Method for providing access control to single sign-on computer networks

US 7,702,914 B2
Filed: 04/16/2008
Issued: 04/20/2010
Est. Priority Date: 12/05/2002
Status: Active Grant

First Claim

Patent Images

1. A method for providing access control to a single sign-on computer network, said method comprising:

associating a user to a plurality of groups, wherein each of said plurality of groups has a set of policy defined parameters utilized to grant the user access request to network resources;

in response to an access request by said user, determining a group pass count based on a user profile of said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile;

granting said access request if said group pass count is greater than a predetermined high group pass threshold value;

denying said access request if said group pass count is lower than a predetermined low group pass threshold value; and

sending a severity to a network administrator based on a level of deviation from normal access after denying said access request.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

26 Citations

12 Claims

1. A method for providing access control to a single sign-on computer network, said method comprising:
- associating a user to a plurality of groups, wherein each of said plurality of groups has a set of policy defined parameters utilized to grant the user access request to network resources;
  
  in response to an access request by said user, determining a group pass count based on a user profile of said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile;
  
  granting said access request if said group pass count is greater than a predetermined high group pass threshold value;
  
  denying said access request if said group pass count is lower than a predetermined low group pass threshold value; and
  
  sending a severity to a network administrator based on a level of deviation from normal access after denying said access request.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein said method further includes checking whether or not said access request is within normal parameters as defined in said user profile in response to said group pass count being higher than a predetermined low group pass threshold value but lower than said predetermined high group pass threshold value.
  - 3. The method of claim 2, wherein said method further includes granting said access request if said access request is within normal parameters as defined in said user profile.
  - 4. The method of claim 2, wherein said method further includes sending an alert before granting said access request if said access request is not within normal parameters as defined in said user profile.

5. A computer-readable medium storing computer-executable instructions for providing access control to a single sign-on computer network, said computer-executable instructions performing a method comprising:
- associating a user to a plurality of groups, wherein each of said plurality of groups has a set of policy defined parameters utilized to grant the user access request to network resources;
  
  determining a group pass count based on a user profile of said user in response to an access request by said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile;
  
  granting said access request if said group pass count is greater than a predetermined high group pass threshold value; and
  
  denying said access request if said group pass count is lower than a predetermined low group pass threshold value; and
  
  sending a severity to a network administrator based on a level of deviation from normal access after denying said access request.
- View Dependent Claims (6, 7, 8)
- - 6. The computer-readable medium of claim 5, wherein said method further comprises checking whether or not said access request is within normal parameters as defined in said user profile in response to said group pass count being higher than a predetermined low group pass threshold value but lower than said predetermined high group pass threshold value.
  - 7. The computer-readable medium of claim 6, wherein said method further comprises granting said access request if said access request is within normal parameters as defined in said user profile.
  - 8. The computer-readable medium of claim 6, wherein said method further comprises sending an alert before granting said access request if said access request is not within normal parameters as defined in said user profile.

9. A data processing system capable of providing access control to a single sign-on computer network, said data processing system comprising:
- means for associating a user to a plurality of groups, wherein each of said plurality of groups has a set of policy defined parameters utilized to grant the user access request to network resources;
  
  means for determining a group pass count based on a user profile of said user in response to an access request by said user, wherein said group pass count is a number of said plurality of groups having access requirements that are met by said user profile;
  
  means for granting said access request if said group pass count is greater than a predetermined high group pass threshold value, anddenying said access request if said group pass count is lower than a predetermined low group pass threshold value; and
  
  sending a severity to a network administrator based on a level of deviation from normal access after denying said access request.
- View Dependent Claims (10, 11, 12)
- - 10. The data processing system of claim 9, wherein said data processing system further includes means for checking whether or not said access request is within normal parameters as defined in said user profile in response to said group pass count being higher than a predetermined low group pass threshold value but lower than said predetermined high group pass threshold value.
  - 11. The data processing system of claim 10, wherein said data processing system further includes means for granting said access request if said access request is within normal parameters as defined in said user profile.
  - 12. The data processing system of claim 10, wherein said data processing system further includes means for sending an alert before granting said access request if said access request is not within normal parameters as defined in said user profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Stading, Tyron Jerrod, Gilfix, Michael, Garrison, John Michael, Baffes, Paul T., Hsu, Allan
Primary Examiner(s)
Moazzami; Nassar
Assistant Examiner(s)
Reza; Mohammad W

Application Number

US12/104,146
Publication Number

US 20080216164A1
Time in Patent Office

734 Days
Field of Search

713/182, 726/8, 726/26
US Class Current

713/182
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/102 Entity profiles

Method for providing access control to single sign-on computer networks

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method for providing access control to single sign-on computer networks

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links