SOFTWARE APPLICATION ACCESS METHOD AND SYSTEM

US 20080289021A1
Filed: 05/17/2007
Published: 11/20/2008
Est. Priority Date: 05/17/2007
Status: Active Grant

First Claim

Patent Images

1. An access method comprising:

receiving from a first user, by a software application within a computing system, a first request for access to said software application, said computing system comprising a memory device, said memory device comprising data;

determining, by said software application, a first domain associated with a first current location of said first user, said first domain associated with a first set of login process rules and a first set of software application access rules;

first enforcing, by said software application, said first set of login process rules;

presenting based on said first enforcing, by said software application, a first specified login procedure for said first user;

receiving, by said software application, first login information from said first user in response to said first specified login procedure, said first login information comprising an identity for said first user;

first authenticating, by said software application, said first user based on said first login information;

determining, by said software application, a home domain associated with said first user, said home domain associated with a second set of login process rules and a second set of software application access rules, said home domain different from said first domain, said home domain associated with said first user and a first entity, said first domain associated with a second entity, said first entity different from said second entity, said software application associated with said first entity and said second entity;

retrieving, by said software application, a third set of login process rules from said data, said third set of login process rules associated with a combination of said first domain and said home domain, said third set of login process rules different from said second set of login process rules and said first set of login process rules; and

second enforcing, by said software application, said third set of login process rules;

transmitting to said first user, by said software application, results of said second enforcing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access method and system. The method includes receiving from a first user, by a software application within a computing system, a request for access to the software application. The software application determines a first domain associated with a first current location of the user. The software application determines a home domain associated with the user. The software application retrieves a set of login process rules associated with a combination of the first domain and the home domain. The software application enforces the set of login process rules. The software application transmits results of enforcing the set of login process rules.

32 Citations

View as Search Results

28 Claims

1. An access method comprising:
- receiving from a first user, by a software application within a computing system, a first request for access to said software application, said computing system comprising a memory device, said memory device comprising data;
  
  determining, by said software application, a first domain associated with a first current location of said first user, said first domain associated with a first set of login process rules and a first set of software application access rules;
  
  first enforcing, by said software application, said first set of login process rules;
  
  presenting based on said first enforcing, by said software application, a first specified login procedure for said first user;
  
  receiving, by said software application, first login information from said first user in response to said first specified login procedure, said first login information comprising an identity for said first user;
  
  first authenticating, by said software application, said first user based on said first login information;
  
  determining, by said software application, a home domain associated with said first user, said home domain associated with a second set of login process rules and a second set of software application access rules, said home domain different from said first domain, said home domain associated with said first user and a first entity, said first domain associated with a second entity, said first entity different from said second entity, said software application associated with said first entity and said second entity;
  
  retrieving, by said software application, a third set of login process rules from said data, said third set of login process rules associated with a combination of said first domain and said home domain, said third set of login process rules different from said second set of login process rules and said first set of login process rules; and
  
  second enforcing, by said software application, said third set of login process rules;
  
  transmitting to said first user, by said software application, results of said second enforcing.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said third set of login process rules comprises a rule specifying a second specified login procedure for said first user, and wherein said method further comprises:
    - presenting based on said second enforcing, by said software application, said second specified login procedure for said first user;
      
      receiving, by said software application, second login information from said first user in response to said second specified login procedure;
      
      second authenticating, by said software application, said first user in response to said second login information; and
      
      transmitting to said first user, by said software application, authentication data to said first user in response to said second authenticating.
  - 3. The method of claim 2, further comprising:
    - retrieving, by said software application, a third set of software application access rules from said data, said third set of software application access rules associated with said combination of said first domain and said home domain, said third set of software application access rules different from said second set software application access rules and said first set of software application access rules;
      
      third enforcing, by said software application, said third set of software application access rules;
      
      determining, by said software application, a first set of sections of said software application that said first user is allowed to access, said determining said first set of sections based on said third enforcing;
      
      authorizing, by said software application, said first user to access first set of sections of said software application, said first set of sections of said software application associated with roles and authority to perform actions associated with said first set of sections of said software application; and
      
      transmitting to said first user, by said software application, authorization data associated with said authorizing in response to said authorizing.
  - 4. The method of claim 3, further comprising:
    - receiving from said first user, by said software application, a command for disabling said access to said first set of sections of said software application;
      
      receiving from said first user, by a software application within a computing system, a second request for access to said software application;
      
      determining, by said software application, a second domain associated with a second current location of said first user, said second domain different from said first domain and said home domain, said second domain associated with a fourth set of login process rules and a fourth set of software application access rules, said fourth set of software application access rules different from said third set of software application access rules, said second set software application access rules, and said first set of software application access rules, said fourth set of login process rules different from said third set of login process rules, said second set of login process rules, and said first set of login process rules;
      
      fourth enforcing, by said software application, said fourth set of login process rules;
      
      presenting based on said fourth enforcing, by said software application, a third specified login procedure for said first user;
      
      receiving, by said software application, third login information from said first user in response to said third specified login procedure, said third login information comprising said identity for said first user;
      
      third authenticating, by said software application, said first user based on said third login information;
      
      determining, by said software application, said home domain associated with said first user, said home domain different from said second domain;
      
      retrieving, by said software application, a fifth set of login process rules from said data, said fifth set of login process rules associated with a combination of said second domain and said home domain, said fifth set of login process rules different from said fourth set of login process rules, said third set of login process rules, said second set of login process rules, and said first set of login process rules; and
      
      fifth enforcing, by said software application, said fifth set of login process rules;
      
      transmitting to said first user, by said software application, results of said fifth enforcing.
  - 5. The method of claim 1, wherein said third set of login process rules comprises a rule denying said first user from accessing said software application, and wherein said method further comprises:
    - denying based on said second enforcing, by said software application, said first user from accessing said software application.
  - 6. The method of claim 1, wherein said first domain comprises a first computer network, wherein said second domain comprises a second computer network, and wherein said first computer network is different from said second computer network.
  - 7. The method of claim 1, wherein said data comprises a user profile, and wherein said user profile comprises said third set of login process rules.

8. A computing system comprising a processor coupled to a computer-readable memory unit, said memory unit comprising data, a software application, and instructions that when executed by the processor implement an access method, said method comprising:
- receiving from a first user, by said software application, a first request for access to said software application;
  
  determining, by said software application, a first domain associated with a first current location of said first user, said first domain associated with a first set of login process rules and a first set of software application access rules;
  
  first enforcing, by said software application, said first set of login process rules;
  
  presenting based on said first enforcing, by said software application, a first specified login procedure for said first user;
  
  receiving, by said software application, first login information from said first user in response to said first specified login procedure, said first login information comprising an identity for said first user;
  
  first authenticating, by said software application, said first user based on said first login information;
  
  determining, by said software application, a home domain associated with said first user, said home domain associated with a second set of login process rules and a second set of software application access rules, said home domain different from said first domain, said home domain associated with said first user and a first entity, said first domain associated with a second entity, said first entity different from said second entity, said software application associated with said first entity and said second entity;
  
  retrieving, by said software application, a third set of login process rules from said data, said third set of login process rules associated with a combination of said first domain and said home domain, said third set of login process rules different from said second set of login process rules and said first set of login process rules; and
  
  second enforcing, by said software application, said third set of login process rules;
  
  transmitting to said first user, by said software application, results of said second enforcing.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computing system of claim 8, wherein said third set of login process rules comprises a rule specifying a second specified login procedure for said first user, and wherein said method further comprises:
    - presenting based on said second enforcing, by said software application, said second specified login procedure for said first user;
      
      receiving, by said software application, second login information from said first user in response to said second specified login procedure;
      
      second authenticating, by said software application, said first user in response to said second login information; and
      
      transmitting to said first user, by said software application, authentication data to said first user in response to said second authenticating.
  - 10. The computing system of claim 9, wherein said method further comprises:
    - retrieving, by said software application, a third set of software application access rules from said data, said third set of software application access rules associated with said combination of said first domain and said home domain, said third set of software application access rules different from said second set software application access rules and said first set of software application access rules;
      
      third enforcing, by said software application, said third set of software application access rules;
      
      determining, by said software application, a first set of sections of said software application that said first user is allowed to access, said determining said first set of sections based on said third enforcing;
      
      authorizing, by said software application, said first user to access first set of sections of said software application, said first set of sections of said software application associated with roles and authority to perform actions associated with said first set of sections of said software application; and
      
      transmitting to said first user, by said software application, authorization data associated with said authorizing in response to said authorizing.
  - 11. The computing system of claim 10, wherein said method further comprises:
    - receiving from said first user, by said software application, a command for disabling said access to said first set of sections of said software application;
      
      receiving from said first user, by a software application within a computing system, a second request for access to said software application;
      
      determining, by said software application, a second domain associated with a second current location of said first user, said second domain different from said first domain and said home domain, said second domain associated with a fourth set of login process rules and a fourth set of software application access rules, said fourth set of software application access rules different from said third set of software application access rules, said second set software application access rules, and said first set of software application access rules, said fourth set of login process rules different from said third set of login process rules, said second set of login process rules, and said first set of login process rules;
      
      fourth enforcing, by said software application, said fourth set of login process rules;
      
      presenting based on said fourth enforcing, by said software application, a third specified login procedure for said first user;
      
      receiving, by said software application, third login information from said first user in response to said third specified login procedure, said third login information comprising said identity for said first user;
      
      third authenticating, by said software application, said first user based on said third login information;
      
      determining, by said software application, said home domain associated with said first user, said home domain different from said second domain;
      
      retrieving, by said software application, a fifth set of login process rules from said data, said fifth set of login process rules associated with a combination of said second domain and said home domain, said fifth set of login process rules different from said fourth set of login process rules, said third set of login process rules, said second set of login process rules, and said first set of login process rules; and
      
      fifth enforcing, by said software application, said fifth set of login process rules;
      
      transmitting to said first user, by said software application, results of said fifth enforcing.
  - 12. The computing system of claim 8, wherein said third set of login process rules comprises a rule denying said first user from accessing said software application, and wherein said method further comprises:
    - denying based on said second enforcing, by said software application, said first user from accessing said software application.
  - 13. The computing system of claim 8, wherein said first domain comprises a first computer network, wherein said second domain comprises a second computer network, and wherein said first computer network is different from said second computer network.
  - 14. The computing system of claim 8, wherein said data comprises a user profile, and wherein said user profile comprises said third set of login process rules.

15. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable code in a computing system, wherein the code in combination with the computing system is capable of performing an access method, said method comprising:
- receiving from a first user, by a software application within said computing system, a first request for access to said software application, said computing system comprising a memory device, said memory device comprising data;
  
  determining, by said software application, a first domain associated with a first current location of said first user, said first domain associated with a first set of login process rules and a first set of software application access rules;
  
  first enforcing, by said software application, said first set of login process rules;
  
  presenting based on said first enforcing, by said software application, a first specified login procedure for said first user;
  
  receiving, by said software application, first login information from said first user in response to said first specified login procedure, said first login information comprising an identity for said first user;
  
  first authenticating, by said software application, said first user based on said first login information;
  
  determining, by said software application, a home domain associated with said first user, said home domain associated with a second set of login process rules and a second set of software application access rules, said home domain different from said first domain, said home domain associated with said first user and a first entity, said first domain associated with a second entity, said first entity different from said second entity, said software application associated with said first entity and said second entity;
  
  retrieving, by said software application, a third set of login process rules from said data, said third set of login process rules associated with a combination of said first domain and said home domain, said third set of login process rules different from said second set of login process rules and said first set of login process rules; and
  
  second enforcing, by said software application, said third set of login process rules;
  
  transmitting to said first user, by said software application, results of said second enforcing.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The process of claim 15, wherein said third set of login process rules comprises a rule specifying a second specified login procedure for said first user, and wherein said method further comprises:
    - presenting based on said second enforcing, by said software application, said second specified login procedure for said first user;
      
      receiving, by said software application, second login information from said first user in response to said second specified login procedure;
      
      second authenticating, by said software application, said first user in response to said second login information; and
      
      transmitting to said first user, by said software application, authentication data to said first user in response to said second authenticating.
  - 17. The process of claim 16, wherein said method further comprises:
    - retrieving, by said software application, a third set of software application access rules from said data, said third set of software application access rules associated with said combination of said first domain and said home domain, said third set of software application access rules different from said second set software application access rules and said first set of software application access rules;
      
      third enforcing, by said software application, said third set of software application access rules;
      
      determining, by said software application, a first set of sections of said software application that said first user is allowed to access, said determining said first set of sections based on said third enforcing;
      
      authorizing, by said software application, said first user to access first set of sections of said software application, said first set of sections of said software application associated with roles and authority to perform actions associated with said first set of sections of said software application; and
      
      transmitting to said first user, by said software application, authorization data associated with said authorizing in response to said authorizing.
  - 18. The process of claim 17, wherein said method further comprises:
    - receiving from said first user, by said software application, a command for disabling said access to said first set of sections of said software application;
      
      receiving from said first user, by a software application within a computing system, a second request for access to said software application;
      
      determining, by said software application, a second domain associated with a second current location of said first user, said second domain different from said first domain and said home domain, said second domain associated with a fourth set of login process rules and a fourth set of software application access rules, said fourth set of software application access rules different from said third set of software application access rules, said second set software application access rules, and said first set of software application access rules, said fourth set of login process rules different from said third set of login process rules, said second set of login process rules, and said first set of login process rules;
      
      fourth enforcing, by said software application, said fourth set of login process rules;
      
      presenting based on said fourth enforcing, by said software application, a third specified login procedure for said first user;
      
      receiving, by said software application, third login information from said first user in response to said third specified login procedure, said third login information comprising said identity for said first user;
      
      third authenticating, by said software application, said first user based on said third login information;
      
      determining, by said software application, said home domain associated with said first user, said home domain different from said second domain;
      
      retrieving, by said software application, a fifth set of login process rules from said data, said fifth set of login process rules associated with a combination of said second domain and said home domain, said fifth set of login process rules different from said fourth set of login process rules, said third set of login process rules, said second set of login process rules, and said first set of login process rules; and
      
      fifth enforcing, by said software application, said fifth set of login process rules;
      
      transmitting to said first user, by said software application, results of said fifth enforcing.
  - 19. The process of claim 15, wherein said third set of login process rules comprises a rule denying said first user from accessing said software application, and wherein said method further comprises:
    - denying based on said second enforcing, by said software application, said first user from accessing said software application.
  - 20. The process of claim 15, wherein said first domain comprises a first computer network, wherein said second domain comprises a second computer network, and wherein said first computer network is different from said second computer network.
  - 21. The process of claim 15, wherein said data comprises a user profile, and wherein said user profile comprises said third set of login process rules.

22. A computer program product, comprising a computer usable medium comprising data and a computer readable program code embodied therein, said computer readable program code adapted to implement an access within a computing system, said method comprising:
- receiving from a first user, by a software application within said computing system, a first request for access to said software application;
  
  determining, by said software application, a first domain associated with a first current location of said first user, said first domain associated with a first set of login process rules and a first set of software application access rules;
  
  first enforcing, by said software application, said first set of login process rules;
  
  presenting based on said first enforcing, by said software application, a first specified login procedure for said first user;
  
  receiving, by said software application, first login information from said first user in response to said first specified login procedure, said first login information comprising an identity for said first user;
  
  first authenticating, by said software application, said first user based on said first login information;
  
  determining, by said software application, a home domain associated with said first user, said home domain associated with a second set of login process rules and a second set of software application access rules, said home domain different from said first domain, said home domain associated with said first user and a first entity, said first domain associated with a second entity, said first entity different from said second entity, said software application associated with said first entity and said second entity;
  
  retrieving, by said software application, a third set of login process rules from said data, said third set of login process rules associated with a combination of said first domain and said home domain, said third set of login process rules different from said second set of login process rules and said first set of login process rules; and
  
  second enforcing, by said software application, said third set of login process rules;
  
  transmitting to said first user, by said software application, results of said second enforcing.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The computer program product of claim 22, wherein said third set of login process rules comprises a rule specifying a second specified login procedure for said first user, and wherein said method further comprises:
    - presenting based on said second enforcing, by said software application, said second specified login procedure for said first user;
      
      receiving, by said software application, second login information from said first user in response to said second specified login procedure;
      
      second authenticating, by said software application, said first user in response to said second login information; and
      
      transmitting to said first user, by said software application, authentication data to said first user in response to said second authenticating.
  - 24. The computer program product of claim 23, wherein said method further comprises:
    - retrieving, by said software application, a third set of software application access rules from said data, said third set of software application access rules associated with said combination of said first domain and said home domain, said third set of software application access rules different from said second set software application access rules and said first set of software application access rules;
      
      third enforcing, by said software application, said third set of software application access rules;
      
      determining, by said software application, a first set of sections of said software application that said first user is allowed to access, said determining said first set of sections based on said third enforcing;
      
      authorizing, by said software application, said first user to access first set of sections of said software application, said first set of sections of said software application associated with roles and authority to perform actions associated with said first set of sections of said software application; and
      
      transmitting to said first user, by said software application, authorization data associated with said authorizing in response to said authorizing.
  - 25. The computer program product of claim 24, wherein said method further comprises:
    - receiving from said first user, by said software application, a command for disabling said access to said first set of sections of said software application;
      
      receiving from said first user, by a software application within a computing system, a second request for access to said software application;
      
      determining, by said software application, a second domain associated with a second current location of said first user, said second domain different from said first domain and said home domain, said second domain associated with a fourth set of login process rules and a fourth set of software application access rules, said fourth set of software application access rules different from said third set of software application access rules, said second set software application access rules, and said first set of software application access rules, said fourth set of login process rules different from said third set of login process rules, said second set of login process rules, and said first set of login process rules;
      
      fourth enforcing, by said software application, said fourth set of login process rules;
      
      presenting based on said fourth enforcing, by said software application, a third specified login procedure for said first user;
      
      receiving, by said software application, third login information from said first user in response to said third specified login procedure, said third login information comprising said identity for said first user;
      
      third authenticating, by said software application, said first user based on said third login information;
      
      determining, by said software application, said home domain associated with said first user, said home domain different from said second domain;
      
      retrieving, by said software application, a fifth set of login process rules from said data, said fifth set of login process rules associated with a combination of said second domain and said home domain, said fifth set of login process rules different from said fourth set of login process rules, said third set of login process rules, said second set of login process rules, and said first set of login process rules; and
      
      fifth enforcing, by said software application, said fifth set of login process rules;
      
      transmitting to said first user, by said software application, results of said fifth enforcing.
  - 26. The computer program product of claim 22, wherein said third set of login process rules comprises a rule denying said first user from accessing said software application, and wherein said method further comprises:
    - denying based on said second enforcing, by said software application, said first user from accessing said software application.
  - 27. The computer program product of claim 22, wherein said first domain comprises a first computer network, wherein said second domain comprises a second computer network, and wherein said first computer network is different from said second computer network.
  - 28. The computer program product of claim 22, wherein said data comprises a user profile, and wherein said user profile comprises said third set of login process rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Subbiah, Sugantha, Krishnan, Jayshree, Tago, Victor S., Chandrasekhar, Ashok, Shetty, Sridhar

Granted Patent

US 7,987,516 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/0815 providing single-sign-on or...

SOFTWARE APPLICATION ACCESS METHOD AND SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

SOFTWARE APPLICATION ACCESS METHOD AND SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others