cache approach useful in a vocabulary retrieval system |
7143095, | Dec 31 2002 | Liberty Peak Ventures, LLC | Method and system for implementing and managing an enterprise identity management for distributed security |
7162640, | Mar 11 2003 | Microsoft Technology Licensing, LLC | System and method for protecting identity information |
7171458, | Jun 12 2001 | GOOGLE LLC | Apparatus and method for managing configuration of computer systems on a computer network |
7185073, | Oct 26 1998 | Cisco Technology, Inc. | Method and apparatus for defining and implementing high-level quality of service policies in computer networks |
7209970, | Sep 19 2000 | Sprint Spectrum LLC | Authentication, application-authorization, and user profiling using dynamic directory services |
7213266, | Jun 09 2000 | PLS IV, LLC | Systems and methods for managing and protecting electronic content and applications |
7216181, | Jul 31 2001 | T-MOBILE INNOVATIONS LLC | Middleware brokering system |
7231460, | Jun 04 2001 | Gateway Inc. | System and method for leveraging networked computers to view windows based files on Linux platforms |
7234157, | Jun 27 2002 | Lenovo PC International | Remote authentication caching on a trusted client or gateway system |
7243370, | Jun 14 2001 | Microsoft Technology Licensing, LLC | Method and system for integrating security mechanisms into session initiation protocol request messages for client-proxy authentication |
7284043, | Sep 23 2004 | BeyondTrust Corporation | System and method for automated migration from Linux to Windows |
7299504, | Mar 08 2002 | PIECE FUTURE PTE LTD | System and method for implementing security management using a database-modeled security policy |
7346766, | Apr 28 1999 | Tranxition Corporation | Method and system for automatically transitioning of configuration settings among computer systems |
7356601, | Dec 18 2002 | Cisco Technology, Inc. | Method and apparatus for authorizing network device operations that are requested by applications |
7356816, | Feb 13 2001 | CA, INC | Method and apparatus for multiplatform migration |
7379996, | Apr 07 2003 | Microsoft Technology Licensing, LLC | System and method for web server migration |
7418597, | Aug 15 2003 | VENAFI, INC | Apparatus for accepting certificate requests and submission to multiple certificate authorities |
7421555, | Aug 22 2003 | HITACHI VANTARA LLC | System, device, and method for managing file security attributes in a computer file storage system |
7426642, | Nov 14 2002 | HULU, LLC | Integrating legacy application/data access with single sign-on in a distributed computing environment |
7428583, | Oct 31 2000 | Intel Corporation | Network policy distribution |
7440962, | Feb 28 2001 | ORACLE INTERNATIONAL CORPORATION OIC | Method and system for management of access information |
7444401, | Nov 18 2002 | Mueller International, LLC | Method and apparatus for inexpensively monitoring and controlling remotely distributed appliances |
7467141, | Aug 04 2000 | CXT SYSTEMS, INC | Branding and revenue sharing models for facilitating storage, management and distribution of consumer information |
7478418, | Dec 12 2001 | Intellectual Ventures I LLC | Guaranteed delivery of changes to security policies in a distributed system |
7483979, | Jan 16 2001 | International Business Machines Corporation; International Business Machines Corp | Method and system for virtualizing metadata between disparate systems |
7487535, | Feb 01 2002 | EMC IP HOLDING COMPANY LLC | Authentication on demand in a distributed network environment |
7519813, | Aug 02 2004 | NetApp, Inc | System and method for a sidecar authentication mechanism |
7584502, | May 03 2004 | Microsoft Technology Licensing, LLC | Policy engine and methods and systems for protecting data |
7591005, | Oct 27 2005 | Centrify Corporation | Method and apparatus for user log-in name mapping |
7617501, | Jul 09 2004 | QUEST SOFTWARE INC F K A DELL SOFTWARE INC ; Aventail LLC | Apparatus, system, and method for managing policies on a computer having a foreign operating system |
7650497, | Aug 15 2003 | VENAFI, INC | Automated digital certificate renewer |
7653794, | May 08 2006 | Microsoft Technology Licensing, LLC | Converting physical machines to virtual machines |
7661027, | Oct 10 2006 | Oracle International Corporation | SIP server architecture fault tolerance and failover |
7673323, | Oct 28 1998 | Oracle International Corporation | System and method for maintaining security in a distributed computer network |
7690025, | Apr 03 2003 | General Electric Company | Methods and systems for accessing a network-based computer system |
7765187, | Nov 29 2005 | EMC IP HOLDING COMPANY LLC | Replication of a consistency group of data storage objects from servers in a data network |
7805721, | Jun 14 2004 | BeyondTrust Corporation | System and method for automated migration from Windows to Linux |
7895332, | Oct 30 2006 | QUEST SOFTWARE INC F K A DELL SOFTWARE INC ; Aventail LLC | Identity migration system apparatus and method |
7904949, | Dec 19 2005 | QUEST SOFTWARE INC F K A DELL SOFTWARE INC ; Aventail LLC | Apparatus, systems and methods to provide authentication services to a legacy application |
7987455, | Jul 23 2003 | International Business Machines Corporation | System and method of command processing |
8024360, | Dec 10 2004 | DELINEA INC | Method and apparatus for maintaining multiple sets of identity data |
8086710, | Oct 30 2006 | QUEST SOFTWARE INC F K A DELL SOFTWARE INC ; Aventail LLC | Identity migration apparatus and method |
8087075, | Feb 13 2006 | QUEST SOFTWARE INC F K A DELL SOFTWARE INC ; Aventail LLC | Disconnected credential validation using pre-fetched service tickets |
8141138, | Oct 17 2005 | Oracle International Corporation | Auditing correlated events using a secure web single sign-on login |
8245242, | Jul 09 2004 | QUEST SOFTWARE INC F K A DELL SOFTWARE INC ; Aventail LLC | Systems and methods for managing policies on a computer |
8346908, | Oct 30 2006 | QUEST SOFTWARE INC F K A DELL SOFTWARE INC ; Aventail LLC | Identity migration apparatus and method |
8429712, | Jun 08 2006 | QUEST SOFTWARE INC F K A DELL SOFTWARE INC ; Aventail LLC | Centralized user authentication system apparatus and method |
8533744, | Jul 09 2004 | QUEST SOFTWARE INC F K A DELL SOFTWARE INC ; Aventail LLC | Systems and methods for managing policies on a computer |
8584218, | Feb 13 2006 | QUEST SOFTWARE INC F K A DELL SOFTWARE INC ; Aventail LLC | Disconnected credential validation using pre-fetched service tickets |
20010034733, | |||
20020055949, | |||
20020078005, | |||
20020112178, | |||
20020129274, | |||
20020133723, | |||
20020138572, | |||
20020169986, | |||
20020169988, | |||
20020174366, | |||
20020178377, | |||
20020184536, | |||
20030009487, | |||
20030018913, | |||
20030023587, | |||
20030028611, | |||
20030033535, | |||
20030065940, | |||
20030065942, | |||
20030110397, | |||
20030115186, | |||
20030115313, | |||
20030115439, | |||
20030149781, | |||
20030177388, | |||
20030188036, | |||
20030226036, | |||
20030229783, | |||
20040010519, | |||
20040059953, | |||
20040078569, | |||
20040088543, | |||
20040098595, | |||
20040098615, | |||
20040111515, | |||
20040111643, | |||
20040117382, | |||
20040123146, | |||
20040128506, | |||
20040128541, | |||
20040128542, | |||
20040139050, | |||
20040139081, | |||
20040199795, | |||
20040226027, | |||
20040260565, | |||
20040260651, | |||
20050010547, | |||
20050044409, | |||
20050055357, | |||
20050060397, | |||
20050086457, | |||
20050091068, | |||
20050091213, | |||
20050091250, | |||
20050091284, | |||
20050091290, | |||
20050108579, | |||
20050114701, | |||
20050125798, | |||
20050144463, | |||
20050193181, | |||
20050198303, | |||
20050204143, | |||
20050223216, | |||
20050246554, | |||
20050267938, | |||
20050268309, | |||
20050283443, | |||
20050283614, | |||
20060004794, | |||
20060005229, | |||
20060010445, | |||
20060015353, | |||
20060021017, | |||
20060026195, | |||
20060034494, | |||
20060085483, | |||
20060116949, | |||
20060130065, | |||
20060161435, | |||
20060174350, | |||
20060184401, | |||
20060200424, | |||
20060200504, | |||
20060224611, | |||
20060248099, | |||
20060265740, | |||
20060282360, | |||
20060282461, | |||
20060294151, | |||
20070011136, | |||
20070038596, | |||
20070083917, | |||
20070100980, | |||
20070101415, | |||
20070143430, | |||
20070143836, | |||
20070150448, | |||
20070156766, | |||
20070156767, | |||
20070180448, | |||
20070180493, | |||
20070192843, | |||
20070255814, | |||
20070288992, | |||
20080104220, | |||
20080104250, | |||
20080133533, | |||
20080162604, | |||
20080215867, | |||
20090006537, | |||
20090216975, | |||
20100050232, | |||
20110093570, | |||
20110282977, | |||
20110283273, | |||
20120192256, | |||
20120215899, | |||
20120297035, | |||
EP57281191, | |||
JP1932279, | |||
WO2006016900, | |||
WO2007044613, |
Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
Mar 07 2013 | Dell Software, Inc. | (assignment on the face of the patent) | / | |||
Sep 07 2016 | DELL SOFTWARE INC | THE BANK OF NEW YORK MELLON TRUST COMPANY, N A , AS NOTES COLLATERAL AGENT | SECURITY AGREEMENT | 040039 | /0642 | |
Sep 07 2016 | Dell Products L P | THE BANK OF NEW YORK MELLON TRUST COMPANY, N A , AS NOTES COLLATERAL AGENT | SECURITY AGREEMENT | 040039 | /0642 | |
Sep 07 2016 | Aventail LLC | THE BANK OF NEW YORK MELLON TRUST COMPANY, N A , AS NOTES COLLATERAL AGENT | SECURITY AGREEMENT | 040039 | /0642 | |
Sep 07 2016 | DELL SOFTWARE INC | CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT | SECURITY AGREEMENT | 040030 | /0187 | |
Sep 07 2016 | DELL PRODUCTS, L P | CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT | SECURITY AGREEMENT | 040030 | /0187 | |
Sep 07 2016 | Aventail LLC | CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT | SECURITY AGREEMENT | 040030 | /0187 | |
Oct 31 2016 | DELL SOFTWARE INC | CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT | SECOND LIEN PATENT SECURITY AGREEMENT | 040587 | /0624 | |
Oct 31 2016 | DELL SOFTWARE INC | CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT | FIRST LIEN PATENT SECURITY AGREEMENT | 040581 | /0850 | |
Oct 31 2016 | Credit Suisse AG, Cayman Islands Branch | DELL SOFTWARE INC | RELEASE BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 040521 | /0467 | |
Oct 31 2016 | Credit Suisse AG, Cayman Islands Branch | DELL PRODUCTS, L P | RELEASE BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 040521 | /0467 | |
Oct 31 2016 | Credit Suisse AG, Cayman Islands Branch | Aventail LLC | RELEASE BY SECURED PARTY SEE DOCUMENT FOR DETAILS | 040521 | /0467 | |
Oct 31 2016 | THE BANK OF NEW YORK MELLON TRUST COMPANY, N A | DELL SOFTWARE INC | RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS PREVIOUSLY RECORDED AT REEL FRAME 040039 0642 | 040521 | /0016 | |
Oct 31 2016 | THE BANK OF NEW YORK MELLON TRUST COMPANY, N A | Dell Products L P | RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS PREVIOUSLY RECORDED AT REEL FRAME 040039 0642 | 040521 | /0016 | |
Oct 31 2016 | THE BANK OF NEW YORK MELLON TRUST COMPANY, N A | Aventail LLC | RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS PREVIOUSLY RECORDED AT REEL FRAME 040039 0642 | 040521 | /0016 | |
Nov 01 2016 | DELL SOFTWARE INC | QUEST SOFTWARE INC | CHANGE OF NAME SEE DOCUMENT FOR DETAILS | 044800 | /0848 | |
Nov 14 2017 | Credit Suisse AG, Cayman Islands Branch | QUEST SOFTWARE INC F K A DELL SOFTWARE INC | CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE PREVIOUSLY RECORDED AT REEL: 040587 FRAME: 0624 ASSIGNOR S HEREBY CONFIRMS THE ASSIGNMENT | 044811 | /0598 | |
Nov 14 2017 | Credit Suisse AG, Cayman Islands Branch | Aventail LLC | CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE PREVIOUSLY RECORDED AT REEL: 040587 FRAME: 0624 ASSIGNOR S HEREBY CONFIRMS THE ASSIGNMENT | 044811 | /0598 | |
May 18 2018 | QUEST SOFTWARE INC | CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT | SECOND LIEN PATENT SECURITY AGREEMENT | 046327 | /0486 | |
May 18 2018 | QUEST SOFTWARE INC | CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT | FIRST LIEN PATENT SECURITY AGREEMENT | 046327 | /0347 | |
May 18 2018 | CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT | Aventail LLC | RELEASE OF FIRST LIEN SECURITY INTEREST IN PATENTS RECORDED AT R F 040581 0850 | 046211 | /0735 | |
May 18 2018 | CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT | QUEST SOFTWARE INC F K A DELL SOFTWARE INC | RELEASE OF FIRST LIEN SECURITY INTEREST IN PATENTS RECORDED AT R F 040581 0850 | 046211 | /0735 | |
Feb 01 2022 | CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT | QUEST SOFTWARE INC | RELEASE OF SECOND LIEN SECURITY INTEREST IN PATENTS | 059096 | /0683 | |
Feb 01 2022 | ONE IDENTITY SOFTWARE INTERNATIONAL DESIGNATED ACTIVITY COMPANY | Goldman Sachs Bank USA | FIRST LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058945 | /0778 | |
Feb 01 2022 | ONELOGIN, INC | Goldman Sachs Bank USA | FIRST LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058945 | /0778 | |
Feb 01 2022 | One Identity LLC | Goldman Sachs Bank USA | FIRST LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058945 | /0778 | |
Feb 01 2022 | ERWIN, INC | Goldman Sachs Bank USA | FIRST LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058945 | /0778 | |
Feb 01 2022 | BINARYTREE COM LLC | Goldman Sachs Bank USA | FIRST LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058945 | /0778 | |
Feb 01 2022 | ANALYTIX DATA SERVICES INC | Goldman Sachs Bank USA | FIRST LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058945 | /0778 | |
Feb 01 2022 | QUEST SOFTWARE INC | Goldman Sachs Bank USA | FIRST LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058945 | /0778 | |
Feb 01 2022 | ONE IDENTITY SOFTWARE INTERNATIONAL DESIGNATED ACTIVITY COMPANY | MORGAN STANLEY SENIOR FUNDING, INC | SECOND LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058952 | /0279 | |
Feb 01 2022 | ONELOGIN, INC | MORGAN STANLEY SENIOR FUNDING, INC | SECOND LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058952 | /0279 | |
Feb 01 2022 | One Identity LLC | MORGAN STANLEY SENIOR FUNDING, INC | SECOND LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058952 | /0279 | |
Feb 01 2022 | ERWIN, INC | MORGAN STANLEY SENIOR FUNDING, INC | SECOND LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058952 | /0279 | |
Feb 01 2022 | BINARYTREE COM LLC | MORGAN STANLEY SENIOR FUNDING, INC | SECOND LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058952 | /0279 | |
Feb 01 2022 | ANALYTIX DATA SERVICES INC | MORGAN STANLEY SENIOR FUNDING, INC | SECOND LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058952 | /0279 | |
Feb 01 2022 | QUEST SOFTWARE INC | MORGAN STANLEY SENIOR FUNDING, INC | SECOND LIEN INTELLECTUAL PROPERTY SECURITY AGREEMENT | 058952 | /0279 | |
Feb 01 2022 | CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT | QUEST SOFTWARE INC | RELEASE OF FIRST LIEN SECURITY INTEREST IN PATENTS | 059105 | /0479 |
Date | Maintenance Fee Events |
Aug 21 2018 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
Sep 08 2022 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
Date | Maintenance Schedule |
Jan 06 2018 | 4 years fee payment window open |
Jul 06 2018 | 6 months grace period start (w surcharge) |
Jan 06 2019 | patent expiry (for year 4) |
Jan 06 2021 | 2 years to revive unintentionally abandoned end. (for year 4) |
Jan 06 2022 | 8 years fee payment window open |
Jul 06 2022 | 6 months grace period start (w surcharge) |
Jan 06 2023 | patent expiry (for year 8) |
Jan 06 2025 | 2 years to revive unintentionally abandoned end. (for year 8) |
Jan 06 2026 | 12 years fee payment window open |
Jul 06 2026 | 6 months grace period start (w surcharge) |
Jan 06 2027 | patent expiry (for year 12) |
Jan 06 2029 | 2 years to revive unintentionally abandoned end. (for year 12) |