Uniform resource locator access management and control system and method

US 7,243,369 B2
Filed: 04/22/2002
Issued: 07/10/2007
Est. Priority Date: 08/06/2001
Status: Active Grant

First Claim

Patent Images

1. A uniform resource locator (URL) access enforcement system comprising:

a server having a centrally controlled URL access enforcement system;

a plurality of web-based applications that are accessed via said centrally controlled URL access enforcement system; and

a single sign-on access system coupled to said server for providing single sign-on access authentication and authorization to said plurality of web-based applications for a user,wherein said server comprises a URL access control logic for controlling user access requests to URLs in said server comprising an identification token for uniquely identifying each authenticated user that successfully connects to said server,wherein said URL access control logic further comprises a URL access list comprising a list of URLs that an authenticated user connected to said server accesses, wherein the URL access list comprises an access allow list that comprises a respective list of URLs that each authenticated user is permitted to access, and an access deny list that contains a respective list of URLs that each authenticated user is not permitted to access, wherein said access deny list takes precedence over said access allow list, and wherein a user URL request is compared to said access allow list and said access deny list to determine which URLs an authenticated user is permitted to access,wherein said identification token comprises information indicating whether a user request is subject to URL policy enforcement, andwherein said single sign-on system comprises token listening logic configured to notify each of said plurality web-based applications when said identification token that is assigned to said user expires.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an enterprise server environment having a uniform resource locator (URL) access management and control system. The server includes a user authentication logic to authenticate users attempting to connect to the server to access URL file and directories residing in the server. In one embodiment of the present invention, the user is provided with an identification token and a user URL access policy which allows the user'"'"'s credentials to be validated and permitted access to a list of URLs in the directory server. In one embodiment of the present invention, a URL access enforcement logic uses the user'"'"'s URL access policy to determine which URLs in the directory server a user may or may not access. The user'"'"'s URL access policy may include an access deny or an access allow value which respectively denies or allows the user access to particular URL.

264 Citations

18 Claims

1. A uniform resource locator (URL) access enforcement system comprising:
- a server having a centrally controlled URL access enforcement system;
  
  a plurality of web-based applications that are accessed via said centrally controlled URL access enforcement system; and
  
  a single sign-on access system coupled to said server for providing single sign-on access authentication and authorization to said plurality of web-based applications for a user,wherein said server comprises a URL access control logic for controlling user access requests to URLs in said server comprising an identification token for uniquely identifying each authenticated user that successfully connects to said server,wherein said URL access control logic further comprises a URL access list comprising a list of URLs that an authenticated user connected to said server accesses, wherein the URL access list comprises an access allow list that comprises a respective list of URLs that each authenticated user is permitted to access, and an access deny list that contains a respective list of URLs that each authenticated user is not permitted to access, wherein said access deny list takes precedence over said access allow list, and wherein a user URL request is compared to said access allow list and said access deny list to determine which URLs an authenticated user is permitted to access,wherein said identification token comprises information indicating whether a user request is subject to URL policy enforcement, andwherein said single sign-on system comprises token listening logic configured to notify each of said plurality web-based applications when said identification token that is assigned to said user expires.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The URL access enforcement system of claim 1, further comprising a login logic for providing a login interface for providing user connection to said user.
  - 3. The URL access enforcement system of claim 1, wherein said URL access control logic comprises a policy agent logic for executing a set of authentication functions in said server to verify authentication credentials of a user attempting to connect to said server.
  - 4. The URL access enforcement system of claim 1, further comprising a URL policy enforcement logic for enforcing URL access policies of each authenticated user connecting to said server to access a list of URL files and directories.
  - 5. The URL access enforcement system of claim 4, wherein said URL access policy is unique to each authenticated user connecting to said server.

6. An enterprise server system, comprising:
- authentication service logic for providing single sign-on access authentication and authorization to said server system for a user;
  
  session service logic for tracking and monitoring a user access session to directories and files in said server system;
  
  profile logic for storing a user profile defining each user'"'"'s access to said directories and said files in said server system;
  
  uniform resource locator (URL) access control logic for controlling user access requests to URLs in said server system, wherein said URL access control logic comprises an identification token for uniquely identifying each authenticated user that successfully connects to said server system, wherein said identification token comprises information indicating whether a user request is subject to URL policy enforcement, wherein said URL access control logic further comprises a URL access list comprising a list of URLs that an authenticated user connected to said server accesses, wherein the URL access list comprises an access allow list that comprises a respective list of URLs that each authenticated user is permitted to access, and an access deny list that contains a respective list of URLs that each authenticated user is not permitted to access, wherein said access deny list takes precedence over said access allow list, and wherein a user URL request is compared to said access allow list and said access deny list to determine which URLs an authenticated user is permitted to access;
  
  login logic for providing a login interface between each user and said server system; and
  
  listening logic configured to notify said server system when said identification token that is assigned to said user expires.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 7. The server system of claim 6, wherein said authentication service logic comprises an authentication framework module for configuring a plurality of authentication modules based on characteristics of an organization.
  - 8. The server system of claim 7, wherein said authentication service logic further comprises authentication interfaces substantially based on said hypertext transport protocol (HTTP).
  - 9. The server system of claim 6, wherein said URL access control logic comprises a policy agent logic for executing a set of authentication functions in said server system to verify authentication credentials of each user attempting to connect to said server system.
  - 10. The server system of claim 6, wherein said URL access control logic further comprises a URL policy enforcement logic for enforcing URL access policies of each authenticated user connecting to said server system to access.
  - 11. The server system of claim 10, wherein said URL access policy is unique to each authenticated user connecting to said server system.
  - 12. The server system of claim 6, wherein said URL access list also comprises an access not enforced list that contains a respective list of URLs not subject to said URL enforcement policy of said URL access control logic, but which each authenticated user is permitted to access.
  - 13. The server system of claim 10, wherein said URL access control logic further comprises a cache for storing updated user credentials and URL access policy information.
  - 14. The server system of claim 6, wherein contents of said URL access list is modifiable for each entity using said server system within a business enterprise.
  - 15. The server system of claim 12, wherein access to said access not enforced list requires said user profile and authentication characteristics.

16. A method for enforcing uniform resource locator (URL) files and directories in a server environment, said method comprising:
- authenticating a user URL request transmitted to said server from a user, wherein said server comprises a URL access control logic for controlling user access requests to URLs,wherein said URL access control logic further comprises a URL access list comprising a list of URLs that an authenticated user connected to said server accesses, wherein said URL access list comprises an access allow list comprising a respective list of URLs that each authenticated user is permitted to access, and an access deny list containing a respective list of URLs that each authenticated user is not permitted to access, wherein said access deny list takes precedence over said access allow list;
  
  establishing a session for said user URL request to identify said user across different requests to said server;
  
  providing an identification token to uniquely identify said user URL request as part of a single sign-on access, wherein said identification token comprises information indicating that a user request is subject to a URL enforcement policy; and
  
  retrieving said URL enforcement policy that matches said user URL request;
  
  determining which URL files and directories said user URL request can access using said URL enforcement policy, wherein determining which URL files and directories said user URL request accesses comprises comparing said user URL request to said URL access allow list and said URL access deny list;
  
  providing single sign-on access authentication and authorization to said URL files and directories for said user; and
  
  notifying said URL files and directories when said identification token that is assigned to said user expires using token listening logic.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, wherein said providing a URL enforcement policy comprises intercepting user credentials in said user URL request to validate said credentials.
  - 18. The method of claim 17, wherein said intercepting said user credentials comprises checking valid user credentials to determine whether said user request has authorization to access a list of URLs in said server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Bhat, Shivaram, Nelson, James F.
Primary Examiner(s)
Song; Hosuk
Assistant Examiner(s)
SHAW, YIN CHEN

Application Number

US10/127,898
Publication Number

US 20030200442A1
Time in Patent Office

1,905 Days
Field of Search

709217-225, 709/229, 713/182, 713/185, 713/200, 713/201, 713/156, 713/168, 705/59, 705/77, 705/1, 705/55, 726 1- 10, 726 26- 28, 707 9- 10
US Class Current

726/6
CPC Class Codes

H04L 63/102 Entity profiles

H04L 67/02 based on web technology, e....

Uniform resource locator access management and control system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

264 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Uniform resource locator access management and control system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

264 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others