Method for changing a security policy during processing of a transaction request
First Claim
Patent Images
1. A method for changing a security policy for an application, the method comprising the steps of:
- intercepting a user credential from a client sent to the application;
determining that a revised security policy for the application exists, wherein the revised security policy represents a security policy that was revised after the user credential was issued;
entering a security subprogram that interacts with a user, the security subprogram being independent of the application; and
upon satisfactory conclusion of the security interaction, invoking the application.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for changing a user password is preferably operative as a Web server impersonates a Web client to obtain access to files stored in a distributed file system space of a distributed computing environment. The method begins in response to receipt of a Web transaction request from the Web client to determine whether the user'"'"'s password has expired. If so, the method suspends processing of the Web transaction request and then enters a password change subprogram to enable the user to define a new password. Typically, the password change subprogram displays a password change dialog that interacts with the user. Upon definition of the new password by the user, the mechanism resumes processing of the original Web transaction request. Alternatively, the user may be prompted to terminate the original transaction request and select a new URL and/or document.
-
Citations
29 Claims
-
1. A method for changing a security policy for an application, the method comprising the steps of:
-
intercepting a user credential from a client sent to the application;
determining that a revised security policy for the application exists, wherein the revised security policy represents a security policy that was revised after the user credential was issued;
entering a security subprogram that interacts with a user, the security subprogram being independent of the application; and
upon satisfactory conclusion of the security interaction, invoking the application. - View Dependent Claims (2, 3, 4, 5, 6)
redirecting the user credential to the security subprogram URL when directed by the security policy; and
handling any needed interactions with the application by the security subprogram.
-
-
7. A method for changing a user password as a Web server accesses files stored in a distributed file system of a distributed computing environment, the method comprising the steps of:
-
responsive to receipt of a Web transaction request from a Web client, determining whether a credential for accessing files stored in the distributed file system has been associated with a user of the Web client during processing of a previous Web transaction request;
in response to a determination that a credential has been previously associated with the user, determining whether the user'"'"'s password has expired;
if the user'"'"'s password has expired, suspending processing of the Web transaction request and entering a password change subprogram to enable the user to define a new password; and
upon definition of the new password, resuming the processing of the Web transaction request. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
saving a user-requested Uniform Resource Locator (URL) in the Web transaction request; and
redirecting the user to a URL associated with the password change subprogram.
-
-
9. The method as described in claim 8 wherein the step of resuming the processing of the Web transaction request includes the step of restoring the user-requested URL back into the Web transaction request.
-
10. The method as described in claim 7 wherein the step of resuming the processing of the Web transaction request occurs automatically upon definition of the new password.
-
11. The method as described in claim 7 wherein the step of resuming the processing of the Web transaction requests occurs upon definition of the new password and completion of a given user action.
-
12. The method as described in claim 11 wherein the given user action is selection of a display button.
-
13. The method as described in claim 7 wherein the password change subprogram displays a change password dialog to the user.
-
14. The method as described in claim 7 wherein the distributed computing environment includes a security service for returning a credential to a user authenticated to access the distributed file system.
-
15. A method for changing a security policy as a server accesses files stored in a distributed file system of a distributed computing environment, the method comprising the steps of:
-
responsive to receipt of a transaction request from a client, determining whether a credential for accessing files stored in the distributed file system has been associated with a user of the client during processing of a previous transaction request;
in response to a determination that a credential has been previously associated with the user, determining whether a revised security policy exists;
if the revised security policy exists, suspending processing of the transaction request;
displaying a change security policy dialog to the user to enable the user to conform to the revised security policy; and
upon satisfactory conformance to the revised security policy, resuming the processing of the Web transaction request. - View Dependent Claims (16, 17, 18, 19)
saving a user-requested Uniform Resource Locator (URL) in the transaction request; and
redirecting the user to a URL associated with a change security policy subprogram.
-
-
17. The method as described in claim 16 wherein the step of resuming the processing of the transaction request includes the step of restoring the user-requested URL back into the transaction request.
-
18. The method as described in claim 15 wherein the step of resuming the processing of the transaction request occurs automatically upon satisfactory conformance to the revised security policy.
-
19. The method as described in claim 15 wherein the server is a Web server, the client is a Web client having a browser, and the transaction request is a Web transaction.
-
20. A computer program product in a computer-readable medium method for use in changing a user password as a Web server accesses files stored in a distributed file system of a distributed computing environment, the computer program product comprising:
-
means responsive to receipt of a Web transaction request from a Web client for determining whether a credential for accessing files stored in the distributed file system has been associated with a user of the Web client during processing of a previous Web transaction request;
means responsive to a determination that a credential has been previously associated with the user for determining whether the user'"'"'s password has expired;
means for suspending processing of the Web transaction request if the user'"'"'s password has expired;
means for transferring control to a password change subprogram to enable the user to define a new password; and
means responsive to definition of the new password for resuming the processing of the Web transaction request. - View Dependent Claims (21, 22, 23)
-
-
24. In a computer network in which a client is connectable to a server to enable access to documents within a secure database, the improvement comprising:
-
means responsive to receipt of a transaction request from the client for determining whether a credential for accessing the documents within the secure database has been associated with a user of the client during processing of a previous transaction request;
means responsive to a determination that a credential has been previously associated with the user for determining whether the user'"'"'s password has expired;
means for suspending processing of the transaction request if the user'"'"'s password has expired;
means for transferring control to a password change subprogram to enable the user to define a new password; and
means responsive to definition of the new password for resuming the processing of the transaction request. - View Dependent Claims (25, 26, 27, 28)
-
-
29. A computer connectable to a secure database, comprising:
-
a processor;
an operating system;
a Web server program for processing client requests; and
means for changing a security policy, comprising;
means responsive to receipt of a transaction request from a client for determining whether a credential for accessing information in the secure database has been associated with a user of the client during processing of a previous transaction request;
means responsive to a determination that a credential has been previously associated with the user for determining whether the user'"'"'s password has expired;
means for suspending processing of the transaction request if the user'"'"'s password has expired;
means for transferring control to a password change subprogram to enable the user to define a new password; and
means responsive to definition of the new password for resuming the processing of the transaction request.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeTrend Micro Inc.
-
Original AssigneeInternational Business Machines Corporation
-
InventorsChild, Garry L., Shrader, Theodore Jack London, Soper, Davis Kent
-
Primary Examiner(s)Hayes, Gail
-
Assistant Examiner(s)JACKSON, JENISE E
-
Application NumberUS09/173,041Time in Patent Office1,195 DaysField of Search713/201, 713/166, 713/183, 713/202, 713/165, 713/200, 713/2, 709/229, 709/223, 709/224, 709/225, 709/226, 705/26, 705/72, 705/76, 705/67, 705/64, 705/75, 705/70US Class Current726/1CPC Class CodesG06F 21/33 using certificatesG06F 21/6218 to a system of files or obj...G06Q 20/3678 e-cash details, e.g. blinde...G06Q 20/3821 Electronic credentials
