Identity vectoring via chained mapping records
First Claim
1. A method for authorizing a user on a computer network using chained mapping records, the method including:
- receiving a digital certificate for a user requesting access to said computer network;
comparing a distinguished name or a partial distinguished name corresponding to the digital certificate with a plurality of mapping records;
replacing a variable from a first matching mapping record with an environmental factor to create a first search criteria, the first matching mapping record indicating the distinguished name or the partial distinguished name, wherein the environmental factor includes one or more system or application statuses in effect at the time the user signs-on the computer network, operable for enabling the first matching mapping record to point to multiple user identifications;
comparing the first search criteria with the plurality of mapping records; and
generating an authorization indicator responsive to at least one of comparing the distinguished name or a partial distinguished name and comparing the first search criteria with the plurality of mapping records.
1 Assignment
0 Petitions
Accused Products
Abstract
An identity vectoring method is accomplished by matching a distinguished name or partial distinguished name from a digital certificate with a distinguished name mapping record. A data field in the distinguished name mapping record includes either a variable name or a user ID. The variable name corresponds to any environmental factor. The next mapping record to be considered, the criteria mapping record, is determined by substituting the environmental factor for the variable name in the data field. A data field in the criteria mapping record includes either a variable name or a user ID. The process completes when a mapping record containing only a user ID is encountered or when no matching criteria mapping records are found.
62 Citations
24 Claims
-
1. A method for authorizing a user on a computer network using chained mapping records, the method including:
-
receiving a digital certificate for a user requesting access to said computer network; comparing a distinguished name or a partial distinguished name corresponding to the digital certificate with a plurality of mapping records; replacing a variable from a first matching mapping record with an environmental factor to create a first search criteria, the first matching mapping record indicating the distinguished name or the partial distinguished name, wherein the environmental factor includes one or more system or application statuses in effect at the time the user signs-on the computer network, operable for enabling the first matching mapping record to point to multiple user identifications; comparing the first search criteria with the plurality of mapping records; and generating an authorization indicator responsive to at least one of comparing the distinguished name or a partial distinguished name and comparing the first search criteria with the plurality of mapping records. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for authorizing a user on a computer network using chained mapping records, the system including:
-
a digital certificate means for receiving a distinguished name over said computer network, said distinguished name corresponding to the user; a distinguished name mapping record within a directory database, said distinguished name mapping record indicative of at least a portion of said distinguished name, said distinguished name mapping record including a first data field, said first data field including a first variable indicative of a first environmental factor, wherein the first environmental factor includes one or more system or application statuses in effect at the time said digital certificate is received the user signs-on the computer network, operable for enabling said first matching mapping record to point to multiple user identities; a first criteria mapping record corresponding to a first state of said first environmental factor, said first criteria mapping record including a second data field, said second data field including a first user identity; and a mapping process configured to receive said digital certificate, wherein said mapping process generates a security context control block using said first user identity in response to said first state of said first environmental factor, wherein said digital certificate means is on a computer readable medium. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A storage medium encoded with machine-readable computer program code for authorizing a user on a computer network using chained mapping records, the storage medium including instructions for causing a computer to implement a method comprising:
-
comparing a distinguished name or a partial distinguished name corresponding to the user with a plurality of mapping records; replacing a variable from a first matching mapping record with an environmental factor to create a first search criteria, the first matching mapping record indicating the distinguished name or the partial distinguished name, wherein the environmental factor includes one or more system or application statuses in effect at the time the user signs-on on the computer network, operable for enabling the first matching mapping record to point to multiple user identifications; comparing the first search criteria with the plurality of mapping records; and
generating an authorization indicator responsive to at least one of comparing the distinguished name or a partial distinguished name and comparing the first search criteria with the plurality of mapping records. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification