Single sign-on (SSO) mechanism personal key manager
First Claim
1. A method of managing passwords of users desiring access to multiple target resources in a computer enterprise environment, comprising the steps of:
- for each given user, associating each of a set of id/password pairs to each of a set of one or more respective targets, wherein each id/password pair is required to access a respective target resource;
storing the targets of each given user in a globally-accessible database; and
in response to a given event, accessing the globally-accessible database to retrieve the targets of a given user;
wherein the retrieved targets are used in conjunction with locally-accessible logon information to access the respective target resources.
3 Assignments
0 Petitions
Accused Products
Abstract
A method of managing passwords of users desiring access to multiple target resources in a computer enterprise environment. For each given user, each of a set of id/password pairs is associated to each of a set of one or more respective targets. Each id/password pair is normally required to access a respective target resource. The targets of each given user are stored in a globally-accessible database. In response to entry by a given user at a client machine of a single-sign on (SSO) id/password, the globally-accessible database is accessed from a personal key manager (PKM) server to retrieve the targets of the given user. The targets are returned to the PKM server, which then uses data therein to access the respective target resources on behalf of the given user at the client machine.
-
Citations
31 Claims
-
1. A method of managing passwords of users desiring access to multiple target resources in a computer enterprise environment, comprising the steps of:
-
for each given user, associating each of a set of id/password pairs to each of a set of one or more respective targets, wherein each id/password pair is required to access a respective target resource;
storing the targets of each given user in a globally-accessible database; and
in response to a given event, accessing the globally-accessible database to retrieve the targets of a given user;
wherein the retrieved targets are used in conjunction with locally-accessible logon information to access the respective target resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of managing passwords of users desiring access to multiple target resources in a computer enterprise environment, comprising the steps of:
-
for each given user, associating each of a set of id/password pairs to each of a set of one or more respective targets, wherein each id/password pair is required to access a respective target resource;
storing the targets of each given user in a globally-accessible database; and
in response to entry by a given user at a client machine of a single-sign on id/password, accessing the globally-accessible database to retrieve the targets of the given user;
wherein the retrieved targets are used in conjunction with locally-accessible logon information to access the respective target resources. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
returning the targets to the server from the globally-accessible database; and
at the server, using data in the targets to access the respective target resources on behalf of the given user at the client machine.
-
-
14. The method of managing passwords as described in claim 11 wherein each target includes a target name, a set of target attributes, and key information.
-
15. The method of managing passwords as described in claim 14 wherein the set of target attributes includes attributes selected from the set of attributes consisting essentially of target type, domain name, host name, application name and target user name.
-
16. The method of managing passwords as described in claim 14 wherein the key information includes the password of the user for the target resource.
-
17. The method of managing passwords as described in claim 14 wherein each target further includes a user configuration identifying the user'"'"'s target resource configuration logon/logoff preference.
-
18. The method of managing passwords as described in claim 14 wherein each target further includes a target class defining additional security restrictions, if any, associated with the target resource.
-
19. The method of managing passwords as described in claim 12 wherein the step of accessing the globally-accessible database includes accessing a protected server to obtain information necessary to generate a passticket associated with the target.
-
20. The method of managing passwords as described in claim 19 wherein the information is a secret key shared by the server and the protected server.
-
21. A method of managing passwords of users desiring access to multiple target resources in a computer enterprise environment, comprising the steps of:
-
for each given user, associating each of a set of id/password pairs to each of a set of one or more respective targets, wherein each id/password pair is required to access a respective target resource;
storing the targets of each given user in a globally-accessible database;
in response to entry by a given user at a client machine of a single-sign on id/password, accessing the globally-accessible database from a server to retrieve the targets of the given user; and
returning the targets to the server from the globally-accessible database;
wherein the retrieved targets are used in conjunction with locally-accessible logon information to access the respective target resources. - View Dependent Claims (22, 23, 24)
at the server, using data in the targets to access the respective target resources on behalf of the given user at the client machine.
-
-
23. The method of managing passwords as described in claim 21 wherein the step of accessing the globally-accessible database includes accessing a protected server to obtain information necessary to generate a passticket associated with the target.
-
24. The method of managing passwords as described in claim 23 wherein the information is a secret key shared by the server and the protected server.
-
25. Personal key manager framework for managing passwords of users desiring access to multiple target resources in a computer enterprise environment, comprising:
-
a globally-accessible database for storing, for each given user, a set of targets, each target having associated therewith an id/password pair required to access a respective target resource;
a first program executed on a client machine in response to entry of a single sign-on (SSO) id/password by a given user for issuing a request to obtain access to the target resources identified in the given user'"'"'s set of targets; and
a second program executed on a server machine and responsive to the request for retrieving the targets from the globally-accessible database and using data in the retrieved targets to access the respective target resources on behalf of the given user at the client machine;
wherein the retrieved targets are used in conjunction with locally-accessible logon information to access the respective target resources. - View Dependent Claims (26, 27, 28)
-
-
29. A computer program product in a computer-readable media for use in a server that manages passwords of users desiring access to multiple target resources in a computer enterprise environment, wherein, for each given user, a set of targets is stored in a globally-accessible database, each target having associated therewith an id/password pair required to access a respective target resource, the computer program product comprising:
-
means responsive to a given request for retrieving targets of a given user from the globally-accessible database; and
means responsive to the retrieving means for using data in the retrieved targets to access the respective target resources on behalf of the given user;
wherein the retrieved targets are used in conjunction with locally-accessible logon information to access the respective target resources. - View Dependent Claims (30, 31)
-
Specification