System and methods for providing multi-level security in a network at the application level

US 20030018910A1
Filed: 07/18/2001
Published: 01/23/2003
Est. Priority Date: 07/18/2001
Status: Abandoned Application

First Claim

Patent Images

1. A system for securing software applications, comprising:

an application programming interface for providing access to the applications; and

a database containing authorizations granting each user access to selected applications, selected application screens, and selected fields within application screens, the application programming interface being configured such that a security software application prevents a user from gaining access to an application, screen, or field unless authorization has previously been given.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for providing multi-level security for a software application. In one system, an application programming interface provides access to secured software applications. A database stores authorizations granting each user access to selected applications, selected application screens, and selected fields within application screens. The application programming interface is configured such that a security software application prevents a user from gaining access to an application, screen, or field unless authorization has previously been given. A further system provides for the assignment of privileges to users of the application. These privileges define the specific functions that a user is allowed to perform with respect to an authorized application, screen, or field.

42 Citations

View as Search Results

20 Claims

1. A system for securing software applications, comprising:
- an application programming interface for providing access to the applications; and
  
  a database containing authorizations granting each user access to selected applications, selected application screens, and selected fields within application screens, the application programming interface being configured such that a security software application prevents a user from gaining access to an application, screen, or field unless authorization has previously been given.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system of claim 1, wherein each user is assigned a unique user identifier, each software application is assigned a unique application identifier, each screen is assigned a unique screen identifier, and each field is assigned a unique field identifier, and wherein authorizations are given to a user by attaching the user'"'"'s identifier to the identifier of each authorized application, screen and field.
  - 3. The system of claim 2, wherein the system includes a number of defined roles that are assigned unique role identifiers, and wherein authorizations are given to a user by attaching each role identifier to the respective identifiers of authorized applications, screens, and fields, and by attaching each user to a role by attaching the user'"'"'s identifier to the role identifier.
  - 4. The system of claim 3, wherein each role identifier is attached to an application identifier.
  - 5. The system of claim 3, wherein each user is assigned privileges for each attached role, and for each authorized application, screen, and field.
  - 6. The system of claim 5, wherein privileges are assigned to each user by assigning a unique privilege identifier to each privilege, and attaching privilege identifiers to each application, screen, and field authorization.
  - 7. The system of claim 6, wherein the privileges include delete, inquire, insert, and update privileges.
  - 8. The system of claim 1, wherein application fields are dynamically built into an application screen, and wherein if a user is not authorized to access a field, the field is not built into the application screen when the screen is displayed to the user.
  - 9. The system of claim 1, wherein the applications are run in a network environment.
  - 10. The system of claim 9, wherein the user accesses the applications using a web browser.
  - 11. The system of claim 10, wherein active server pages are used to provide application outputs to, and receive application inputs from, the user.
  - 12. The system of claim 10, wherein a security administrator access the security software application using a web browser.
  - 14. The method of claim 13, further including:
    - defining user roles;
      
      assigning a unique role identifier to each role;
      
      authorizing a user to access an application, screen, or field, by attaching each role identifier to the respective identifiers of authorized applications, screens, and fields, and by attaching each user identifier to a role identifier.
  - 15. The method of claim 14, further including:
    - attaching each role identifier to an application identifier.
  - 16. The system of claim 13, further including:
    - assigning privileges for each authorized application, screen, and field.
  - 17. The method of claim 16, wherein the step of assigning privileges for each authorized application, screen, and field includes:
    - assigning a unique privilege identifier to each privilege, and attaching privilege identifiers to each application, screen, and field authorization.
  - 18. The method of claim 16, wherein the step of assigning privileges for each authorized application, screen and field includes:
    - assigning delete, inquire, insert, and update privileges for each authorized application, screen and field.
  - 19. The method of claim 13, further including:
    - dynamically building fields into application screens;
      
      not building a field into an application screen if a user is not authorized to access the field.
  - 20. The method of claim 1, further including:
    - providing network access to the application.

13. A method of securing a software application, comprising the following steps:
- assigning a unique user identifier to each user of the application;
  
  assigning a unique application identifier to the application;
  
  assigning a unique screen identifier to each application screen;
  
  assigning a unique field identifier to each field in each application screen;
  
  granting authorization to a user to access the application by attaching the application identifier to the user identifier;
  
  granting authorization to a user to access an application screen by attaching the screen identifier to the user identifier;
  
  granting authorization to a user to access a field in an application screen by attaching the field identifier to the user identifier; and
  
  granting a request by a user to access an application, screen, or field only when it is determined that the user has been authorized to access the application, screen or field.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ge Capital Mortgage Corporation (General Electric Company)
Original Assignee
Ge Capital Mortgage Corporation (General Electric Company)
Inventors
Wert, Brian W., Acri, Mark

Application Number

US09/908,512
Publication Number

US 20030018910A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/083   using passwords cryptograph...

System and methods for providing multi-level security in a network at the application level

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and methods for providing multi-level security in a network at the application level

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links