System, method and computer program product for authenticating users using a lightweight directory access protocol (LDAP) directory server

US 7,861,285 B2
Filed: 02/07/2007
Issued: 12/28/2010
Est. Priority Date: 01/31/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of configuring a firewall process that executes on a device, the method comprising:

receiving a host computer identification, the host computer including at least one directory schema defined by an entity and configured to store information concerning the entity'"'"'s organization;

receiving authentication settings for the firewall process to use in authenticating network resource requests received over a computer network by the firewall process as a function of the at least one directory schema;

generating an authorization filter for the firewall process to apply to computer network traffic as a function of the one or more authentication settings and the at least one directory schema; and

enabling the firewall process to intercept computer network resource requests from client users on an internal computer network and authorize computer network resource requests based on a comparison of at least a portion of the at least one directory schema to the authorization filter.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for providing authentication to a firewall using a lightweight directory access protocol (LDAP) directory server is disclosed. The firewall can be configured through a graphical user interface to implement an authentication scheme. The authentication scheme is based upon a determination of whether at least part of one or more LDAP entries satisfy an authorization filter.

26 Citations

View as Search Results

16 Claims

1. A method of configuring a firewall process that executes on a device, the method comprising:
- receiving a host computer identification, the host computer including at least one directory schema defined by an entity and configured to store information concerning the entity'"'"'s organization;
  
  receiving authentication settings for the firewall process to use in authenticating network resource requests received over a computer network by the firewall process as a function of the at least one directory schema;
  
  generating an authorization filter for the firewall process to apply to computer network traffic as a function of the one or more authentication settings and the at least one directory schema; and
  
  enabling the firewall process to intercept computer network resource requests from client users on an internal computer network and authorize computer network resource requests based on a comparison of at least a portion of the at least one directory schema to the authorization filter.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - receiving a host port setting, wherein communication between the firewall and the host computer is performed over a port identified by the host port setting.
  - 3. The method of claim 2, wherein the port setting specifies one or more ports and a secure socket layer communication setting to cause communication between the firewall and the host computer to be performed in a secure fashion.
  - 4. The method of claim 1, wherein at least one directory schema is a lightweight directory access protocol directory schema.
  - 5. The method of claim 4, wherein the lightweight directory access protocol directory schema is preexisting.
  - 6. The method of claim 1, wherein receiving the authentication settings includes:
    - receiving an identification of at least one directory schema and a portion of the at least one directory schema to search.
  - 7. The method of claim 6, wherein:
    - receiving the authentication settings includes receiving one or more user attributes; and
      
      generating the authorization filter includes generating the authorization filter implementing a per-user authentication scheme as a further function of the one or more user attributes.
  - 8. The method of claim 1, wherein generating the authorization filter includes implementing a per-service authentication scheme.

9. A non-transitory computer program product for enabling a processor in a computer system to implement a firewall configuration process, said computer program product comprising:
- a non transitory computer usable medium having computer readable program code embodied in said medium for causing a program to execute on the computer system, said computer readable code comprising;
  
  first computer readable program code for enabling the computer system to receive a host computer identification, the host computer including at least one directory schema defined by an entity and configured to store information concerning the entity'"'"'s organization;
  
  second computer readable program code for enabling the computer system to receive authentication settings for the firewall to use in authenticating network resource requests as a function of the at least one directory schema;
  
  third computer readable program code for enabling the computer system to generate an authorization filter as a function of the one or more authentication settings and the at least one directory schema; and
  
  fourth computer readable program code for enabling the computer system to enable the firewall to intercept network resource requests from client users on an internal network and authorize network resource requests based on a comparison of at least a portion of the at least one directory schema to the authorization filter.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer program product of claim 9, said computer readable code further comprising:
    - fifth computer readable program code for enabling the computer system to receive a host port setting, wherein communication between the firewall and the host computer is performed over a port identified by the host port setting.
  - 11. The non-transitory computer program product of claim 10, wherein the port setting specifies one or more ports and a secure socket layer communication setting to cause communication between the firewall and the host computer to be performed in a secure fashion.
  - 12. The non-transitory computer program product of claim 9, wherein at least one directory schema is a lightweight directory access protocol directory schema.
  - 13. The non-transitory computer program product of claim 12, wherein the lightweight directory access protocol directory schema is preexisting.
  - 14. The non-transitory computer program product of claim 9, wherein receiving the authentication settings of the second computer readable program code includes receiving an identification of at least one directory schema and a portion of the at least one directory schema to search.
  - 15. The non-transitory computer program product of claim 14, wherein:
    - receiving the authentication settings of the second computer readable program code includes receiving one or more user attributes; and
      
      generating the authorization filter of the third computer readable program code includes generating the authorization filter implementing a per-user authentication scheme as a further function of the one or more user attributes.
  - 16. The non-transitory computer program product of claim 9, wherein generating the authorization filter of the third computer readable program code includes implementing a per-service authentication scheme.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Ashoff, Thomas D., Chew, Steve O., Mullican, Andrew J., Graham, Jeffrey J.
Primary Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US11/672,296
Publication Number

US 20070136803A1
Time in Patent Office

1,420 Days
Field of Search

726/4, 726/8, 726 11- 14, 713151-152, 713/154, 707/1, 709220-222, 709227-229
US Class Current

726/4
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/08   for authentication of entit...

Y10S 707/99931   Database or file accessing

System, method and computer program product for authenticating users using a lightweight directory access protocol (LDAP) directory server

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for authenticating users using a lightweight directory access protocol (LDAP) directory server

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links