User authentication system and method for multiple process applications
First Claim
1. A method of authenticating a user within a multiple process environment, comprising:
- authenticating the user;
receiving, by a first process requesting a profile token, the profile token representative of the user in response to successfully authenticating the user, the profile token having one or more associated usage limitations;
transferring the profile token to a second process;
changing a user under which the second process is running to the authenticated user represented by the profile token within the usage limitations associated with the profile token; and
performing, by the second process, one or more tasks on behalf of the authenticated user represented by the profile token.
1 Assignment
0 Petitions
Accused Products
Abstract
A user within a multiple process environment is initially authenticated, such as by verifying the user'"'"'s identification and password. A first process, such as a client, requests a profile token representative of the user in response to authenticating the user. The profile token has associated with it one or more usage limitations. The profile token is transferred from the first process to a second process, such as a server. The second process, upon receiving a valid profile token, is allowed to perform one or more tasks on behalf of the user within the token'"'"'s usage limitations. A profile token is invalidated upon violation of a usage limitation, such as a preestablished time-out period. One or more lookup tables are used to manage the profile tokens and to store certain user and profile token information, providing increased processing security.
159 Citations
30 Claims
-
1. A method of authenticating a user within a multiple process environment, comprising:
-
authenticating the user;
receiving, by a first process requesting a profile token, the profile token representative of the user in response to successfully authenticating the user, the profile token having one or more associated usage limitations;
transferring the profile token to a second process;
changing a user under which the second process is running to the authenticated user represented by the profile token within the usage limitations associated with the profile token; and
performing, by the second process, one or more tasks on behalf of the authenticated user represented by the profile token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus for authenticating a user within a multiple process environment, comprising:
-
a processor, a first process and a second process respectively operating on the processor;
a first interface, callable by the first process, that authenticates the user and generates a profile token representative of the user in response to successfully authenticating the user, the profile token having one or more associated usage limitations; and
a second interface, callable by the second process, that verifies validity of the profile token received from the first process, invalidates the profile token if usage limitations are violated, and, if valid, changes a user under which the second process is running to the authenticated user represented by the profile token within the usage limitations associated with the profile token so as to allow the second process to perform one or more tasks on behalf of the authenticated user represented by the profile token. - View Dependent Claims (15, 16, 18, 19, 20, 21, 22)
-
-
17. The apparatus of claim is, wherein the first processor is coupled to the second processor via a network connection.
-
23. A computer readable medium tangibly embodying a program executable for authenticating a user within a multiple process environment, comprising:
-
authenticating the user;
generating, by a first process, a profile token representative of the user in response to successfully authenticating the user, the profile token having associated usage limitations;
transferring the profile token to a second process;
changing a user under which the second process is running to the authenticated user represented by the profile token within the usage limitations associated with the profile token; and
performing, by the second process, one or more tasks on behalf of the authenticated user represented by the profile token. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
Specification