Multiple Server Access Management

US 20110252459A1
Filed: 04/12/2011
Published: 10/13/2011
Est. Priority Date: 04/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising a plurality of steps each performed by hardware executing software, wherein the steps include:

receiving an access request for a target computer from a client computer, wherein the access request comprises a digital certificate belonging to a user;

verifying the identity of the user by validating the digital certificate;

receiving access privileges for the user from a policy database, wherein the access privileges contain one or more access attributes;

evaluating the access request based the one or more access attributes; and

granting the user access to the target computer if all of the one or more access attributes are satisfied.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access management system receives an access request for a target computer from a client computer. The access request comprises a digital certificate belonging to a user. The access management system verifies the identity of the user by validating the digital certificate. When so verified, the user receives access privileges from a policy database. The access privileges contain one or more access attributes. The access management system evaluates the access request based the one or more access attributes and grants the user access to the target computer if all the one or more access attributes are satisfied.

Citations

7 Claims

1. A method comprising a plurality of steps each performed by hardware executing software, wherein the steps include:
- receiving an access request for a target computer from a client computer, wherein the access request comprises a digital certificate belonging to a user;
  
  verifying the identity of the user by validating the digital certificate;
  
  receiving access privileges for the user from a policy database, wherein the access privileges contain one or more access attributes;
  
  evaluating the access request based the one or more access attributes; and
  
  granting the user access to the target computer if all of the one or more access attributes are satisfied.
- View Dependent Claims (2)
- - 2. A non-transitory computer readable medium comprising instructions which, when executed by a computing apparatus, performs the method of claim 1.

3. Any computer implemented method of establishing direct authentication with a server by a Secure Shell (SSH) connection with a user'"'"'s public key without an impersonation, wherein a direct identification of the user is centrally validated and tracked by using the user'"'"'s public keys when combined with a centralized policy database.
- View Dependent Claims (4, 5)
- - 4. The method as defined in claim 3, wherein the establishment of the direct authentication further comprises the steps of:
    - retrieving policies from the centralized policy databaseusing a private key of the user to generate a digital certificate;
      
      making a request, with the generated digital certificate, using SSH for a resource on a target server;
      
      if the user'"'"'s identity can be validated by using policies retrieved from the centralized policy, then authorizing the user to use the resource on the target server.
  - 5. A non-transitory computer readable medium comprising instructions which, when executed by a computing apparatus, performs the method of claim 3.

6. A method comprising a plurality of steps each performed by hardware executing software, wherein the steps include:
- receiving, from a client computer, an access request to an access management system, wherein the access request is for a target computer and includes a digital certificate belonging to a user;
  
  upon verifying, with the access management system, the identity of the user by validating the digital certificate, granting the user privileges from a policy database, wherein the access privileges from the policy database contain one or more access attributes;
  
  evaluating, by the access management, the access request using the one or more access attributes; and
  
  upon a successful evaluation such that each of the access attributes is satisfied, granting, by the access management system, the user access to the target computer.
- View Dependent Claims (7)
- - 7. A non-transitory computer readable medium comprising instructions which, when executed by a computing apparatus, performs the method of claim 6.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa USA, Inc. (Visa, Inc.)
Original Assignee
Visa USA, Inc. (Visa, Inc.)
Inventors
Goel, Varun, Walsh, Robert E.

Application Number

US13/085,127
Publication Number

US 20110252459A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0823   using certificates cryptogr...

H04L 63/168   above the transport layer

H04L 63/20   for managing network securi...

H04L 9/3263   involving certificates, e.g...

Multiple Server Access Management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Multiple Server Access Management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links