Security framework data scheme

US 7,257,834 B1
Filed: 10/31/2002
Issued: 08/14/2007
Est. Priority Date: 10/31/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A security database that stores, retrieves, and updates selected security information in response to application program interface calls of an authentication and authorization system to authenticate user identities and authorize access to resources, wherein the selected security information is stored as a data structure, the data structure comprising:

a primary authentication structure containing primary authentication information, wherein the primary authentication structure is superior to all other structures in the security database;

an alternate authentication structure containing general alternate authentication information, wherein the alternate authentication structure is subordinate to the primary authentication structure;

a legacy authentication structure containing legacy authentication information, wherein the legacy authentication structure is subordinate to the primary authentication structure;

an administrative structure containing administrative information for administrative activity within the components of the overall data structure, wherein the administrative structure is subordinate to the primary authentication structure; and

at least one cross-reference structure that breaks down many to many relationships between the primary authentication structure and a subordinate structure into any of a one to many, many to one, or one to one relationship, wherein the cross-reference structure is subordinate to the primary authentication structure and superior to the subordinate structure.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure is a method for bridging requests for access to resources between requestors in a distributed network and an authenticator servicing the distributed network. The bridging mechanism has security features including a naming service for machine authentication and machine process rules to authorize what process machines can perform. The security proxy bridge intercepts an access request, and checks the IP address for machine authentication as well as the machine process rules and if both verifications are successful, the bridge then forwards the request for access to the authenticator. The security proxy framework utilizes a data structure that provides a method for storing selected security information stored as data records supporting an authentication and authorization system for users to access resources on multiple components of a distributed network supporting multiple business units of an enterprise. Primary authentication information stored herein includes general user information, security information, and contact information.

44 Citations

View as Search Results

14 Claims

1. A security database that stores, retrieves, and updates selected security information in response to application program interface calls of an authentication and authorization system to authenticate user identities and authorize access to resources, wherein the selected security information is stored as a data structure, the data structure comprising:
- a primary authentication structure containing primary authentication information, wherein the primary authentication structure is superior to all other structures in the security database;
  
  an alternate authentication structure containing general alternate authentication information, wherein the alternate authentication structure is subordinate to the primary authentication structure;
  
  a legacy authentication structure containing legacy authentication information, wherein the legacy authentication structure is subordinate to the primary authentication structure;
  
  an administrative structure containing administrative information for administrative activity within the components of the overall data structure, wherein the administrative structure is subordinate to the primary authentication structure; and
  
  at least one cross-reference structure that breaks down many to many relationships between the primary authentication structure and a subordinate structure into any of a one to many, many to one, or one to one relationship, wherein the cross-reference structure is subordinate to the primary authentication structure and superior to the subordinate structure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The data structure of claim 1, wherein the alternate authentication structure comprises two structures subordinate to the primary authentication structure, a security question structure and a general alternate authentication structure.
  - 3. The data structure of claim 1, further comprising:
    - a group structure containing group information, wherein the group structure is subordinate to the primary authentication structure.
  - 4. The data structure of claim 3, wherein the group data structure is crosslinked with the administrative structure.
  - 5. The data structure of claim 1, further comprising:
    - a user structure containing user information, wherein the user structure is subordinate to the primary authentication structure.
  - 6. The data structure of claim 5, wherein the user structure comprises two structures subordinate to the primary authentication structure, a structure containing user account information and a structure containing miscellaneous user information.
  - 7. The data structure of claim 1, wherein the primary authentication information includes general user information, a first set of selected security information, and a first set of selected contact information.
  - 8. The data structure of claim 7, wherein the general user information includes any of a user id, a user login name, a description of the user, last successful and unsuccessful login dates, user creation date, and the date that user information was modified and the user id of who modified the user information.
  - 9. The data structure of claim 7, wherein the first set of selected security information includes any of a social security number, a user password, a date the password was most recently changed, a date a user certificate was most recently changed, token card details, status of a user login, a date a user account is enabled, a date a user account expires, a user acf2 id, and a user acf2 password.
  - 10. The data structure of claim 7, wherein the first set of selected contact information includes a user e-mail address.
  - 11. The data structure of claim 7, wherein the primary authentication information excludes a second set of contact information other than a primary e-mail address, a first set of selected user information, a second set of selected security information, localization information, and business related information.
  - 12. The data structure of claim 11, wherein the first set of selected user information includes a type of currency used, an id number for a self-registered user, alternate forms of a user name, and a lower case login id.
  - 13. The data structure of claim 11, wherein the second set of selected security information includes an IP address or hostname of a location of a most recent successful or unsuccessful login, a number of wrong logins that are allowed before a user is locked out, when a user password will expire, and three most recent passwords.
  - 14. The data structure of claim 1, wherein the legacy authentication structure comprises two structures subordinate to the primary authentication structure, a prior authenticator role structure and a migration status structure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Kuruvalli, Bharath, Boydstun, Ken, Balasubramanian, Bala, Marshall, Steve
Primary Examiner(s)
REVAK, CHRISTOPHER A

Application Number

US10/284,809
Time in Patent Office

1,748 Days
Field of Search

726/1
US Class Current

726/1
CPC Class Codes

G06F 21/31 User authentication

Y10S 707/99939 Privileged access

Security framework data scheme

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Security framework data scheme

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links