Browse Prior Art Database

Personal Computer-Local Area Network Logon

IP.com Disclosure Number: IPCOM000119898D
Original Publication Date: 1991-Mar-01
Included in the Prior Art Database: 2005-Apr-02
Document File: 2 page(s) / 88K

Publishing Venue

IBM

Related People

Christopher, KW: AUTHOR [+3]

Abstract

This article describes a technique for use in a personal computer (PC) system which provides improved security for shared data on existing PC-Local Area Network (LAN) servers, including logging of valid and invalid access attempts.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Personal Computer-Local Area Network Logon

      This article describes a technique for use in a personal
computer (PC) system which provides improved security for shared data
on existing PC-Local Area Network (LAN) servers, including logging of
valid and invalid access attempts.

      Currently, some PC-LAN products support password protection on
a "per share" basis.  Via this method, data can be protected from
anyone that does not know the password, but there is no logging of
attempts to access the data with an incorrect password.  Also, if a
user knows the password, access is allowed to the shared data
automatically.

      The existing support can be enhanced to provide better security
measures through a LOGON program.

      By using the existing PC-LAN hooks that allow server message
block (SMB) protocol to be extended, the following enhancements can
be implemented in the LOGON support:
      1)   When a START CONNECTION SMB is received, it can be both
preprocessed (processed prior to the PC-LAN SERVER processing it) and
postprocessed (processed after the PC-LAN SERVER has processed it).
At the time the START CONNECTION SMB is received, LOGON will request
the current TIME and DATE from PC-DOS.
      2)   During the preprocessing, LOGON can request SESSION STATUS
from NETBIOS, thereby getting the network name of the requesting
redirector.  This network name identifies the requesting redirector
at this point in time, but since a redirector's network name can be
changed each time the PC-LAN is started, this is not a very "sticky"
identification.
      3)   Once the redirector network name is known, LOGON can
request the ADAPTER STATUS for the remote machine, thereby getting
the adapter serial number for the PC-LAN adapter in the remote
machine. This adapter serial number is unique and permanent to each
adapter on the network, and cannot be changed by software programs.
Therefore, since the adapter must be changed to alter the serial
number, this is a much more "sticky" identification of the redirector
machine than just its network name.
      4)   A USERID DATA FILE that resides on a private (i.e., non
shared) portion of the server's direct-access storage device
       ...