Distributed dynamic security capabilities
First Claim
Patent Images
1. A method for managing security credentials in a system of at least one computer, the system having a credential checking facility to authenticate one or more principals, the method comprising the steps of:
- in a first directory context, providing a principal with a secure package containing a credential;
in a second directory context, receiving a request from the principal to access the system;
enabling the credential checking facility to check the access request by accessing the credential in the secure package;
allowing or denying the access request according to the result of the credential check; and
determining whether credential information about the principal which is found in the second directory context was not placed in the secure package in the first directory context.
16 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are provided for managing security credentials in a distributed computer system. Multiple security contexts may be defined for a given principal in the system without requiring the use of multiple accounts. A secure package is provided to allow the principal to roam. Methods are provided for identifying differences in the principal'"'"'s access rights in different contexts and for updating the secure package as needed.
238 Citations
45 Claims
-
1. A method for managing security credentials in a system of at least one computer, the system having a credential checking facility to authenticate one or more principals, the method comprising the steps of:
-
in a first directory context, providing a principal with a secure package containing a credential; in a second directory context, receiving a request from the principal to access the system; enabling the credential checking facility to check the access request by accessing the credential in the secure package; allowing or denying the access request according to the result of the credential check; and determining whether credential information about the principal which is found in the second directory context was not placed in the secure package in the first directory context. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 41, 42, 43, 44, 45)
-
-
30. A computer system comprising:
-
a first directory context including a first set of credentials of a principal and also including a providing means for providing the principal with a secure package containing at least part of the first set of credentials; a second directory context including a second set of credentials of the principal and also including a modifying means for modifying the secure package to reflect differences between credentials in the second set and credentials which were placed in the secure package by the providing means of the first directory context. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification