Multiple remote data access security mechanism for multitiered internet computer networks
First Claim
1. A computer implemented method for managing security in a multitiered networked computer system having multiple clients, a middle tier server, and one or more remote data repositories, the method including the steps of:
- authenticating client access to said middle tier server;
intercepting in said server a client request for access to a remote data repository;
testing for stored client credentials to access said remote data repository;
if not found, requesting client credentials and validating said credentials with said remote data repository, and storing and associating said validated credentials with a client user identifier and a client session identifier; and
processing said request for accessing using stored client credentials.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for managing client authorization to access remote data repositories through a middle tier server such as a web server. Client remote data repository access is intercepted by the middle tier server and the server is searched for stored credentials permitting client access to the remote data repository. If found, the stored credentials are used to authenticate access without further interaction with the client system. If no stored credentials are found, the server requests credentials from the client and passes them to the remote data repository for validation. Validated credentials are stored by the server for future use and indexed by a client identifier. Permitted remote data repository access is stored with the validated credentials. Access to a mounted remote file system is not permitted without authorization even if the remote file system would not otherwise require authorization.
-
Citations
24 Claims
-
1. A computer implemented method for managing security in a multitiered networked computer system having multiple clients, a middle tier server, and one or more remote data repositories, the method including the steps of:
-
authenticating client access to said middle tier server; intercepting in said server a client request for access to a remote data repository; testing for stored client credentials to access said remote data repository; if not found, requesting client credentials and validating said credentials with said remote data repository, and storing and associating said validated credentials with a client user identifier and a client session identifier; and processing said request for accessing using stored client credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for managing secure remote data repository access in a multitiered distributed network having a plurality of clients, a middle tier server, and one or more remote data repositories, the system comprising:
-
storage means in said server for storing client credentials for access to one or more of said remote data repositories; authentication means in said server for authenticating client access to said middle tier server; means for intercepting client remote data repository access requests; means for retrieving client authentication from said storage means in response to said means for intercepting; means for requesting client credentials from said client and validating said credentials with said one or more remote data repositories, if said means for retrieving is unable to locate stored client credentials for the requested remote data repository; and means for storing and associating validated client credentials with a client user identifier and a client session identifier in said storage means. - View Dependent Claims (14, 15, 16)
-
-
17. A method of controlling access to mounted remote file systems in a computer system having a processor and storage means, the method including the steps of:
-
intercepting a requester request to access a mounted remote file system; testing said request to determine whether stored remote file system mount permissions exist for said requester; if not, requesting credentials from said requester and validating them with the remote file system, and storing and associating the credentials with a client user identifier and a client session identifier and a validated mounted file system reference; if credentials exists, passing said request to said remote file system. - View Dependent Claims (18)
-
-
19. A computer program product having a computer readable medium having computer program logic recorded thereon for managing security in a multitiered networked computer system having multiple clients, a middle tier server, and one or more remote data repositories, said computer program product comprising:
-
computer program product means for authenticating client access to said middle tier server; computer program product means for intercepting in said server a client request for access to a remote data repository; computer program product means for testing for stored client credentials to access said remote data repository; computer program product means for requesting client credentials and validating said credentials with said remote data repository, and storing and associating said validated credentials with a client user identifier and a client section identifier, if no stored client credentials are found; and computer program product means for processing said request for accessing using stored client credentials. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification