Method and device for making a portal in a computer system secure

US 7,430,600 B2
Filed: 11/09/2001
Issued: 09/30/2008
Est. Priority Date: 11/10/2000
Status: Active Grant

First Claim

Patent Images

1. A method for making secure a computer system having at least one client machine, at least one server machine, and an existing organizational directory, the method comprising:

listing entities in the organizational directory using unique designations,creating a security directory in which modifiable security data are stored, the security data including information for mapping and further comprising at least one access control list for an application,upon receipt of a request from an entity, searching in said security directory using the unique designation of said entity in the directory to obtain security data related to the request from the entity, wherein the searching in said security directory further comprisessearching in the security directory for an access control list related to the application involved in the request,considering access to said application to be open if no access control list is found,searching for an entity or for a group to which the entity belongs if the access control list is found,denying access to the application if the entity and/or the group is absent from the access control list, andbased on the security data, processing the request or performing other searches for security data if the entity and/or the group is present in the found list.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention presents a device and a method for handling security in a computer system comprising an existing organizational directory. Upon reception of an access request from an entity to a server machine of the system, the device creates or searches in a security directory for security data attached to the entity, without modifying the data of the existing directory.

Citations

22 Claims

1. A method for making secure a computer system having at least one client machine, at least one server machine, and an existing organizational directory, the method comprising:
- listing entities in the organizational directory using unique designations,creating a security directory in which modifiable security data are stored, the security data including information for mapping and further comprising at least one access control list for an application,upon receipt of a request from an entity, searching in said security directory using the unique designation of said entity in the directory to obtain security data related to the request from the entity, wherein the searching in said security directory further comprisessearching in the security directory for an access control list related to the application involved in the request,considering access to said application to be open if no access control list is found,searching for an entity or for a group to which the entity belongs if the access control list is found,denying access to the application if the entity and/or the group is absent from the access control list, andbased on the security data, processing the request or performing other searches for security data if the entity and/or the group is present in the found list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 18, 19)
- - 2. The method according to claim 1, further comprising:
    - using as the unique designation an identifier and a distinguished name.
  - 3. The method according to claim 1, further comprising:
    - intercepting all requests addressed to the server machine from the client machine using a gateway, andsending requests to a URL of the server machine that contains the URL of the gateway.
  - 4. The method according to claim 2, further comprising:
    - intercepting all requests addressed to the server machine from the client machine using a gateway, andsending requests to a URL of the server machine that contains the URL of the gateway.
  - 5. The method according to claim 1, wherein the security data comprise at least one piece of information for mapping between a URL requested by the entity and a protected URL.
  - 6. The method according to claim 1, wherein the security data comprise at least one URL collection.
  - 7. The method according to claim 1, wherein the security data comprise at least one account for an application.
  - 8. The method according to claim 1, wherein the security data comprise at least one piece of information for mapping between a URL requested by an entity and a protected URL and further including at least one URL collection.
  - 9. The method according to claim 1, wherein theinformation for mapping includes at least one piece of information for mapping between a URL requested by, the entity and a protected URL, and wherein the security data further comprise at least one URL collection, at least one account for an application.
  - 10. The method according to claim 8, further comprising:
    - searching in the security directory for mapping information for the request by the entity,returning an error to the client machine if the mapping information does not exist, andprocessing the request using the protected URL or performing searches for other security data if the mapping information exists.
  - 11. The method according to claim 9, further comprising:
    - searching in the security directory for an account for the application involved in said request in the name of the entity or of a group to which the entity belongs,authorizing access to said application,considering the request to be anonymous if no account is found, andprocessing the request with the security data if the account is found.
  - 12. The method according to claim 10, further comprising:
    - searching in the security directory for an account for the application involved in said request in the name of the entity or of a group to which the entity belongs,authorizing access to said application, considering the request to be anonymous if no account is found, andprocessing the request with the security data if the account is found.
  - 13. The method according to claim 1, further comprising:
    - searching in the security directory for an account for the application involved in said request in the name of the entity or of a group to which the entity belongs,authorizing access to said application, considering the request to be anonymous if no account is found, andprocessing the request with the security data if the account is found.
  - 18. The method for making secure a computer system according to claim 1, wherein said step of searching, upon receipt of the request from the entity, further comprises receiving said request using a browser.
  - 19. The method for making secure a computer system according to claim 1, further comprising:
    - controlling access using a single sign-on procedure.

14. A security device for making a computer system secure, wherein the computer system includes at least one client machine and at least one server machine, wherein an existing organizational directory in the computer system lists an entity by means of a unique designation, the security device comprising:
- a gateway interconnected between the server machine and client machine; and
  
  a memory connected to the gateway, said memory having a security directory and being configured to create, modify, delete, or search, based on receipt of a request from an entity, in the security directory for modifiable security data, the modifiable security data attached to the entity having the unique designation in the organizational directory, the security data including information for mapping and further comprising at least one access control list for an application, and the security data being utilized to process the request,wherein the memory is further configured tosearch in the security directory for an access control list related to the application involved in the request,consider access to said application to be open if no access control list is found,search for an entity or for a group to which the entity belongs if the access control list is found,deny access to the application if the entity and/or the group is absent from the access control list, andprocess the request or perform other searches for security data if the entity and/or the group is present in the found list.
- View Dependent Claims (15, 16, 17)
- - 15. The security device according to claim 14,wherein the gateway is interconnected between the client machine and the server machine and is configured to intercept all requests addressed to the server machine by the client machine, the client machine sending requests to a URL of the server machine that contains the URL of the gateway.
  - 16. The security device according to claim 14, further including:
    - a security management console connected to the gateway for entering, modifying, deleting, or searching for all or some of the security data in the security directory.
  - 17. The security device according to claim 15, further including:
    - a security management console connected to the gateway for entering, modifying, deleting, or searching for all or some of the security data in the security directory.

20. A computer-readable storage medium encoded with a sequence of programmed instructions that, when executed by a computer, cause the computer to perform a method for making a computer system secure, the computer system having at least one client computer, at least one server computer, and an existing organizational directory, the method comprising:
- listing entities in the organizational directory using unique designations,creating a security directory in which modifiable security data are stored, the security data including information for mapping and further comprising at least one access control list for an application,upon receipt of a request from an entity, searching in said security directory using the unique designation of said entity in the directory to obtain security data related to the request from the entity, wherein the searching in said security directory further comprisessearching in the security directory for an control list related to the application involved in the request,considering access to said application to be open if no access control list is found,searching for an entity or for a group to which the entity belongs if the access control list is found,denying access to the application if the entity and/or the group is absent from the access control list, andbased on the security data, processing the request or performing other searches for security data if the entity and/or the group is present in the found list.
- View Dependent Claims (21, 22)
- - 21. The computer-readable storage medium of claim 20, further comprising:
    - using as the unique designation an identifier and a distinguished name.
  - 22. The computer-readable storage medium of claim 20, further comprising:
    - intercepting all requests addressed to the server machine from the client machine using a gateway, andsending requests to a URL of the server machine that contains the URL of the gateway.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bull Sas (Atos SE)
Original Assignee
Bull Sas (Atos SE)
Inventors
Dutrueux, Philippe, Trabelsi, Hatem
Primary Examiner(s)
DINH, KHANH Q

Application Number

US10/169,582
Publication Number

US 20030005123A1
Time in Patent Office

2,517 Days
Field of Search

709/223, 709/220, 709/221, 709/222, 709/224, 709/228, 709/225, 709/227, 713/200, 713/201, 707/9, 707/200, 726/6
US Class Current

709/225
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/45   Network directories; Name-t...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

Y10S 707/99939   Privileged access

Method and device for making a portal in a computer system secure

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and device for making a portal in a computer system secure

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links