System and method for ensuring security with multiple authentication schemes

US 7,308,580 B2
Filed: 04/23/2002
Issued: 12/11/2007
Est. Priority Date: 04/23/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for authenticating a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprising:

maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group user kind, user identifier, access control list code, and privilege set code, each privilege set code corresponding to a privilege set;

said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set;

connecting said user to a said database manager; and

logging on said user to said content manager running on top of said database manager to enable access by said user to said user data items selectively responsive to said user connecting to said database manager;

said user being authenticated by a third party; and

said user being authenticated with reference to said access control list table by said content manager; and

said user being logged on to said content manager responsive to said user connecting to said database manager when database (DB) user indicia and content manager (CM) user indicia are the same.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System for authenticating a user for logon to a content manager running on top of a database manager. A connect procedure connects the user to a database manager; and then a logon procedure logs on the user to the content manager selectively responsive to the user connecting to the database manager; the user being authenticated by a third party by way of a user exit or a trusted logon environment and privilege; or the user being authenticated by the content manager.

116 Citations

View as Search Results

16 Claims

1. A method for authenticating a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprising:
- maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group user kind, user identifier, access control list code, and privilege set code, each privilege set code corresponding to a privilege set;
  
  said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set;
  
  connecting said user to a said database manager; and
  
  logging on said user to said content manager running on top of said database manager to enable access by said user to said user data items selectively responsive to said user connecting to said database manager;
  
  said user being authenticated by a third party; and
  
  said user being authenticated with reference to said access control list table by said content manager; and
  
  said user being logged on to said content manager responsive to said user connecting to said database manager when database (DB) user indicia and content manager (CM) user indicia are the same.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, said user being logged on to said content manager by content manager authentication responsive to said content manager receiving database (DB) user indicia for a DB user having connect privilege and a correct logon password.
  - 3. The method of claim 1, said user being logged on to said content manager by third party authentication responsive to a user exit authenticating content manager (CM) user indicia.
  - 4. The method of claim 1, said user being logged on to said content manager by third party authentication responsive to said content manager receiving database (DB) user indicia for a DB user having connect and trusted logon privileges in a trusted logon system environment.

5. A method for authenticating a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprisingmaintaining controlled entities within said content manager, said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group content manager user indicia, access control list code, and privilege set code, each privilege set code corresponding to a privilege set;
- said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set;
  
  executing a database connect procedure with respect to database (DB) user indicia and DB user password;
  
  executing a content manager logon procedure with respect to content manager (CM) user indicia;
  
  said logon procedure including passing to a user exit said CM user indicia; and
  
  authenticating said user for logon and access to said user data items selectively responsive to one of (1) said user exit authenticating said CM user, and (2) said user exit not authenticating said CM and at least one of (A) and (B), whereA) represents said user exit authenticating said CM user; and
  
  (B) represents said user exit not authenticating said CM user and selectively one of (B1) (B2), and (B3), where (B1) represents said DB user indicia and said CM user indicia being the same;
  
  (B2) represents said DB user having connect privilege and said DB user password being correct; and
  
  (B3) represents said DB user having connect privilege and said DB user password being null and said DB user having trusted logon privilege within a trusted logon system environment.

6. A system for authenticating a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprising:
- a maintenance procedure for maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group user kind, user identifier, access control list code, and privilege set code, each privilege set code corresponding to a privilege set;
  
  said maintenance procedure, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set;
  
  a connect procedure for connecting said user to a said database manager; and
  
  a logon procedure for connecting said user to said content manager running on top of said database manager to enable access by said user to said user data items selectively responsive to said user connecting to said database manager;
  
  said user being authenticated by a third party; and
  
  said user being authenticated with reference to said access control list table by said content manager; and
  
  said user being logged on to said content manager responsive to said user connecting to said database manager when database (DB) user indicia and content manager (CM) user indicia are the same.
- View Dependent Claims (7, 8, 9)
- - 7. The system of claim 6, said user being logged on to said content manager by content manager authentication responsive to said content manager receiving database (DB) user indicia for a DB user having connect privilege and a correct logon password.
  - 8. The system of claim 6, said user being logged on to said content manager by third party authentication responsive to a user exit authenticating content manager (CM) user indicia.
  - 9. The system of claim 6, said user being logged on to said content manager by third party authentication responsive to said content manager receiving database (DB) user indicia for a DB user having connect and trusted logon privileges in a trusted logon system environment.

10. System for authenticating a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprising:
- a user exit;
  
  a maintenance procedure for maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group user indicia, access control list code, and privilege set code, each privilege set code corresponding to a privilege set;
  
  said maintenance procedure, responsive to modification of a given privilege set, for incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set;
  
  a database connect procedure for connecting said user to said database manager responsive to said user indicia and DB user password;
  
  a content manager logon procedure for logging on said user with respect to content manager (CM) user indicia; and
  
  said logon procedure passing to said user exit said CM user indicia and authenticating said user for logon selectively responsive to one of (1) said user exit authenticating said CM user, and (2) said user exit not authenticating said CM user and at least one of A, B, and C, whereA represents said DB user indicia and said CM user indicia being the same;
  
  B represents said DB user having connect privilege and said DB user password being correct; and
  
  C represents said DB user having connect privilege and said DB user password being null and said DB user having trusted logon privilege within a trusted logon system environment.

11. A program storage device readable by machine, tangibly embodying a program of instructions executable by a machine to perform a method for authorizing access by a user for access to controlled entities maintained at a server, said server including a content manager, a database manager, an user application, and user exits, comprising:
- maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group user kind, user identifier, access control list code, and privilege set code, each privilege set code corresponding to a privilege set;
  
  said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set;
  
  connecting said user to a said database manager; and
  
  logging on said user to said content manager running on top of said database manager to enable access by said user to said user data items selectively responsive to said user connecting to said database manager;
  
  said user being authenticated by a third party; and
  
  said user being authenticated with reference to said access control list table by said content manager; and
  
  said user being logged on to said content manager responsive to said user connecting to said database manager when database (DB) user indicia and content manager (CM) user indicia are the same.
- View Dependent Claims (12, 13, 14)
- - 12. The program storage device of claim 11, said user being logged on to said content manager by content manager authentication responsive to said content manager receiving database (DB) user indicia for a DB user having connect privilege and a correct logon password.
  - 13. The program storage device of claim 11, said user being logged on to said content manager by third party authentication responsive to a user exit authenticating content manager (CM) user indicia.
  - 14. The program storage device of claim 11, said user being logged on to said content manager by third party authentication responsive to said content manager receiving database (DB) user indicia for a DB user having connect and trusted logon privileges in a trusted logon system environment.

15. A program storage device readable by a machine, tangibly embodying a program of instructions executable by a machine to perform a method for authorizing access by a user for access to controlled entities maintained at a server, said server including a content manager (CM), a database manager, an user application, and user exits, comprising:
- maintaining said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group content manager user indicia, access control list code, and privilege set code, each privilege set code corresponding to a privilege set;
  
  said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set;
  
  executing a database connect procedure with respect to database (DB) user indicia and DB user password;
  
  executing a content manager logon procedure with respect to said content manager (CM) user indicia;
  
  said logon procedure including passing to a user exit said CM user indicia; and
  
  authenticating said user for logon and access to said user data items selectively responsive to one of A and B;
  
  where A represents said user exit authenticating said CM user, andwhere B represents said user exit not authenticating said CM user and at least one of B1, B2, and B3,where B1 represents said DB user indicia and said CM user indicia being the same;
  
  where B2 represents said DB user having connect privilege and said DB user password being correct; and
  
  where B3 represents said DB user having connect privilege and said DB user password being null and said DB user having trusted logon privilege within a trusted logon system environment.

16. A computer program product stored on storage device configured to be operable to connect a user to a content manager running on top of a database manager according to a procedure comprising:
- maintaining controlled entities within said content manager, said controlled entities within said content manager, said controlled entities including an access control list table bound to user data items, said access control list table including in rows for each user and user group content manager user indicia, access control list code, and privilege set code, each privilege set code corresponding to a privilege set;
  
  said maintaining, responsive to modification of a given privilege set, including incrementally refreshing said access control list table to refresh only those rows having a privilege set code corresponding to said given privilege set;
  
  executing a database connect procedure with respect to database (DB) user indicia and DB user password;
  
  executing a content manager logon procedure with respect to content manager (CM) user indicia;
  
  said logon procedure including passing to a user exit said CM user indicia; and
  
  authenticating said user for logon and access to said user data items selectively responsive to one of (1) said user exit authenticating said CM user, and (2) said user exit not authenticating said CM and at least one of A, B, and C, whereA represents said DB user indicia and said CM user indicia being the same;
  
  B represents said DB user having connect privilege and said DB user password being correct; and
  
  C represents said DB user having connect privilege and said DB user having connect privilege and said DB user password being null and said DB user having trusted logon privilege within a trusted logon system environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Nelson, Kenneth Carlin, Noronha, Marilene Araujo
Primary Examiner(s)
Moazzami, Nasser
Assistant Examiner(s)
YALEW, FIKREMARIAM A

Application Number

US10/131,008
Publication Number

US 20030200466A1
Time in Patent Office

2,058 Days
Field of Search

713/183, 713/161, 709/9, 707/9, 726/8
US Class Current

713/183
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2115   Third party

H04L 63/08   for authentication of entit...

H04L 63/205   involving negotiation or de...

Y10S 707/99939   Privileged access

System and method for ensuring security with multiple authentication schemes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

116 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for ensuring security with multiple authentication schemes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links