Method and system for providing secure access to applications

US 20030236977A1
Filed: 01/09/2003
Published: 12/25/2003
Est. Priority Date: 04/25/2001
Status: Abandoned Application

First Claim

Patent Images

1. In a system comprising at least one server, in which an administrative user is authenticated to the server and authorized to delegate permission to a first user to access an application, a method for providing secure access to the application, comprising:

(A) receiving at the server a request from the administrative user to delegate to the first user a first permission to access at least a portion of the application;

(B) receiving at the server a request from the first user to register with the server; and

(C) providing the first user access to the application, wherein the administrative user authenticates the first user with authentication information, the authentication information comprising non-secret information; and

wherein steps (A), (B), and (C) are performed via a computer network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An administrative user is authenticated to a server and authorized to delegate permission to a user to access an application. A request from the administrative user to delegate permission to the user is received at the server. A request from the user to register with the server is received at the server. The user is provided access to the application. The administrative user authenticates the user with non-secret information. The communications take place over a computer network.

140 Citations

View as Search Results

19 Claims

1. In a system comprising at least one server, in which an administrative user is authenticated to the server and authorized to delegate permission to a first user to access an application, a method for providing secure access to the application, comprising:
- (A) receiving at the server a request from the administrative user to delegate to the first user a first permission to access at least a portion of the application;
  
  (B) receiving at the server a request from the first user to register with the server; and
  
  (C) providing the first user access to the application, wherein the administrative user authenticates the first user with authentication information, the authentication information comprising non-secret information; and
  
  wherein steps (A), (B), and (C) are performed via a computer network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the first permission further comprises permission to delegate a subsequent permission to a second user, which subsequent permission is based on the first permission.
  - 3. The method of claim 1, wherein the computer network comprises a publicly accessible global communications network.
  - 4. The method of claim 1 further comprising:
    - (D) transmitting to the first user a confirmation identifier, wherein the authentication information further comprises the confirmation identifier.
  - 5. The method of claim 1, wherein the administrative user delegating to the first user comprises appending to an access control list a record comprising an administrative user identifier, a first user identifier, and a resource identifier.
  - 6. The method of claim 5, wherein the record further comprises at least one of an access validity period;
    - a delegation number limitation; and
      
      a delegation chain length limitation.
  - 7. The method of claim 1, wherein the first user registers with the server by entering a user name, an electronic mail address, and a preferred identification mechanism.
  - 8. The method of claim 7, wherein the preferred identification mechanism comprises at least one of a password, a digital certificate, and a smart card.
  - 9. The method of claim 8, wherein the password is encrypted.
  - 10. The method of claim 7, wherein the first user further enters a first user time zone.
  - 11. The method of claim 7, wherein the system allows the first user to register using one of a plurality of types of the preferred identification mechanisms.
  - 12. The method of claim 1, further comprising:
    - (D) allowing the administrative user to audit access of the first user to the at least a portion of the application.
  - 13. The method of claim 1, further comprising:
    - (D) allowing the administrative user to terminate access of the first user to the at least a portion of the application.
  - 14. The method of claim 2, further comprising:
    - (D) receiving at the server a request from the first user to delegate the subsequent permission to the second user;
      
      (E) receiving at the server a request from the second user to register with the server; and
      
      (F) providing the second user access to the at least a portion of the application, wherein the first user authenticates the second user with second authentication information, the second authentication information comprising non-secret information; and
      
      wherein steps (D), (E), and (F) are performed via a computer network.

15. A method of providing secure access to an application, comprising:
- (A) receiving at a server a request from a first user to delegate to a second user permission to access an application;
  
  (B) appending to an access control list a record comprising a first user identifier, a second user identifier, an resource identifier, and a delegation number limitation; and
  
  (C) upon authenticating the second user, providing the second user with access to the application.
- View Dependent Claims (16)
- - 16. The method of claim 15 wherein the record further comprises a delegation chain length limitation.

17. A system for providing secure access to an application, comprising:
- one or more servers that receive a request from an administrative user, over a computer network, to delegate to the first user a first permission to access at least a portion of the application, wherein the administrative user is authenticated to the server and authorized to delegate permission to a first user to access the application;
  
  that receive a request from the first user, over the computer network, to register with the server; and
  
  that provide the first user access to the application, over the computer network, wherein the administrative user authenticates the first user with authentication information, the authentication information comprising non-secret information.

18. A system for providing secure access to an application over a computer network, in which an administrative user is authenticated and authorized to delegate permission to a first user to access an application, comprising:
- means for receiving a request from the administrative user to delegate to the first user a first permission to access at least a portion of the application;
  
  means for receiving a request from the first user to register with the server; and
  
  means for providing the first user access to the application, wherein the administrative user authenticates the first user with authentication information, the authentication information comprising non-secret information.

19. A machine readable medium for providing secure access to an application over a computer network, in which an administrative user is authenticated and authorized to delegate permission to a first user to access an application, comprising:
- a first machine readable code that receives a request from the administrative user to delegate to the first user a first permission to access at least a portion of the application;
  
  a second machine readable code that receives a request from the first user to register with the server; and
  
  a third machine readable code that provides the first user access to the application, wherein the administrative user authenticates the first user with authentication information, the authentication information comprising non-secret information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Probaris Technologies, Inc.
Original Assignee
Probaris Technologies, Inc.
Inventors
Louis, Vincent, McDougall, Michael Francis, Gunter, Carl Allen, Lin, Ron Reuven, Goldstein, Michael, Ruggieri, David J., Hollin, Benjamin Paul, Levas, Robert George, Gao, Hong Xiang, Berry, Michael C.

Application Number

US10/339,792
Publication Number

US 20030236977A1
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

G06F 21/33   using certificates

G06F 21/6218   to a system of files or obj...

G06F 2221/2115   Third party

H04L 63/0823   using certificates cryptogr...

H04L 63/0892   by using authentication-aut...

H04L 63/101   Access control lists [ACL]

Method and system for providing secure access to applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

140 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing secure access to applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links