Single sign-on to an underlying operating system application

US 7,137,141 B1
Filed: 08/16/2000
Issued: 11/14/2006
Est. Priority Date: 08/16/2000
Status: Active Grant

First Claim

Patent Images

1. A method of bypassing an initial sign-on screen of an underlying operating system with a single sign-on capability comprising the steps of:

providing an application framework, wherein said application framework logs on a user with a first level of access in said underlying operating system;

generating an application framework sign-on screen;

entering a logon input on said generated application framework sign-on screen; and

comparing said logon input with an application framework security database to determine level of access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and computer program product for bypassing the initial sign-on of an underlying operating system with single sign-on capability. In one embodiment, a method comprises the step of providing an application framework which logs on a user with a first level of access in the underlying operating system thereby bypassing the initial sign-on screen of the underlying operating system. The method further comprises entering a logon input, e.g., userID and password, on a generated application framework sign-on screen by the user. The method further comprises comparing the logon input with an application framework security database to determine the level of access. If the user is only entitled to the first level of access, then the user is restricted to a first level of access. If the user is entitled to another level of access, then a switch user program may be executed to switch the level of access to a second level of access, i.e., change in the assortment and/or number of applications. In another embodiment, the user selects an icon to maintain a first level of access upon entering the logon input. In another embodiment, the user selects an icon to change the level of access upon entering the logon input.

23 Citations

View as Search Results

81 Claims

1. A method of bypassing an initial sign-on screen of an underlying operating system with a single sign-on capability comprising the steps of:
- providing an application framework, wherein said application framework logs on a user with a first level of access in said underlying operating system;
  
  generating an application framework sign-on screen;
  
  entering a logon input on said generated application framework sign-on screen; and
  
  comparing said logon input with an application framework security database to determine level of access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. The method as recited in claim 1 further comprising the step of:
    - selecting an indication of said first level of access.
  - 3. The method as recited in claim 1, wherein said user is logged onto said underlying operating system and an application environment with said first level of access thereby bypassing said initial sign-on screen of said underlying operating system with said single sign-on.
  - 4. The method as recited in claim 1, wherein if said logon input is not entitled to a second level of access according to said application framework security database, then said user is logged onto an application environment and said underlying operating system as said first level of access.
  - 5. The method as recited in claim 1, wherein said logon input comprises a user identification and a user password.
  - 6. The method as recited in claim 1, wherein if said logon input is entitled to a second level of access according to said application framework security database, then the method further comprises the step of:
    - executing a switch user program to switch said user to said second level of access.
  - 7. The method as recited in claim 1, wherein said application framework security database stores system operator information, wherein said application framework security database defines at least one of the following:
    - users, passwords, groups of users and application specific authorization.
  - 8. The method as recited in claim 7, wherein said a switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 9. The method as recited in claim 8, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.
  - 10. The method as recited in claim 2, wherein if said logon input is not entitled to a second level of access according to said application framework security database, then an indication of said second level of access will not be generated to said user, wherein said user is restricted to said first level of access.
  - 11. The method as recited in claim 2, wherein if said logon input is entitled to a second level of access according to said application framework security database, then the method further comprises the step of:
    - generating an indication of said second level of access.
  - 12. The method as recited in claim 11 further comprising the step of:
    - executing a switch user program to switch level of access to said second level of access by selecting said indication of said second level of access.
  - 13. The method as recited in claim 12, wherein said switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 14. The method as recited in claim 13, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.
  - 15. The method as recited in claim 1 further comprising the step of:
    - selecting an indication of a second level of access.
  - 16. The method as recited in claim 15, wherein if said logon input is not entitled to said second level of access according to said application framework security database, then said user is restricted to said first level of access.
  - 17. The method as recited in claim 15, wherein if said logon input is entitled to said second level of access according to said application framework security database, then the method further comprises the step of:
    - executing a switch user program to switch said user to said second level of access.
  - 18. The method as recited in claim 17 further comprising the step of:
    - transferring said logon input to said underlying operating system for verification.
  - 19. The method as recited in claim 18 further comprising the step of:
    - comparing said logon input with an underlying operating system security database, wherein if said underlying operating system security database verifies said user with access to said second level of access, then said switch user program switches said user to said second level of access.
  - 20. The method as recited in claim 19, wherein said switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 21. The method as recited in claim 20, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.
  - 22. The method as recited in claim 18 further comprising the step of:
    - comparing said logon input with an underlying operating system security database, wherein if said underlying operating system security database does not verify said user with access to said second level of access, then the method further comprises the step of;
      
      requesting from said user a logon identification; and
      
      comparing said logon identification with said underlying operating system security database.
  - 23. The method as recited in claim 22, wherein said logon identification comprises a user identification and a user password.
  - 24. The method as recited in claim 22, wherein if said underlying operating system security database does not verify said user with access to said second level of access, then said user is restricted to said first level of access.
  - 25. The method as recited in claim 22, wherein if said underlying operating system security database verifies said user with access to said second level of access, then said switch user program switches said user to said second level of access.
  - 26. The method as recited in claim 25, wherein said switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 27. The method as recited in claim 26, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.

28. A computer program product having a computer readable medium having computer program logic recorded thereon for bypassing an initial sign-on screen of an underlying operating system with a single sign capability, comprising:
- programming operable for providing an application framework, wherein said application framework logs on a user with a first level of access in said underlying operating system;
  
  programming operable for generating an application framework sign-on screen;
  
  programming operable for receiving a logon input entered on said generated application framework sign-on screen; and
  
  programming operable for comparing said logon input with an application framework security database to determine level of access.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 29. The computer program product as recited in claim 28 further comprises:
    - programming operable for selecting an indication of said first level of access.
  - 30. The computer program product as recited in claim 28, wherein said user is logged onto said underlying operating system and an application environment with said first level of access thereby bypassing said initial sign-on screen of said underlying operating system with said single sign-on.
  - 31. The computer program product as recited in claim 28, wherein if said logon input is not entitled to a second level of access according to said application framework security database, then said user is restricted to said first level of access.
  - 32. The computer program product as recited in claim 28, wherein said logon input comprises a user identification and a user password.
  - 33. The computer program product as recited in claim 28, wherein said application framework security database stores system operator information, wherein said application framework security database defines at least one of the following:
    - users, passwords, groups of users and application specific authorization.
  - 34. The computer program product as recited in claim 28, wherein if said logon input is entitled to a second level of access according to said application framework security database, then the computer program product further comprises:
    - programming operable for executing a switch user program to switch said user to said second level of access.
  - 35. The computer program product as recited in claim 34, wherein said switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 36. The computer program product as recited in claim 35, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.
  - 37. The computer program product as recited in claim 29, wherein if said logon input is not entitled to a second level of access according to said application framework security database, then an indication of said second level of access will not be generated to said user, wherein said user is restricted to said first level of access.
  - 38. The computer program product as recited in claim 29, wherein if said logon input is entitled to a second level of access according to said application framework security database, then the computer program product further comprises:
    - programming operable for generating an indication of said second level of access.
  - 39. The computer program product as recited in claim 38 further comprises:
    - programming operable for executing a switch user program to switch level of access to said second level of access by selecting said indication of said second level of access.
  - 40. The computer program product as recited in claim 39, wherein said switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 41. The computer program product as recited in claim 40, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.
  - 42. The computer program product as recited in claim 28 further comprises:
    - programming operable for selecting an indication of a second level of access.
  - 43. The computer program product as recited in claim 42, wherein if said logon input is not entitled to said second level of access according to said application framework security database, then said user is restricted to said first level of access.
  - 44. The computer program product as recited in claim 42, wherein if said logon input is entitled to said second level of access according to said application framework security database, then the computer program product further comprises:
    - programming operable for executing a switch user program to switch said user to said second level of access.
  - 45. The computer program product as recited in claim 44 further comprises:
    - programming operable for transferring said logon input to said underlying operating system for verification.
  - 46. The computer program product as recited in claim 45 further comprises:
    - programming operable for comparing said logon input with an underlying operating system security database, wherein if said underlying operating system security database verifies said user with access to said second level of access, then said switch user program switches said user to said second level of access.
  - 47. The computer program product as recited in claim 46, wherein said switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 48. The computer program product as recited in claim 47, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.
  - 49. The computer program product as recited in claim 45 further comprises:
    - programming operable for comparing said logon input with an underlying operating system security database, wherein if said underlying operating system security database does not verify said user with access to said second level of access, then the computer program product further comprises;
      
      programming operable for requesting from said user a logon identification; and
      
      programming operable for comparing said logon identification with said underlying operating system security database.
  - 50. The computer program product as recited in claim 49, wherein said logon identification comprises a user identification and a user password.
  - 51. The computer program product as recited in claim 49, wherein if said underlying operating system security database does not verify said user with access to said second level of access, then said user is restricted to said first level of access.
  - 52. The computer program product as recited in claim 49, wherein if said underlying operating system security database verifies said user with access to said second level of access, then said switch user program switches said user to said second level of access.
  - 53. The computer program product as recited in claim 52, wherein said switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 54. The computer program product as recited in claim 53, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.

55. A data processing system, comprising:
- a processor;
  
  a memory unit operable for storing a computer program operable for bypassing an initial sign-on screen of an underlying operating system with a single sign capability;
  
  an input mechanism;
  
  an output mechanism; and
  
  a bus system coupling the processor to the memory unit, input mechanism, and output mechanism, wherein the computer program is operable for performing the following programming steps;
  
  providing an application framework, wherein said application framework logs on a user with a first level of access in said underlying operating system;
  
  generating an application framework sign-on screen;
  
  receiving a logon input entered on said generated application framework sign-on screen; and
  
  comparing said logon input with an application framework security database to determine level of access.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81)
- - 56. The data processing system as recited in claim 55, wherein the computer program is further operable to perform the programming step:
    - selecting an indication of said first level of access.
  - 57. The data processing system as recited in claim 55, wherein said user is logged onto said underlying operating system and an application environment with said first level of access thereby bypassing said initial sign-on screen of said underlying operating system with said single sign-on.
  - 58. The data processing system as recited in claim 55, wherein if said logon input is not entitled to a second level of access according to said application framework security database, then said user is logged onto an application environment and said underlying operating system as said first level of access.
  - 59. The data processing system as recited in claim 55, wherein said logon input comprises a user identification and a user password.
  - 60. The data processing system as recited in claim 55, wherein said application framework security database stores system operator information, wherein said application framework security database defines at least one of the following:
    - users, passwords, groups of users and application specific authorization.
  - 61. The data processing system as recited in claim 55, wherein if said logon input is entitled to a second level of access according to said application framework security database, then the computer program is further operable to perform the programming step:
    - executing a switch user program to switch said user to said second level of access.
  - 62. The data processing system as recited in claim 61, wherein said switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 63. The data processing system as recited in claim 62, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.
  - 64. The data processing system as recited in claim 56, wherein if said logon input is not entitled to a second level of access according to said application framework security database, then an indication of said second level of access will not be generated to said user, wherein said user is restricted to said first level of access.
  - 65. The data processing system as recited in claim 56, wherein if said logon input is entitled to a second level of access according to said application framework security database, then the computer program is further operable to perform the programming step:
    - generating an indication of said second level of access.
  - 66. The data processing system as recited in claim 65, wherein the computer program is further operable to perform the programming step:
    - executing a switch user program to switch level of access to said second level of access by selecting said indication of said second level of access.
  - 67. The data processing system as recited in claim 65, wherein said switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 68. The data processing system as recited in claim 67, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.
  - 69. The data processing system as recited in claim 55, wherein the computer program is further operable to perform the programming step:
    - selecting an indication of a second level of access.
  - 70. The data processing system as recited in claim 69, wherein if said logon input is not entitled to said second level of access according to said application framework security database, then said user is restricted to said first level of access.
  - 71. The data processing system as recited in claim 69, wherein if said logon input is entitled to said second level of access according to said application framework security database, then the computer program is further operable to perform the programming step:
    - executing a switch user program to switch said user to said second level of access.
  - 72. The data processing system as recited in claim 71, wherein the computer program is further operable to perform the programming step:
    - transferring said logon input to said underlying operating system for verification.
  - 73. The data processing system as recited in claim 72, wherein the computer program is further operable to perform the programming step:
    - comparing said logon input with an underlying operating system security database, wherein if said underlying operating system security database verifies said user with access to said second level of access, then said switch user program switches said user to said second level of access.
  - 74. The data processing system as recited in claim 73, wherein said switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 75. The data processing system as recited in claim 74, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.
  - 76. The data processing system as recited in claim 72, wherein the computer program is further operable to perform the programming step:
    - comparing said logon input with an underlying operating system security database, wherein if said underlying operating system security database does not verify said user with access to said second level of access, then the computer program is further operable to perform the programming steps;
      
      requesting from said user a logon identification; and
      
      comparing said logon identification with said underlying operating system security database.
  - 77. The data processing system as recited in claim 76, wherein said logon identification comprises a user identification and a user password.
  - 78. The data processing system as recited in claim 76, wherein if said underlying operating system security database does not verify said user with access to said second level of access, then said user is restricted to said first level of access.
  - 79. The data processing system as recited in claim 76, wherein if said underlying operating system security database verifies said user with access to said second level of access, then said switch user program switches said user to said second level of access.
  - 80. The data processing system as recited in claim 79, wherein said switch user program switches said user to said second level of access by modifying an underlying operating system'"'"'s registry.
  - 81. The data processing system as recited in claim 80, wherein said switch user program logs off said user with said first level of access, wherein said underlying operating system logs on said user with said second level of access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
McClanahan, Mark Gregory
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Lanier, Benjamin E.

Application Number

US09/640,839
Time in Patent Office

2,281 Days
Field of Search

713/202
US Class Current

726/8
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0815   providing single-sign-on or...

Single sign-on to an underlying operating system application

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

81 Claims

Specification

Solutions

Use Cases

Quick Links

Single sign-on to an underlying operating system application

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

81 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links