Method for providing access control to single sign-on computer networks

US 20040111645A1
Filed: 12/05/2002
Published: 06/10/2004
Est. Priority Date: 12/05/2002
Status: Active Grant

First Claim

Patent Images

1. A method for providing access control to a single sign-on computer network, said method comprising:

associating a user to a plurality of groups;

in response to an access request by said user, determining a group pass count based on a user profile of said user, wherein said group pass count is a number of said plurality of groups in which the access requirement that said access request has to meet; and

granting said access request if said group pass count is greater than a predetermined high group pass threshold value.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

62 Citations

View as Search Results

18 Claims

1. A method for providing access control to a single sign-on computer network, said method comprising:
- associating a user to a plurality of groups;
  
  in response to an access request by said user, determining a group pass count based on a user profile of said user, wherein said group pass count is a number of said plurality of groups in which the access requirement that said access request has to meet; and
  
  granting said access request if said group pass count is greater than a predetermined high group pass threshold value.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said method further includes denying said access request if said group pass count is lower than a predetermined low group pass threshold value.
  - 3. The method of claim 2, wherein said method further includes sending a severity to a network administrator based on a level of deviation from normal access after denying said access request.
  - 4. The method of claim 1, wherein said method further includes checking whether or not said access request is within normal parameters as defined in said user profile if said group pass count is higher than a predetermined low group pass threshold value but lower than said predetermined high group pass threshold value.
  - 5. The method of claim 4, wherein said method further includes granting said access request if said access request is within normal parameters as defined in said user profile.
  - 6. The method of claim 4, wherein said method further includes sending an alert before granting said access request if said access request is not within normal parameters as defined in said user profile.

7. A computer program product residing on a computer usable medium for providing access control to a single sign-on computer network, said computer program product comprising:
- program code means for associating a user to a plurality of groups;
  
  program code means for determining a group pass count based on a user profile of said user in response to an access request by said user, wherein said group pass count is a number of said plurality of groups in which the access requirement that said access request has to meet; and
  
  program code means for granting said access request if said group pass count is greater than a predetermined high group pass threshold value.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7, wherein said computer program product further includes program code means for denying said access request if said group pass count is lower than a predetermined low group pass threshold value.
  - 9. The computer program product of claim 8, wherein said computer program product further includes program code means for sending a severity to a network administrator based on a level of deviation from normal access after denying said access request.
  - 10. The computer program product of claim 7, wherein said computer program product further includes program code means for checking whether or not said access request is within normal parameters as defined in said user profile if said group pass count is higher than a predetermined low group pass threshold value but lower than said predetermined high group pass threshold value.
  - 11. The computer program product of claim 10, wherein said computer program product further includes program code means for granting said access request if said access request is within normal parameters as defined in said user profile.
  - 12. The computer program product of claim 10, wherein said computer program product further includes program code means for sending an alert before granting said access request if said access request is not within normal parameters as defined in said user profile.

13. A data processing system capable of providing access control to a single sign-on computer network, said data processing system comprising:
- means for associating a user to a plurality of groups;
  
  means for determining a group pass count based on a user profile of said user in response to an access request by said user, wherein said group pass count is a number of said plurality of groups in which the access requirement that said access request has to meet; and
  
  means for granting said access request if said group pass count is greater than a predetermined high group pass threshold value.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The data processing system of claim 13, wherein said data processing system further includes means for denying said access request if said group pass count is lower than a predetermined low group pass threshold value.
  - 15. The data processing system of claim 14, wherein said data processing system further includes means for sending a severity to a network administrator based on a level of deviation from normal access after denying said access request.
  - 16. The data processing system of claim 13, wherein said data processing system further includes means for checking whether or not said access request is within normal parameters as defined in said user profile if said group pass count is higher than a predetermined low group pass threshold value but lower than said predetermined high group pass threshold value.
  - 17. The data processing system of claim 16, wherein said data processing system further includes means for granting said access request if said access request is within normal parameters as defined in said user profile.
  - 18. The data processing system of claim 16, wherein said data processing system further includes means for sending an alert before granting said access request if said access request is not within normal parameters as defined in said user profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Stading, Tyron Jerrod, Gilfix, Michael, Garrison, John Michael, Baffes, Paul T., Hsu, Allan

Granted Patent

US 7,389,430 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/102 Entity profiles

Method for providing access control to single sign-on computer networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

62 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method for providing access control to single sign-on computer networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links