Security monitor for controlling functional access to a computer system

US 5,881,225 A
Filed: 04/14/1997
Issued: 03/09/1999
Est. Priority Date: 04/14/1997
Status: Expired due to Term

First Claim

Patent Images

1. In a computer system including an input device, a method for authorizing the activities of a user comprising the steps of:

accepting from the user user-specific information entered into said computer system using the input device;

comparing said user-specific information against previously stored authorization information and permitting the user to access the computer system if and only if said user-specific information matches said previously stored authorization information;

selecting a role which the user will assume;

determining the privileges to which the user is authorized, based upon said user-specific information and said selected role;

passing data corresponding to said privileges to a security monitor, said security monitor being queryable from application programs so that upon such query an application program may obtain information defining privileges to which the user is authorized.

View all claims

20 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Security functions for a computer system are controlled by a security monitor. A user desiring access to the system inputs a user identification and password combination, and a role the user to assume is selected from among one or more roles defined in the system. Upon being validated as an authorized user performing a particular role, the user is then authorized to perform certain functions and tasks specifically and to see information associated with that role (and optimally the work group the user is assigned). For some users, no role or a "null" roll is chosen, and authorization for certain functions and tasks is accomplished due to that particular user having been predefined by an administrator as being allowed to perform those functions and tasks, usually due to the predefined privileges associated with the work group(s) to which the user belongs.

Citations

12 Claims

1. In a computer system including an input device, a method for authorizing the activities of a user comprising the steps of:
- accepting from the user user-specific information entered into said computer system using the input device;
  
  comparing said user-specific information against previously stored authorization information and permitting the user to access the computer system if and only if said user-specific information matches said previously stored authorization information;
  
  selecting a role which the user will assume;
  
  determining the privileges to which the user is authorized, based upon said user-specific information and said selected role;
  
  passing data corresponding to said privileges to a security monitor, said security monitor being queryable from application programs so that upon such query an application program may obtain information defining privileges to which the user is authorized.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method according to claim 1 wherein said selecting step includes the step of listing for the user a selection of authorized roles that said user may assume.
  - 3. A method according to claim 1 wherein said determining step further includes the step of determining the privileges to which said user is authorized, based upon the groups in which said user is a member.
  - 4. A method according to claim 1 wherein said role is defined as the title of a position of functional responsibility.
  - 5. A method according to claim 4 wherein said role includes a role selected from the following:
    - Administrator, Nurse, Physician, Cardiologist, Orderly, Psychiatrist, Psychologist.

6. In a computer system including an input device, a method for authorizing the activities of a user comprising the steps of:
- accepting from the user user-specific information entered into said computer system using the input device;
  
  comparing said user-specific information against previously stored authorization information and permitting the user to access the computer system if and only if said user-specific information matches said previously stored authorization information;
  
  determining privileges to which the user is authorized, based upon said user-specific information and previously stored group information defining with which the user is associated;
  
  passing data corresponding to said authorized privileges to a security monitor, said security monitor being queryable from application programs so that upon such query an application program may obtain information defining said authorized privileges.

7. In a computer system including an input device, a method for authorizing the activities of a user comprising the steps of:
- accepting from the user user-specific information entered into said computer system using the input device;
  
  comparing said user-specific information against previously stored authorization information and permitting the user to access the computer system if and only if said user specific information matches said previously stored authorization information;
  
  receiving a user specified role;
  
  determining privileges assigned to the user by said user- specific information and said user specified role;
  
  receiving a requested function query when the user seeks to perform a function, said requested function query generated by an application program providing said function;
  
  responding to said requested function query by determining whether the user is authorized to perform said function through said application program;
  
  authorizing said application program to provide said function if said function is found authorized in said step of responding; and
  
  denying authorization to said application program if said function is found not authorized in said step of responding.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, further including the steps of:
    - loading information pertaining to said privileges into a security monitor; and
      
      using said security monitor to perform said steps of determining whether the user is authorized to perform said function through said application program, authorizing said application program to provide said function if said function is found authorized in said step of responding, and denying authorization to said application program if said function is found not authorized in said step of responding.
  - 9. A method according to claim 7 further including a step of listing for the user a selection of authorized roles that said user may assume.
  - 10. A method according to claim 7 wherein said determining step further includes the step of determining the privileges to which said user is authorized, based upon the groups in which said user is a member.
  - 11. A method according to claim 7 wherein said role is defined as a title of a position of functional responsibility.
  - 12. A method according to claim 11 wherein said role includes a role selected from the following:
    - Administrator, Nurse, Physician, Cardiologist, Orderly, Psychiatrist, Psychologist.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lawson Software Incorporated (Infor Incorporated)
Original Assignee
Araxsys, Inc.
Inventors
Worth, Erik K.
Primary Examiner(s)
Hua, Ly

Application Number

US08/842,575
Time in Patent Office

694 Days
Field of Search

395/186, 395/187.01, 395/188.01, 380/4, 380/25
US Class Current

726/17
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/629   to features or functions of...

G06F 2221/2149   Restricted operating enviro...

Security monitor for controlling functional access to a computer system

First Claim

20 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Security monitor for controlling functional access to a computer system

First Claim

20 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links