Method and system for authenticating and auditing access by a user to non-natively secured applications

US 5,748,890 A
Filed: 12/23/1996
Issued: 05/05/1998
Est. Priority Date: 12/23/1996
Status: Expired due to Term

First Claim

Patent Images

1. For use in cooperation with an operating system having a native security system, a method for authenticating and auditing access by a user to non-natively secured applications, comprising:

assigning a profile to the user to define the access rights to the non-natively secured applications;

providing at least one datastore in communication with the operating system for storing the user'"'"'s profile and account data relating to each of the non-natively secured applications, including an access control list defining authorized users and a set of pooled accounts authenticated for access to the respective non-natively secured application;

generating a call from a launcher application to the native security system or an extension thereof in response to a request by the user to access a selected non-natively secured application;

determining if the user is permitted access to the selected non-natively secured application;

requesting an account from the set of pooled accounts in response to a determination that the user is permitted access to the selected non-natively secured application;

determining if an account is available from the set of pooled accounts;

assigning an account to the user in response to a determination that an account is available from the set of pooled accounts, the assigned account operative as the user'"'"'s virtual identity to the selected non-natively secured application;

forwarding account data to the launcher application; and

generating an audit record to map the user to the assigned account.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for authenticating access by a user to non-natively secured applications intended for use in cooperation with an operating system having a native security system. A profile is assigned to the user which defines the user'"'"'s access rights to the non-natively secured applications. At least one datastore is provided in communication with the operating system for storing the user'"'"'s profile relating to each of the non-natively secured applications, including an access control list defining authorized users and a set of pooled accounts authenticated for access to the respective non-natively secured application. The user'"'"'s profile is compared with the access control list for the selected non-natively secured application to determine if a user is valid for the request. If the user is valid for the request, an available account is assigned to the user as the user'"'"'s virtual identity, account data is forwarded to a launcher application, and a audit record is written to map the user to the assigned account and thus the non-natively secured application.

211 Citations

20 Claims

1. For use in cooperation with an operating system having a native security system, a method for authenticating and auditing access by a user to non-natively secured applications, comprising:
- assigning a profile to the user to define the access rights to the non-natively secured applications;
  
  providing at least one datastore in communication with the operating system for storing the user'"'"'s profile and account data relating to each of the non-natively secured applications, including an access control list defining authorized users and a set of pooled accounts authenticated for access to the respective non-natively secured application;
  
  generating a call from a launcher application to the native security system or an extension thereof in response to a request by the user to access a selected non-natively secured application;
  
  determining if the user is permitted access to the selected non-natively secured application;
  
  requesting an account from the set of pooled accounts in response to a determination that the user is permitted access to the selected non-natively secured application;
  
  determining if an account is available from the set of pooled accounts;
  
  assigning an account to the user in response to a determination that an account is available from the set of pooled accounts, the assigned account operative as the user'"'"'s virtual identity to the selected non-natively secured application;
  
  forwarding account data to the launcher application; and
  
  generating an audit record to map the user to the assigned account.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method as in claim 1, wherein the step of determining if the user is permitted access to the selected non-natively secured application comprises comparing the user'"'"'s access rights with the access control list for the selected non-natively secured application.
  - 3. A method as in claim 2, wherein the user profile includes a set of assigned roles and the access control list for each of the non-natively secured applications includes authorized user roles.
  - 4. A method as in claim 3, wherein the step of determining if the user is permitted access to the selected non-natively secured application includes comparing the user'"'"'s assigned roles with the authorized roles for the selected non-natively secured application to determine if at least one assigned role is valid for the request.
  - 5. A method as in claim 4, further comprising decrypting the received account data negotiating a session on behalf of the user at the selected non-natively secured application.
  - 6. A method as in claim 2, wherein the user profile includes the user'"'"'s identity and the account data includes a set of authorized identities.
  - 7. A method as in claim 6, wherein the step of determining if the user is permitted access to the selected non-natively secured application includes comparing the user'"'"'s identity with the authorized identities for the selected non-natively secured application to determine if the user is valid for the request.
  - 8. A method as in claim 1, further comprising:
    - identifying to the operating system an account type to request from the datastore in response to the determination that the user is permitted access to the selected non-natively secured application; and
      
      sending the identified account type to the native security system or an extension thereof.
  - 9. A method as in claim 1, wherein the operating system is Microsoft Windows®
    - NT 4.0.
  - 10. A method as in claim 1, wherein the account data forwarded to the launcher application in response to a determination that an account is available is sent in encrypted format.
  - 11. A method as in claim 1, further comprising discontinuing processing, notifying the user of a failure, and writing an inappropriate request record to a security log in response to a determination that a user is not permitted access to the selected non-natively secured application.
  - 12. A method as in claim 1, further comprising notifying the user of a failure and sending an alarm signal to an administrative monitoring platform in response to a determination that an account is not available from the pool.

13. For use in cooperation with an operating system having a native security system, a system for authenticating and auditing access by a user to non-natively secured applications, comprising:
- at least one datastore in communication with the operating system for storing;
  
  (a) a profile assigned to the user to define the user'"'"'s access rights to the non-natively secured applications,(b) account data relating to each of the non-natively secured applications, including an access control list defining authorized users, and(c) a set of pooled accounts authenticated for access to the respective non-natively secured application;
  
  whereby the native security system is operative to;
  
  (a) request an account from the set of pooled accounts in response to a determination that the user is permitted access to a selected non-natively secured application;
  
  (b) determine if an account is available from the set of pooled accounts;
  
  (c) assign an account to the user in response to a determination that an account is available from the set of pooled accounts, the assigned account operative as the user'"'"'s virtual identity to the selected non-natively secured application; and
  
  (d) generate an audit record to map the user to the assigned account.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. A system as in claim 13, wherein the native security system or extension thereof determines if the user is permitted access to the selected non-natively secured application by comparing the user'"'"'s access rights with the access control list for the selected non-natively secured application.
  - 15. A system as in claim 14, wherein the user profile includes a set of assigned roles and the access control list for each of the non-natively secured applications includes authorized user roles.
  - 16. A system as in claim 15, wherein the native security system or extension thereof determines if the user is permitted access to the selected non-natively secured application by comparing the user'"'"'s assigned roles with the authorized roles for the selected non-natively secured application to determine if at least one assigned role is valid for the request.
  - 17. A system as in claim 14, wherein the user profile includes the user'"'"'s identity and the account data includes a set of authorized identities.
  - 18. A system as in claim 17, wherein the native security system or extension thereof determines if the user is permitted access to the selected non-natively secured application by comparing the user'"'"'s identity with the authorized identities for the selected non-natively secured application to determine if the user is valid for the request.
  - 19. A system as in claim 13, wherein the native security system or extension thereof is further operative to discontinue processing, notify the user of a failure, and write inappropriate request record to a security log in response to a determination that a user is not permitted access to the selected non-natively secured application.
  - 20. A system as in claim 13, wherein the native security system or extension thereof is further operative to notify the user of a failure and send an alarm signal to an administrative monitoring platform in response to a determination that an account is not available from the pool.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qwest Communications International Incorporated (Lumen Technologies, Inc.)
Original Assignee
U S West Inc.
Inventors
White, William O., Gates, Melodi Mosley, Ericksen, Susan Barbara, Goldberg, Max Motti
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
HUA, LY

Application Number

US08/772,675
Time in Patent Office

498 Days
Field of Search

395/186, 395/187, 395/490, 395/674, 395/676, 395/188.01, 380/25, 380/24, 380/30, 340/825.31, 340/825.3, 340/825.34
US Class Current

726/2
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

Method and system for authenticating and auditing access by a user to non-natively secured applications

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

211 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method and system for authenticating and auditing access by a user to non-natively secured applications

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

211 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others