Authentication and authorization for access to remote production devices

US 20020112186A1
Filed: 09/12/2001
Published: 08/15/2002
Est. Priority Date: 02/15/2001
Status: Abandoned Application

First Claim

Patent Images

1. In a network having multiple devices, a method for granting device access to a prospective user, the method comprising the steps of:

maintaining a user to device association;

receiving a request for access to the device; and

granting the user access to at least one of the devices according to the association.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer network security arrangement and method are disclosed which provides in a distributed complex computer network an authentication and authorization access for limiting access to network devices. The different levels of authentication involve the login/password process; comparison against access control lists; and mandatory program protocol control. Included are audit trails for authenticated calls and denied access calls.

187 Citations

20 Claims

1. In a network having multiple devices, a method for granting device access to a prospective user, the method comprising the steps of:
- maintaining a user to device association;
  
  receiving a request for access to the device; and
  
  granting the user access to at least one of the devices according to the association.
- View Dependent Claims (4, 5, 6)
- - 4. The method of claim 1, further comprising the step of recording particulars of an attempted access.
  - 5. The method of claim 1, further comprising the step of denying access when the prospective user is unauthorized to access the device.
  - 6. The method of claim 1, further comprising the step of reporting the denial of access to a device.

2. The method of claim 2 comprising the further steps of:
- maintaining credentials associated with the user;
  
  receiving user credential inputs;
  
  comparing the user credential inputs to the credentials associated with the user; and
  
  checking the user to device association when the user credential inputs and credentials associated with the user match.
- View Dependent Claims (3, 7, 8)
- - 3. The method of claim 2 comprising the further step of permitting access to the device with mandatory program profiles enabled based upon the association.
  - 7. The method of claim 3 further including the step of comparing a proposed re-configure program against stored mandatory profile programs.
  - 8. The method of claim 7 further including a production device activation when the profile and re-configure program matches.

9. A method for granting selected access to devices in a network via a login server, the method comprising the steps of:
- maintaining a plurality of commands associated with users, the commands when executed causing the login server to grant access to corresponding devices;
  
  in response to a login request, granting access to the login server based upon user credentials; and
  
  in response to a request for access to ones of the devices, executing the commands associated with the user.
- View Dependent Claims (10, 11, 12, 13, 15, 16, 17, 18, 20)
- - 10. The method set forth in claim 9 further including a mandatory program file associated with each device for screening user re-configure programs.
  - 11. The method set forth in claim 10 wherein a screen match between a re-configure program and a mandatory program file is made each time an authorized user is given access.
  - 12. The method set forth in claim 11 where a screen match verifies an authorized program re-configuration has been entered to activate the production device working in a re-configured mode.
  - 13. The method set forth in claim 11 wherein a failure to verify a re-configuration request results in a de-activation of a production server.
  - 15. The network of claim 14 wherein the login server includes a collector agent for monitoring the changes to the user to device associations.
  - 16. The network of claim 14 comprising in addition a program re-configuration screen including a file of authorized program appropriate to each device and means for activating the screen on each authorized access to said device.
  - 17. The network of claim 16 wherein detection by the program screen indicates an unauthorized program has been entered to de-activate the device.
  - 18. The network of claim 16 wherein detection by the program screen indicates an authorized program was entered for activating the device.
  - 20. The system of claim 19 which further includes means for activating the particular production device only if each of the three screens are properly satisfied.

14. A network comprising:
- a plurality of devices;
  
  at least one port for providing remote access to the devices;
  
  a login server responsive to requests from the at least one port for access to the network and operable to receive credentials for access to the network;
  
  a storage medium for storing credentials associated with users and a plurality of user to device associations;
  
  the login server operable to grant access to the network to users having credentials corresponding to the credentials associated with users and to execute commands for granting access to the devices according to the user-to-device associations.

19. A system for providing secured access to programmable production device comprising a first screen for authorized users which requires the entry of recognized names and passwords, a second screen which utilizes authorized names and passwords to grant access exclusively to certain production devices based upon a predetermined association list of names, passwords and devices, and a third screen which analyzes re-configuration program requests and compares such requests against an authorized list of programs for the accessed device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Properties, LLC (AT&T, Inc.)
Inventors
Schwendinger, Robert, Goldschlag, David, Ford, Tobias

Application Number

US09/950,725
Publication Number

US 20020112186A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/101   Access control lists [ACL]

H04L 63/105   Multiple levels of security

H04L 63/1425   Traffic logging, e.g. anoma...

Authentication and authorization for access to remote production devices

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

187 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Authentication and authorization for access to remote production devices

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

187 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others