System and method for authentication
First Claim
1. A method for authenticating a user in an application system, the method comprising:
- receiving, at a server, an authentication request, the authentication request including user information and candidate permission point information;
confirming, by the server, at least one piece of upper layer subject information associated with the user information, the upper layer subject comprising one of a tenant or project;
acquiring, by the server, a first set of permission point information associated with the user information, the first set of permission point information including at least one piece of permission point information associated with the user information, the first set of permission point information controlling user access to computing resources managed by the server;
acquiring, by the server, a second set of permission point information associated with the at least one upper layer subject information, the second set of permission point information including at least one piece of permission point information associated with the at least one piece of upper layer subject information, the second set of permission point information controlling upper layer subject access to the computing resources managed by the server;
determining, by the server, an authentication set based on an intersection of the first set of permission point information and the second set of permission point information, the intersection comprising a set of permission point information authorized for the user and authorized for the upper layer subject information; and
determining, by the server, that the authentication is successful if the candidate permission point information is in the authentication set.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and a method allow for authentication of user information in an application system. The method includes receiving an authentication request, the authentication request including user information and candidate permission point information, and confirming at least one piece of upper layer subject information associated with the user information. The method also includes acquiring a first set of permission point information associated with the user information, and acquiring a second set of permission point information associated with the at least one upper layer subject information. The method continues with determining an authentication set based on an intersection of the first set of permission point information and the second set of permission point information, and determining that the authentication is successful if the candidate permission point information is in the authentication set.
-
Citations
20 Claims
-
1. A method for authenticating a user in an application system, the method comprising:
-
receiving, at a server, an authentication request, the authentication request including user information and candidate permission point information; confirming, by the server, at least one piece of upper layer subject information associated with the user information, the upper layer subject comprising one of a tenant or project; acquiring, by the server, a first set of permission point information associated with the user information, the first set of permission point information including at least one piece of permission point information associated with the user information, the first set of permission point information controlling user access to computing resources managed by the server; acquiring, by the server, a second set of permission point information associated with the at least one upper layer subject information, the second set of permission point information including at least one piece of permission point information associated with the at least one piece of upper layer subject information, the second set of permission point information controlling upper layer subject access to the computing resources managed by the server; determining, by the server, an authentication set based on an intersection of the first set of permission point information and the second set of permission point information, the intersection comprising a set of permission point information authorized for the user and authorized for the upper layer subject information; and determining, by the server, that the authentication is successful if the candidate permission point information is in the authentication set. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method for authenticating a user in an application system, the method comprising:
-
receiving, by a server, an authentication request including user information and a candidate information set, the candidate information set including at least one piece of candidate permission point information; confirming, by the server, at least one piece of upper layer subject information associated with the user information, the upper layer subject comprising one of a tenant or project; acquiring, by the server, a first set of permission point information associated with the user information and including at least one piece of permission point information associated with the user information, the first set of permission point information controlling user access to computing resources managed by the server; acquiring, by the server, a second set of permission point information associated with the at least one upper layer subject information, the second set of permission point information including at least one piece of permission point information associated with the at least one piece of upper layer subject information, the second set of permission point information controlling upper layer subject access to the computing resources managed by the server; determining, by the server, an authentication set based on an intersection of the first set of permission point information and the second set of permission point information, the intersection comprising a set of permission point information authorized for the user and authorized for the upper layer subject information; and determining, by the server, a third set of permission point information associated with the authentication request as passing authentication if the candidate information set intersects with the authentication set. - View Dependent Claims (7, 8, 9, 10)
-
-
11. An apparatus for authenticating a user in an application system, the apparatus comprising:
-
a processor; and a non-transitory memory storing computer-executable instructions therein that, when executed by the processor, cause the apparatus to; receive an authentication request, the authentication request including user information and candidate permission point information; confirm at least one piece of upper layer subject information associated with the user information, the upper layer subject comprising one of a tenant or project; acquire a first set of permission point information associated with the user information, the first set of permission point information including at least one piece of permission point information associated with the user information, the first set of permission point information controlling user access to computing resources managed by the server; acquire a second set of permission point information associated with the at least one upper layer subject information, the second set of permission point information including at least one piece of permission point information associated with the at least one piece of upper layer subject information, the second set of permission point information controlling upper layer subject access to the computing resources managed by the server; determine an authentication set based on an intersection of the first set of permission point information and the second set of permission point information, the intersection comprising a set of permission point information authorized for the user and authorized for the upper layer subject information; and determine that the authentication is successful if the candidate permission point information is in the authentication set. - View Dependent Claims (12, 13, 14, 15)
-
-
16. An apparatus for authenticating a user in an application system, the apparatus comprising:
-
a processor; and a non-transitory memory storing computer-executable instructions therein that, when executed by the processor, cause the apparatus to; receive an authentication request including user information and a candidate information set, the candidate information set including at least one piece of candidate permission point information; confirm at least one piece of upper layer subject information associated with the user information, the upper layer subject comprising one of a tenant or project; acquire a first set of permission point information associated with the user information and including at least one piece of permission point information associated with the user information, the first set of permission point information controlling user access to computing resources managed by the server; acquire a second set of permission point information associated with the at least one upper layer subject information, the second set of permission point information including at least one piece of permission point information associated with the at least one piece of upper layer subject information, the second set of permission point information controlling upper layer subject access to the computing resources managed by the server; determine an authentication set based on an intersection of the first set of permission point information and the second set of permission point information, the intersection comprising a set of permission point information authorized for the user and authorized for the upper layer subject information; and determine a third set of permission point information associated with the authentication request as passing authentication if the candidate information set intersects with the authentication set. - View Dependent Claims (17, 18, 19, 20)
-
Specification