IMPERSONATION IN AN ACCESS SYSTEM
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention pertains to a system for managing network access to resources that allows a first entity to impersonate a second entity. In one embodiment, the first entity can impersonate the second entity without knowing the second entity'"'"'s password and/or without altering anything in the entity'"'"'s set of personal information. This invention provides the first entity with the ability to troubleshoot in a live production system without disrupting the users or the system. In one embodiment, the first entity authenticates as itself. Access to resources is provided in response to an authorization process based on the identity of the entity being impersonated.
-
Citations
96 Claims
-
1-48. -48. (canceled)
-
49. A method of allowing a first user to impersonate a second user, the method comprising the steps of:
-
receiving authentication credentials for the first user and an identification of the second user;
authenticating said first user based on said authentication credentials for said first user;
creating a cookie that stores an indication of said second user if said step of authenticating is performed successfully; and
authorizing said first user to access a first resource as said second user based on said cookie. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
-
-
64. A method for impersonating, comprising the steps of:
-
receiving authentication credentials for an impersonator and an identification of an impersonatee at an access system, wherein said access system protects a first resource that is separate from said access system;
authenticating said impersonator based on said authentication credentials for said impersonatee, wherein said step of authenticating is performed by said access system; and
authorizing said impersonator to access said first resource as said impersoriatee, wherein said step of authorizing is performed by said access system. - View Dependent Claims (65, 66, 67, 68, 69, 70, 71)
-
-
72. A method of allowing a first entity to impersonate a second entity, the method comprising the steps of:
-
receiving authentication credentials for the first entity and an identification of the second entity at an access system, wherein said access system protects a plurality of resources;
receiving an indication of one or more of said plurality of resources;
authenticating said first entity based on said authentication credentials for said first entity, wherein said step of authenticating is performed by said access system; and
authorizing said first entity to access said one or more of said plurality of resources as said second entity, wherein said step of authorizing is performed by said access system. - View Dependent Claims (73, 74, 75)
-
-
76. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
receiving authentication credentials for a first user and an identification of a second user;
authenticating said first user based on said authentication credentials for said first user;
creating a cookie that stores an indication of said second user if said step of authenticating is performed successfully; and
authorizing said first user to access a first resource as said second user based on said cookie. - View Dependent Claims (77, 78, 79, 80, 81, 82)
-
-
83. An apparatus for providing access management that allows for impersonating, comprising:
-
a communication interface;
a storage device; and
a processing unit in communication with said communication interface and said storage device, said processing unit performs a method comprising the steps of;
receiving authentication credentials for a first user and an identification of a second user, authenticating said first user based on said authentication credentials for said first user, creating a cookie that stores an indication of said second user if said step of authenticating is performed successfully, and authorizing said first user to access a first resource as said second user based on said cookie. - View Dependent Claims (84, 85, 86)
-
-
87. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
receiving authentication credentials for an impersonator and an identification of an impersonatee at an access system, said access system protects a first resource that is separate from said access system;
authenticating said impersonator based on said authentication credentials for said impersonator, said step of authenticating is performed by said access system; and
authorizing said impersonator to access said first resource as said impersonatee, said step of authorizing is performed by said access system. - View Dependent Claims (88, 89, 90, 91, 92)
-
-
93. An apparatus for providing access management that allows for impersonating, comprising:
-
a communication interface;
a storage device; and
a processing unit in communication with said communication interface and said storage device, said processing unit performs a method comprising the steps of;
receiving authentication credentials for an impersonator and an identification of an impersonates at an access system, said access system protects a first resource that is separate from said access system, authenticating said impersonator based on said authentication credentials for said impersonator, said step of authenticating is performed by said access system, and authorizing said impersonator to access said first resource as said impersonatee, said step of authorizing is performed by said access system. - View Dependent Claims (94, 95, 96)
-
Specification