Security migration in a business intelligence environment

US 10,009,333 B2
Filed: 05/22/2017
Issued: 06/26/2018
Est. Priority Date: 03/15/2012
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

receiving an authentication request, for a Security Migration System Namespace, to authorize access to a Business Intelligence Environment of a user based on provided user identification information;

determining whether to authorize the access by requesting validation of the user based at least on the provided user identification information;

determining a local identifier associated with the validated user at least partially based on a retrieved mapping, if a determination is made to authorize a user, wherein the retrieved mapping includes local identifiers generated by a different Security Namespace; and

enabling the access in the Business Intelligence Environment based at least on the determined local identifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In various implementations, local identifiers associated with users may be utilized to enable access one or more functions in a Business Intelligence (BI) Environment. A mapping may be generated to associate local identifiers and users. The mapping may be utilized to enable access in the BI environment by retrieving the local identifier from a mapping and enabling access in the BI environment based on the local identifier. In various implementations, a user may access the system as another user.

19 Citations

22 Claims

1. A computer implemented method comprising:
- receiving an authentication request, for a Security Migration System Namespace, to authorize access to a Business Intelligence Environment of a user based on provided user identification information;
  
  determining whether to authorize the access by requesting validation of the user based at least on the provided user identification information;
  
  determining a local identifier associated with the validated user at least partially based on a retrieved mapping, if a determination is made to authorize a user, wherein the retrieved mapping includes local identifiers generated by a different Security Namespace; and
  
  enabling the access in the Business Intelligence Environment based at least on the determined local identifier.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising delegating the request for authentication, based at least on the provided user identification information, from the Security Migration System Namespace to an External Security Source.
  - 3. The method of claim 1 further comprising:
    - determining a type of user based at least on the provided user identification information; and
      
      authenticating the provided user identification information independently of an External Security Source if the type comprises a local user.
  - 4. The method of claim 1 further comprising defining one or more new security principals to have access to the business intelligence environment, wherein defining a new user comprises:
    - determining whether the new user is a local user;
      
      allowing authentication of the new user independent of an external security source if the new user is a local user;
      
      allowing authentication of the new user through the external security source if the new user is not a local user, andgenerating a new local identifier associated with the external security source if the new user is not a local user.

5. A computerized method comprising:
- receiving a request to access to a Business Intelligence Environment from a user;
  
  receiving user information associated with the user;
  
  determining whether to self-authenticate or delegate authentication of the user based at least one of a type of user associated with the received user information or additional user information retrieved from a memory coupled to a Security Migration Namespace;
  
  if a determination is made to self-authenticate the user;
  
  determining whether to allow access to the Business Intelligence Environment based at least partially on the received user information; and
  
  if a determination is made to allow access to the Business Intelligence Environment, exposing a security principal, via the Security Migration Namespace, which is retrieved from a mapping based on the received user information, to allow access to the Business Intelligence Environment, wherein the mapping is stored in a memory coupled to the Security Migration Namespace; and
  
  if a determination is made to delegate authentication of the user, delegating authentication of the user to an External Security Source, wherein the External Security Source is distinct of the Security Migration Namespace.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The method of claim 5 wherein the Security Migration System Namespace is adapted to coordinate with a Security Migration System to expose one or more security principals to the Business Intelligence Environment.
  - 7. The method of claim 5 wherein if the user is a local user, determining to self-authenticate the user.
  - 8. The method of claim 5 further comprising adding one or more new security principals to the mapping such that the one or more new security principals are authenticated based on at least one of the type of user or the mapping.
  - 9. The method of claim 5 further comprising:
    - generating one or more local identifiers for one or more new users; and
      
      adding the one or more generated local identifiers to the mapping.
  - 10. The method of claim 5 wherein determining to self-authenticate the user when access to the External Security Source is restricted, and wherein the Security Migration System Namespace is adapted to provide access in the Business Intelligence Environment, for one or more of the security principals defined in the External Security Source, based on one or more of the local identifiers in the generated mapping when access to the External Security Source is restricted.
  - 11. The method of claim 5 further comprising:
    - retrieving one or more additional security principals defined in a Second External Security Source;
      
      allowing the Security Migration System Namespace to be associated with one or more of the additional security principals, wherein the Security Migration System Namespace is adapted to generate one or more additional local identifiers, and wherein each additional local identifier uniquely identifies one of the additional security principals, and wherein the Security Migration System Namespace exposes one or more of the security principals from the Second External Security Source for functions in the Business Intelligence Environment using one or more of the additional local identifiers; and
      
      allowing authentication of security principals utilizing at least one of the Second External Security Source or the Security Migration System Namespace;
      
      wherein access in the Business Intelligence environment is enabled based on at least one of one or more of the local identifiers in the generated mapping or one or more of the additional local identifiers generated by the Security Migration System Namespace for the additional security principals, andwherein the Security Migration System Namespace is adapted to delegate validation of at least a portion of the security principals in the generated mapping to the Second External Security Source.
  - 12. The method of claim 5 wherein determining to self-authenticate comprises:
    - determining a type of user based at least partially on the provided user identification information; and
      
      authenticating the provided user identification information independently of an External Security Source if the type comprises a local user.

13. A Security Migration System to enable access to a Business Intelligence Environment, the Security Migration System comprising:
- a memory comprising a mapping, wherein the mapping comprises references to security principals from one or more External Security Sources along with local identifiers previously generated by a first Security Namespace; and
  
  a Security Migration Namespace capable of exposing one or more security principals from the mapping to allow access to the Business Intelligence Environment;
  
  wherein the Security Migration System is distinct from one or more External Security Sources that define a plurality of security principals for the Business Intelligence Environment and distinct from the Business Intelligence Environment, and wherein the Security Migration Namespace is distinct from the first Security Namespace.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The Security Migration System of claim 13 wherein the one or more exposed security principals are identified at least partially by their previously generated local identifier.
  - 15. The Security Migration System of claim 13 further comprising more than one External Security Source coupled to the Business Intelligence Environment, wherein the Security Migration Namespace is capable of providing access to the Business Intelligence Environment based on the mapping independent of the more than one External Security Sources.
  - 16. The Security Migration System of claim 13 wherein the Security Migration Namespace is capable of providing access to the Business Intelligence Environment when access to one or more of the External Security Sources is restricted.
  - 17. The Security Migration System of claim 13 wherein the mapping comprises other user information retrieved from one or more of the External Security Sources.
  - 18. The Security Migration System of claim 13 wherein the First Security Namespace delegates authentication of user identification information to the Security Migration Namespace.
  - 19. The Security Migration System of claim 13 wherein the Security Migration Namespace is capable of delegating the authentication of a security principal to a different External Security Source.
  - 20. The Security Migration System of claim 13 wherein the Security Migration Namespace is capable of self-authenticating one or more of the security principals to allow access to the Business Intelligence Environment.
  - 21. The Security Migration System of claim 13 wherein the Security Migration Namespace is capable of identifying if a user is a local user and self-authenticating the user if the user is a local user.
  - 22. The Security Migration System of claim 13 wherein the Security Migration Namespace is capable of identifying if a user is a local user and delegating the authentication of a security principal to one of the External Security Sources if the user is not a local user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motio Incorporated (Peak6 LLC)
Original Assignee
Motio Incorporated (Peak6 LLC)
Inventors
Hankins, Lance W., James, Jonathan Edmund
Primary Examiner(s)
AVERY, JEREMIAH L

Application Number

US15/601,889
Publication Number

US 20170257356A1
Time in Patent Office

400 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

Security migration in a business intelligence environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Security migration in a business intelligence environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links