SYSTEM AND METHOD FOR SELECTIVE AUTHENTICATION WHEN ACQUIRING A ROLE
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving a role request for a user of a computer system, wherein the role request corresponds to a role which is selected from a plurality of roles previously established on the computer system, and wherein each of the plurality of roles corresponds to one or more functions performed by the computer system;
retrieving an authentication mode corresponding to the role request, wherein the retrieved authentication mode either indicates a role-based authentication requirement or a user-based authentication requirement;
in response to the retrieved authentication mode indicating the role-based authentication requirement;
receiving a role-based authentication token from the user;
granting the user access to the requested role in response to the received role-based authentication token matching an expected role-based authentication token; and
denying the user access to the requested role in response to the received role-based authentication token not matching the expected role-based authentication token; and
in response to the retrieved authentication mode indicating the user-based authentication requirement;
receiving a user-based authentication token from the user;
granting the user access to the requested role in response to the received user-based authentication token matching an expected user-based authentication token; and
denying the user access to the requested role in response to the received user-based authentication token not matching the expected user-based authentication token.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, and program product is provided that provides authentication on a per-role basis in a Role-Based Access Control (RBAC) environment. When a user attempts to acquire a role, the improved RBAC system determines whether (a) no authentication is required (e.g., for a non-sensitive role such as accessing a company'"'"'s product catalog), (b) a user-based authentication (e.g., password) is required, or (c) a role-based authentication (e.g., role-specific password is required).
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
receiving a role request for a user of a computer system, wherein the role request corresponds to a role which is selected from a plurality of roles previously established on the computer system, and wherein each of the plurality of roles corresponds to one or more functions performed by the computer system; retrieving an authentication mode corresponding to the role request, wherein the retrieved authentication mode either indicates a role-based authentication requirement or a user-based authentication requirement; in response to the retrieved authentication mode indicating the role-based authentication requirement; receiving a role-based authentication token from the user; granting the user access to the requested role in response to the received role-based authentication token matching an expected role-based authentication token; and denying the user access to the requested role in response to the received role-based authentication token not matching the expected role-based authentication token; and in response to the retrieved authentication mode indicating the user-based authentication requirement; receiving a user-based authentication token from the user; granting the user access to the requested role in response to the received user-based authentication token matching an expected user-based authentication token; and denying the user access to the requested role in response to the received user-based authentication token not matching the expected user-based authentication token. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A information handling system comprising:
-
one or more processors; a memory accessible by at least one of the processors; a nonvolatile storage area accessible by at least one of the processors; a set of instructions stored in the memory and executed by at least one of the processors in order to perform actions of; receiving a role request for a user of a computer system, wherein the role request corresponds to a role which is selected from a plurality of roles previously established on the computer system, and wherein each of the plurality of roles corresponds to one or more functions performed by the computer system; retrieving an authentication mode corresponding to the role request, wherein the retrieved authentication mode either indicates a role-based authentication requirement or a user-based authentication requirement; in response to the retrieved authentication mode indicating the role-based authentication requirement; receiving a role-based authentication token from the user; granting the user access to the requested role in response to the received role-based authentication token matching an expected role-based authentication token; and denying the user access to the requested role in response to the received role-based authentication token not matching the expected role-based authentication token; and in response to the retrieved authentication mode indicating the user-based authentication requirement; receiving a user-based authentication token from the user; granting the user access to the requested role in response to the received user-based authentication token matching an expected user-based authentication token; and denying the user access to the requested role in response to the received user-based authentication token not matching the expected user-based authentication token. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer program product stored in a computer readable medium, comprising functional descriptive material that, when executed by an information handling system, causes the information handling system to perform actions comprising:
-
receiving a role request for a user of a computer system, wherein the role request corresponds to a role which is selected from a plurality of roles previously established on the computer system, and wherein each of the plurality of roles corresponds to one or more functions performed by the computer system; retrieving an authentication mode corresponding to the role request, wherein the retrieved authentication mode either indicates a role-based authentication requirement or a user-based authentication requirement; in response to the retrieved authentication mode indicating the role-based authentication requirement; receiving a role-based authentication token from the user; granting the user access to the requested role in response to the received role-based authentication token matching an expected role-based authentication token; and denying the user access to the requested role in response to the received role-based authentication token not matching the expected role-based authentication token; and in response to the retrieved authentication mode indicating the user-based authentication requirement; receiving a user-based authentication token from the user; granting the user access to the requested role in response to the received user-based authentication token matching an expected user-based authentication token; and denying the user access to the requested role in response to the received user-based authentication token not matching the expected user-based authentication token. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification