System and method for granting access to resources

US 7,076,795 B2
Filed: 01/11/2002
Issued: 07/11/2006
Est. Priority Date: 01/11/2002
Status: Active Grant

First Claim

Patent Images

1. System for authorizing access to a resource requested by a user, said system comprising:

a first table entry listing a userID and a first name of said user as an individual which validly corresponds to said userID;

a second table entry listing said userID and a second, different name of said user as an individual which validly corresponds to said userID;

a third table entry indicating that said first user name is part of a first group of individuals;

a fourth table entry indicating that said second user name is part of a second, different group of individuals;

fifth table entries listing;

said first name and a first resource accessible to said first name,said second name and a second resource accessible to said second name,said first group and a third resource accessible to said first group, andsaid second group and a fourth resource accessible to said second group; and

authorization means, responsive to receipt of a request based on said userID to access a resource and authentication of said userID, for determining based on said first table entry that said userID corresponds to said first user name, determining based on said second table entry that said userID also corresponds to said second user name, determining based on said third table entry that said first user name is part of said first group, determining based on said fourth table entry that said second user name is part of said second group, and determining based on said fifth table entries whether any of said first name, said second name, said first group or said second group is authorized to access the requested resource, and if so, granting said userID access to said requested resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for authorizing access to resources requested by a first user. To begin the process, the first user submits an ID of the first user as an individual requesting access to one of the resources. The first user is also a member of a group comprising a plurality of individual users. A first table indicates at least one group of a plurality of individual users. A second table indicates which resources are accessible by which of the users and which resources are accessible by which of the groups. An authorization program compares the first user to entries in the first table to determine which group or groups the first user is a member. Next, the authorization program compares the first user and the group or groups in which the first user is a member to entries in the second table to determine which resources the first user is authorized to access. Thus, the resources that the user ID is authorized to access are based not only on the user as an individual, but the group or groups in which the user is a member. The user need submit only one ID of the user as an individual to access both sets of resources.

60 Citations

View as Search Results

18 Claims

1. System for authorizing access to a resource requested by a user, said system comprising:
- a first table entry listing a userID and a first name of said user as an individual which validly corresponds to said userID;
  
  a second table entry listing said userID and a second, different name of said user as an individual which validly corresponds to said userID;
  
  a third table entry indicating that said first user name is part of a first group of individuals;
  
  a fourth table entry indicating that said second user name is part of a second, different group of individuals;
  
  fifth table entries listing;
  
  said first name and a first resource accessible to said first name,said second name and a second resource accessible to said second name,said first group and a third resource accessible to said first group, andsaid second group and a fourth resource accessible to said second group; and
  
  authorization means, responsive to receipt of a request based on said userID to access a resource and authentication of said userID, for determining based on said first table entry that said userID corresponds to said first user name, determining based on said second table entry that said userID also corresponds to said second user name, determining based on said third table entry that said first user name is part of said first group, determining based on said fourth table entry that said second user name is part of said second group, and determining based on said fifth table entries whether any of said first name, said second name, said first group or said second group is authorized to access the requested resource, and if so, granting said userID access to said requested resource.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A system as set forth in claim 1 wherein said user submits a password along with said userID, and further comprising authentication means for validating a combination of said password and said userID to authenticate said userID.
  - 3. A system as set forth in claim 1 wherein said first group but not said first name, said second name or said second group is directly listed as authorized to access said requested resource.
  - 4. A system as set forth in claim 1 wherein said second name, but not said first name, said first group or said second group is directly listed as authorized to access said requested resource.
  - 5. A system as set forth in claim 1 wherein:
    - said first name comprises a first, last or nickname of said user and a first geographic location associated with said user; and
      
      said second name comprises said first, last or nickname of said user and a second, different geographic location associated with said user.
  - 6. A system as set forth in claim 1 wherein said third table entry identifies said first group of individuals by a first group name and a first group ID, and said fourth table entry identifies said second group of individuals by a second group name and a second group ID.

7. Method for authorizing access to a resource requested by a user, said method comprising the steps of:
- generating a first table entry listing a userID and a first name of said user as an individual which validly corresponds to said userID;
  
  generating a second table entry listing said userID and a second, different name of said user as an individual which validly corresponds to said userID;
  
  generating a third table entry indicating that said first user name is part of a first group of individuals;
  
  generating a fourth table entry indicating that said second user name is part of a second, different group of individuals;
  
  generating fifth table entries listing;
  
  said first name and a first resource accessible to said first name,said second name and a second resource accessible to said second name,said first group and a third resource accessible to said first group, andsaid second group and a fourth resource accessible to said second group; and
  
  in response to receipt of a request based on said userID to access a resource and authentication of said userID, automatically determining based on said first table entry that said userID corresponds to said first user name, automatically determining based on said second table entry that said userID also corresponds to said second user name, automatically determining based on said third table entry that said first user name is part of said first group, automatically determining based on said fourth table entry that said second user name is part of said second group, and automatically determining based on said fifth table entries whether any of said first name, said second name, said first group or said second group is authorized to access the requested resource, and if so, granting said userID access to said requested resource.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. A method as set forth in claim 7 wherein said user submits a password along with said userID, and further comprising the step of validating a combination of said password and said userID to authenticate said userID.
  - 9. A method as set forth in claim 7 wherein said first group but not said first name, said second name or said second group is directly listed as authorized to access said requested resource.
  - 10. A method as set forth in claim 7 wherein said second name, but not said first name, said first group or said second group is directly listed as authorized to access said requested resource.
  - 11. A method as set forth in claim 7 wherein:
    - said first name comprises a first, last or nickname of said user and a first geographic location associated with said user; and
      
      said second name comprises said first, last or nickname of said user and a second, different geographic location associated with said user.
  - 12. A method as set forth in claim 7 wherein said third table entry identifies said first group of individuals by a first group name and a first group ID, and said fourth table entry identifies said second group of individuals by a second group name and a second group ID.

13. A computer program product for authorizing access to a resource requested by a user, said computer program product comprising:
- a computer readable medium;
  
  first program instructions to generate a first table entry listing a userID and a first name of said user as an individual which validly corresponds to said userID;
  
  second program instructions to generate a second table entry listing said userID and a second, different name of said user as an individual which validly corresponds to said userID;
  
  third program instructions to generate a third table entry indicating that said first user name is part of a first group of individuals;
  
  fourth program instructions to generate a fourth table entry indicating that said second user name is part of a second, different group of individuals;
  
  fifth program instructions to generate fifth table entries listing;
  
  said first name and a first resource accessible to said first name,said second name and a second resource accessible to said second name,said first group and a third resource accessible to said first group, andsaid second group and a fourth resource accessible to said second group; and
  
  sixth program instructions, responsive to receipt of a request based on said userID to access a resource and authentication of said userID, to determine based on said first table entry that said userID corresponds to said first user name, determine based on said second table entry that said userID also corresponds to said second user name, determine based on said third table entry that said first user name is part of said first group, determine based on said fourth table entry that said second user name is part of said second group, and determine based on said fifth table entries whether any of said first name, said second name, said first group or said second group is authorized to access the requested resource, and if so, grant said userID access to said requested resource; and
  
  whereinsaid first, second, third, fourth, fifth and sixth program instructions are recorded on said computer readable medium.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. A computer program product as set forth in claim 13 wherein said user submits a password along with said userID, and further comprising seventh program instructions to validate a combination of said password and said userID to authenticate said userID;
    - and wherein said seventh program instructions are recorded on said computer readable medium.
  - 15. A computer program product as set forth in claim 13 wherein said first group but not said first name, said second name or said second group is directly listed as authorized to access said requested resource.
  - 16. A computer program product as set forth in claim 13 wherein said second name, but not said first name, said first group or said second group is directly listed as authorized to access said requested resource.
  - 17. A computer program product as set forth in claim 13 wherein:
    - said first name comprises a first, last or nickname of said user and a first geographic location associated with said user, andsaid second name comprises said first, last or nickname of said user and a second, different geographic location associated with said user.
  - 18. A computer program product as set forth in claim 13 wherein said third table entry identifies said first group of individuals by a first group name and a first group ID, and said fourth table entry identifies said second group of individuals by a second group name and a second group ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hahn, Timothy James
Primary Examiner(s)
Smithers, Matthew

Application Number

US10/044,186
Publication Number

US 20030135755A1
Time in Patent Office

1,642 Days
Field of Search

726/21, 726/2, 707/1, 707/9, 707/6, 707/10
US Class Current

726/2
CPC Class Codes

G06F 21/6218   to a system of files or obj...

Y10S 707/99931   Database or file accessing

Y10S 707/99939   Privileged access

System and method for granting access to resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for granting access to resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links