Control of access to a networked system

US 5,774,650 A
Filed: 09/01/1994
Issued: 06/30/1998
Est. Priority Date: 09/03/1993
Status: Expired due to Term

First Claim

Patent Images

1. A data processing system connectable over a network to a plurality of computers, wherein said data processing system has a plurality of authorized users, the data processing system comprising:

means for restricting user access to the data processing system, said means for restricting access including means for performing a user authentication procedure in which, at logon, a user'"'"'s identity is compared with a list of said plurality of authorized users;

a system-wide profile referenced by all users of the data processing system at logon; and

means for temporarily preventing access to the data processing system by a particular user among said plurality of authorized users, wherein said means for temporarily preventing access permits a privileged user among said plurality of authorized users to create a list of temporarily unauthorized users including said particular user, said list of temporarily unauthorized users being referenced by the system-wide profile at logon, wherein the means for temporarily preventing access includes means for logging off users already logged on to the data processing system who are listed within said list of temporarily unauthorized users.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and data processing system are disclosed for controlling the access of a plurality users to a computer system connectable over a network to a plurality of computers. The data processing system has facilities for restricting user access to the data processing system which includes a user authentication procedure in which at logon a user'"'"'s identity is compared with a list of authorized users. In addition, the data processing system has a system-wide profile referenced by all users of the system at logon and temporary access control facilities for temporarily preventing access to the system by a normally authorized user or users. The temporary access control facilities allow a privileged user of the computer system to create a list of temporarily unauthorized users that is referenced by the system-wide profile at logon.

153 Citations

17 Claims

1. A data processing system connectable over a network to a plurality of computers, wherein said data processing system has a plurality of authorized users, the data processing system comprising:
- means for restricting user access to the data processing system, said means for restricting access including means for performing a user authentication procedure in which, at logon, a user'"'"'s identity is compared with a list of said plurality of authorized users;
  
  a system-wide profile referenced by all users of the data processing system at logon; and
  
  means for temporarily preventing access to the data processing system by a particular user among said plurality of authorized users, wherein said means for temporarily preventing access permits a privileged user among said plurality of authorized users to create a list of temporarily unauthorized users including said particular user, said list of temporarily unauthorized users being referenced by the system-wide profile at logon, wherein the means for temporarily preventing access includes means for logging off users already logged on to the data processing system who are listed within said list of temporarily unauthorized users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 17)
- - 2. The data processing system as claimed in claim 1, wherein the means for temporarily preventing access selectively modifies the system-wide profile to cause said system-wide profile to reference said list of temporarily unauthorized users.
  - 3. The data processing system as claimed in claim 1, wherein said means for temporarily preventing access causes the system-wide profile to provide information regarding the a temporary access restriction to said particular user temporarily denied access to said data processing system.
  - 4. The data processing system as claimed in claim 1, wherein the means for temporarily preventing access selectively determines a grace period and issues a warning to users listed within said list of temporarily unauthorized users who are already logged on to the data processing system that access to the data processing system will be restricted on expiration of the grace period.
  - 5. The data processing system of claim 4, and further comprising means for providing information to currently logged on users before logging them off the data processing system.
  - 6. The data processing system of claim 5, and further comprising means for logging off users currently logged on the data processing system in response to expiration of the grace period.
  - 7. The data processing system as claimed in claim 1, wherein the means for temporarily preventing access is operable to automatically reinstate access to selected users among said temporarily unauthorized users at a specified time.
  - 8. The data processing system of claim 7, and further comprising means for automatically restoring the authorization for said temporarily unauthorized users.
  - 9. The data processing system as claimed in claim 1, in which the data processing system utilizes a UNIX operating system.
  - 10. The data processing system of claim 1, and further comprising means for restoring the authorization for said temporarily unauthorized users.
  - 11. The data processing system of claim 1, and further comprising means for logging off users currently logged on the data processing system.
  - 17. The data processing system of claim 1, said system-wide profile further comprising means for initializing all users before allowing said users access to the data processing system, wherein said system-wide profile invokes said means for restricting user access before initializing a user.

12. A method of temporarily preventing access to a data processing system connectable over a network to a plurality of computers, said data processing system having means for restricting user access to the data processing system, wherein said means for restricting access performs a user authentication procedure in which, at logon, the user'"'"'s identity is compared to a list of a plurality of authorized users, said means for restricting access further having a system-wide profile referenced by all users of the data processing system at logon, the method comprising the steps of:
- referencing a list of temporarily unauthorized users from the system-wide profile;
  
  denying access to said data processing system to a user listed within said list of temporarily unauthorized users; and
  
  logging off users already logged on to the data processing system who are listed within said list of temporarily unauthorized users.
- View Dependent Claims (13, 14, 15)
- - 13. The method of claim 12, said method further comprising the step of providing information regarding a temporary access restriction to a user temporarily denied access to said data processing system.
  - 14. The method of claim 12, said method further comprising the steps of:
    - determining a grace period; and
      
      issuing a warning to users listed within said list of temporarily unauthorized users who are already logged on the data processing system that access to said data processing system will be restricted upon expiration of the grace period.
  - 15. The method of claim 12, said method further comprising the step of automatically reinstating access to selected users among said temporarily unauthorized users at a specified time.

16. In a data processing system connectable over a network to a plurality of computers, the improvement comprising:
- temporary access control facilitation means for temporarily disallowing a user access to the system, wherein said temporary access control facilitation means includes;
  
  a list of authorized users to be temporarily unauthorized to logon to said data processing system;
  
  means for restricting access to the data processing system for users on said list; and
  
  means for logging off users already logged on to the data processing system who are listed within said list of temporarily unauthorized users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Taylor, Michael George, Chapman, Sydney George
Primary Examiner(s)
Chung, Phung M.

Application Number

US08/299,864
Time in Patent Office

1,398 Days
Field of Search

395/575, 395/287, 395/180, 395/477, 395/490, 395/726, 395/856, 395/187.01, 395/186, 395/188.01, 380/3, 380/22, 380/23, 380/24, 380/25, 380/50, 340/825.3, 379/200, 379/188, 379/189
US Class Current

726/7
CPC Class Codes

G06F 21/31 User authentication

Control of access to a networked system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

153 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Control of access to a networked system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

153 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links