(51) Int Cl.: H04L 9/32 ( ) H04L 29/06 ( )

Transkript

1 (19) (11) EP B1 (12) EUROPEAN PATENT SPECIFICATION (4) Date of publication and mention of the grant of the patent: Bulletin /08 (21) Application number: (22) Date of filing: (1) Int Cl.: H04L 9/32 (06.01) H04L 29/06 (06.01) (86) International application number: PCT/EP04/0089 (87) International publication number: WO 04/11486 ( Gazette 04/3) (4) METHOD AND SYSTEM FOR AUTHENTICATING SERVERS IN A DISTRIBUTED APPLICATION ENVIRONMENT VERFAHREN UND SYSTEM ZUR AUTHENTIFIZIERUNG DER SERVER IN EINER VERTEILTEN ANWENDUNGSUMGEBUNG PROCEDE ET SYSTEME D AUTHENTIFICATION DE SERVEURS DANS UN ENVIRONNEMENT D APPLICATION REPARTIE (84) Designated Contracting States: AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LI LU MC NL PL PT RO SE SI SK TR () Priority: EP (43) Date of publication of application: Bulletin 06/12 (73) Proprietors: International Business Machines Corporation Armonk, NY 04 (US) IBM DEUTSCHLAND GMBH 7069 Stuttgart (DE) Designated Contracting States: LU (72) Inventors: ALVAREZ DIEZ, Adrian 734 Boeblingen (DE) MIELKE, Frank Leo Eutingen im Gäu (DE) (74) Representative: Klein, Hans-Jörg IBM Deutschland Management & Business Support GmbH Patentwesen u. Urheberrecht Ehningen (DE) (6) References cited: US-A US-B EP B1 Note: Within nine months of the publication of the mention of the grant of the European patent in the European Patent Bulletin, any person may give notice to the European Patent Office of opposition to that patent, in accordance with the Implementing Regulations. Notice of opposition shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention). Printed by Jouve, 7001 PARIS (FR)

2 1 EP B1 2 Description Field of the invention [0001] The present invention relates to authentication of servers in a distributed application environment, and in particular to authentication of third tier servers in a secure distributed application environment with non-continuous client-server connection. Background of the invention [0002] A distributed application environment typically consist of one or more client systems having parts of the distributed application, e.g. GUI components, processing components (client application), server systems system having the remaining parts of the distributed application (server application or server components), and a third tier server system which exchanges data between the client system and the server systems, e.g. provides a repository for the application data. For example SAP R/ 3 (trademark of SAP) is a typical example for a distributed application where the application is divided in a client part, e.g. running on a workstation like IBM Thinkpad, and a number of server parts, e.g. running on a IBM zseries mainframe system. [0003] The communication between the systems of the distributed application environment can take place in a secure or insecure communication environment. For example, a secure communication is normally given in the Intranet, and an insecure communication is given in the Internet. Distributed applications - particularly of those which handle sensitive information, such as operating system configuration data - demand that data interchange between the distributed components and with other applications such as databases should be protected by means of an established security mechanism. [0004] A common way to protect the communication between client and server system is by establishing a secure session, where all communication is encrypted using a symmetrical key. This symmetrical key is exchanged between the partners using the public key cryptography. This exchange is typically combined with authentication of the partners. [000] The most prominent exponent of such security mechanisms is SSL (Secure Socket Layer) that represents "the most commonly-used protocol for managing the security of a message transmission on the Internet". Amongst other things, SSL uses so called server certificates to check and assure the identity of the server part in a connection. The certificate is used to distribute the public key. In addition it contains owner s name, certificate name, expiration date, public key of the signer of the certificate as well as a digital signature being generated by the owner s private key applied to the certificate. The checking, acceptance and administration of such certificates in each component of a distributed application may be a problem if no direct user-interaction is possible, which is particularly the case in server components. [0006] By using that protocol the user benefits from a high level of protection with few effort. To establish a secure connection, the security protocol exchanges client or server certificates during the connection handshake. A definition and the message flow of SSL handshakes for example can be found in RFC Certificates identify and authenticate the participating parties. The recipient can verify a certificate in two different ways. The first way, if the certificate has been signed by another certificate and that the certificate has been trusted before by the recipient, the new certificate can be trusted automatically. Already trusted certificates are kept in a database for the verification process in following connection handshakes. The second way, if the recipient has no certificate in its database which confirms the incoming peer certificate as trustworthy, the user must decide whether to accept or reject the certificate. This can be done by comparing the results of hash functions applied to certificate information with securely published values. If the user chooses to reject the certificate, the connection will not be established. Prior art [0007] Fig. 1 shows a prior art distributed application environment which consists of a component 1 running on a client system and several components 2 running on a number of servers (n-number server system) that communicate via connection a. A user controls the client application 1 but there is, except in case of administration, no direct user interaction with the server components 2. An example for the client system can be a Windows workstation. The server application can for example run on an IBM zseries mainframe system. [0008] Both, client system and server system communicate with a third tier server system 3, e.g. a database or another kind of repository like an LDAP server, through the corresponding connections b and c. Both connections are used to transfer data from the client application 1 to the server application 2 and vice versa, i.e. the client application 1 writes information into the common database - the third tier server system 3 - and the server system 2 retrieves information from the database. During the processing of the server application 2, the results of the processing are written to the database and can then be retrieved from the client application. Client system 1 and server system 2 use local certificate databases to verify incoming certificates from a third tier server 3. [0009] The data flow between the components of the distributed application environment may be briefly summarized as follows. The client system 1 sends a request to establish a connection b to the third tier server system 3. During the connection handshake the third tier server 3 sends back a third tier server certificate to the client system that identifies the third tier server 3. Client system 1 uses the certificate database 4 to verify the third tier 2

3 3 EP B1 4 certificate. If this automatic verification fails, the user must manually reject or accept the certificate. This can be done with the help of a dialog. In the latter case the accepted certificate is stored in the certificate database 4. Client system 1 hands over program control to the server systems 2. The server systems 2 try to connect to the third tier server system 3. The server systems send a request to establish a connection c. During the connection handshake the third tier server 3 sends back a third tier server certificate to server system 2 that identifies the third tier server 3. Server systems 2 use the certificate database to verify the third tier server. If this verification fails, a mechanism must be used to decide whether the certificate can be accepted. If the connection a to the client system 1 is permanent and secure, a possible solution consists in using the certificate database 4 or manual user interaction. Another way can be a set of policies on the server systems that determine the making of decisions. [00] US Patent 6,367,009B1 discloses a method, system, and computer-readable code for delegating authority and authentication from a client to a server in order that the server can establish a secure connection (using SSL or an analogous security protocol) to a back-end application on behalf of the client. This enables the true client s identity to be known to the application on the endtier server. The proposed solution provides several alternative techniques, whereby the client establishes a secure session with a middle-tier server (MTS), and then delegates authority and authentication to the MTS in order that the MTS can establish a second SS1 session to the ETS on behalf of the client. [0011] US Publication No. 02/ A1 discloses a unique TIO based trust information delivery scheme which allows clients to verify received certificates and to control Java and Javascript access efficiently. This scheme fits into the certificate verification process in SSL to provide a secure connection between a client and a Web server. In particular, the scheme is well suited for incorporation into consumer devices that have a limited footprint, such as set-top boxes, cell phones, and handheld computers. Furthermore, the TIO update scheme disclosed herein allows clients to update certificates securely and dynamically. Disadvantages of the Prior art [0012] Each server application has a local certificate database which means additional effort to maintain and to protect the certificate data. If there are e.g. 0 server systems it is a tremendous effort to protect each certificate database against fraudulent modification. In addition multiple parameters must be known to the server system to access the certificate database, such as the location (file name) and a password or user name to access the database. These parameters can be different for each system and must be specified for each server application. If for some reason a certificate is no longer trustworthy, it may happen that all server certificate databases have to be modified manually to remove the obsolete certificate. [0013] It will sometimes be necessary to have a user decide if an unknown certificate is trustworthy. This represents a problem, since the user does normally not interact directly with the server application. It cannot be taken for granted that a continuous, secure and tamperproof connection to the client exists which can be used to send a verification request to the user. Client and server are not necessarily active simultaneously all the time. This is particularly true if the server application is a batch process that is started by the client. When the connection is discontinued after the server process is started, there is no easy way for the server application to initiate a secure connection to the client system. Using hard coded policies to decide if an unknown certificate can be accepted is not flexible enough and may be a security leak. Object of the invention [0014] Starting from this, the object of the present invention is to provide a method and system for authenticating servers in a distributed application environment avoiding the disadvantages of the prior art. Brief summary of the invention [001] The present invention discloses a method and system for authenticating third tier servers in a distributed application environment by using a central procedure for recognizing and managing third tier server certificates at the client system side. Third tier server certificates which have been accepted by the central procedure are stored in a common database of the distributed application environment and the client system transmits via a secure connection to the server systems all necessary information of said third tier server certificates being accepted as trustworthy for determining to accept or to decline a connection to the third tier server. In a preferred embodiment of the present invention only fingerprints of third tier server certificates being accepted as trustworthy together with the server name which has transmitted said third tier server certificate, and the certificate name are transferred via a secure connection to the server systems of the distributed application environment. Brief description of the several views of the drawings [0016] The above, as well as additional objectives, features and advantages of the present invention will be apparent in the following detailed written description. [0017] The novel features of the invention are set forth in the appended claims. The invention itself, however, as well as a preferred mode of use, further objectives, and advantages thereof, will be best understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the ac- 3

4 EP B1 6 companying drawings, wherein: Fig. 1 shows a prior distributed application environment, Fig. 2 A -C show the inventive system at the client system and the server systems side with the new concept of common certificate recognition and management in a distributed application environment, Fig. 3 shows inventive data flow between client, server, and third tier server using the inventive concept of common certificate recognition and management in a distributed application environment, Fig. 4 shows a specific embodiment of the present invention using the inventive concept of certificate recognition and management in a workflow environment of a distributed application environment, and Fig. shows another specific embodiment of the present invention using the inventive concept of certificate recognition and management in a distributed application environment with logical association between client system and third tier server system. [0018] With reference to Fig. 2 A, there is depicted a system diagram with the inventive concept of common certificate management within the distributed application. The significant difference to the prior art is that no database for the certificates at the server side is needed anymore. Client system and server systems which support the inventive concept are illustrated in more detail in Fig. 2 B and Fig. 2 C. [0019] With reference to Fig. 2 B, there are depicted client components of a client system supporting the inventive concept of common certificate management. The client component consists of a Data Access Protocol Client component 70, a Connection Negotiator component 60, a Certificate Verifier component, a User Interface component, a Certificate Transmitter component, and a Transfer Client component. [00] The inventive components of the client system are: connection negotiator component 60 with the functionality to receive third tier server certificates from the third tier server via connection b [0021] Certificate transmitter component with the functionality to extract certificate information of all trusted certificates from the common database 4 and transmits it to the server system via a connection a. [0022] A common data base 4 of the distributed application environment that contains third tier server certificates received from said third tier server which have been accepted as trustworthy for the distributed application environment. [0023] Following communication components are normally available in prior art client systems in order to establish communication with the server systems/and or third tier server system: Database access protocol client component 70 with the functionality to communicate with the third party server. Possible used protocols are e.g. LDAP (Lightweight Directory Access Protocol) to connect to an LDAP-server or JDBC (Java Database Connectivity) to connect to a relational database. [0024] Transfer Client component with the functionality to communicate to the server systems. Examples are an SFTP-client implementation or an HTTPS-client implementation. [002] With reference to Fig. 2 C, there are depicted server components of the server systems supporting the inventive concept of common certificate management. The server component preferably consists of a Data Access Protocol Client component 10, a Connection Negotiator component 1, a Certificate Verifier component 1, and a Transfer Server component 1. [0026] The inventive components of the server systems are following components: Connection negotiator component 1 with the functionality to receive third tier server certificates from third tier server system. [0027] Certificate verifier component 1 with the functionality to check a received certificate against certificate information received from the client system through connection a. This connection does not need to be sustained during the whole lifetime of the server. [0028] Following communication components are normally available in prior art server systems in order to establish communication with client system or other third tier server systems: certificate verifier component 0 with functionality to check a received third tier server certificate against certificate information stored in the common database 4 of the distributed application environment. user interface component with the functionality to ask an user whether an unknown third tier server certificate can be accepted. 0 Database access protocol client component 10 with the functionality to communicate with the third party server. Possible used protocols are e.g. LDAP (Lightweight Directory Access Protocol) to connect to an LDAP-server or JDBC (Java Database Connectivity) to connect to a relational database. [0029] Transfer Server component 1 with the functionality to communicate to the client applications for the 4

5 7 EP B same protocol. Examples are a secure FTP-server implementation or an HTTPS-server implementation. [00] A preferred embodiment of the inventive concept of common certificate management according to Fig. 2 A-C is described now. The client system 1 contains a certificate transmitter component that calculates at least one fingerprint (fingerprint is preferably generated with a hash function applied to a certificate), preferably two different fingerprints (e.g. using SHA and MD algorithms) for every certificate stored in the common database of the distributed application environment (however it should be noted that the generation of fingerprints is not an essential feature for carrying out the present invention; the present invention is also applicable by sending the whole third party certificate to the server component). This information is sent to the server systems 2 together with certificate name and hostname of the third tier server system from which the certificate has been received. This is all information necessary to verify that a certificate was accepted by the client component. It requires that the client system has built up a successful connection to the third tier server before any of the server system in the distributed application. This can usually be assumed in most distributed applications. All certificates that have been accepted by the client system 1 will also be accepted by all server systems 2. For example when client system and server systems communicate via Internet the connection between client system and server system must be secure in order to avoid tampering of the certificate information sent by the client system. The concept preferably relies on a standard transmission protocol (e.g. FTP) that is usually available on every server system. In an environment where security is vital the secure flavor of the protocol (e.g. Secure FTP) should be available by default. No additional effort needs to be spent to establish a secure connection to the server system. [0031] From the perspective of certificate management the information flow of the connection only needs to be unidirectional. There is no necessity for the server systems to send feedback information to the client system to accept or reject certificates. [0032] The connection a between client and server system does not need to be sustained during the complete lifetime of the server component process. A short timeframe is sufficient to transmit the necessary certificate data from client to server. [0033] Each server of the server system 2 uses the certificate information sent by the client system to verify a connection to a third tier server 3. Fingerprints of incoming third tier server certificates are compared against the set of certificate data received from the client system to decide if certificate and thereby also the connection c is acceptable. The certificate name and the hostname of the third party server derived from the third party certificate is compared with the corresponding certificate information that has been received from the client component. The certificate is only verified if all attributes - both fingerprints, certificate name and hostname - match. This technique complies with the way a user would manually verify a certificate. Therefore the high security level is maintained. [0034] No local certificate database exists on the server systems 2. Certificate verification is processed exclusively by means of the certificate information sent by the client system. There is no need to administer any third tier certificates locally on the server systems. This represents a major enhancement compared to the prior art. [003] The client system is acting as single point of control in the security infrastructure of the distributed application. It is the only application that needs security specific administration effort. [0036] In the preferred embodiment of the present invention following attributes must be known to the certificate verifier component of the server system: Certificate name, two different fingerprints (e.g. generated with the SHA and MD algorithms), and server name from which the certificate has been received. [0037] It is necessary to generate two different fingerprints to assure the integrity of the certificate information. It is practically impossible to create a fake certificate that has the same two fingerprints as another certificate. The hostname is necessary to avoid that a wrong third party server reuses a valid certificate belonging to a trusted server. The hostname can be different to the hostname referenced in the certificate name if the client accepts differing values. [0038] In an alternative embodiment of the present invention a whole third party certificate including name of the third tier server that has transmitted that certificate is transferred to server system. However, that alternative procedure causes more storage on the server system and provides less security compared with the fingerprints procedure. [0039] In a further embodiment of the present invention only one fingerprint is generated and is sent, together name of server which has transmitted the third tier certificate, to the server system. It will provide less security compared with the two-fingerprints procedure. [00] An example of transmitted attributes derived from a third tier server certificate including certificate name, two different fingerprints, and name of the server which provided the third party certificate: Certificate name: "cn=pollux6.de.ibm. com, ou=dev, o=ibm, c=de" SHA fingerprint: f4:e2:4:0c:9a:2a:f:94:1d: c0:60:03:e4:b0: fingerprint: e4:2:12:08:6a:ab::83:1e:7c: ed:c4:36:8f: Server name: Castor6.de.ibm.com

6 9 EP B1 [0041] With respect to Fig.3, there is depicted a data flow between client system, third tier server system, and server systems according to Fig. 2 A-C. [0042] The client system establishes a secure connection with a third tier server system 3. The third tier server system transmits its certificate to the client system 3. The client system checks the received third tier server certificate against certificate information stored in the common database of the distributed application environment 3. If the third tier certificate matches with information stored in said common data base the certificate is accepted as trustworthy and a secure connection to the third tier server can be established 3. The client system contains a certificate transmitter component that calculates at least one fingerprint, preferably two different fingerprints (e.g. using SHA and MD algorithms) for every certificate stored in the common database of the distributed application environment and sends these fingerprints together with certificate name and hostname of the third tier server from which the certificate has been received to the server systems 3. The certificate information is preferably sent to the server systems during each invocation of the server applications. Furthermore, connection between client system and server systems is preferably a secure and non-continuous client-server connection. The server systems prepare connection with the third tier server by initiating handshake. The third tier server sends its certificate to the server systems and the server systems compare the certificate information with the information received from the client system 360. The server systems having access to two different algorithms applied to generate the two different fingerprints at the client system calculates with each algorithm a fingerprint of the certificate received from the third tier server. If the fingerprints match with the fingerprints received from the client system, the third tier server is accepted and a secure connection can be established 370. [0043] With respect to Fig.4, there is depicted a specific embodiment of the present invention using the inventive concept of certificate recognition and management in a workflow environment. [0044] In a scenario where information flow is organized in cascades of invocations the new concept can be used to protect the data streams from every server to the third party server and between the servers themselves. [004] The first part of the data flow is identical to the described scenario previously. In a workflow process the server system 2a can act as secure connection initiator in a subsequent secure connection a2 to another server system 2b. Each server system must be extended with an additional "Certificate transmitter"-module and a "Transfer client"-module that are identical to the modules used initially in the client system. In order to initiate the cascade of secure connections between the server systems, the client system 1 must not only transmit the certificate information associated to the third tier server (0) but also certificate information (0) of all servers in the calling chain. Each server must hand over this certificate information set to the server it invokes. [0046] With this procedure it is assured that all connections between the servers as well as between the servers and third tier servers 3 are secured with verified certificates. Again, the client system 1 is the single point of control in the security infrastructure of the distributed workflow application. [0047] With respect to Fig., there is depicted specific embodiment of the present invention using the inventive concept of certificate management in an environment with logical association between client system and third tier server. [0048] The scenario emphasizes the possibility to tailor the certificate information to the actual needs of the concerned client. In this case every client system is associated to an individual third tier server. All client systems communicate with the same server systems on an identical server system, but each client system requires that server systems to interact with a different third tier server. [0049] As an example the client system 1a will deposit data on the third tier server 3a and needs that the server system 2 connects to that repository. When invoking the server systems through the connection a1, the client system will transmit the certificate information associated to the third tier server 3a to assure that 2 can securely connect to 3a through connection c1. [000] In contrast, the client system 1b deposits its data in the third tier server 3b. Client system 1b transmits to the server systems 2 the certificate information associated to the third tier server 3b via connection a2. Hereby the client system assures that server systems 2 can securely connect to third tier 3b through connection c2. Claims 1. Method for authenticating a third tier server system (3) in a distributed application environment, wherein said distributed application environment comprises a client system (1) having parts (0) of the distributed application, one or more server systems (2a; 2b) having the remaining parts (0; 0) of the distributed application, and a third tier server system (3) which exchanges data between said client system and said server system, wherein said client system (1) acts as single point of recognizing and managing third tier server certificates and provides access to a common data base of the distributed application environment which contains third tier server certificates received from said third tier server (3) which have been accepted as trustworthy for the distributed application environment, wherein at said server system (2a; 2b) side said method comprises the steps of: receiving from said client system (1) via a secure 6

7 11 EP B1 12 connection all necessary information of said third tier server certificate being accepted as trustworthy for determining to accept or to decline a connection to said third tier server, comparing said information received from said client system (1) with a third tier certificate received from said third tier server system (3), accepting said third tier server system (3) as authenticated if said information from said client system and said third tier certificate matches, and establishing a connection with said authenticated third tier server system (3). 2. Method according to claim 1, wherein said information from said client system (1) is received via a noncontinuous client-server connection. 3. Method according to claim 2, wherein said non-continuous client- server connection is using a secure transmission protocol. 4. Method according to claim 1, wherein said necessary information of said third tier server certificate consist of an original third tier server certificate as stored in the common data base of said distributed application environment, and a name of the third tier server system which has transmitted said original third tier server certificate to said client system.. Method according to claim 1, wherein said necessary information of said third tier server certificate consist of a fingerprint of the original third tier certificate, and a name of the third tier server system which has transmitted said third tier server certificate to said client system trustworthy for the distributed application environment, wherein at said client system said method comprises the steps of: receiving a third tier server certificate from a third tier server system (3), determining whether said received third tier server certificate can be accepted as trustworthy, storing said third tier server certificate in said common data base (4) of the distributed application environment if said third tier server certificate has been accepted as trustworthy, transferring to each server of said server systems via a secure connection all necessary information of said third tier server certificates being accepted as trustworthy for determining to accept or to decline a third tier server system. 8. Method according to claim 7, wherein said storing step additionally includes storing a name of said third tier server system that has transmitted said third tier certificate. 9. Method according to claim 7, wherein said third tier server certificate is received via a secure transmission protocol.. Method according to claim 7, wherein said necessary information of said third tier server certificate is transmitted to said each server of said server systems via a non-continuous secure connection. 11. Method according to claim 8, wherein authentication of said client system is accomplished by user ID and/or password. 6. Method according to claim 1, wherein said necessary information of said third tier server certificate consists of two different fingerprints of the original third tier server certificate, a name of the third tier server system which has transmitted said third original tier server certificate to said client system, and a certificate name. 7. Method for authenticating a third tier server system (3) in a distributed application environment, wherein said distributed application environment comprises a client system (1) having parts (0) of the distributed application, one or more server systems (2) having the remaining parts (0; 0) of the distributed application and a third tier server system (3) which exchanges data between said client system (1) and said server systems (2), wherein said client system (1) provides access to a common data base (4) of the distributed application environment which contains third tier server certificates received from said third tier server which have been accepted as Server system (2) for authenticating a third tier server system (3) in a distributed application environment, wherein said distributed application environment comprises a client system (1) having parts (0) of the distributed application, one or more server systems (2) having the remaining parts (0; 0) of the distributed application and third tier server system (3) which exchanges data between said client system (1) and said server system (2), wherein said client system (1) acts as single point of recognizing and managing third tier server certificates and provides access to a common data base (4) of the distributed application environment which contains third tier server certificates received from said third tier server which have been accepted as trustworthy for the distributed application environment, wherein said system (2) comprises: means for receiving from said client system via a secure connection all necessary information of said third tier server certificate being accepted 7

8 13 EP B1 14 as trustworthy for determining to accept or to decline a connection to said third tier server, means for comparing said information received from said client system with a third tier certificate received from said third tier server system, means for accepting said third tier server system as authenticated if said information from said client system and said third tier certificate matches, and means for establishing connection with said authenticated third tier server system. 13. Client system for authenticating a third tier server system (3) in a distributed application environment, wherein said distributed application environment comprises a client system (1) having parts (0) of the distributed application, one ore more server systems (2) having the remaining parts (0; 0) of the distributed application and a third tier server system (3) which exchanges data between said client system (1) and said server systems (2), wherein said client system (1) provides access to a common data base (4) of the distributed application environment which contains third tier server certificates received from said third tier server which have been accepted as trustworthy for the distributed application environment, wherein said client system comprising: means for receiving a third tier server certificate from a third tier server system (3), means for determining whether said received third tier server certificate can be accepted as trustworthy, means for storing said third tier server certificate in said common data base (4) of the distributed application environment if said third tier server certificate has been accepted as trustworthy, means for transferring to each server of said server systems via a secure connection all necessary information of said third tier server certificates being accepted as trustworthy for determining to accept or to decline a third tier server system. 14. A computer program product comprising a computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer system causes the computer system to implement a method for authenticating a third tier server system (3) in a distributed application environment, wherein said distributed application environment comprises a client system (1) having parts (0) of the distributed application, one or more server systems (2) having the remaining parts (0; 0) of the distributed application and a third tier server system (3) which exchanges data between said client system (1) and said server systems (2), wherein said client system (1) provides access to a common data base (4) of the distributed application environment which contains third tier server certificates received from said third tier server which have been accepted as trustworthy for the distributed application environment, wherein at said client system said method comprises the steps of: receiving a third tier server certificate from a third tier server system (3), determining whether said received third tier server certificate can be accepted as trustworthy, storing said third tier server certificate in said common data base (4) of the distributed application environment if said third tier server certificate has been accepted as trustworthy, transferring to each server of said server systems via a secure connection all necessary information of said third tier server certificates being accepted as trustworthy for determining to accept or to decline a third tier server system. 1. Computer program product comprising a computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer system causes the computer system to implement a method for authenticating a third tier server system in a distributed application environment, wherein said distributed application environment comprises a client system (1) having parts (0) of the distributed application, one or more server systems (2a, 2b) having the remaining parts (0; 0) of the distributed application and third tier server system (3) which exchanges data between said client system and said server system, wherein said client system (1) acts as single point of recognizing and managing third tier server certificates and provides access to a common data base of the distributed application environment which contains third tier server certificates received from said third tier server (3) which have been accepted as trustworthy for the distributed application environment, wherein at said server system (2a; 2b) side said method comprises the steps of: receiving from said client system (1) via a secure connection all necessary information of said third tier server certificate being accepted as trustworthy for determining to accept or to decline a connection to said third tier server, comparing said information received from said client system (1) with a third tier certificate received from said third tier server system (3), accepting said third tier server system (3) as authenticated if said information from said client system and said third tier certificate matches, and establishing a connection with said authenticat- 8

9 1 EP B1 16 ed third tier server system (3). Patentansprüche 1. Verfahren zum Feststellen der Identität eines Systems (3) aus Servern der dritten Ebene (third tier server) in einer verteilten Anwendungsumgebung, wobei die verteilte Anwendungsumgebung Folgendes umfasst: ein Client-System (1) mit Teilen (0) der verteilten Anwendung, ein oder mehrere Serversysteme (2a; 2b) mit den restlichen Teilen (0; 0) der verteilten Anwendung und ein System (3) aus Servern der dritten Ebene, das Daten zwischen dem Client-System und dem Serversystem austauscht, wobei das Client-System (1) als einzelner Erkennungspunkt wirkt und Zertifikate des Systems aus Servern der dritten Ebene verwaltet und einen Zugang auf eine gemeinsame Datenbank der verteilten Anwendungsumgebung bereitstellt, die Zertifikate des Systems aus Servern der dritten Ebene enthält, die von dem Server (3) der dritten Ebene empfangen wurden und die für die verteilte Anwendungsumgebung als vertrauenswürdig akzeptiert wurden, wobei das Verfahren auf der Seite des Serversystems (2a; 2b) die folgenden Schritte umfasst: 1 2 dritten Ebene aus einem ursprünglichen Zertifikat des Servers der dritten Ebene, das in der gemeinsamen Datenbank der verteilten Anwendungsumgebung gespeichert ist, und einer Bezeichnung des Systems aus Servern der dritten Ebene, die das ursprüngliche Zertifikat des Servers der dritten Ebene an das Client-System übertragen hat, besteht.. Verfahren nach Anspruch 1, bei dem die erforderlichen Informationen des Zertifikats des Servers der dritten Ebene aus einen Fingerabdruck des ursprünglichen Zertifikats des Servers der dritten Ebene und einer Bezeichnung des Systems aus Servern der dritten Ebene, die das ursprüngliche Zertifikat des Servers der dritten Ebene an das Client-System übertragen hat, besteht. 6. Verfahren nach Anspruch 1, bei dem die erforderlichen Informationen des Zertifikats des Servers der dritten Ebene aus zwei unterschiedlichen Fingerabdrücken des ursprünglichen Zertifikats des Servers der dritten Ebene, einer Bezeichnung des Systems aus Servern der dritten Ebene, die das ursprüngliche Zertifikat des Servers der dritten Ebene an das Client-System übertragen hat, und einer Zertifikatbezeichnung bestehen. Empfangen aller notwendigen Informationen über das Zertifikat des Servers der dritten Ebene, das als vertrauenswürdig akzeptiert wurde, von dem Client-Server (1) über eine sichere Verbindung, um festzulegen, ob eine Verbindung zu dem Server der dritten Ebene akzeptiert oder zurückgewiesen wird; Vergleichen der Informationen, die von dem Client-System (1) empfangen wurden, mit einem Zertifikat der dritten Ebene, das von dem System (3) aus Servern der dritten Ebene empfangen wird, Akzeptieren des Systems (3) aus Servern der dritten Ebene als System, dessen Identität festgestellt wurde, wenn die Informationen von dem Client-System und das Zertifikat der dritten Ebene übereinstimmen, und Herstellen einer Verbindung mit dem System (3) aus Servern der dritten Ebene, dessen Identität festgestellt wurde. 2. Verfahren nach Anspruch 1, bei dem die Informationen von dem Client-System (1) über eine nichtständige Client-Server-Verbindung empfangen werden. 3. Verfahren nach Anspruch 2, bei dem die nichtständige Client-Server-Verbindung ein sicheres Übertragungsprotokoll verwendet. 4. Verfahren nach Anspruch 1, bei dem die erforderlichen Informationen des Zertifikats des Servers der Verfahren zum Feststellen der Identität eines Systems (3) aus Servern der dritten Ebene in einer verteilten Anwendungsumgebung, bei dem die verteilte Anwendungsumgebung Folgendes umfasst: ein Client-System (1) mit Teilen (0) der verteilten Anwendung, ein oder mehrere Serversysteme (2) mit den restlichen Teilen (0; 0) der verteilten Anwendung und ein System (3) aus Servern der dritten Ebene, das Daten zwischen dem Client-System (1) und dem Serversystem (2) austauscht, wobei das Client-System (1) einen Zugang zu einer gemeinsamen Datenbank (4) der verteilten Anwendungsumgebung bereitstellt, die Zertifikate des Servers der dritten Ebene enthält, die von dem Server der dritten Ebene empfangen und als vertrauenswürdig für die verteilte Anwendungsumgebung akzeptiert wurden, wobei das Verfahren bei dem Client-System die folgenden Schritte umfasst: Empfangen eines Zertifikats des Servers der dritten Ebene von einem System (3) aus Servern der dritten Ebene; Feststellen, ob das empfangene Zertifikat des Servers der dritten Ebene als vertrauenswürdig akzeptiert werden kann; Speichern des Zertifikats des Servers der dritten Ebene in der gemeinsamen Datenbank (4) der verteilten Anwendungsumgebung, wenn das Zertifikat des Servers der dritten Ebene als vertrauenswürdig akzeptiert wurde, Übertragen aller erforderlichen Informationen 9

10 17 EP B1 18 der Zertifikate des Servers der dritten Ebene, die als vertrauenswürdig akzeptiert wurden, an alle Server des Serversystems über eine sichere Verbindung, um festzulegen, ob ein System aus Servern der dritten Ebene akzeptiert oder zurückgewiesen wird. 8. Verfahren nach Anspruch 7, bei dem der Schritt des Speicherns zusätzlich das Speichern einer Bezeichnung des Systems aus Servern der dritten Ebene, die das Zertifikat der dritten Ebene übertragen hat, enthält. 9. Verfahren nach Anspruch 7, bei dem das Zertifikat des Servers der dritten Ebene über ein sicheres Übertragungsprotokoll empfangen wird.. Verfahren nach Anspruch 7, bei dem die erforderlichen Informationen des Zertifikats des Servers der dritten Ebene über eine nichtständige, sichere Verbindung an alle Server des Serversystems übertragen werden. 11. Verfahren nach Anspruch 8, bei dem das Feststellen der Identität des Client-Systems durch eine Benutzerkennung und/oder ein Passwort erfolgt. 12. Serversystem (2) zum Feststellen der Identität eines Systems (3) aus Servern der dritten Ebene in einer verteilten Anwendungsumgebung, bei dem die verteilte Anwendungsumgebung Folgendes umfasst: ein Client-System (1) mit Teilen (0) der verteilten Anwendung, ein oder mehrere Serversysteme (2) mit den restlichen Teilen (0; 0) der verteilten Anwendung und ein System (3) aus Servern der dritten Ebene, das Daten zwischen dem Client-System (1) und dem Serversystem (2) austauscht, wobei das Client-System (1) als ein einzelner Punkt zum Erkennen und Verwalten von Zertifikaten von Servern der dritten Ebene wirkt und den Zugang auf eine gemeinsame Datenbank (4) der verteilten Anwendungsumgebung bereitstellt, die Zertifikate des Servers der dritten Ebene, die von dem Server der dritten Ebene empfangen wurden und als vertrauenswürdig für die verteilte Anwendungsumgebung akzeptiert wurden, enthält, wobei das System (2) Folgendes umfasst: dem System aus Servern der dritten Ebene empfangen wurde, ein Mittel zum Akzeptieren des Systems aus Servern der dritten Ebene als System, dessen Identität festgestellt wurde, wenn die Informationen von dem Client-System und das Zertifikat der dritten Ebene übereinstimmen, und ein Mittel zum Herstellen einer Verbindung mit dem System aus Servern der dritten Ebene, dessen Identität festgestellt wurde. 13. Client-System zum Feststellen der Identität eines Systems (3) aus Servern der dritten Ebene in einer verteilten Anwendungsumgebung, wobei die verteilte Anwendungsumgebung Folgendes umfasst: ein Client-System (1) mit Teilen (0) der verteilten Anwendung, ein oder mehrere Serversysteme (2) mit den restlichen Teilen (0; 0) der verteilten Anwendung und ein System (3) aus Servern der dritten Ebene, das Daten zwischen dem Client-System (1) und den Serversystemen (2) austauscht, wobei das Client-System (1) den Zugang zu einer gemeinsamen Datenbank (4) der verteilten Anwendungsumgebung bereitstellt, die Zertifikate des Servers der dritten Ebene enthält, die von dem Server der dritten Ebene empfangen und für die verteilte Anwendungsumgebung als vertrauenswürdig akzeptiert wurden, wobei das Client-System Folgendes umfasst: ein Mittel zum Empfangen eines Zertifikats des Servers der dritten Ebene von einem System (3) aus Servern der dritten Ebene, ein Mittel zum Feststellen, ob das Zertifikat des Servers der dritten Ebene als vertrauenswürdig akzeptiert werden kann, ein Mittel zum Speichern des Zertifikats des Servers der dritten Ebene in der gemeinsamen Datenbank (4) der verteilten Anwendungsumgebung, wenn das Zertifikat des Servers der dritten Ebene als vertrauenswürdig akzeptiert wurde, ein Mittel zum Übertragen aller erforderlichen Informationen der Zertifikate des Servers der dritten Ebene, die als vertrauenswürdig akzeptiert wurden, über eine sichere Verbindung zu allen Servern der Serversysteme, um festzulegen, ob ein Server der dritten Ebene akzeptiert oder zurückgewiesen wird. ein Mittel zum Empfangen aller erforderlichen Informationen des Zertifikats des Servers der dritten Ebene, das als vertrauenswürdig akzeptiert wurde, über eine sichere Verbindung von dem Client-System, um festzulegen, ob eine Verbindung mit dem Server der dritten Ebene akzeptiert oder zurückgewiesen wird, ein Mittel zum Vergleichen der Informationen, die von dem Client-System empfangen wurden, mit einem Zertifikat der dritten Ebene, das von Computerprogrammprodukt, das ein computernutzbares Medium umfasst, das ein computerlesbares Programm enthält, wobei das computerlesbare Programm bei seiner Ausführung auf einem Computersystem bewirkt, dass das Computersystem ein Verfahren zum Feststellen der Identität eines Systems (3) aus Servern der dritten Ebene in einer verteilten Anwendungsumgebung ausführt, wobei die verteilte Anwendungsumgebung Folgendes umfasst: ein Client-System (1) mit Teilen (0) der verteilten An-

11 19 EP B1 wendung, ein oder mehrere Serversysteme (2) mit den restlichen Teilen (0; 0) der verteilten Anwendung und ein System (3) aus Servern der dritten Ebene, das Daten zwischen dem Client-System (1) und den Serversystemen (2) austauscht, wobei das Client-System (1) den Zugang zu einer gemeinsamen Datenbank (4) der verteilten Anwendungsumgebung bereitstellt, die Zertifikate des Servers der dritten Ebene enthält, die von dem Server der dritten Ebene empfangen und als vertrauenswürdig für die verteilte Anwendungsumgebung akzeptiert wurden, wobei das Verfahren in dem Client-System die folgenden Schritte umfasst: Empfangen eines Zertifikats des Servers der dritten Ebene von einem System (3) aus Servern der dritten Ebene, Feststellen, ob das empfangene Zertifikat des Servers der dritten Ebene als vertrauenswürdig akzeptiert werden kann; Speichern des Zertifikats des Servers der dritten Ebene in der gemeinsamen Datenbank (4) der verteilten Anwendungsumgebung, wenn das Zertifikat des Servers der dritten Ebene als vertrauenswürdig akzeptiert wurde, Übertragen aller erforderlichen Informationen der Zertifikate des Servers der dritten Ebene, die als vertrauenswürdig akzeptiert wurden, über eine sichere Verbindung zu allen Servern der Serversysteme, um festzulegen, ob ein System aus Servern der dritten Ebene akzeptiert oder zurückgewiesen wird Computerprogrammprodukt, das ein computernutzbares Medium umfasst, das ein computerlesbares Programm enthält, wobei das computerlesbare Programm bei seiner Ausführung auf einem Computersystem bewirkt, dass das Computersystem ein Verfahren zum Feststellen der Identität eines Systems aus Servern der dritten Ebene in einer verteilten Anwendungsumgebung ausführt, wobei die verteilte Anwendungsumgebung Folgendes umfasst: ein Client-System (1) mit Teilen (0) der verteilten Anwendung, ein oder mehrere Serversysteme (2a, 2b) mit den restlichen Teilen (0; 0) der verteilten Anwendung und ein System (3) aus Servern der dritten Ebene, das Daten zwischen dem Client-System und den Serversystemen austauscht, wobei das Client-System (1) als ein einzelner Punkt zum Erkennen und Verwalten von Zertifikaten des Servers der dritten Ebene wirkt und einen Zugang zu einer gemeinsamen Datenbank der verteilten Anwendungsumgebung bereitstellt, die Zertifikate des Servers der dritten Ebene enthält, die von dem Server (3) der dritten Ebene empfangen und für die verteilte Anwendungsumgebung als vertrauenswürdig akzeptiert wurden, wobei das Verfahren auf der Seite des Serversystems (2a; 2b) die folgenden Schritte umfasst: Empfangen aller erforderlichen Informationen des Zertifikats des Servers der dritten Ebene, das als vertrauenswürdig akzeptiert wurde, über eine sichere Verbindung von dem Client-System (1), um festzulegen, ob eine Verbindung mit dem Server der dritten Ebene akzeptiert oder zurückgewiesen wird, Vergleichen der Informationen, die von dem Client-System (1) empfangen wurden, mit einem Zertifikat der dritten Ebene, das von dem System aus Servern der dritten Ebene empfangen wurde, Akzeptieren des Systems (3) aus Servern der dritten Ebene als System, dessen Identität festgestellt wurde, wenn die Informationen von dem Client-System und das Zertifikat der dritten Ebene übereinstimmen, und Herstellen einer Verbindung mit dem System (3) aus Servern der dritten Ebene, dessen Identität festgestellt wurde. Revendications 1. Procédé d authentification d un système serveur de troisième niveau (3) dans un environnement d application distribuée, dans lequel ledit environnement d application distribuée comprend un système client (1) ayant des parties (0) de l application distribuée, un ou plusieurs systèmes serveurs (2a ; 2b) ayant les parties restantes (0 ; 0) de l application distribuée, et un système serveur de troisième niveau (3), échangeant des données entre ledit système client et ledit système serveur, dans lequel ledit système client (1) agit en tant que point unique de reconnaissance et de gestion des certificats de serveur de troisième niveau et fournit un accès à une base de données commune de l environnement d application distribuée contenant des certificats de serveur de troisième niveau, reçus dudit serveur de troisième niveau (3), ayant été acceptés en tant que digne de confiance pour l environnement d application distribuée, dans lequel, audit côté de système serveur (2a ; 2b), ledit procédé comprend les étapes consistant à : recevoir dudit système client (1), via une connexion sécurisée, toute l information nécessaire dudit certificat de serveur de troisième niveau, accepté en tant que digne de confiance, pour déterminer d accepter ou de décliner une connexion audit serveur de troisième niveau, comparer ladite information, reçue dudit système client (1), à un certificat de troisième niveau reçu dudit système serveur de troisième niveau (3), 11

12 21 EP B1 22 accepter ledit système serveur de troisième niveau (3) en tant qu authentifié, si ladite information émanant dudit système client et celle émanant dudit certificat de troisième niveau coïncident, et établir une connexion avec ledit système serveur de troisième niveau (3) authentifié. 2. Procédé selon la revendication 1, dans lequel ladite information, émanant dudit système client (1), est reçue via une connexion client-serveur non continue. 3. Procédé selon la revendication 2, dans lequel ladite connexion client-serveur non continue utilise un protocole de transmission sécurisée. 4. Procédé selon la revendication 1, dans lequel ladite information nécessaire dudit certificat de serveur de troisième niveau consiste en un certificat de serveur de troisième niveau original, tel que stocké dans la base de données commune dudit environnement d application distribuée, et un nom du système serveur de troisième niveau ayant transmis ledit certificat de serveur de troisième niveau original audit système client.. Procédé selon la revendication 1, dans lequel ladite information nécessaire dudit certificat de serveur de troisième niveau consiste en une empreinte du certificat de troisième niveau original, et un nom du système serveur de troisième niveau ayant transmis ledit certificat de serveur de troisième niveau audit système client. 6. Procédé selon la revendication 1, dans lequel ladite information nécessaire dudit certificat de serveur de troisième niveau consiste en deux empreintes différentes du certificat de serveur de troisième niveau original, un nom du système serveur de troisième niveau ayant transmis ledit certificat de serveur de troisième niveau original audit système client, et un nom de certificat. 7. Procédé d authentification d un système serveur de troisième niveau (3) dans un environnement d application distribuée, dans lequel ledit environnement d application distribuée comprend un système client (1) ayant des parties (0) de l application distribuée, un ou plusieurs systèmes serveurs (2) ayant les parties restantes (0 ; 0) de l application distribuée, et un système serveur de troisième niveau (3), échangeant des données entre ledit système client (1) et lesdits systèmes serveurs (2), dans lequel ledit système client (1) fournit un accès à une base de données (4) commune de l environnement d application distribuée contenant des certificats de serveur de troisième niveau, reçus dudit serveur de troisième niveau, ayant été acceptés en tant que digne de confiance pour l environnement d application distribuée, dans lequel, audit système client, ledit procédé comprend les étapes consistant à : recevoir un certificat de serveur de troisième niveau, de la part d un système serveur de troisième niveau (3), déterminer si ledit certificat de serveur de troisième niveau reçu peut être accepté comme digne de confiance, stocker ledit certificat de serveur de troisième niveau dans ladite base de données (4) commune de l environnement d application distribuée, si ledit certificat de serveur de troisième niveau a été accepté comme digne de confiance, transférer à chaque serveur desdits systèmes serveurs, via une connexion sécurisée, toute l information nécessaire desdits certificats de serveur de troisième niveau acceptés comme dignes de confiance, pour déterminer d accepter ou de décliner un système serveur de troisième niveau. 8. Procédé selon la revendication 7, dans lequel ladite étape de stockage comprend en plus le stockage d un nom dudit système serveur de troisième niveau ayant transmis ledit certificat de serveur de troisième niveau. 9. Procédé selon la revendication 7, dans lequel ledit certificat de serveur de troisième niveau est reçu via un protocole de transmission sécurisée.. Procédé selon la revendication 7, dans lequel ladite information nécessaire, dudit certificat de serveur de troisième niveau, est transmise à chaque serveur desdits systèmes serveurs, via une connexion sécurisée non continue. 11. Procédé selon la revendication 8, dans lequel ladite authentification dudit système client est accomplie par un ID utilisateur et/ou un mot de passe. 12. Système serveur (2) pour d authentification d un système serveur de troisième niveau (3) dans un environnement d application distribuée, dans lequel ledit environnement d application distribuée comprend un système client (1) ayant des parties (0) de l application distribuée, un ou plusieurs systèmes serveurs (2) ayant les parties restantes (0 ; 0) de l application distribuée, et un système serveur de troisième niveau (3), échangeant des données entre ledit système client (1) et ledit système serveur (2), dans lequel ledit système client (1) agit en tant que point unique de reconnaissance et de gestion des 12

13 23 EP B1 24 certificats de serveur de troisième niveau et fournit un accès à une base de données (4) commune de l environnement d application distribuée contenant des certificats de serveur de troisième niveau, reçus dudit serveur de troisième niveau, ayant été acceptés en tant que digne de confiance pour l environnement d application distribuée, dans lequel ledit système (2) comprend : des moyens pour recevoir dudit système client, via une connexion sécurisée, toute l information nécessaire dudit certificat de serveur de troisième niveau, accepté en tant que digne de confiance, pour déterminer d accepter ou de décliner une connexion audit serveur de troisième niveau, des moyens pour comparer ladite information, reçue dudit système client, à un certificat de troisième niveau reçu dudit système serveur de troisième niveau, des moyens pour accepter ledit système serveur de troisième niveau en tant qu authentifié, si ladite information émanant dudit système client et celle émanant dudit certificat de troisième niveau coïncident, et des moyens pour établir une connexion avec ledit système serveur de troisième niveau authentifié. 13. Système client d authentification d un système serveur de troisième niveau (3) dans un environnement d application distribuée, dans lequel ledit environnement d application distribuée comprend un système client (1) ayant des parties (0) de l application distribuée, un ou plusieurs systèmes serveurs (2) ayant les parties restantes (0 ; 0) de l application distribuée, et un système serveur de troisième niveau (3), échangeant des données entre ledit système client (1) et lesdits systèmes serveurs (2), dans lequel ledit système client (1) fournit un accès à une base de données (4) commune de l environnement d application distribuée contenant des certificats de serveur de troisième niveau, reçus dudit serveur de troisième niveau, ayant été acceptés en tant que digne de confiance pour l environnement d application distribuée, dans lequel ledit système client comprend : des moyens pour recevoir un certificat de serveur de troisième niveau, de la part d un système serveur de troisième niveau (3), des moyens pour déterminer si ledit certificat de serveur de troisième niveau reçu peut être accepté comme digne de confiance, des moyens pour stocker ledit certificat de serveur de troisième niveau dans ladite base de données (4) commune de l environnement d application distribuée, si ledit certificat de serveur de troisième niveau a été accepté comme digne de confiance, des moyens pour transférer à chaque serveur desdits systèmes serveurs, via une connexion sécurisée, toute l information nécessaire desdits certificats de serveur de troisième niveau acceptés comme dignes de confiance, pour déterminer d accepter ou de décliner un système serveur de troisième niveau. 14. Produit de programme informatique, comprenant un support utilisable par un ordinateur, comprenant un programme lisible par un ordinateur, dans lequel le programme lisible par un ordinateur, lorsqu il est exécuté sur un système informatique, provoque la mise en oeuvre, par l ordinateur, d un procédé d authentification d un système serveur de troisième niveau (3) dans un environnement d application distribuée, dans lequel ledit environnement d application distribuée comprend un système client (1) ayant des parties (0) de l application distribuée, un ou plusieurs systèmes serveurs (2) ayant les parties restantes (0 ; 0) de l application distribuée, et un système serveur de troisième niveau (3), échangeant des données entre ledit système client (1) et lesdits systèmes serveurs (2), dans lequel ledit système client (1) fournit un accès à une base de données (4) commune de l environnement d application distribuée contenant des certificats de serveur de troisième niveau, reçus dudit serveur de troisième niveau, ayant été acceptés en tant que digne de confiance pour l environnement d application distribuée, dans lequel, audit système client, ledit procédé comprend les étapes consistant à : recevoir un certificat de serveur de troisième niveau, de la part d un système serveur de troisième niveau (3), déterminer si ledit certificat de serveur de troisième niveau reçu peut être accepté comme digne de confiance, stocker ledit certificat de serveur de troisième niveau dans ladite base de données (4) commune de l environnement d application distribuée, si ledit certificat de serveur de troisième niveau a été accepté comme digne de confiance, transférer à chaque serveur desdits systèmes serveurs, via une connexion sécurisée, toute l information nécessaire desdits certificats de serveur de troisième niveau acceptés comme dignes de confiance, pour déterminer d accepter ou de décliner un système serveur de troisième niveau. 1. Produit de programme informatique, comprenant un support utilisable par un ordinateur, comprenant un programme lisible par un ordinateur, dans lequel le 13

14 2 EP B1 26 programme lisible par un ordinateur, lorsqu il est exécuté sur un système informatique, provoque la mise en oeuvre, par l ordinateur, d un procédé d authentification d un système serveur de troisième niveau dans un environnement d application distribuée, dans lequel ledit environnement d application distribuée comprend un système client (1) ayant des parties (0) de l application distribuée, un ou plusieurs systèmes serveurs (2) ayant les parties restantes (0 ; 0) de l application distribuée, et un système serveur de troisième niveau (3), échangeant des données entre ledit système client et lesdit système serveur, dans lequel ledit système client (1) agit en tant que point unique de reconnaissance et de gestion des certificats de serveur de troisième niveau et fournit un accès à une base de données commune de l environnement d application distribuée contenant des certificats de serveur de troisième niveau, reçus dudit serveur de troisième niveau (3), ayant été acceptés en tant que digne de confiance pour l environnement d application distribuée, dans lequel, audit côté de système serveur (2a ; 2b), ledit procédé comprend les étapes consistant à : 1 recevoir dudit système client (1), via une connexion sécurisée, toute l information nécessaire dudit certificat de serveur de troisième niveau, accepté en tant que digne de confiance, pour déterminer d accepter ou de décliner une connexion audit serveur de troisième niveau, comparer ladite information, reçue dudit système client (1), à un certificat de troisième niveau reçu dudit système serveur de troisième niveau (3), accepter ledit système serveur de troisième niveau (3) en tant qu authentifié, si ladite information émanant dudit système client et celle émanant dudit certificat de troisième niveau coïncident, et établir une connexion avec ledit système serveur de troisième niveau (3) authentifié

15 EP B1 1

16 EP B1 16

17 EP B1 17

18 EP B1 18

19 EP B1 REFERENCES CITED IN THE DESCRIPTION This list of references cited by the applicant is for the reader s convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard. Patent documents cited in the description US B1 [00] US A1 [0011] 19