Method and device for making a portal in a computer system secure
First Claim
Patent Images
1. A method for making secure a computer system having at least one client machine, at least one server machine, and an existing organizational directory, the method comprising:
- listing entities in the organizational directory using unique designations,creating a security directory in which modifiable security data are stored, the security data including information for mapping and further comprising at least one access control list for an application,upon receipt of a request from an entity, searching in said security directory using the unique designation of said entity in the directory to obtain security data related to the request from the entity, wherein the searching in said security directory further comprisessearching in the security directory for an access control list related to the application involved in the request,considering access to said application to be open if no access control list is found,searching for an entity or for a group to which the entity belongs if the access control list is found,denying access to the application if the entity and/or the group is absent from the access control list, andbased on the security data, processing the request or performing other searches for security data if the entity and/or the group is present in the found list.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention presents a device and a method for handling security in a computer system comprising an existing organizational directory. Upon reception of an access request from an entity to a server machine of the system, the device creates or searches in a security directory for security data attached to the entity, without modifying the data of the existing directory.
-
Citations
22 Claims
-
1. A method for making secure a computer system having at least one client machine, at least one server machine, and an existing organizational directory, the method comprising:
-
listing entities in the organizational directory using unique designations, creating a security directory in which modifiable security data are stored, the security data including information for mapping and further comprising at least one access control list for an application, upon receipt of a request from an entity, searching in said security directory using the unique designation of said entity in the directory to obtain security data related to the request from the entity, wherein the searching in said security directory further comprises searching in the security directory for an access control list related to the application involved in the request, considering access to said application to be open if no access control list is found, searching for an entity or for a group to which the entity belongs if the access control list is found, denying access to the application if the entity and/or the group is absent from the access control list, and based on the security data, processing the request or performing other searches for security data if the entity and/or the group is present in the found list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 18, 19)
-
-
14. A security device for making a computer system secure, wherein the computer system includes at least one client machine and at least one server machine, wherein an existing organizational directory in the computer system lists an entity by means of a unique designation, the security device comprising:
-
a gateway interconnected between the server machine and client machine; and a memory connected to the gateway, said memory having a security directory and being configured to create, modify, delete, or search, based on receipt of a request from an entity, in the security directory for modifiable security data, the modifiable security data attached to the entity having the unique designation in the organizational directory, the security data including information for mapping and further comprising at least one access control list for an application, and the security data being utilized to process the request, wherein the memory is further configured to search in the security directory for an access control list related to the application involved in the request, consider access to said application to be open if no access control list is found, search for an entity or for a group to which the entity belongs if the access control list is found, deny access to the application if the entity and/or the group is absent from the access control list, and process the request or perform other searches for security data if the entity and/or the group is present in the found list. - View Dependent Claims (15, 16, 17)
-
-
20. A computer-readable storage medium encoded with a sequence of programmed instructions that, when executed by a computer, cause the computer to perform a method for making a computer system secure, the computer system having at least one client computer, at least one server computer, and an existing organizational directory, the method comprising:
-
listing entities in the organizational directory using unique designations, creating a security directory in which modifiable security data are stored, the security data including information for mapping and further comprising at least one access control list for an application, upon receipt of a request from an entity, searching in said security directory using the unique designation of said entity in the directory to obtain security data related to the request from the entity, wherein the searching in said security directory further comprises searching in the security directory for an control list related to the application involved in the request, considering access to said application to be open if no access control list is found, searching for an entity or for a group to which the entity belongs if the access control list is found, denying access to the application if the entity and/or the group is absent from the access control list, and based on the security data, processing the request or performing other searches for security data if the entity and/or the group is present in the found list. - View Dependent Claims (21, 22)
-
Specification