System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential

US 6,055,637 A
Filed: 09/27/1996
Issued: 04/25/2000
Est. Priority Date: 09/27/1996
Status: Expired due to Term

First Claim

Patent Images

1. A resource access control method, comprising the steps of:

assigning at least one role to a user;

generating a temporary credential token when said user begins a session and requests access to at least one resource based on said at least one role assigned to said user, the temporary credential token allowing said user to access any resource within the enterprise based on the assigned role of the user, wherein said temporary credential token includes role information specifying at least one of said assigned user roles and resource information comprising a list of accessible resources corresponding to said assigned user role;

presenting said temporary credential token to said at least one resource to allow entry by said user;

generating a temporary access permission by said at least one resource in response to said at least one resource receiving said temporary credential token, the temporary access permission permitting said user access to said at least one resource;

terminating said temporary credential token and said temporary access permission to terminate said user'"'"'s access to said at least one resource when said user terminates the session.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A resource access control system and method (50) for a corporate enterprise includes a security administrator (60, 62) in communication with a plurality of users (90), each of the users (90) having an assigned role and a unique user identifier. A temporary credential token (52) is generated correlative to the assigned role of the user by the security administrator (62) as the user logs on by entering the assigned unique user identifier and indicates a desire to access a resource (56). The temporary credential token (52) is communicated to the resource (56) and any subsequent resources (56) to allow access by the user (90), and deleted as the user (90) terminates the session.

809 Citations

22 Claims

1. A resource access control method, comprising the steps of:
- assigning at least one role to a user;
  
  generating a temporary credential token when said user begins a session and requests access to at least one resource based on said at least one role assigned to said user, the temporary credential token allowing said user to access any resource within the enterprise based on the assigned role of the user, wherein said temporary credential token includes role information specifying at least one of said assigned user roles and resource information comprising a list of accessible resources corresponding to said assigned user role;
  
  presenting said temporary credential token to said at least one resource to allow entry by said user;
  
  generating a temporary access permission by said at least one resource in response to said at least one resource receiving said temporary credential token, the temporary access permission permitting said user access to said at least one resource;
  
  terminating said temporary credential token and said temporary access permission to terminate said user'"'"'s access to said at least one resource when said user terminates the session.
- View Dependent Claims (2, 3, 4)
- - 2. The method, as set forth in claim 1, further comprising the steps of:
    - assigning a user identifier to said user; and
      
      receiving said user identifier from said user and authenticating said user identifier prior to generating said temporary credential token.
  - 3. The method, as set forth in claim 1, further comprising the steps of:
    - assigning a user identifier and a password to said user; and
      
      receiving said user identifier and password from said user and authenticating said user identifier and password prior to generating said temporary credential token.
  - 4. The method, as set forth in claim 1, further comprising the steps of:
    - presenting said temporary credential token to a second resource when said user indicates a desire to access said second resource; and
      
      said second resource authenticating said temporary credential token and permitting said user access.

5. An enterprise-wide resource access control system, comprising:
- a security administrator in communication with a plurality of users, each of said users having at least one assigned role and a unique user identifier, said assigned role defining a job function of a user;
  
  a database coupled to said security administrator for storing said plurality of users'"'"' assigned roles, unique user identifiers, and a resource access list identifying all enterprise-wide resources that may be accessed by the user based on the assigned role of the user;
  
  a temporary credential token being generated in response to said at least one assigned role of a user by said security administrator as said user logs on to a first resource by entering said assigned unique user identifier, said temporary credential token being communicated to said first resource to allow said user to access any resource within the enterprise that is identified in the resource access list, said temporary credential token being deleted as said user logs off said resource, wherein said temporary credential token includes role information specifying at least one of said assigned user roles and resource information comprising the corresponding accessible resources from the resource access list; and
  
  a temporary access permission being generated by a second resource in response to receiving and verifying said temporary credential token, said temporary credential token being presented to said second resource in response to said user requesting access to said second resource, said second resource existing in the resource access list, said temporary access permission being deleted as said user terminates a session with said second resource.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 6. The system, as set forth in claim 5, wherein the temporary credential token comprises information on said user.
  - 7. The system, as set forth in claim 6, wherein said user information comprises a password entered by said user during log on.
  - 8. The system, as set forth in claim 6, wherein said resource information comprises an identity of ownership of said resource.
  - 9. The system, as set forth in claim 6, wherein said resource in formation comprises a classification level of said resource.
  - 10. The system, as set forth in claim 5, wherein said security administrator comprises:
    - a local security administrator coupled to a trusted security authentication system, which receives and authenticates said user'"'"'s unique user identifier and a password, said security administrator then generates said temporary credential token after said authentication; and
      
      a central security administrator coupled to said local security administrator for providing a centralized management of role ownership and resource ownership.
  - 11. The system, as set forth in claim 10, wherein said database further comprises:
    - a resource owner directory coupled to said central security administrator; and
      
      a role owner directory coupled to said central security administrator.
  - 12. The system, as set forth in claim 10, wherein said database further comprises a unique user identifier and corresponding assigned role directory coupled to said local security administrator.
  - 13. The system, as set forth in claim 10, wherein said database further comprises information necessary for audit and accountability purposes.
  - 14. The system, as set forth in claim 10, wherein said database further comprises a log of resources accessed by said user coupled to said local security administrator.

15. A resource access control method, comprising the steps of:
- beginning a session and logging on to a first resource by entering a user identifier and password;
  
  authenticating said user identifier and password;
  
  recognizing at least one role corresponding to said user identifier and generating a temporary credential token in response to said authentication and role recognition, said temporary credential token, wherein said temporary credential token includes role information specifying at least one of said assigned user roles and resource information comprising a list of accessible resources corresponding to said assigned user role;
  
  presenting said temporary credential token to said first resource;
  
  gaining entry to said first resource in response to receiving said temporary credential token;
  
  selecting a second resource;
  
  presenting said temporary credential token to said second resource;
  
  generating a temporary access permission by said second resource upon presentation and verification of said temporary credential token;
  
  gaining entry to said second resource in response to the second resource generating a temporary access permission; and
  
  terminating said temporary credential token and said temporary access permission when said session is terminated.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The method, as set forth in claim 15, further comprising the step of generating a temporary access permission by a security package of said second resource upon presentation and authentication of said temporary credential token thereto.
  - 17. The method, as set forth in claim 15, further comprising the step of storing all user identifiers, and corresponding roles in a database.
  - 18. The method, as set forth in claim 15, further comprising the step of submitting a request to a resource owner for accessing a particular resource by a user having an assigned role.
  - 19. The method, as set forth in claim 18, further comprising the step of defining a role having access to a set of resources.
  - 20. The method, as set forth in claim 19, further comprising the step of assigning a defined role to a user.
  - 21. The method, as set forth in claim 20, further comprising the step of assigning said user identifier to said user.
  - 22. The method, as set forth in claim 15, further comprising the step of temporarily storing said temporary credential token by said first and second resources until termination of said session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Electronic Data Systems Corporation (Perspecta, Inc.)
Inventors
Champagne, Jean-Paul, Lockhart, Robert P., Hickerson, Cynthia M. K., Saddler, Nancy B., Hudson, Jerome D., Stange, Patricia A., Galindo, Mary A., Hickman, Donna R.
Primary Examiner(s)
Maung, Zarni
Assistant Examiner(s)
CALDWELL, ANDREW T

Application Number

US08/722,841
Time in Patent Office

1,306 Days
Field of Search

395/186, 395/187.01, 395/188.01, 380/4, 713/200-202, 709/225
US Class Current

726/20
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

809 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for accessing enterprise-wide resources by presenting to the resource a temporary credential

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

809 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links