Impersonation in an access system
First Claim
Patent Images
1. A method for impersonating, comprising the steps of:
- receiving authentication credentials for a first entity and an identification of a second entity;
authenticating said first entity based on said authentication credentials for said first entity;
creating a cookie that stores an indication of said second entity if said step of authenticating is performed successfully;
authorizing said first entity to access a first resource as said second entity based on said cookie;
wherein;
said authentication credentials include an ID and a password;
said step of authenticating includes the steps of;
searching a directory server for a first user identity profile that matches said ID, verifying said password based on said user identity profile, searching said directory server for a second user identity profile that matches said identification of said second entity, and accessing one or more attributes of said second user identity profile; and
said cookie includes said one or more attributes of said second user identity profile.
5 Assignments
0 Petitions
Accused Products
Abstract
The present invention pertains to a system for managing network access to resources that allows a first entity to impersonate a second entity. In one embodiment, the first entity can impersonate the second entity without knowing the second entity'"'"'s password and/or without altering anything in the entity'"'"'s set of personal information. This invention provides the first entity with the ability to troubleshoot in a live production system without disrupting the users or the system. In one embodiment, the first entity authenticates as itself. Access to resources is provided in response to an authorization process based on the identity of the entity being impersonated.
-
Citations
41 Claims
-
1. A method for impersonating, comprising the steps of:
- receiving authentication credentials for a first entity and an identification of a second entity;
authenticating said first entity based on said authentication credentials for said first entity; creating a cookie that stores an indication of said second entity if said step of authenticating is performed successfully; authorizing said first entity to access a first resource as said second entity based on said cookie; wherein;
said authentication credentials include an ID and a password;
said step of authenticating includes the steps of;searching a directory server for a first user identity profile that matches said ID, verifying said password based on said user identity profile, searching said directory server for a second user identity profile that matches said identification of said second entity, and accessing one or more attributes of said second user identity profile; and said cookie includes said one or more attributes of said second user identity profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- receiving authentication credentials for a first entity and an identification of a second entity;
-
15. A method for impersonating, comprising the steps of:
-
receiving authentication credentials for a first entity and an identification of a second entity at an access system, said access system protects a first resource that is separate from said access system; authenticating said first entity based on said authentication credentials for said first entity, said step of authenticating is performed by said access system; and authorizing said first entity to access said first resource as said second entity, said step of authorizing is performed by said access system; wherein;
said authentication credentials include an ID and a password;
said step of authenticating includes the steps of;searching a directory server for a first user identity profile that matches said ID, verifying said password based on said user identity profile, searching said directory server for a second user identity profile that matches said identification of said second entity, and accessing one or more attributes of said second user identity profile; and said step of authorizing uses said one or more attributes of said second user identity profile. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method for impersonating, comprising the steps of:
-
receiving authentication credentials for a first entity and an identification of a second entity at an access system, said access system protects a plurality of resources receiving an indication of one or more of said plurality of resources; authenticating said first entity based on said authentication credentials for said first entity, said step of authenticating is performed by said access system; and authorizing said first entity to access said one or more of said plurality of resources as said second user, said step of authorizing is performed by said access system; wherein;
said authentication credentials include an ID and a password;
said step of authenticating includes the steps of;searching a directory server for a first user identity profile that matches said ID, verifying said password based on said user identity profile, searching said directory server for a second user identity profile that matches said identification of said second entity, and accessing one or more attributes of said second user identity profile; and said step of authorizing uses said one or more attributes of said second user identity profile. - View Dependent Claims (23, 24)
-
-
25. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
receiving authentication credentials for a first entity and an identification of a second entity; authenticating said first entity based on said authentication credentials for said first entity; creating a cookie that stores an indication of said second entity if said step of authenticating is performed successfully; and authorizing said first entity to access a first resource as said second entity based on said cookie; wherein;
said authentication credentials include an ID and a password;
said step of authenticating includes the steps of;searching a directory server for a first user identity profile that matches said ID, verifying said password based on said user identity profile, searching said directory server for a second user identity profile that matches said identification of said second entity, and accessing one or more attributes of said second user identity profile; and said cookie includes said one or more attributes of said second user identity profile. - View Dependent Claims (26, 27, 28, 29, 30)
-
-
31. An apparatus for providing access management that allows for impersonating, comprising:
-
a communication interface; a storage device; and a processing unit in communication with said communication interface and said storage device, said processing unit performs a method comprising the steps of; receiving authentication credentials for a first entity and an identification of a second entity, authenticating said first entity based on said authentication credential for said first entity, creating a cookie that stores an indication of said second entity if said step of authenticating is performed successfully, and authorizing said first entity to access a first resource as said second entity based on said cookie; wherein;
said authentication credentials include an ID and a password;
said step of authenticating includes the steps of;searching a directory server for a first user identity profile that matches said ID, verifying said password based on said user identity profile, searching said directory server for a second user identity profile that matches said identification of said second entity, and accessing one or more attributes of said second user identity profile; and said cookie includes said one or more attributes of said second user identity profile. - View Dependent Claims (32, 33)
-
-
34. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
receiving authentication credentials for a first entity and an identification of a second entity at an access system, said access system protects a first resource that is separate from said access system; authenticating said first entity based on said authentication credentials for said first entity, said step of authenticating is performed by said access system; and authorizing said first entity to access said first resource as said second entity, said step of authorizing is performed by said access system; wherein;
said authentication credentials include an ID and a password;
said step of authenticating includes the steps of;searching a directory server for a first user identity profile that matches said ID, verifying said password based on said user identity profile, searching said directory server for a second user identity profile that matches said identification of said second entity, and accessing one or more attributes of said second user identity profile; and said step of authorizing uses said one or more attributes of said second user identity profile. - View Dependent Claims (35, 36, 37, 38)
-
-
39. An apparatus for providing access management that allows for impersonating, comprising:
-
a communication interface; a storage device; and a processing unit in communication with said communication interface and said storage device, said processing unit performs a method comprising the steps of; receiving authentication credentials for a first entity and an identification of a second entity at an access system, said access system protects a first resource that is separate from said access system, authenticating said first entity based on said authentication credentials for said first entity, said step of authenticating is performed by said access system, and authorizing said first entity to access said first resource as said second entity, said step of authorizing is performed by said access system; wherein;
said authentication credentials include an ID and a password;
said step of authenticating includes the steps of;searching a directory server for a first user identity profile that matches said ID. verifying said password based on said user identity profile, searching said directory server for a second user identity profile that matches said identification of said second entity, and accessing one or more attributes of said second user identity profile; and said step of authorizing uses said one or more attributes of said second user identity profile. - View Dependent Claims (40, 41)
-
Specification