Authentication enforcement at resource level

US 20090025068A1
Filed: 11/28/2007
Published: 01/22/2009
Est. Priority Date: 07/17/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

providing authentication enforcement at resource level by;

specifying at design time at least one authentication key for at least one data storage unit of a resource;

receiving at a server a request from a requester through a client to access the resource; and

enforcing authentication of the requester through the at least one authentication key at the at least one data storage unit of the resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present description refers in particular to a computer-implemented method, a computer system, and a computer program product. The method may comprise providing authentication enforcement at resource level by specifying at design time at least one authentication key for at least one data storage unit of a resource. A request may be received at a server from a requester through a client to access the resource. Authentication of the requester may be enforced through the at least one authentication key at the at least one data storage unit of the resource.

16 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- providing authentication enforcement at resource level by;
  
  specifying at design time at least one authentication key for at least one data storage unit of a resource;
  
  receiving at a server a request from a requester through a client to access the resource; and
  
  enforcing authentication of the requester through the at least one authentication key at the at least one data storage unit of the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19)
- - 2. The method according to claim 1, wherein enforcing authentication of the requester further comprises:
    - propagating the at least one authentication key through at least one cross-reference between the at least one data storage unit and at least one further data storage unit.
  - 3. The method according to claim 2, wherein the at least one cross-reference is at least one referential integrity constraint between the data storage unit and the at least one further data storage unit.
  - 4. The method according claim 1 further comprising:
    - monitoring the at least one authentication key by at least one trigger.
  - 5. The method according to claim 4 further comprising:
    - the at least one trigger obliging the requester to provide at least one credential represented by the at least one authentication key.
  - 6. The method according to claim 1, wherein enforcing is performed by enforcing the at least one authentication key through at least one trigger operation.
  - 7. The method according to claim 6, wherein enforcing the at least one authentication key through the at least one trigger operation is performed prior to an insert, update, and/or delete operation performed on the at least one data storage unit.
  - 8. The method according to claim 1, wherein enforcing is performed by enforcing the at least one authentication key through a database management system.
  - 9. The method according to claim 1 further comprising:
    - invoking a rollback operation in case of an authentication failure.
  - 19. The system according to claim 2, wherein the authentication mechanism is further operable to:
    - enforce the at least one authentication key through a database management system.

10. A computer program product comprising computer readable instructions, which when loaded and run in a computer and/or computer network system, causes the computer system and/or the computer network system to perform operations including:
- specifying at design time at least one authentication key for at least one data storage unit of a resource;
  
  receiving at a server a request from a requester through a client to access the resource; and
  
  enforcing authentication of the requester through the at least one authentication key at the at least one data storage unit of the resource.

11. Machine readable medium embodying instructions, which when executed by a machine, cause the machine to perform a method comprising:
- specifying at design time at least one authentication key for at least one data storage unit of a resource;
  
  receiving at a server a request from a requester through a client to access the resource; and
  
  enforcing authentication of the requester through the at least one authentication key at the at least one data storage unit of the resource.

12. A computer system comprising:
- an authentication mechanism for authentication enforcement at resource level, operable to;
  
  specify at design time at least one authentication key forat least one data storage unit of a resource;
  
  receive at a server a request from a requester through a client to access the resource; and
  
  enforce authentication of the requester through the at least one authentication key at the at least one data storage unit of the resource.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 20)
- - 13. The system according to claim 12, wherein the authentication mechanism is further operable to enforce authentication by:
    - propagating the at least one authentication key through at least one cross-reference between the at least one data storage unit and at least one further data storage unit.
  - 14. The system according to claim 13, wherein the at least one cross-reference is at least one referential integrity constraint between the data storage unit and the at least one further data storage unit.
  - 15. The system according to claim 12, wherein the authentication mechanism is further operable to:
    - monitor the at least one authentication key by at least one trigger.
  - 16. The system according to claim 15, wherein the at least one trigger is operable to:
    - oblige the requester to provide at least one credential represented by the at least one authentication key.
  - 17. The system according to claim 12, wherein the authentication mechanism is further operable to:
    - enforce the at least one authentication key through at least one trigger operation.
  - 18. The system according to claim 17, wherein the at least one trigger is operable to enforce the at least one authentication key prior to an insert, update, and/or delete operation performed on the at least one data storage unit.
  - 20. The system according to claim 12, wherein the authentication mechanism is further operable to:
    - invoke a rollback operation in case of an authentication failure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Ulmer, Cedric S.P., Benameur, Azzedine, Khoury, Paul El

Granted Patent

US 8,640,208 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/31 User authentication

G06F 21/6227 where protection concerns t...

Authentication enforcement at resource level

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication enforcement at resource level

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links