System, method and computer program product for authenticating users using a lightweight directory access protocol (LDAP) directory server

US 7,185,361 B1
Filed: 01/31/2000
Issued: 02/27/2007
Est. Priority Date: 01/31/2000
Status: Expired due to Term

First Claim

Patent Images

1. A system for authorizing client access to a network resource, comprising:

a server having at least one directory that can be accessed using a network protocol, said at least one directory being configured to store information concerning an entity'"'"'s organization; and

a firewall that is configured to intercept network resource requests from a plurality of client users on an internal network, said firewall being operative to authorize a network resource request based upon a comparison of the contents of at least part of one or more entries in said at least one directory to an authorization filter, wherein said authorization filter is generated based on a directory schema that is predefined by said entity.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for providing authentication to a firewall using a lightweight directory access protocol (LDAP) directory server is disclosed. The firewall can be configured through a graphical user interface to implement an authentication scheme. The authentication scheme is based upon a determination of whether at least part of one or more LDAP entries satisfy an authorization filter.

124 Citations

15 Claims

1. A system for authorizing client access to a network resource, comprising:
- a server having at least one directory that can be accessed using a network protocol, said at least one directory being configured to store information concerning an entity'"'"'s organization; and
  
  a firewall that is configured to intercept network resource requests from a plurality of client users on an internal network, said firewall being operative to authorize a network resource request based upon a comparison of the contents of at least part of one or more entries in said at least one directory to an authorization filter, wherein said authorization filter is generated based on a directory schema that is predefined by said entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein said at least one directory is a lightweight directory access protocol directory.
  - 3. The system of claim 1, wherein said authorization filter is specified using a graphical user interface.
  - 4. The system of claim 1, wherein said authorization filter implements a per-user authentication scheme.
  - 5. The system of claim 1, wherein said authorization filter implements a per-service authentication scheme.
  - 6. The system of claim 1, wherein said firewall and said directory communicate using secure socket layer communication.
  - 7. The system of claim 1, wherein said firewall is configured to query multiple directories.

8. An authentication method at a firewall, comprising the steps of:
- (a) receiving a network resource request from a client user at an internal network;
  
  (b) querying, using a network protocol, at least one directory that is configured to store information concerning an entity'"'"'s organization, wherein said query is based upon an authorization filter that is generated based on a directory schema that is predefined by said entity;
  
  (c) determining, based on the results of said query, whether the contents of at least part of one or more entries in said at least one directory satisfy said authorization filter; and
  
  (d) permitting said network resource request through said firewall if said authorization filter is satisfied.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein step (b) comprises the step of querying said at least one directory using a lightweight directory access protocol.
  - 10. The method of claim 8, further comprising the step of specifying an authorization filter using a graphical user interface.
  - 11. The method of claim 10, wherein said specifying step comprises the step of specifying an authorization filter that implements a per-user authentication scheme.
  - 12. The method of claim 10, wherein said specifying step comprises the step of specifying an authorization filter that implements a per-service authentication scheme.
  - 13. The method of claim 8, wherein step (b) comprises the step of querying said directory using secure socket layer communication.
  - 14. The method of claim 8, wherein step (b) comprises the step of querying multiple directories.

15. A computer program product for enabling a processor in a computer system to implement an authentication process, said computer program product comprising:
- a computer usable medium having computer readable program code embodied in said medium for causing a program to execute on the computer system, said computer readable program code comprising;
  
  first computer readable program code for enabling the computer system to receive a network resource request from a client user at an internal network;
  
  second computer readable program code for enabling the computer system to query, using a network protocol, at least one directory that is configured to store information concerning an entity'"'"'s organization, wherein said query is based upon an authorization filter that is generated based on a directory schema that is predefined by said entity;
  
  third computer readable program code for enabling the computer system to determine, based on the results of said query, whether the contents of at least part of one or more entries in said at least one directory satisfy said authorization filter; and
  
  fourth computer readable program code for enabling the computer system to permit said network resource request through a firewall if said authorization filter is satisfied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Ashoff, Thomas D., Chew, Steve O., Mullican, Andrew J., Graham, Jeffrey J.
Primary Examiner(s)
Arani; Taghi T.

Application Number

US09/495,157
Time in Patent Office

2,584 Days
Field of Search

713/201, 713151-154, 707/1, 726/4, 726/8, 726 11- 14
US Class Current

726/4
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/08   for authentication of entit...

Y10S 707/99931   Database or file accessing

System, method and computer program product for authenticating users using a lightweight directory access protocol (LDAP) directory server

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

124 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

System, method and computer program product for authenticating users using a lightweight directory access protocol (LDAP) directory server

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

124 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others