System and/or method for authentication and/or authorization via a network

US 20070079369A1
Filed: 10/04/2005
Published: 04/05/2007
Est. Priority Date: 10/04/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

connecting a computing platform to a network;

communicating with said network via said computing platform to authenticate one or more users attempting accessing at least a portion of an application and/or authorize said one or more users to access said application; and

enabling said one or more users access said at least a portion of said application through said computing platform following a disconnection of said computing platform from said network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject matter disclosed herein relates to authenticating an identity of users desiring access to an application program and determining whether an authenticated user is authorized to access one or more aspects of the application program.

62 Citations

View as Search Results

71 Claims

1. A method comprising:
- connecting a computing platform to a network;
  
  communicating with said network via said computing platform to authenticate one or more users attempting accessing at least a portion of an application and/or authorize said one or more users to access said application; and
  
  enabling said one or more users access said at least a portion of said application through said computing platform following a disconnection of said computing platform from said network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said at least a portion of said application comprises one or more secured entities.
  - 3. The method of claim 2, and further comprising receiving authorization metadata at said computing platform associated with said one or more secured entities and said one or more users.
  - 4. The method of claim 3, wherein said authorization metadata associates said one or more secured entities with one or more functional abilities.
  - 5. The method of claim 4, wherein said authorization metadata associates said one or more functional abilities with one or more roles associated with said one or more users.
  - 6. The method of claim 1, and further comprising:
    - communicating with a Web service to obtain authorization metadata indicative of authorization of said one or more users to access said at least a portion of said application; and
      
      storing said authorization metadata on said computing platform.
  - 7. The method of claim 1, and further comprising:
    - receiving authorization metadata associated with said one or more users at said computing platform from said network; and
      
      affecting run-time behavior of said application following said disconnection from said network based, at least in part, on said received authorization metadata.

8. An apparatus comprising:
- a computing platform comprising a communication adapter for communicating with a network, said computing platform being further adapted to;
  
  host one or more applications;
  
  communicate with said network through communication adapter to authenticate one or more users attempting to access at least a portion of at least one of said applications, and/or authorize said one or more users to access said at least a portion of said at least one of said applications; and
  
  enable said one or more users to access said at least a portion of said one or more applications following a disconnection of said computing platform from said network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein said at least a portion of said at least one of said applications comprises one or more secured entities.
  - 10. The apparatus of claim 9, wherein said computing platform is further adapted to receive authorization metadata associated with said one or more secured entities and said one or more users.
  - 11. The apparatus of claim 10, wherein said authorization metadata associates said one or more secured entities with one or more functional abilities.
  - 12. The apparatus of claim 11, wherein said authorization metadata associates said one or more functional abilities with one or more roles associated with said one or more users.
  - 13. The apparatus of claim 8, wherein said computing platform is further adapted to:
    - communicating with a Web service to obtain authorization metadata indicative of authorization of said one or more users to access said at least a portion of said application; and
      
      storing said authorization metadata on said computing platform.
  - 14. The apparatus of claim 8, wherein said computing platform is further adapted to:
    - receive authorization metadata associated with said one or more users at said computing platform from said network; and
      
      affect run-time behavior of said application following said disconnection from said network based, at least in part, on said received authorization metadata.

15. An apparatus comprising:
- means for connecting a computing platform to a network;
  
  means for communicating with said network via said computing platform to authenticate one or more users attempting accessing at least a portion of an application, and authorize said one or more users to access said application; and
  
  means for enabling said one or more users access said at least a portion of said application through said computing platform following a disconnection of said computing platform from said network.
- View Dependent Claims (16, 17)
- - 16. The apparatus of claim 15, wherein said at least a portion of said application comprises one or more secured entities.
  - 17. The apparatus of claim 16, and further comprising means for receiving authorization metadata at said computing platform associated with said one or more secured entities and said one or more users.

18. An article comprising:
- a storage medium comprising machine-readable instructions stored thereon to;
  
  communicate with said network to authenticate one or more users attempting to access at least a portion of one or more applications hosted on a computing platform, and/or authorize said one or more users to access said at least a portion of said at least one of said applications; and
  
  enable said one or more users to access said at least a portion of said one or more applications following a disconnection of said computing platform from said network.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The article of claim 18, wherein said at least a portion of said at least one of said applications comprises one or more secured entities.
  - 20. The article of claim 19, wherein said storage medium further comprises machine-readable instructions stored thereon to enable said access based, at least in part, on authorization metadata received from said network and associated with said one or more secured entities and said one or more users.
  - 21. The article of claim 20, wherein said authorization metadata associates said one or more secured entities with one or more functional abilities.
  - 22. The article of claim 21, wherein said authorization metadata associates said one or more functional abilities with one or more roles associated with said one or more users.
  - 23. The article of claim 18, wherein said storage medium further comprises machine-readable instructions stored thereon to:
    - communicate with a Web service to obtain authorization metadata indicative of authorization of said one or more users to access said at least a portion of said at least one of said applications; and
      
      store said authorization metadata on said computing platform.
  - 24. The article of claim 18, wherein said storage medium further comprises machine-readable instructions stored thereon to affect run-time behavior of said application following said disconnection from said network based, at least in part, on authorization metadata received from said network.

25. An article comprising:
- a storage medium comprising machine-readable instructions stored thereon to;
  
  control access to at least a portion of one or more applications hosted by an enterprise according to one or more security business rules;
  
  modify control of said access to said at least a portion of said one or more applications in response to a change of at least one of said security business rules without modifying source code of said at least one of said plurality of applications.
- View Dependent Claims (26, 27)
- - 26. The article of claim 25, wherein said storage medium further comprises machine-readable instructions stored-thereon to control said access based, at least in part, on authorization metadata associated with at least one of said applications and based, at in part, on said security business rules.
  - 27. The apparatus of claim 25, wherein said one or more applications are hosted on one or more computing platforms as one or more executable images derived, at least in part, on one or more source code images, and wherein said storage medium further comprises machine-readable instructions stored thereon to modify control of access to at least a portion of said one or more applications in response to said change in said at least one of said security business rules while maintaining installation of said executable image on said one or more computing platforms.

28. A method comprising:
- obtaining security metadata through a Web service in response to an attempt by a user to access at least a portion of one or more applications hosted on a computing platform; and
  
  locally storing said obtained security metadata for use in response to subsequent attempts to access at least a portion of said one or more applications.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 29. The method of claim 28, wherein said security metadata comprises at least authorization metadata.
  - 30. The method of claim 28, and further comprising:
    - obtaining a USID associated with said user attempting to access at least a portion of a first application in response to an authentication procedure; and
      
      storing said USID on a computing platform hosting said first application.
  - 31. The method of claim 30, wherein said first application substantially comprises a Web application and said storing said USID comprises storing said USID in a cookie accessible for use in accessing at least a portion of a second application by said user.
  - 32. The method of claim 31, wherein said cookie comprises a persistent cookie.
  - 33. The method of claim 30, wherein said first application comprises a rich-client application and wherein said storing said USID comprises storing said USID as a command line parameter accessible for use in accessing at least a portion of a second application by said user.
  - 34. The method of claim 28, and flutter comprising accessing said locally stored security metadata in response to an attempt to access at least a portion of an application.
  - 35. The method of claim 28, and further comprising receiving said security metadata from said Web service according to one more of a SOAP, XML and/or HTTP protocols.
  - 36. The method of claim 28, and further comprising affecting runtime behavior of said application on said computing platform based, at least in part, on said security metadata.
  - 37. The method of claim 28, wherein said at least a portion of said one or more applications comprises a secured entity associated with at least one of said one or more applications.
  - 38. The method of claim 37, wherein said security metadata comprises information representing a role associated with said user and said one or more applications, said role being associated with one or more functional abilities associated with said secured entity.

39. An apparatus comprising:
- means for obtaining security metadata through a Web service in response to an attempt by a user to access at least a portion of one or more applications hosted on a computing platform; and
  
  means for locally storing said obtained security metadata for use in response to subsequent attempts to access said at least a portion of said one or more applications.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
- - 40. The apparatus of claim 39, wherein said security metadata comprises at least authorization metadata.
  - 41. The apparatus of claim 39, and further comprising:
    - means for obtaining a USID associated with said user attempting to access at least a portion of a first application in response to an authentication procedure; and
      
      means for storing said USID on a computing platform hosting said first application.
  - 42. The apparatus of claim 41, wherein said first application substantially comprises a Web application and said means for storing said USID comprises means for storing said USID in a cookie accessible for use in accessing at least a portion of a second application by said user.
  - 43. The apparatus of claim 42, wherein said cookie comprises a persistent cookie.
  - 44. The apparatus of claim 41, wherein said first application comprises a rich-client application and wherein said means for storing said USID comprises means for storing said USID as a command line parameter accessible for use in accessing at least a portion of a second application by said user.
  - 45. The apparatus of claim 39, and further comprising means for accessing said locally stored security metadata in response to an attempt to access at least a portion of an application.
  - 46. The apparatus of claim 39, and further comprising receiving said security metadata from said Web service according to one more of a SOAP, XML and/or HTTP protocols.
  - 47. The apparatus of claim 39, and further comprising affecting runtime behavior of said application on said computing platform based, at least in part, on said security metadata.
  - 48. The method of claim 39, wherein said at least a portion of said one or more applications comprises a secured entity associated with at least one or said one or more of said applications.
  - 49. The method of claim 48, wherein said security metadata comprises information representing a role associated with said user and said one or more applications, said role being associated with one or more functional abilities associated with said secured entity.

50. A computing platform comprising:
- a software component capable of accessing security metadata through a Web service in response to an attempt to access at least a portion of one or more applications; and
  
  an agent of said Web service to locally store said security metadata for use in response to subsequent attempts to access at least a portion of said one or more applications.
- View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 51. The computing platform of claim 50, wherein said security metadata comprises at least authorization metadata.
  - 52. The computing platform of claim 50, wherein said software component obtains a USID associated with a user attempting to access at least a portion of a first application in response to an authentication procedure and wherein said agent locally stores said USID.
  - 53. The computing platform of claim 52, wherein said first application comprises a Web application and said agent stores said USID in a cookie accessible for use in accessing at least a portion of a second application by said user.
  - 54. The computing platform of claim 53, wherein said cookie comprises a persistent cookie.
  - 55. The computing platform of claim 52, wherein said first application comprises a rich-client application and wherein said agent stores said USID as a command line parameter accessible for use in accessing at least a portion of a second application by said user.
  - 56. The computing platform of claim 50, wherein said software component is capable of accessing said security metadata in response to an attempt to access at least a portion of at least one of said one or more applications.
  - 57. The computing platform of claim 50, wherein said computing platform is further adapted to receive said security metadata from said Web service according to one more of a SOAP, XML and/or HTTP protocols.
  - 58. The computing platform of claim 50, wherein said computing platform is further adapted to affect runtime behavior of said one or more applications based, at least in part, on said security metadata.
  - 59. The computing platform of claim 50, wherein said at least a portion of said one or more applications comprises a secured entity.
  - 60. The computing platform of claim 59, wherein said security metadata comprises information representing a role associated with said user and said one or more applications, said role being associated with one or more functional abilities associated with said secured entity.

61. An article comprising:
- a storage medium comprising machine-readable instructions stored thereon to;
  
  obtain security metadata through a Web service in response to an attempt by a user to access at least a portion of one or more applications hosted on a computing platform; and
  
  locally store said obtained security metadata for use in response to subsequent attempts to access said at least a portion of one or more applications.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
- - 62. The article of claim 61, wherein said security metadata comprises at least authorization metadata.
  - 63. The article of claim 61, wherein said storage medium further comprises machine-readable instructions stored thereon to obtain a USID associated with a user attempting to access at least a portion of a first application in response to an authentication procedure and wherein said agent locally stores said USID.
  - 64. The article of claim 63, wherein said first application substantially comprises a Web application and said agent stores said USID in a cookie accessible for use in accessing at least a portion of a second application by said user.
  - 65. The article of claim 64, wherein said cookie comprises a persistent cookie.
  - 66. The article of claim 63, wherein said first application substantially comprises a rich-client application and wherein said storage medium further comprises machine-readable instructions stored thereon to'"'"'store said USID as a command line parameter accessible for use in accessing at least a portion of a second application by said user.
  - 67. The article of claim 61, wherein said storage medium further comprises machine-readable instructions stored thereon to access said security metadata in response to a request for access of at least a portion of at least one of said one or more applications.
  - 68. The article of claim 61, wherein said storage medium further comprises machine-readable instructions stored thereon to receive said security metadata from said Web service according to one more of a SOAP, XML and/or HTTP protocols.
  - 69. The computing platform of claim 61, wherein said storage medium further comprises machine-readable instructions stored thereon to affect runtime behavior of said one or more applications based, at least in part, on said security metadata.
  - 70. The computing platform of claim 61, wherein said at least a portion of said one or more applications comprises a secured entity.
  - 71. The computing platform of claim 70, wherein said security metadata comprises information representing a role associated with said user and said one or more applications, said role being associated with one or more functional abilities associated with said secured entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Disney Enterprises Incorporated (The Walt Disney Company)
Original Assignee
Disney Enterprises Incorporated (The Walt Disney Company)
Inventors
Grinstein, Doron

Granted Patent

US 8,997,246 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/19
CPC Class Codes

G06F 21/31   User authentication

G06F 21/629   to features or functions of...

H04L 63/08   for authentication of entit...

System and/or method for authentication and/or authorization via a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

71 Claims

Specification

Solutions

Use Cases

Quick Links

System and/or method for authentication and/or authorization via a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

71 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links