Application access control system

US 8,104,076 B1
Filed: 11/13/2006
Issued: 01/24/2012
Est. Priority Date: 11/13/2006
Status: Active Grant

First Claim

Patent Images

1. A method for controlling a user'"'"'s access rights to protected and access-required application in a computer system, comprising:

(a) registering a user developed tool housing the protected and access-required application with the computer system to activate protection on the user developed tool and the protected and access-required application housed within the user developed tool via a software program;

(b) creating a randomly-generated and encrypted password in a configured mechanism for the protected and access-required application, and storing the randomly-generated and encrypted password in a break-glass database and a back-end database corresponding to the registered user developed tool by an application access control server;

(c) entering user'"'"'s identification, a single sign-on password, and identification of the protected and access-required application in a user developed tool launcher, to login with a centralized application access authentication facility;

(d) checking whether the user is authorized to access the protected and access-required application by the application access control server;

(e) retrieving the randomly-generated and encrypted password from the back-end database and decrypting the randomly-generated and encrypted password to use the decrypted randomly-generated password to launch the protected and access-required application by the application access control server if confirmed that the user is authorized to access the protected and access-required application; and

(f) retrieving clear-text password for a particular application in the user developed tool by an authorized user, and launching the protected and access-required application, via the software program, when an emergency occurs so that the computer system is unable to authenticate user credentials.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for application access control is disclosed. First. a business coordinator needs to register a user developed tool (UDT) containing an application to be protected with the system via a software program. After registration. a random encrypted password is generated by the application access control server and stored in its back-end database as well as a local break-glass database corresponding to the UDT. When an entitled user accesses the application in the registered UDT later on, the system will check whether he/she is entitled to access the requested application. If yes. the system will retrieve the encrypted password for that application and thus launch the application.

Citations

13 Claims

1. A method for controlling a user'"'"'s access rights to protected and access-required application in a computer system, comprising:
- (a) registering a user developed tool housing the protected and access-required application with the computer system to activate protection on the user developed tool and the protected and access-required application housed within the user developed tool via a software program;
  
  (b) creating a randomly-generated and encrypted password in a configured mechanism for the protected and access-required application, and storing the randomly-generated and encrypted password in a break-glass database and a back-end database corresponding to the registered user developed tool by an application access control server;
  
  (c) entering user'"'"'s identification, a single sign-on password, and identification of the protected and access-required application in a user developed tool launcher, to login with a centralized application access authentication facility;
  
  (d) checking whether the user is authorized to access the protected and access-required application by the application access control server;
  
  (e) retrieving the randomly-generated and encrypted password from the back-end database and decrypting the randomly-generated and encrypted password to use the decrypted randomly-generated password to launch the protected and access-required application by the application access control server if confirmed that the user is authorized to access the protected and access-required application; and
  
  (f) retrieving clear-text password for a particular application in the user developed tool by an authorized user, and launching the protected and access-required application, via the software program, when an emergency occurs so that the computer system is unable to authenticate user credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the emergency comprises that the application access authentication facility is unreachable and that user logins cannot be validated or the application access control server is not functioning.
  - 3. The method of claim 1, further comprising:
    - (g) verifying whether the user developed tool is properly registered and thus protected.
  - 4. The method of claim 1, wherein the protected and access-required application comprises databases, software, documents, or presentation materials.
  - 5. The method of claim 1, wherein the user developed tool is a functional carrier of the protected and access-required application grouped in a network shared drive, and grouped by lines of business, departments, or application owners.
  - 6. The method of claim 1, wherein the break glass database is a database containing the randomly-generated and encrypted passwords corresponding to the protected and access-required applications in the user developed tool, and is housed local to the user developed tool.
  - 7. The method of claim 1, wherein the single sign-on password is a centralized managed password used for logging into the computer system for general purpose.
  - 8. The method of claim 1, wherein the centralized application access authentication facility comprises an engine controlling and implementing an access authentication process.

9. A method for controlling a user'"'"'s access rights to protected and access-required application in a computer system, comprising:
- (a) registering a user developed tool housing the protected and access-required application with the computer system to activate protection on the user developed tool and the protected and access-required application housed within the user developed tool via a software program;
  
  (b) creating a randomly-generated and encrypted password in a configured mechanism for the protected and access-required application, and storing the randomly-generated and encrypted password in a break-glass database and a back-end database corresponding to the registered user developed tool by an application access control server;
  
  (c) entering user'"'"'s identification, a single sign-on password, and identification of the protected and access-required application in a user developed tool launcher, to login with a centralized application access authentication facility;
  
  (d) checking whether the user is authorized to access the protected and access-required application by the application access control server;
  
  (e) retrieving the randomly-generated and encrypted password from the back-end database and decrypting the randomly-generated and encrypted password to use the decrypted randomly-generated password to launch the protected and access-required application by the application access control server if confirmed that the user is authorized to access the protected and access-required application;
  
  (f) submitting requests for on-boarding new applications, including information comprising applications'"'"' owners, user groups, users in each user group, business coordinators, and application administrators, by business managers;
  
  (g) assigning identification numbers to the requested new applications, on-boarding the requested new applications to the application access control server, preparing namespaces (access control matrices) for the user developed tools with information about the user groups and the users, and submitting requests to the computer system for creating emergency records for the requested new applications, by a computer system support;
  
  (h) joining all nominated application administrators to a designated privilege group, and delegating administration of the requested new applications to each of the nominated application administrators and business coordinators, via a designated software program, by an application access control system administrator; and
  
  (i) uploading the namespaces (access control matrices) for the user developed tool, joining all the nominated business coordinators to the designated privilege group, assigning the designated privilege group as a user administration group, obtaining application seed value from the computer system support and setting the application seed value to a lockbox, setting a random value to a second lockbox and the corresponding emergency record of the requested new applications, and assigning business users to the user groups, by application administrators.
- View Dependent Claims (10)
- - 10. The method of claim 9, wherein the business coordinators are nominated end-users responsible for managing security control of the user developed tool for their own business group, registering the user developed tool, assigning user group access to the registered user developed tool, and placing the break glass database corresponding to each installed user develop tool to an appropriate location in a shared drive.

11. A method for controlling a user'"'"'s access rights to protected and access-required application in a computer system, comprising:
- (a) registering a user developed tool housing the protected and access-required application with the computer system to activate protection on the user developed tool and the protected and access-required application housed within the user developed tool via a software program;
  
  (b) creating a randomly-generated and encrypted password in a configured mechanism for the protected and access-required application, and storing the randomly-generated and encrypted password in a break-glass database and a back-end database corresponding to the registered user developed tool by an application access control server;
  
  (c) entering user'"'"'s identification, a single sign-on password, and identification of the protected and access-required application in a user developed tool launcher, to login with a centralized application access authentication facility;
  
  (d) checking whether the user is authorized to access the protected and access-required application by the application access control server; and
  
  (e) retrieving the randomly-generated and encrypted password from the back-end database and decrypting the randomly-generated and encrypted password to use the decrypted randomly-generated password to launch the protected and access-required application by the application access control server if confirmed that the user is authorized to access the protected and access-required application;
  
  wherein registering a user developed tool comprises;
  
  (a) launching the software program for registering a user developed tool;
  
  (b) entering the user identification and the single sign-on password of a person who can register a user developed tool, and the application identification in the corresponding fields of the registration program;
  
  (c) locating the break-glass database housing the randomly-generated and encrypted passwords for the user developed tool in corresponding field of the registration program;
  
  (d) logging in the registration program;
  
  (e) selecting the protected and access-required application and the user group;
  
  (f) selecting the user developed tool from a network shared drive; and
  
  (g) submitting the registration.

12. A computer security system for controlling a user'"'"'s access rights to protected applications in a computer system whenever the user accesses the protected applications and thus ensuring that the protected applications are accessed by authorized users, comprising:
- (a) a computer server, comprising processor and memory, for controlling and implementing an authentication process for a user to access the protected applications;
  
  (b) a first module for randomly generating and encrypting passwords for the protected applications in configured mechanisms;
  
  (c) user developed tools for housing the protected applications in a network shared drive;
  
  (d) break-glass databases for housing the randomly-generated and encrypted passwords corresponding to the protected applications in the user developed tools;
  
  (e) a second module for registering the user developed tools housing the protected and access-required applications to activate protection on the user developed tools and the protected application(s);
  
  (f) a third module for accessing the protected applications via authenticating whether a user is authorized to access the protected applications, retrieving the encrypted passwords from the break-glass databases, decrypting the encrypted passwords, and using the decrypted passwords to launch the protected applications; and
  
  (g) a fourth module for retrieving clear-text passwords for the protected applications, and using the clear-text passwords to launch the protected applications when an emergency occurs.
- View Dependent Claims (13)
- - 13. The system of claim 12, wherein the emergency comprises that an application access authentication facility is unreachable and that user logins cannot be validated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
McGovern, Mark D., Lam, Josiah
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
VICTORIA, NARCISO F

Application Number

US11/559,081
Time in Patent Office

1,898 Days
Field of Search

726/8
US Class Current

726/8
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

Application access control system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Application access control system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links