Session based security profile for internet access of an enterprise server
First Claim
1. In a data processing environment having a user terminal with a user profile for generating a service request for access to data requiring a particular security profile responsively coupled via a publically accessible digital data communication network to a data base management system which honors said service request by executing a particular sequence of command language statements associated with said service request the improvement comprising:
- an object responsively coupled to said user terminal via said publically accessible digital data communication network which interrogates said user terminal for said user profile and which compares said user profile to said particular security profile directly associated with said particular sequence of command language statements and which permits said data base management system to honor said service request if and only if said user profile corresponds to said particular security profile.
12 Assignments
0 Petitions
Accused Products
Abstract
An apparatus for and method of utilizing an internet terminal coupled to the world wide web to access an existing proprietary data base management system having a dialog-based request format. The user request is received by a web server from the world wide web and converted into one or more sequenced data base management commands stored as corresponding to the service request. If the user terminal requests access to a secure function or to secure data, the user terminal is interrogated to determine its user profile. This user profile is compared to the security profile of the service request. The service request is honored if and only if the user profile corresponds to the security profile. The secure session control object created to honor the request is deleted upon completion of the session.
74 Citations
18 Claims
-
1. In a data processing environment having a user terminal with a user profile for generating a service request for access to data requiring a particular security profile responsively coupled via a publically accessible digital data communication network to a data base management system which honors said service request by executing a particular sequence of command language statements associated with said service request the improvement comprising:
an object responsively coupled to said user terminal via said publically accessible digital data communication network which interrogates said user terminal for said user profile and which compares said user profile to said particular security profile directly associated with said particular sequence of command language statements and which permits said data base management system to honor said service request if and only if said user profile corresponds to said particular security profile. - View Dependent Claims (2, 3, 4, 5)
-
6. An apparatus comprising:
-
a. a user terminal having a user profile wherein a service request having a corresponding security profile generated by said user terminal;
b. a data base management system having access to a data base responsively coupled to said user terminal via a publically accessible digital data communication network; and
c. a gateway responsively coupled to said user terminal via said publically accessible digital data communication network which interrogates said user terminal to obtain said user profile wherein said gateway compares said user profile with said security profile and permits said data base management system to honor said service request if and only if said user profile corresponds to said security profile. - View Dependent Claims (7, 8)
-
-
9. A method of regulating access between a user terminal having a user profile responsively coupled via a publically accessible digital data communication network to a data base management system comprising:
-
a. generating a service request at said user terminal;
b. transferring said service request to said data base management system;
c. determining a security profile corresponding to said service request;
d. interrogating said user terminal to determine said user profile; and
e. honoring said service request if and only if said user profile corresponds to said security profile. - View Dependent Claims (10, 11, 12, 13)
-
-
14. An apparatus comprising:
-
a. means having a user profile for generating a service request;
b. means responsively coupled to said permitting means via a publically accessible digital data communication network for honoring said service request;
c. means responsively coupled to said generating means for interrogating said generating means to determine said user profile;
d. means responsively coupled to said interrogating means for comparing said user profile with a security profile corresponding to said service request; and
e. means responsively coupled to said comparing means and said honoring means for preventing said honoring means from honoring said service request unless said comparing means determines that said user profile corresponds to said security profile. - View Dependent Claims (15, 16, 17, 18)
-
Specification
-
- Resources
-
Current AssigneeGoogle LLC (Alphabet Inc.)
-
Original AssigneeUnisys Corporation
-
InventorsGuhl, Timothy J., Gretter, Eugene J., Kress, Daryl J., Behr, Gail L., Germscheid, Paul S.
-
Primary Examiner(s)Barot, Bharat
-
Application NumberUS09/449,086Time in Patent Office1,735 DaysField of Search709/202-203, 709/217-219, 709/223-224, 709/227-229, 709/242, 707/1, 707/3, 707/9-10, 713/200-202US Class Current709/227CPC Class CodesH04L 63/101 Access control lists [ACL]H04L 63/102 Entity profilesH04L 67/14 Session management for real...H04L 67/306 User profilesH04L 67/34 involving the movement of s...H04L 69/329 in the application layer [O...H04L 9/40 Network security protocols
