Consolidation of user directories

US 8,051,470 B2
Filed: 07/11/2003
Issued: 11/01/2011
Est. Priority Date: 12/12/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method, in a data processing system, for providing a system administrator with a view of a plurality of applications accessible by a user, comprising:

receiving, in the data processing system, in response to a coupling of a separate hardware security device to the data processing system, credential information comprising user names and associated passwords for each application of the plurality of applications that the user uses, from the separate hardware security device into an authentication credential container associated with the user;

identifying, by the data processing system, the plurality of applications accessible by the user by examining the authentication credential container associated with the user;

generating, by the data processing system, a view of the plurality of applications accessible by the user, wherein the view is a consolidated user directory that contains user authentication information across the plurality of applications;

displaying, by the data processing system, the view to the administrator;

creating a user account for a new application to be accessible by the user utilizing the generated view which comprises authentication information across the plurality of applications that the user uses;

injecting authentication information of the user account into the authentication credential container of the user; and

injecting the authentication information of the user account into the separate hardware security device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for automatic user authentication is described. In response to a coupling of a separate hardware security device to a data processing system, credential information for each of a plurality of applications that the user uses is received from the separate hardware security device into an authentication credential container associated with the user. A plurality of applications accessible by a user are identified by examining authentication credential container of the user. A view of the plurality of applications accessible by the user is generated. The view is a consolidated user directory that contains user authentication information across the plurality of applications. The view may then be displayed to an administrator.

15 Citations

View as Search Results

17 Claims

1. A method, in a data processing system, for providing a system administrator with a view of a plurality of applications accessible by a user, comprising:
- receiving, in the data processing system, in response to a coupling of a separate hardware security device to the data processing system, credential information comprising user names and associated passwords for each application of the plurality of applications that the user uses, from the separate hardware security device into an authentication credential container associated with the user;
  
  identifying, by the data processing system, the plurality of applications accessible by the user by examining the authentication credential container associated with the user;
  
  generating, by the data processing system, a view of the plurality of applications accessible by the user, wherein the view is a consolidated user directory that contains user authentication information across the plurality of applications;
  
  displaying, by the data processing system, the view to the administrator;
  
  creating a user account for a new application to be accessible by the user utilizing the generated view which comprises authentication information across the plurality of applications that the user uses;
  
  injecting authentication information of the user account into the authentication credential container of the user; and
  
  injecting the authentication information of the user account into the separate hardware security device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 further comprising removing access to an application from the plurality of the applications by utilizing the view of the plurality of the applications accessible by the user.
  - 3. The method of claim 1 wherein the authentication credential container is stored at a server.
  - 4. The method of claim 2 wherein the removing is performed automatically.
  - 5. The method of claim 1 wherein the creating the user account is performed either automatically or manually by an administrator.
  - 6. The method of claim 1 further comprising removing individual user directories for each application of the plurality of the applications accessible by the user.
  - 7. The method of claim 1, wherein the view comprises:
    - a list of keys employed by the user, wherein each entry in the list corresponds to a different key employed by the user, and wherein each entry identifies a type of the corresponding key and a serial number of the corresponding key.
  - 8. The method of claim 1, wherein the view comprises:
    - a profile of the user detailing a role of the user, a name of the user, contact information for the user, and employment information for the user.
  - 9. The method of claim 1, wherein the view comprises:
    - a list of certificate-enabled applications accessible by the user, wherein each entry in the list corresponds to a different certificate-enabled application, and wherein each entry identifies a user name of the user and a last login attempt of the user for the corresponding certificate-enabled application.
  - 10. The method of claim 1, wherein the view comprises:
    - a list of enterprise applications accessible by the user, wherein each entry in the list corresponds to a different enterprise application, and wherein each entry identifies a user name of the user and a last login attempt of the user for the corresponding enterprise application.
  - 11. The method of claim 1, wherein the view comprises:
    - a list of personal applications accessible by the user, wherein each entry in the list corresponds to a different personal application, and wherein each entry identifies a number of accounts connected to the corresponding personal application.
  - 12. The method of claim 8, wherein the view comprises:
    - user selectable graphical user interface elements for invoking a function to update the profile and for invoking a function to reset the profile.
  - 13. The method of claim 9, wherein the view comprises:
    - a user selectable graphical user interface element for invoking a function to delete a user name of the user from the list of certificate-enabled applications.

14. A method, in a data processing system, for providing a system administrator with a list of a plurality of applications accessible by a user together with any user names and passwords used in connection with those applications, comprising:
- receiving, in the data processing system, in response to a coupling of a separate hardware security device to the data processing system, credential information comprising user names and associated passwords for each application of a plurality of applications that the user uses, from the separate hardware security device into an authentication credential container associated with the user;
  
  identifying, by the data processing system, the plurality of applications accessible by the user and user names and passwords used in connection with the plurality of applications by examining an authentication credential container associated with the user;
  
  generating, by the data processing system, a list of the plurality of applications accessible by the user together with any user names and passwords used in connection with the plurality of applications;
  
  displaying, by the data processing system, the view to the administrator;
  
  creating a user account for a new application to be accessible by the user utilizing the generated view which comprises authentication information across the plurality of applications that the user uses;
  
  injecting authentication information of the user account into the authentication credential container of the user; and
  
  injecting the authentication information of the user account into the separate hardware security device.

15. A computer program product comprising a non-transitory computer recordable medium having a computer readable program recorded thereon, wherein the computer readable program, when executed on a data processing system, causes the data processing system to:
- receive, in response to a coupling of a separate hardware security device to the data processing system, credential information comprising user names and associated passwords for each application of the plurality of applications that the user uses, from the separate hardware security device into an authentication credential container associated with the user;
  
  identify the plurality of applications accessible by the user by examining the authentication credential container associated with the user;
  
  generate a view of the plurality of applications accessible by the user, wherein the view is a consolidated user directory that contains user authentication information across the plurality of applications;
  
  display the view to the administrator;
  
  create a user account for a new application to be accessible by the user utilizing the generated view which comprises authentication information across the plurality of applications that the user uses;
  
  inject authentication information of the user account into the authentication credential container of the user; and
  
  inject the authentication information of the user account into the separate hardware security device.
- View Dependent Claims (16, 17)
- - 16. The computer program product of claim 15, wherein the computer readable program further causes the data processing system to remove access to an application from the plurality of the applications by utilizing the view of the plurality of the applications accessible by the user.
  - 17. The computer program product of claim 15, wherein the view comprises at least one of:
    - a list of certificate-enabled applications accessible by the user, wherein each entry in the list corresponds to a different certificate-enabled application, and wherein each entry identifies a user name of the user and a last login attempt of the user for the corresponding certificate-enabled application;
      
      a list of enterprise applications accessible by the user, wherein each entry in the list corresponds to a different enterprise application, and wherein each entry identifies a user name of the user and a last login attempt of the user for the corresponding enterprise application;
      
      a list of personal applications accessible by the user, wherein each entry in the list corresponds to a different personal application, and wherein each entry identifies a number of accounts connected to the corresponding personal application;
      
      user selectable graphical user interface elements for invoking a function to update the profile and for invoking a function to reset the profile;
      
      ora user selectable graphical user interface element for invoking a function to delete a user name of the user from the list of certificate-enabled applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ong, Peng T.
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Johnson; Carlton

Application Number

US10/617,607
Publication Number

US 20040117665A1
Time in Patent Office

3,035 Days
Field of Search

726/17, 726/21, 713/170
US Class Current

726/6
CPC Class Codes

G06F 21/31   User authentication

G06F 21/41   where a single sign-on prov...

G06F 21/46   by designing passwords or c...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0823   using certificates cryptogr...

Consolidation of user directories

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

15 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Consolidation of user directories

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links