Method and system for providing a user access to multiple secured subsystems

US 5,604,490 A
Filed: 09/09/1994
Issued: 02/18/1997
Est. Priority Date: 09/09/1994
Status: Expired due to Term

First Claim

Patent Images

1. In a computer networking system having a server coupled to a plurality of clients, wherein each of said plurality of clients has access to a plurality of program procedures, accessed through said server, each said program procedure having a security protocol required for access, unique to each user of each of said plurality of clients, a method for unifying said security protocols for each user based on unique user credentials comprising the steps of:

upon request to start a program procedure by said user, authenticating the identity of said user based on information unique to said user;

generating a user handle associated with said user;

notifying each of said security protocols of said user handle associated with said user;

generating new user credentials for each of said security protocol;

associating said new user credentials with said user handle associated with said user;

mapping said user handle to said unique user'"'"'s credentials for each program procedure;

generating an alternate process;

tagging said alternate process with said user handle associated with said user;

upon request from said alternate process for access to an object accessed through said server, granting access to said object based on said new user credentials associated with said user handle.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improvement relating to the security of an operating system for either a stand alone computer system or for a networked computer system. The operating system provides improved security for programs available on the computer system having different security protocols. The operating system unifies these security protocols for each user based on unique user credentials. The system operates, upon request to start a program procedure by the user, to authenticate the identity of the user based on information unique to that user. Following which, the system generates a user handle associated with the user. The system then notifies each of the security protocols of the user handle associated with the user. The system then generates new user credentials for each of the security protocols. These user credentials are associated with the user handle and then the user handle is mapped to the unique user'"'"'s credentials for each program procedure. Once this is accomplished, the system invokes an alternate process and tags the process with the user handle. Once a request from the alternate process for access to an object accessed through the server is requested, the system then grants access to the object based on the new user credentials associated with the user handle. The new user credentials are typically based on an association of the user identifier, the user handle, and the unique user credentials from before.

Citations

26 Claims

1. In a computer networking system having a server coupled to a plurality of clients, wherein each of said plurality of clients has access to a plurality of program procedures, accessed through said server, each said program procedure having a security protocol required for access, unique to each user of each of said plurality of clients, a method for unifying said security protocols for each user based on unique user credentials comprising the steps of:
- upon request to start a program procedure by said user, authenticating the identity of said user based on information unique to said user;
  
  generating a user handle associated with said user;
  
  notifying each of said security protocols of said user handle associated with said user;
  
  generating new user credentials for each of said security protocol;
  
  associating said new user credentials with said user handle associated with said user;
  
  mapping said user handle to said unique user'"'"'s credentials for each program procedure;
  
  generating an alternate process;
  
  tagging said alternate process with said user handle associated with said user;
  
  upon request from said alternate process for access to an object accessed through said server, granting access to said object based on said new user credentials associated with said user handle.
- View Dependent Claims (2, 3, 4)
- - 2. The method according to claim 1 wherein said user handle associates with said user via a user identifier.
  - 3. The method according to claim 2 wherein said new user credentials is based on the association of said user identifier, said user handle, and said unique user credentials.
  - 4. The method according to claim 1 wherein said alternate process acts in behalf of said user.

5. In a computer system having a plurality of program procedures, accessed through a server, each said program procedure having a security protocol required for access, unique to each user of each of said plurality of program procedures, a method for unifying said security protocols for each user based on unique user credentials comprising the steps of:
- upon request to start a program procedure by said user, authenticating the identity of said user based on information unique to said user;
  
  generating a user handle associated with said user;
  
  notifying each of said security protocols of said user handle associated with said user;
  
  generating new user credentials for each of said security protocol;
  
  associating said new user credentials with said user handle associated with said user;
  
  mapping said user handle to said unique user'"'"'s credentials for each program procedure;
  
  generating an alternate process;
  
  tagging said alternate process with said user handle associated with said user;
  
  upon request from said alternate process for access to an object accessed through said server, granting access to said object based on said new user credentials associated with said user handle.
- View Dependent Claims (6, 7, 8)
- - 6. The method according to claim 5 wherein said user handle associates with said user via a user identifier.
  - 7. The method according to claim 6 wherein said new user credentials is based on the association of said user identifier, said user handle, and said unique user credentials.
  - 8. The method according to claim 5 wherein said alternate process acts in behalf of said user.

9. In a computer system having a plurality of program procedures, accessed through a server, each said program procedure having a security protocol required for access, unique to each user of each of said plurality of program procedures, a security system for unifying said security protocols for each user based on unique user credentials comprising:
- means for authenticating the identity of said user based on information unique to said user;
  
  means, coupled to said authenticating means, for generating a user handle associated with said user;
  
  means, coupled to said generating means, for notifying each of said security protocols of said user handle associated with said user;
  
  means, coupled to said authenticating means, for generating new user credentials for each of said security protocol;
  
  means, coupled to said new user credentials generating means, for associating said new user credentials with said user handle associated with said user;
  
  means, coupled to said associating means, for mapping said user handle to said unique user'"'"'s credentials for each program procedure;
  
  means, coupled to said mapping means, for generating an alternate process;
  
  means, coupled to said alternate process generating means, for tagging said alternate process with said user handle associated with said user;
  
  means, coupled to said tagging means, for granting access to said object based on said new user credentials associated with said user handle.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system according to claim 9 wherein said user handle associates with said user via a user identifier.
  - 11. The system according to claim 10 wherein said new user credentials is based on the association of said user identifier, said user handle, and said unique user credentials.
  - 12. The system according to claim 9 wherein said alternate process acts in behalf of said user.
  - 13. The system according to claim 9 wherein said granting means acts upon request from said alternate process for access to an object accessed through said server.

14. In a computer networking system having a server coupled to a plurality of clients, wherein each of said plurality of clients has access to a plurality of program procedures accessed through said server, each said program procedure having a security protocol required for access, unique to each user of each of said plurality of clients, a method for unifying said security protocols for each user based on unique user credentials comprising the steps of:
- authenticating the identity of said user based on information unique to said user;
  
  generating a user handle associated with said user;
  
  notifying each of said security protocols of said user handle associated with said user;
  
  generating new user credentials for each of said security protocols;
  
  associating said new user credentials with said user handle associated with said user;
  
  mapping said user handle to said unique user'"'"'s credentials for each program procedure; and
  
  providing access to a requested program to a user base upon the mapping of said user handle to said unique user'"'"'s credentials, said step of providing access to a requested program further comprising the steps of;
  
  generating an alternate process;
  
  tagging said alternate process with said user handle associated with said user; and
  
  generating access to said object.
- View Dependent Claims (15, 16)
- - 15. The method according to claim 14 wherein said user handle associates with said user via a user identifier.
  - 16. The method according to claim 15 wherein said user credentials are based on the association of said user identifier, said user handle, and said unique user credentials.

17. In a computer networking system having a server coupled to a plurality of clients, wherein each of said plurality of clients has access to a plurality of program procedures accessed through said server, each said program procedure having a security protocol required for access, unique to each user of each of said plurality of clients, a method for unifying said security protocols for each user based on unique user credentials comprising the steps of:
- authenticating the identity of said user based on information unique to said user;
  
  generating a user handle associated with said user;
  
  notifying each of said security protocols of said user handle associated with said user;
  
  generating new user credentials for each of said security protocols;
  
  associating said new user credentials with said user handle associated with said user;
  
  mapping said user handle to said unique user'"'"'s credentials for each program procedure; and
  
  generating an alternate process based on the mapping of said user handle to said unique user'"'"'s credentials for each program procedure, wherein said user handle associates with said user via a user identifier.

18. In a computer system having a plurality of program procedures, accessed through a server, each said program procedure having a security protocol required for access, unique to each user of each of said plurality of program procedures, a method for unifying said security protocols for each user based on unique user credentials comprising the steps of:
- authenticating the identity of said user based on information unique to said user;
  
  generating a user handle associated with said user;
  
  notifying each of said security protocols of said user handle associated with said user;
  
  generating new user credentials for each of said security protocol;
  
  associating said new user credentials with said user handle associated with said user;
  
  mapping said user handle to said unique user'"'"'s credentials for each program procedure; and
  
  providing access to a requested program to a user based upon the mapping of said user handle to said unique user'"'"'s credentials, wherein this step further comprises the steps of;
  
  generating an alternate process;
  
  tagging said alternate process with said user handle associated with said user; and
  
  granting access to said object.
- View Dependent Claims (19, 20, 21)
- - 19. The method according to claim 18 wherein said user handle associates with said user via a user identifier.
  - 20. The method according to claim 19 wherein said new user credentials is based on the association of said user identifier, said user handle, and said unique user credentials.
  - 21. The method according to claim 18 wherein said alternate process acts in behalf of said user.

22. In a computer system having a plurality of program procedures, accessed through a server, each said program procedure having a security protocol required for access, unique to each user of each of said plurality of program procedures, a security system for unifying said security protocols for each user based on unique user credentials comprising:
- means for authenticating the identity of said user based on information unique to said user;
  
  means, coupled to said authenticating means, for generating a user handle associated with said user;
  
  means, coupled to said generating means, for notifying each of said security protocols of said user handle associated with said user;
  
  means, coupled to said authenticating means, for generating new user credentials for each of said security protocol;
  
  means, coupled to said new user credentials generating means, for associating said new user credentials with said user handle associated with said user;
  
  means, coupled to said associating means, for mapping said user handle to said unique user'"'"'s credentials for each program procedure; and
  
  means for providing access to a program using selected results from said mapping of said user handle to said unique user'"'"'s credentials, said means for providing access further comprising;
  
  means, coupled to said mapping means for generating an alternate process;
  
  means, coupled to said alternate process generating means, for tagging said alternate process with said user handle associated with said user; and
  
  means, coupled to said tagging means, for granting access to said object.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The system according to claim 22 wherein said user handle associates with said user via a user identifier.
  - 24. The system according to claim 23 wherein said new user credentials are based on the association of said user identifier, said user handle, and said unique user credentials.
  - 25. The system according to claim 22 wherein said alternate process acts in behalf of said user.
  - 26. The system according to claim 22 wherein said granting means acts on request from said alternate process for access to an object accessed through said server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Blakley, George R. III, Milman, Ivan M., Wilson, John H., Hickerson, L. Brooks, Scheer, Douglas B., Gittins, Robert S.
Primary Examiner(s)
Horabik, Michael
Assistant Examiner(s)
WILSON JR, WILLIAM HALL

Application Number

US08/304,325
Time in Patent Office

893 Days
Field of Search

340/825.31, 340/825.34, 395/725, 395/425, 395/186, 395/187.01, 395/188.01, 364/200, 364/DIG. 1
US Class Current

726/5
CPC Class Codes

G06F 21/41 where a single sign-on prov...

G06F 21/6236 between heterogeneous systems

Method and system for providing a user access to multiple secured subsystems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing a user access to multiple secured subsystems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links