System and method for managing security access for users to network systems

US 7,281,263 B1
Filed: 02/23/2001
Issued: 10/09/2007
Est. Priority Date: 02/23/2001
Status: Active Grant

First Claim

Patent Images

1. An enterprise directory system configured to manage security access for a plurality of users to a plurality of different network systems connected to a network, the enterprise directory system comprising:

a processing system configured to process an individual request message from each of the plurality of different network systems to generate an individual response message for each of the plurality of different network systems that includes access rights for one of the plurality of users, and process a single termination message to generate individual termination messages for each of the plurality of different network systems that includes an instruction to terminate the access rights for the one of the plurality of users; and

an interface system coupled to the processing system and configured to receive the individual request messages from each of the plurality of different network systems, receive the single termination message, transmit the individual response messages to each of the plurality of different network systems, and transmit the individual termination messages to each of the plurality of different network systems for the processing system.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network security system for managing access to a plurality of different network systems for a plurality of users. The network security system includes an enterprise directory system configured to process request messages from each of the network systems requesting access rights for a user to generate a response message for each of the network systems that includes the access rights for the user. The enterprise directory system is also configured to process a single termination message to generate an individual termination message for each of the network systems that includes an instruction to terminate the access rights for one of the users. The resource directory is configured to receive an instruction to terminate the access rights for the corresponding user and process the instruction to generate the termination message for the enterprise directory system.

Citations

64 Claims

1. An enterprise directory system configured to manage security access for a plurality of users to a plurality of different network systems connected to a network, the enterprise directory system comprising:
- a processing system configured to process an individual request message from each of the plurality of different network systems to generate an individual response message for each of the plurality of different network systems that includes access rights for one of the plurality of users, and process a single termination message to generate individual termination messages for each of the plurality of different network systems that includes an instruction to terminate the access rights for the one of the plurality of users; and
  
  an interface system coupled to the processing system and configured to receive the individual request messages from each of the plurality of different network systems, receive the single termination message, transmit the individual response messages to each of the plurality of different network systems, and transmit the individual termination messages to each of the plurality of different network systems for the processing system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1 wherein the processing system is configured to process a first request message that includes a request for first access rights to a first one of the plurality of different network systems to generate a first response message that includes the first access rights, process a second request message that includes a request for second access rights to a second one of the plurality of different network systems to generate a second response message that includes the second access rights, and process the single termination message to generate the individual termination message for the first one of the plurality of different network systems and the second one of the plurality of different network systems.
  - 3. The system of claim 2 wherein the interface system is configured to receive the first request message and the second request message for the processing system.
  - 4. The system of claim 3 wherein the processing system is configured to process a user update message that includes access information for a new user to create a user record for the new user that includes access rights for the new user.
  - 5. The system of claim 4 wherein the processing system is configured to process another user update message that includes new access information for the one of the plurality of users to update an existing user record for the one of the plurality of users.
  - 6. The system of claim 5 wherein the processing system is configured to process the another update message to generate at least one termination message for at least one of the plurality of different network systems.
  - 7. The system of claim 5 wherein the processing system is configured to utilize the user record to process the individual request messages from each of the plurality of different network systems to generate the individual response messages for each of the plurality of different network systems.
  - 8. The system of claim 5 wherein the individual request messages from each of the plurality of different network systems are generated in response to receiving access information provided by an access card.
  - 9. The system of claim 8 wherein the individual request messages from each of the plurality of different network systems includes a user identification number provided by one of the plurality of users with the access information.
  - 10. The system of claim 8 wherein the individual request message from each of the plurality of different network systems includes a password provided by one of the plurality of users with the access information.
  - 11. The system of claim 8 wherein the access information is machine readable access information.
  - 12. The system of claim 8 wherein the number of the plurality of users is greater than one hundred.
  - 13. The system of claim 8 wherein the number of the plurality of users is greater than one thousand.
  - 14. The system of claim 8 wherein the number of the plurality of different network systems is greater than fifty.
  - 15. The system of claim 8 wherein the number of the plurality of different network systems is greater than one hundred.
  - 16. The system of claim 8 wherein access rights for the one of the plurality of users includes an instruction to permit access for the one of the plurality of users.
  - 17. The system of claim 8 wherein the access rights for the one of the plurality of users includes an instruction to deny access for the one of the plurality of users.

18. A network security system comprising:
- an enterprise directory system configured to process a request message from each of a plurality of different network systems that includes a request for access rights for one of a plurality of users, to generate a response message for each of the plurality of different network systems that includes the access rights, and process a single termination message to generate an individual termination message for each of the plurality of different network systems that includes an instruction to terminate the access rights for the one of the plurality of users;
  
  a resource directory configured to receive an instruction to terminate the access rights for the one of the plurality of users and process the instruction to generate the single termination message for the enterprise directory system; and
  
  a network access card system configured to interface with the resource directory to configure a network access card for each of the plurality of users, wherein the network access card for each of the plurality of users includes access information for the plurality of different network systems.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 19. The system of claim 18 wherein the access information is machine readable access information.
  - 20. The system of claim 18 wherein a first one of the plurality of different network systems is configured to receive the access information and process the access information to generate a first request message that includes a request for first access rights to the first one of the plurality of different network systems and a second one of the plurality of different network systems is configured to receive the access information and process the access information to generate a second request message that includes a request for second access rights to the second one of the plurality of different network systems.
  - 21. The system of claim 20 wherein the enterprise directory system is configured to receive and process the first request message to generate a first response message that includes the first access rights, receive and process the second request message to generate a second response message that includes the second access rights, and receive and process the single termination message to generate the individual termination message for the first one of the plurality of different network systems and the second one of the plurality of different network systems.
  - 22. The system of claim 20 wherein the resource directory is configured to receive a user profile for a new user and process the user profile to generate a user update message that includes access information for the new user and the enterprise directory system is configured to receive and process the user update message to generate a user record for the new user that includes the new user'"'"'s access rights.
  - 23. The system of claim 22 wherein the enterprise directory system is configured to utilize the user record to process the individual request messages from each of the plurality of different network systems to generate the individual response messages for each of the plurality of different network systems.
  - 24. The system of claim 20 wherein the resource directory is configured to receive update information for an existing user'"'"'s profile and process the update information to generate another user update message that includes the update information, and the enterprise directory system is configured to receive and process the another update message to update the existing user'"'"'s record.
  - 25. The system of claim 24 wherein the enterprise directory system is configured to receive and process the another update message to generate at least one of the individual termination messages for at least one of the plurality of different network systems.
  - 26. The system of claim 24 wherein each of the plurality of different network systems is configured to receive a user identification number along with the access information from the access card and provide the user identification number in the request message.
  - 27. The system of claim 24 wherein each of the plurality of different network systems is configured to receive a password along with the access information from the access card and provide the password in the request message.
  - 28. The system of claim 18 wherein the number of the plurality of users is greater than one hundred.
  - 29. The system of claim 18 wherein the number of the plurality of users is greater than one thousand.
  - 30. The system of claim 18 wherein the number of the plurality of different network systems is greater than fifty.
  - 31. The system of claim 18 wherein the number of the plurality of different network systems is greater than one hundred.

32. A method of operating an enterprise directory system configured to manage security access for a plurality of users to a plurality of different network systems connected to a network, the method comprising:
- receiving individual request messages from each of the plurality of different network systems;
  
  processing the individual request messages to generate an individual response message for each of the plurality of different network systems that includes access rights for one of the plurality of users;
  
  receiving a single termination message; and
  
  processing the single termination message to generate an individual termination message for each of the plurality of different network systems that includes an instruction to terminate the access rights for the one of the plurality of users.
- View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 33. The method of claim 32 the method further comprising:
    - receiving a first request message that includes a request for first access rights to a first one of the plurality of different network systems;
      
      processing the first request message to generate a first response message that includes the first access rights;
      
      receiving a second request message that includes a request for second access rights to a second one of the plurality of different network systems;
      
      processing the second request message to generate a second response message that includes the second access rights; and
      
      processing the single termination message to generate the individual termination message for the first one of the plurality of different network systems and the second one of the plurality of different network systems.
  - 34. The method of claim 33 the method further comprising:
    - receiving a user update message that includes access information for a new user; and
      
      processing the user update message to generate a user record for the new user that includes access rights for the new user.
  - 35. The method of claim 34 the method further comprising:
    - receiving another user update message that includes new access information for the one of the plurality of users; and
      
      processing the another user update message to update an existing user record for the one of the plurality of users.
  - 36. The method of claim 35 the method further comprising:
    - processing the another user update message to generate at least one termination message for at least one of the plurality of different network systems that includes the instruction to terminate the access rights of one of the plurality of users.
  - 37. The method of claim 35 the method further comprising:
    - using the user record to process the individual request messages from each of the plurality of different network systems to generate the individual response messages for each of the plurality of different network systems.
  - 38. The method of claim 35 wherein the individual request messages from each of the plurality of different network systems are generated in response to receiving access information provided by an access card.
  - 39. The method of claim 38 wherein the individual request messages from each of the plurality of different network systems includes a user identification number provided by one of the plurality of users with the access information.
  - 40. The method of claim 38 wherein the individual request message from each of the plurality of different network systems includes a password provided by one of the plurality of users with the access information.
  - 41. The method of claim 38 wherein the access information is machine readable access information.
  - 42. The method of claim 38 wherein the number of the plurality of users is greater than one hundred.
  - 43. The method of claim 38 wherein the number of the plurality of users is greater than one thousand.
  - 44. The method of claim 38 wherein the number of the plurality of different network systems is greater than fifty.
  - 45. The method of claim 38 wherein the number of the plurality of different network systems is greater than one hundred.
  - 46. The method of claim 38 wherein access rights for the one of the plurality of users includes an instruction to permit access for the one of the plurality of users.
  - 47. The method of claim 38 wherein the access rights for the one of the plurality of users includes an instruction to deny access for the one of the plurality of users.

48. A software product comprising:
- processing system instructions operational when executed on a processor to process an individual request message from each of a plurality of different network systems to generate an individual response message for each of the plurality of different network systems that includes access rights for one of a plurality of users, and process a single termination message to generate an individual termination message for each of the plurality of different network systems that includes an instruction to terminate the access rights for the one of the plurality of users;
  
  interface system instructions operational when executed on the processor to receive the individual request messages from each of the plurality of different network systems, receive the single termination message, transmit the individual response messages to each of the plurality of different network systems, and transmit the individual termination messages to each of the plurality of different network systems for the processing system; and
  
  a software storage medium operational to store the processing system instructions and the interface system instructions.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64)
- - 49. The product of claim 48 wherein the processing system instructions are further operational when executed on the processor to process a first request message that includes a request for first access rights to a first one of the plurality of different network systems to generate a first response message that includes the first access rights, process a second request message that includes a request for second access rights to a second one of the plurality of different network systems to generate a second response message that includes the second access rights, and process the single termination message to generate the individual termination message for the first one of the plurality of different network systems and the second one of the plurality of different network systems.
  - 50. The product of claim 49 wherein the interface system instructions are further operational when executed on the processor to receive the first request message and the second request message for the processing system.
  - 51. The product of claim 50 wherein the processing system instructions are further operational when executed on the processor to process a user update message that includes access information for a new user to generate a user record for the new user that includes access rights for the new user.
  - 52. The product of claim 51 wherein the processing system instructions are further operational when executed on the processor to process another user update message that includes new access information for the one of the plurality of users to update an existing user record for the one of the plurality of users.
  - 53. The product of claim 52 wherein the processing system instructions are further operational when executed on the processor to process the another update message to generate at least one termination message for at least one of the plurality of different network systems.
  - 54. The product of claim 52 wherein the processing system instructions are further operational when executed on the processor to utilize the user record to process the individual request messages from each of the plurality of different network systems to generate the individual response messages for each of the plurality of different network systems.
  - 55. The product of claim 52 wherein the individual request messages from each of the plurality of different network systems are generated in response to receiving access information provided by an access card.
  - 56. The product of claim 55 wherein the individual request messages from each of the plurality of different network systems includes a user identification number provided by one of the plurality of users with the access information.
  - 57. The product of claim 55 wherein the individual request message from each of the plurality of different network systems includes a password provided by one of the plurality of users with the access information.
  - 58. The product of claim 55 wherein the access information is machine readable access information.
  - 59. The product of claim 55 wherein the number of the plurality of users is greater than one hundred.
  - 60. The product of claim 55 wherein the number of the plurality of users is greater than one thousand.
  - 61. The product of claim 55 wherein the number of the plurality of different network systems is greater than fifty.
  - 62. The product of claim 55 wherein the number of the plurality of different network systems is greater than one hundred.
  - 63. The product of claim 55 wherein access rights for the one of the plurality of users includes an instruction to permit access for the one of the plurality of users.
  - 64. The product of claim 55 wherein the access rights for the one of the plurality of users includes an instruction to deny access for the one of the plurality of users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Norris, James W., Everson, John Michael, LaMastres, Daniel G.
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
Moorthy; Aravind K

Application Number

US09/792,322
Time in Patent Office

2,419 Days
Field of Search

713200-202
US Class Current

726/2
CPC Class Codes

G06F 21/6218 to a system of files or obj...

H04L 63/0853 using an additional device,...

System and method for managing security access for users to network systems

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

64 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing security access for users to network systems

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

64 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links