One-time logon means and methods for distributed computing systems

Apparatus and methods of authenticating users in a distributed networked computing system (10). The system (10) may comprise a central server (12) embodiment that includes a file (19) wherein IDs and encrypted passwords (30) are stored, or a distributed system embodiment where IDs and encrypted passwords (30) are stored in files (19) at each respective computer in the system (10). A multiple logon procedure (16) and secure transport layer protocol are used with a user's communication software and network communication software. When a user desires to use a particular computer (13), logon requests are processed by the multiple logon procedure (16) and it accesses the stored file (19) that contains the user's ID and encrypted password, decrypts the password (30), accesses the remote computer (13), and logs the user onto that computer (13). In the central server system all IDs and encrypted passwords (30) are stored on a single computer (the server (12)) that controls access to the entire distributed system (10). Once access is granted to a particular user, nonencrypted passwords (30) are transmitted to the remote computers (13), since the server (12) controls the entire system. In the distributed version, password files (19) are stored in all networked computers (13), and once a user logs on to a computer (11), if the user wishes to use services at a second computer (13), the authentication information is forwarded to the second computer (13) using the secure transport layer protocol to protect its integrity, and after receiving the authentication information, it is compared with authentication information for the same user stored in the second computer (13). If the authentication information matches, the user is logged onto the second computer (13).