Aggregated authenticated identity apparatus for and method therefor

US 20020073320A1
Filed: 12/07/2000
Published: 06/13/2002
Est. Priority Date: 12/07/2000
Status: Active Grant

First Claim

Patent Images

1. An authentication method comprising the steps of:

generating a first security context in response to a first user authentication;

generating a second security context in response to a second user authentication, wherein said second security context aggregates said first security context and a security context corresponding to an identity in said second user authentication.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus and method for authenticating users on a data processing system is implemented. The present invention provides for aggregating authenticated identities and related authorization information. A security context created in response to a first user logon is saved in response to a second logon. A composite or aggregate security context is created based on the identity passed in the second logon. Access may then be granted (or denied) based on the current, aggregated security context. Upon logout of the user based on the second identity, the aggregate security context is destroyed, and the security context reverts to the context previously saved.

Citations

24 Claims

1. An authentication method comprising the steps of:
- generating a first security context in response to a first user authentication;
  
  generating a second security context in response to a second user authentication, wherein said second security context aggregates said first security context and a security context corresponding to an identity in said second user authentication.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising the step of saving said first security context.
  - 3. The method of claim 2 wherein said step of saving said first security context comprises the step of pushing said first security context on a stack.
  - 4. The method of claim 1 further comprising the step of receiving a user logoff.
  - 5. The method of claim 4 further comprising the step of destroying said second security context in response to said step of receiving said user logoff.
  - 6. The method of claim 2 further comprising the step of reverting to said first security context in response to a user logoff.
  - 7. The method of claim 6 wherein said step of reverting to said first security context comprises the step of popping said first security context off of a stack.
  - 8. The method of claim 1 further comprising the step of determining an access permission in response to said second security context.

9. A computer program product embodied in a tangible storage medium, the program product comprising a program of instructions for performing the method steps of:
- generating a first security context in response to a first user authentication;
  
  generating a second security context in response to a second user authentication, wherein said second security context aggregates said first security context and a security context corresponding to an identity in said second user authentication.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24)
- - 10. The program product of claim 9 further comprising instructions for performing the step of saving said first security context.
  - 11. The program product of claim 10 wherein said step of saving said first security context comprises the step of pushing said first security context on a stack.
  - 12. The program product of claim 9 further comprising instructions for performing the step of receiving a user logoff.
  - 13. The program product of claim 12 further comprising instructions for performing the step of destroying said second security context in response to said step of receiving said user logoff.
  - 14. The program product of claim 10 further comprising instructions for performing the step of reverting to said first security context in response to a user logoff.
  - 15. The program product of claim 14 wherein said step of reverting to said first security context comprises the step of popping said first security context off of a stack.
  - 16. The program product of claim 9 further comprising instructions for performing the step of determining an access permission in response to said second security context.
  - 18. The system of claim 17 further comprising circuitry operable for saving said first security context.
  - 19. The system of claim 18 wherein said circuitry operable for saving said first security context comprises the step of pushing said first security context on a stack.
  - 20. The system of claim 17 further comprising circuitry operable for receiving a user logoff.
  - 21. The system of claim 20 further comprising circuitry operable for destroying said second security context in response to said step of receiving said user logoff.
  - 22. The system of claim 18 further comprising circuitry operable for reverting to said first security context in response to a user logoff.
  - 23. The system of claim 22 wherein said circuitry operable for reverting to said first security context comprises circuitry operable for popping said first security context off of a stack.
  - 24. The system of claim 17 further comprising circuitry operable for determining an access permission in response to said second security context.

17. A data processing system comprising:
- circuitry operable for generating a first security context in response to a first user authentication;
  
  circuitry operable for generating a second security context in response to a second user authentication, wherein said second security context aggregates said first security context and a security context corresponding to an identity in said second user authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Garrison, John Michael, Rinkevich, Debora

Granted Patent

US 7,356,704 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/183
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 2221/2119   Authenticating web pages, e...

Aggregated authenticated identity apparatus for and method therefor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Aggregated authenticated identity apparatus for and method therefor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links