SYSTEM AND METHOD FOR AUTHORIZING A NETWORK USER AS ENTITLED TO ACCESS A COMPUTING NODE WHEREIN AUTHENTICATED CERTIFICATE RECEIVED FROM THE USER IS MAPPED INTO THE USER IDENTIFICATION AND THE USER IS PRESENTED WITH THE OPPRTUNITY TO LOGON TO THE COMPUTING NODE ONLY AFTER THE VERIFICATION IS SUCCESSFUL
First Claim
1. A method of authorizing a network user as entitled to access a computing node of the network, comprisingperforming an initial exchange of protocol messages between the network user and the computing node to establish initial communications without presenting to the user any screen that might be used to access the computing node, presenting an authenticated user certificate from the user to the computing node, mapping the authenticated user certificate into a user identification associated with the user, verifying from the user certificate that the user represented by the user certificate is entitled to access the computing node based on the user identification and a resource name assigned to the computing node, denying further access to the computing node if the user is not entitled to access the computing node, and presenting the user with an opportunity to logon to the computing node if the user is verified to access the computing node.
2 Assignments
0 Petitions
Accused Products
Abstract
An authenticated network user is verified as entitled to access a network node or server on the network node, before the user is presented with any opportunity to access the system. An initial exchange of conventional protocol messages occurs between the user and the node to establish initial communications. This is done without presenting to the user any opportunity to logon or to access an application. The network node requests the transmission of an authenticated user certificate from the user and the network node verifies from the user certificate that the user represented by the user certificate is entitled to access the node. If the user as identified by the certificate is not entitled to access, the initial connection is dropped and the user is denied any further access opportunity.
-
Citations
9 Claims
-
1. A method of authorizing a network user as entitled to access a computing node of the network, comprising
performing an initial exchange of protocol messages between the network user and the computing node to establish initial communications without presenting to the user any screen that might be used to access the computing node, presenting an authenticated user certificate from the user to the computing node, mapping the authenticated user certificate into a user identification associated with the user, verifying from the user certificate that the user represented by the user certificate is entitled to access the computing node based on the user identification and a resource name assigned to the computing node, denying further access to the computing node if the user is not entitled to access the computing node, and presenting the user with an opportunity to logon to the computing node if the user is verified to access the computing node.
-
2. A method of authorizing a network user as entitled to access the network, comprising
receiving at a node of the network one or more initial protocol messages from a user station to establish initial communications with the user station without presenting to the user station a logon screen, receiving an authenticated user certificate from the user station, mapping the authenticated user certificate into a user identification associated with the user, verifying from the user certificate that the user represented by the user certificate is entitled to access a computing node based on the user identification and a resource name assigned to the node, denying further access to the computing node if the user is not entitled to access the computing node, and displaying an access screen to the user if the user is verified to access the computing node.
-
3. Apparatus for authorizing a network user as entitled to access a computing node of the network, comprising
means for performing an initial exchange of protocol messages between the user and the computing node to establish initial communications without presenting to the user an access screen, means for presenting an authenticated user certificate from the user to the computing node, means for mapping the authenticated user certificate into a user identification associated with the user, means for verifying from the user certificate that the user represented by the user certificate is entitled to access the computing node based on the user identification and a resource name assigned to the computing node, means for denying further access to the computing node if the user is not entitled to access the computing node, and means for presenting the user with an opportunity to logon to the computing node if the network user is verified to access the computing node.
-
4. Apparatus for authorizing a network user as entitled to access a network, comprising
means for receiving at a node of the network one or more initial protocol messages from a user station to establish initial communications with the user without presenting to the user an access screen, means for receiving an authenticated user certificate from the user station, means for mapping the authenticated user certificate into a user identification associated with the user, means for verifying from the user certificate that the user represented by the user certificate is entitled to access the computing node based on the user identification and a resource name assigned to the node, means for denying further access to the computing node if the user is not entitled to access the computing node, and means for transmitting an access screen to the user node if the user is verified to access the computing node.
-
5. A program product embodied in a storage media and containing program instructions readable by a computer for authorizing a network user as entitled to access a computing node of the network, comprising
a first program segment for performing an initial exchange of protocol messages between the user and the computing node to establish initial communications without presenting to the user an access screen, a second program segment for presenting an authenticated user certificate from the user to the computing node, a third program segment for mapping the authenticated user certificate into a user identification associated with the user, a fourth program segment for verifying from the user certificate that the user represented by the user certificate is entitled to access the computing node based on the user identification and a resource name assigned to the computing node, a fifth program segment for denying further access to the computing node if the user is not entitled to access the computing node, and a sixth program segment for presenting the user with an opportunity to logon to the computing node if the user is verified to access the computing node.
-
6. A program product embodied in a storage media and containing program instructions readable by a computer for authorizing a network user as entitled to access the network, comprising
a first program segment for receiving at a node of the network one or more initial protocol messages from a user to establish initial communications with the user station without presenting to the user station an access screen, a second program segment for receiving an authenticated user certificate from the user station, a third program segment for mapping the authenticated user certificate into a user identification associated with the user, a fourth program segment for verifying from the user certificate that the user represented by the user certificate is entitled to access the computing node based on the user identification and a resource name assigned to the node, a fifth program segment for denying further access to the computing node if the user is not entitled to access the computing node, and a sixth program segment for transmitting an access screen to the user if the user is verified to access the computing node.
-
7. A carrier wave embodying program instructions readable by a computer for authorizing a network user as entitled to access a computing node of the network, the computer instructions comprising
a first program segment for performing an initial exchange of protocol messages between the user and the computing node to establish initial communications without presenting to the user an access screen, a second program segment for presenting an authenticated user certificate from the user to the computing node, a third program segment for mapping the authenticated user certificate into a user identification, a fourth program segment for verifying from the user certificate that the user represented by the user certificate is entitled to access the computing node based on the user identification and a resource name assigned to the computing node, a fifth program segment for denying further access to the computing node if the user is not entitled to access the computing node, and a sixth program segment for presenting the user with an opportunity to access the computing node if the user is verified to access the computing node.
-
8. A carrier wave embodying program instructions readable by a computer for authorizing a network user as entitled to access the network, the computer instructions comprising
a first program segment for receiving at a node of the network one or more initial protocol messages from a user to establish initial communications with the user without presenting to the user an access screen, a second program segment for receiving an authenticated user certificate from the user, a third program segment for mapping the authenticated user certificate into a user identification associated with the user, a fourth program segment for verifying from the user certificate that the user represented by the user certificate is entitled to access the computing node based on the user identification and a resource name assigned to the node, a fifth program segment for denying further access to the computing node if the user is not entitled to access the computing node, and a sixth program segment for transmitting an access screen to the computing node if the user is verified to access the computing node.
Specification