ACCESS SYSTEM INTERFACE

US 20090106433A1
Filed: 10/22/2008
Published: 04/23/2009
Est. Priority Date: 02/26/2001
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a network;

a client communicatively coupled with the network;

an access control device communicatively coupled with the network, wherein the access control device receives requests for a resource of the network from the client and controls access to the resource by the client based on one or more access rules; and

an administration server communicatively coupled with the network, wherein the administration server manages the one or more access rules

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access system provides identity management and/or access management services for a network. An application program interface for the access system enables an application without a web agent front end to read and use contents of an existing encrypted cookie to bypass authentication and proceed to authorization. A web agent is a component (usually software, but can be hardware or a combination of hardware and software) that plugs into (or otherwise integrates with) a web server (or equivalent) in order to participate in providing access services.

Citations

29 Claims

1. A system comprising:
- a network;
  
  a client communicatively coupled with the network;
  
  an access control device communicatively coupled with the network, wherein the access control device receives requests for a resource of the network from the client and controls access to the resource by the client based on one or more access rules; and
  
  an administration server communicatively coupled with the network, wherein the administration server manages the one or more access rules
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, further comprising an access server communicatively coupled with the access control device the access server providing authentication and authorization services.
  - 3. The system of claim 2, wherein the access control device, in response to receiving a request for a resource of the network from the client, requests authentication of a user of the client from the access server.
  - 4. The system of claim 3, wherein the access control device, in response to receiving an indication of authentication of the user, authorizes access to a requested resource based on an access rule for the user.
  - 5. The system of claim 4, wherein the access rule defines access for a group of users and authorizing access of the user is based the access rule and group membership of the user.
  - 6. The system of claim 5, wherein authorization of the user is based on the access rule and a role of the user.
  - 7. The system of claim 1, wherein the administration server provides a graphical user interface for managing the one or more access rules.
  - 8. The system of claim 1, wherein the resource comprises a network.
  - 9. The system of claim 3, further comprising a directory server, the directory server maintaining user information.
  - 10. The system of claim 9, wherein the access server authenticates the user based on the user information of the directory server.
  - 11. The system of claim 10, wherein the directory server comprises and LDAP server.
  - 12. The system of claim 3, wherein the access control device selects an authentication method from a plurality of authentication methods based on the request for the resource.
  - 13. The system of claim 3, wherein the access control device, in response to receiving the request for a resource of the network from the client, requests authentication of the user of the client from the access server by redirecting the client to a preferred host domain.
  - 14. The system of claim 13, wherein the access control device, prior to redirecting the client to the preferred host domain, confirms a prior authentication of the user of the client by the preferred host domain.
  - 15. The system of claim 14, wherein the access control device receives from the access server an indication of authentication of the user of the client based on an authentication method of the preferred host domain.

16. A system comprising:
- a network;
  
  a client communicatively coupled with the network;
  
  an access server communicatively coupled with the network, the access server providing authentication and authorization services;
  
  an access control device communicatively coupled with the network, wherein the access control device receives requests for a resource of the network from the client, requests authentication of a user of the client from the access server, and controls access to the resource by the client based on authentication of the user by the access server and one or more access rules; and
  
  an administration server communicatively coupled with the network, wherein the administration server manages the one or more access rules.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The system of claim 16, further comprising a directory server, the directory server maintaining user information.
  - 18. The system of claim 17, wherein the access server authenticates the user based on the user information of the directory server.
  - 19. The system of claim 17, wherein the directory server comprises and LDAP server.
  - 20. The system of claim 16, wherein the access control device selects an authentication method from a plurality of authentication methods based on the request for the resource.
  - 21. The system of claim 16, wherein the access control device, in response to receiving the request for a resource of the network from the client, requests authentication of the user of the client from the access server by redirecting the client to a preferred host domain.
  - 22. The system of claim 21, wherein the access control device, prior to redirecting the client to the preferred host domain, confirms a prior authentication of the user of the client by the preferred host domain.
  - 23. The system of claim 22, wherein the access control device receives from the access server an indication of authentication of the user of the client based on an authentication method of the preferred host domain.

24. An access control device comprising:
- a processor; and
  
  a memory having stored therein instructions which, when executed by the processor, cause the processor to receive requests for a resource of the network, request authentication of a user making the request from an access server, and control access to the resource by the user based on authentication of the user and one or more access rules, wherein the access rules are managed by an administration server.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The access control device of claim 24, wherein the access control device selects an authentication method from a plurality of authentication methods based on the request for the resource.
  - 26. The access control device of claim 24, wherein the access control device, in response to receiving the request for a resource of the network from the client, requests authentication of the user of the client from the access server by redirecting the client to a preferred host domain.
  - 27. The access control device of claim 26, wherein the access control device, prior to redirecting the client to the preferred host domain, confirms a prior authentication of the user of the client by the preferred host domain.
  - 28. The access control device of claim 27, wherein the access control device receives from the access server an indication of authentication of the user of the client based on an authentication method of the preferred host domain.

29. A method for controlling access to one or more network resources, the method comprising:
- receiving a request for access to the network resource;
  
  requesting authentication of a user making the request from an access server;
  
  receiving from the access server an indication of authentication of the user; and
  
  determining whether to allow the requested access based on the indication of authentication of the user and one or more access rules, wherein the one or more access rules are managed by an administration server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Knouse, Charles W., Gupta, Minoo

Granted Patent

US 8,935,418 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 67/14   Session management for real...

H04L 67/142   Managing session states for...

H04L 67/146   Markers for unambiguous ide...

ACCESS SYSTEM INTERFACE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS SYSTEM INTERFACE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links