Generic security infrastructure for COM based systems
First Claim
1. A computer software implemented access control method comprising:
- validating a user;
generating a unique user security context number for a validated user; and
granting permission based on the unique user security context number for the validated user.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention provides a generic technique to perform access control check for data access and/or for doing an operation in a COM based system comprised of multiple servers and having multiple users. A unique user security context number is generated after validating the user for a session, based on user entered authentication parameters. The generation of the security context numbers and the fetching of the access control information from storage medium is managed by a central security server. The generated unique user security context number is then used throughout the session to check for access permission for data access and/or to perform an operation requested by the user during the session.
56 Citations
48 Claims
-
1. A computer software implemented access control method comprising:
-
validating a user;
generating a unique user security context number for a validated user; and
granting permission based on the unique user security context number for the validated user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of providing access control to perform a user requested operation during a session in a COM based computer application system having multiple users and servers, comprising:
-
a security server validating a user to log in to the system for the session by verifying user entered authenticating parameters;
a security server generating a unique user security context number that represents the validated user for the session;
storing the unique user security context number;
user requesting access to perform an operation on a server in the system during the session by passing the unique user security context number;
if access control information for the user is not in the server, then obtaining the access control information for the user;
storing the access control information for the user security context in the security client'"'"'s cache; and
performing the user requested operation on the server during the session based on the access control information and the unique user security context number. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A computer-readable medium having computer-executable instructions for providing a computer implemented access control method comprising:
-
validating a user;
generating a unique context number for a validated user; and
granting permission based on the unique context number for the validated user.
-
-
30. A computer system having an access control method, the system comprising:
-
means for validating a user;
means for generating a unique context number for a validated user; and
means for granting permission based on the unique context number for the validated user.
-
-
31. A COM based computer application (system) having one or more users requiring access control checking for the users to allow or deny permission to data and resources associated with the application or, to allow or deny permission to do operations with the application where the application is running on one or more computers each of which comprising:
-
a processor;
an output device; and
a storage device to store instructions that are executable by the processor to provide access to a server in a computer application which is a COM based system having multiple users and servers, wherein each of the servers are coupled to one or more servers in the system, each server implementing a method comprising;
validating a user to login to the system for the session by verifying the user entered authenticating parameters;
generating a unique user security context number that represents the validated user for the session;
storing the generated unique user security context number of the user in the security client associated with the server;
if access control information for the user is not in the security client'"'"'s cache, then obtaining the access control information for the user from the security server; and
performing the user requested operation on the server during the session based on checking the access control information for the stored unique user security context number. - View Dependent Claims (32, 33, 34)
-
-
35. A generic security system for a COM based network, comprising:
-
a database or any other storage mechanism like LDAP to store user and server access control information;
a security server coupled to the database; and
multiple servers coupled to the security server, wherein each of the servers comprises a security client, wherein the security server to receive authenticating parameters entered by a user through the security client of a UI server in the system to gain access to the system to perform a session, wherein the security server validates the user by verifying the received authenticating parameters with the user information stored in the database, upon receiving the authenticating parameters from the security client of the UI server, wherein the security server generates a unique user security context number for the session upon validation, wherein the generated unique user security context number represents the validated user based on the stored user information for the session, wherein the security server passes the generated unique user security context number to the security client of the UI server, wherein the UI server stores the passed unique user security context number, wherein the user requests access to perform an operation on a first server in the system upon validation by the security server, wherein the security client of the UI server passes the unique user security context number to the first server, wherein the first server performs the requested operation based on stored access control information and the unique user security context number if the access control information is stored in the security client of the first server, otherwise the first server obtains the access control information from the security server and performs the requested operation based on the obtained access control information and the unique user security context number. - View Dependent Claims (36, 37, 38, 39, 40, 41)
-
-
42. A system for providing access control during an operation in a COM based system, comprising:
-
a database to store user and server access control information;
a security server coupled to the database;
a user interface (UI) server coupled to the security server to receive authenticating parameters entered by a user to gain access to the system for a session, wherein the UI server further comprises of a security client comprising of a security agent, a security monitor, and cache memory; and
one or more servers coupled to the security server, wherein each server comprises one or more executable software applications and a security client, wherein each security client includes a security agent, a security monitor, and cache memory, wherein the security server to receive the user entered authenticating parameters through the security agent of a server that contains the UI for capturing the user authentication parameters, wherein the security server validates the user by verifying the received authenticating parameters upon receiving the authenticating parameters from the security client of the UI server, wherein the security server generates a unique user security context number for the user for the session upon successful validation, wherein the security server passes the generated unique user security context number to the security agent of the UI server, wherein the security agent of the UI server stores the passed unique user security context number in the cache memory of the UI server, wherein the user requests access to perform an operation using the first server in the system, wherein the security agent of the UI server checks for user access control information for the unique user security context number stored in the cache memory of the first server, wherein the UI server allows the user to perform the requested operation in the first server if the user access control information is in the cache memory of the first server, otherwise the UI server obtains the user access control information from the security server and stores in the cache memory of the first server and allows or denies the user to perform the requested operation in the first server based on the access control information. - View Dependent Claims (43, 44, 45, 46, 47, 48)
-
Specification