METHOD FOR PROVIDING ACCESS CONTROL TO SINGLE SIGN-ON COMPUTER NETWORKS

US 20080216164A1
Filed: 04/16/2008
Published: 09/04/2008
Est. Priority Date: 12/05/2002
Status: Active Grant

First Claim

Patent Images

1. A method for providing access control to a single sign-on computer network, said method comprising:

associating a user to a plurality of groups;

in response to an access request by said user, determining a group pass count based on a user profile of said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile; and

granting said access request if said group pass count is greater than a predetermined high group pass threshold value.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

Citations

18 Claims

1. A method for providing access control to a single sign-on computer network, said method comprising:
- associating a user to a plurality of groups;
  
  in response to an access request by said user, determining a group pass count based on a user profile of said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile; and
  
  granting said access request if said group pass count is greater than a predetermined high group pass threshold value.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein said method further includes denying said access request if said group pass count is lower than a predetermined low group pass threshold value.
  - 3. The method of claim 2, wherein said method further includes sending a severity to a network administrator based on a level of deviation from normal access after denying said access request.
  - 4. The method of claim 1, wherein said method further includes checking whether or not said access request is within normal parameters as defined in said user profile in response to said group pass count being higher than a predetermined low group pass threshold value but lower than said predetermined high group pass threshold value.
  - 5. The method of claim 4, wherein said method further includes granting said access request if said access request is within normal parameters as defined in said user profile.
  - 6. The method of claim 4, wherein said method further includes sending an alert before granting said access request if said access request is not within normal parameters as defined in said user profile.

7. A computer-readable medium having encoded thereon computer-executable instructions for providing access control to a single sign-on computer network, said computer-executable instructions performing a method comprising:
- associating a user to a plurality of groups;
  
  determining a group pass count based on a user profile of said user in response to an access request by said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile; and
  
  granting said access request if said group pass count is greater than a predetermined high group pass threshold value.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable medium of claim 7, wherein said method further comprises denying said access request if said group pass count is lower than a predetermined low group pass threshold value.
  - 9. The computer-readable medium of claim 8, wherein said method further comprises sending a severity to a network administrator based on a level of deviation from normal access after denying said access request.
  - 10. The computer-readable medium of claim 7, wherein said method further comprises checking whether or not said access request is within normal parameters as defined in said user profile in response to said group pass count being higher than a predetermined low group pass threshold value but lower than said predetermined high group pass threshold value.
  - 11. The computer-readable medium of claim 10, wherein said method further comprises granting said access request if said access request is within normal parameters as defined in said user profile.
  - 12. The computer-readable medium of claim 10, wherein said method further comprises sending an alert before granting said access request if said access request is not within normal parameters as defined in said user profile.

13. A data processing system capable of providing access control to a single sign-on computer network, said data processing system comprising:
- means for associating a user to a plurality of groups;
  
  means for determining a group pass count based on a user profile of said user in response to an access request by said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile; and
  
  means for granting said access request if said group pass count is greater than a predetermined high group pass threshold value.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The data processing system of claim 13, wherein said data processing system further includes means for denying said access request if said group pass count is lower than a predetermined low group pass threshold value.
  - 15. The data processing system of claim 14, wherein said data processing system further includes means for sending a severity to a network administrator based on a level of deviation from normal access after denying said access request.
  - 16. The data processing system of claim 13, wherein said data processing system further includes means for checking whether or not said access request is within normal parameters as defined in said user profile in response to said group pass count being higher than a predetermined low group pass threshold value but lower than said predetermined high group pass threshold value.
  - 17. The data processing system of claim 16, wherein said data processing system further includes means for granting said access request if said access request is within normal parameters as defined in said user profile.
  - 18. The data processing system of claim 16, wherein said data processing system further includes means for sending an alert before granting said access request if said access request is not within normal parameters as defined in said user profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Allan Hsu, John Michael Garrison, Michael Gilfix, Paul T. Baffes, Tyron Jerrod Stading
Original Assignee
Allan Hsu, John Michael Garrison, Michael Gilfix, Paul T. Baffes, Tyron Jerrod Stading
Inventors
Stading, Tyron Jerrod, Gilfix, Michael, Garrison, John Michael, Hsu, Allan, BAFFES, PAUL T.

Granted Patent

US 7,702,914 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/102 Entity profiles

METHOD FOR PROVIDING ACCESS CONTROL TO SINGLE SIGN-ON COMPUTER NETWORKS

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR PROVIDING ACCESS CONTROL TO SINGLE SIGN-ON COMPUTER NETWORKS

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links