Matching entitlement information for multiple sources

US 20070056044A1
Filed: 08/24/2005
Published: 03/08/2007
Est. Priority Date: 08/24/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implementable method comprising:

receiving, at an External Client Application (ECA) that regulates access to protected computer resources, a request from a requesting user for a protected computer resource, wherein the protected computer resource is available only to entitled users;

sending, from an External Authentication Application (EAA) to an Entitlement Broker Service (EBS), an entitlement credential identifying one or more entitled users who are entitled to access the protected computer resource;

sending, from the EBS to an Entitlement Source (ES), a request for entitlement information for the requesting user based on the entitlement credential for the requesting user;

transmitting, from the ES to the EBS, the entitlement information for the requesting user; and

transmitting the entitlement information, for the requesting user, from the EBS to the ECA, wherein the requesting user is able to access the protected computer resource according to information in the entitlement information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus and computer-usable medium for executing, at an Entitlement Broker Service (EBS), a request from a requesting user for a protected computer resource that is available only to entitled users. Entitlement identifications are located using a Standardized Entitlement Credentials Data Store (SECDS) in the EBS. The SECDS contains entitlement identification in a standardized format that can be used to contact an Entitlement Source (ES) for entitlement information regarding the requesting user and the requested protected computer resource. The located entitlement information, for the requesting user, is then transmitted from the EBS to an External Client Application (ECA) that manages the protected computer resource, thus affording the requesting user access to the protected computer resource.

Citations

20 Claims

1. A computer-implementable method comprising:
- receiving, at an External Client Application (ECA) that regulates access to protected computer resources, a request from a requesting user for a protected computer resource, wherein the protected computer resource is available only to entitled users;
  
  sending, from an External Authentication Application (EAA) to an Entitlement Broker Service (EBS), an entitlement credential identifying one or more entitled users who are entitled to access the protected computer resource;
  
  sending, from the EBS to an Entitlement Source (ES), a request for entitlement information for the requesting user based on the entitlement credential for the requesting user;
  
  transmitting, from the ES to the EBS, the entitlement information for the requesting user; and
  
  transmitting the entitlement information, for the requesting user, from the EBS to the ECA, wherein the requesting user is able to access the protected computer resource according to information in the entitlement information.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implementable method of claim 1, further comprising:
    - determining at the EBS if the requesting user is entitled to receive access to the protected computer resource through the use of an Adjunct User Interface Application (AUIA), wherein the AUIA is capable of directing the requesting user to additional help resources to enable the requesting user in obtaining requisite entitlement information needed to access the protected computer resource.
  - 3. The computer-implementable method of claim 1, further comprising:
    - filtering, at the EBS, entitlement identifiers by using an entitlement wildcard, wherein the entitlement wildcard permits the requesting user to access the protected computer resource if the requesting user has only an incomplete portion of entitlement criteria required by the protected computer resource for access to the protected computer resource.
  - 4. The computer-implementable method of claim 1, further comprising:
    - storing, in the EBS, a result of a previous entitlement query;
      
      receiving a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, transmitting the entitlement information, for the requesting user, from the EBS to the ECA to authorize access, for the requesting user, to the protected computer resource.
  - 5. The computer-implementable method of claim 1, further comprising:
    - permitting access to the protected computer resource by the requesting user.
  - 6. The computer-implementable method of claim 1, further comprising:
    - storing a result of a previous entitlement query in an Entitlement Connector (EC), wherein the EC determines which user credentials are required to identify and authenticate the requesting user as an authorized user of the protected computer resource;
      
      receiving, at the EBS, a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, transmitting the entitlement information, for the requesting user, from the EC to the ECA to authorize access, for the requesting user, to the protected computer resource.

7. A system comprising:
- a processor;
  
  a data bus coupled to the processor;
  
  a memory coupled to the data bus; and
  
  a computer-usable medium embodying computer program code, the computer program code comprising instructions executable by the processor and configured to;
  
  receive, at an External Client Application (ECA) that regulates access to protected computer resources, a request from a requesting user for a protected computer resource, wherein the protected computer resource is available only to entitled users;
  
  send, from an External Authentication Application (EAA) to an Entitlement Broker Service (EBS), an entitlement credential identifying one or more entitled users who are entitled to access the protected computer resource;
  
  send, from the EBS to an Entitlement Source (ES), a request for entitlement information for the requesting user based on the entitlement credential for the requesting user;
  
  transmit, from the ES to the EBS, the entitlement information for the requesting user; and
  
  transmit the entitlement information, for the requesting user, from the EBS to the ECA, wherein the requesting user is able to access the protected computer resource according to information in the entitlement information.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the instructions are further configured to:
    - determine at the EBS if the requesting user is entitled to receive access to the protected computer resource through the use of an Adjunct User Interface Application (AUIA), wherein the AUIA is capable of directing the requesting user to additional help resources to enable the requesting user in obtaining requisite entitlement information needed to access the protected computer resource.
  - 9. The system of claim 7, wherein the instructions are further configured to:
    - filter, at the EBS, entitlement identifiers by using an entitlement wildcard, wherein the entitlement wildcard permits the requesting user to access the protected computer resource if the requesting user has only an incomplete portion of entitlement criteria required by the protected computer resource for access to the protected computer resource.
  - 10. The system of claim 7, wherein the instructions are further configured to:
    - store, in the EBS, a result of a previous entitlement query;
      
      receive a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, transmit the entitlement information, for the requesting user, from the EBS to the ECA to authorize access, for the requesting user, to the protected computer resource.
  - 11. The system of claim 7, wherein the instructions are further configured to:
    - permit access to the protected computer resource by the requesting user.
  - 12. The system of claim 7, wherein the instructions are further configured to:
    - store a result of a previous entitlement query in an Entitlement Connector (EC), wherein the EC determines which user credentials are required to identify and authenticate the requesting user as an authorized user of the protected computer resource;
      
      receive, at the EBS, a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, transmit the entitlement information, for the requesting user, from the EC to the ECA to authorize access, for the requesting user, to the protected computer resource.

13. A computer-usable medium embodying computer program code, the computer program code comprising computer executable instructions configured to:
- receive, at an External Client Application (ECA) that regulates access to protected computer resources, a request from a requesting user for a protected computer resource, wherein the protected computer resource is available only to entitled users;
  
  send, from an External Authentication Application (EAA) to an Entitlement Broker Service (EBS), an entitlement credential identifying one or more entitled users who are entitled to access the protected computer resource;
  
  send, from the EBS to an Entitlement Source (ES), a request for entitlement information for the requesting user based on the entitlement credential for the requesting user;
  
  transmit, from the ES to the EBS, the entitlement information for the requesting user; and
  
  transmit the entitlement information, for the requesting user, from the EBS to the ECA, wherein the requesting user is able to access the protected computer resource according to information in the entitlement information.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer-usable medium of claim 13, wherein the embodied computer program code further comprises computer executable instructions configured to:
    - determine at the EBS if the requesting user is entitled to receive access to the protected computer resource through the use of an Adjunct User Interface Application (AUIA), wherein the AUIA is capable of directing the requesting user to additional help resources to enable the requesting user in obtaining requisite entitlement information needed to access the protected computer resource.
  - 15. The computer-usable medium of claim 13, wherein the embodied computer program code further comprises computer executable instructions configured to:
    - filter, at the EBS, entitlement identifiers by using an entitlement wildcard, wherein the entitlement wildcard permits the requesting user to access the protected computer resource if the requesting user has only an incomplete portion of entitlement criteria required by the protected computer resource for access to the protected computer resource.
  - 16. The computer-usable medium of claim 13, wherein the embodied computer program code further comprises computer executable instructions configured to:
    - store, in the EBS, a result of a previous entitlement query;
      
      receive a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, transmit the entitlement information, for the requesting user, from the EBS to the ECA to authorize access, for the requesting user, to the protected computer resource.
  - 17. The computer-usable medium of claim 13, wherein the embodied computer program code further comprises computer executable instructions configured to:
    - permit access to the protected computer resource by the requesting user.
  - 18. The computer-usable medium of claim 13, wherein the embodied computer program code further comprises computer executable instructions configured to:
    - store a result of a previous entitlement query in an Entitlement Connector (EC), wherein the EC determines which user credentials are required to identify and authenticate the requesting user as an authorized user of the protected computer resource;
      
      receive, at the EBS, a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, transmit the entitlement information, for the requesting user, from the EC to the ECA to authorize access, for the requesting user, to the protected computer resource.
  - 19. The computer-useable medium of claim 13, wherein the computer executable instructions are deployable to a client computer from a server at a remote location.
  - 20. The computer-useable medium of claim 13, wherein the computer executable instructions are provided by a service provider to a customer on an on-demand basis

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Murray, Sean, Pisello, John, Illg, Jason

Granted Patent

US 9,137,227 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/0884 by delegation of authentica...

Matching entitlement information for multiple sources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Matching entitlement information for multiple sources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links