Application access control system
First Claim
1. A method for controlling a user'"'"'s access rights to protected and access-required application in a computer system, comprising:
- (a) registering a user developed tool housing the protected and access-required application with the computer system to activate protection on the user developed tool and the protected and access-required application housed within the user developed tool via a software program;
(b) creating a randomly-generated and encrypted password in a configured mechanism for the protected and access-required application, and storing the randomly-generated and encrypted password in a break-glass database and a back-end database corresponding to the registered user developed tool by an application access control server;
(c) entering user'"'"'s identification, a single sign-on password, and identification of the protected and access-required application in a user developed tool launcher, to login with a centralized application access authentication facility;
(d) checking whether the user is authorized to access the protected and access-required application by the application access control server;
(e) retrieving the randomly-generated and encrypted password from the back-end database and decrypting the randomly-generated and encrypted password to use the decrypted randomly-generated password to launch the protected and access-required application by the application access control server if confirmed that the user is authorized to access the protected and access-required application; and
(f) retrieving clear-text password for a particular application in the user developed tool by an authorized user, and launching the protected and access-required application, via the software program, when an emergency occurs so that the computer system is unable to authenticate user credentials.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for application access control is disclosed. First. a business coordinator needs to register a user developed tool (UDT) containing an application to be protected with the system via a software program. After registration. a random encrypted password is generated by the application access control server and stored in its back-end database as well as a local break-glass database corresponding to the UDT. When an entitled user accesses the application in the registered UDT later on, the system will check whether he/she is entitled to access the requested application. If yes. the system will retrieve the encrypted password for that application and thus launch the application.
-
Citations
13 Claims
-
1. A method for controlling a user'"'"'s access rights to protected and access-required application in a computer system, comprising:
-
(a) registering a user developed tool housing the protected and access-required application with the computer system to activate protection on the user developed tool and the protected and access-required application housed within the user developed tool via a software program; (b) creating a randomly-generated and encrypted password in a configured mechanism for the protected and access-required application, and storing the randomly-generated and encrypted password in a break-glass database and a back-end database corresponding to the registered user developed tool by an application access control server; (c) entering user'"'"'s identification, a single sign-on password, and identification of the protected and access-required application in a user developed tool launcher, to login with a centralized application access authentication facility; (d) checking whether the user is authorized to access the protected and access-required application by the application access control server; (e) retrieving the randomly-generated and encrypted password from the back-end database and decrypting the randomly-generated and encrypted password to use the decrypted randomly-generated password to launch the protected and access-required application by the application access control server if confirmed that the user is authorized to access the protected and access-required application; and (f) retrieving clear-text password for a particular application in the user developed tool by an authorized user, and launching the protected and access-required application, via the software program, when an emergency occurs so that the computer system is unable to authenticate user credentials. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for controlling a user'"'"'s access rights to protected and access-required application in a computer system, comprising:
-
(a) registering a user developed tool housing the protected and access-required application with the computer system to activate protection on the user developed tool and the protected and access-required application housed within the user developed tool via a software program; (b) creating a randomly-generated and encrypted password in a configured mechanism for the protected and access-required application, and storing the randomly-generated and encrypted password in a break-glass database and a back-end database corresponding to the registered user developed tool by an application access control server; (c) entering user'"'"'s identification, a single sign-on password, and identification of the protected and access-required application in a user developed tool launcher, to login with a centralized application access authentication facility; (d) checking whether the user is authorized to access the protected and access-required application by the application access control server; (e) retrieving the randomly-generated and encrypted password from the back-end database and decrypting the randomly-generated and encrypted password to use the decrypted randomly-generated password to launch the protected and access-required application by the application access control server if confirmed that the user is authorized to access the protected and access-required application; (f) submitting requests for on-boarding new applications, including information comprising applications'"'"' owners, user groups, users in each user group, business coordinators, and application administrators, by business managers; (g) assigning identification numbers to the requested new applications, on-boarding the requested new applications to the application access control server, preparing namespaces (access control matrices) for the user developed tools with information about the user groups and the users, and submitting requests to the computer system for creating emergency records for the requested new applications, by a computer system support; (h) joining all nominated application administrators to a designated privilege group, and delegating administration of the requested new applications to each of the nominated application administrators and business coordinators, via a designated software program, by an application access control system administrator; and (i) uploading the namespaces (access control matrices) for the user developed tool, joining all the nominated business coordinators to the designated privilege group, assigning the designated privilege group as a user administration group, obtaining application seed value from the computer system support and setting the application seed value to a lockbox, setting a random value to a second lockbox and the corresponding emergency record of the requested new applications, and assigning business users to the user groups, by application administrators. - View Dependent Claims (10)
-
-
11. A method for controlling a user'"'"'s access rights to protected and access-required application in a computer system, comprising:
-
(a) registering a user developed tool housing the protected and access-required application with the computer system to activate protection on the user developed tool and the protected and access-required application housed within the user developed tool via a software program; (b) creating a randomly-generated and encrypted password in a configured mechanism for the protected and access-required application, and storing the randomly-generated and encrypted password in a break-glass database and a back-end database corresponding to the registered user developed tool by an application access control server; (c) entering user'"'"'s identification, a single sign-on password, and identification of the protected and access-required application in a user developed tool launcher, to login with a centralized application access authentication facility; (d) checking whether the user is authorized to access the protected and access-required application by the application access control server; and (e) retrieving the randomly-generated and encrypted password from the back-end database and decrypting the randomly-generated and encrypted password to use the decrypted randomly-generated password to launch the protected and access-required application by the application access control server if confirmed that the user is authorized to access the protected and access-required application; wherein registering a user developed tool comprises; (a) launching the software program for registering a user developed tool; (b) entering the user identification and the single sign-on password of a person who can register a user developed tool, and the application identification in the corresponding fields of the registration program; (c) locating the break-glass database housing the randomly-generated and encrypted passwords for the user developed tool in corresponding field of the registration program; (d) logging in the registration program; (e) selecting the protected and access-required application and the user group; (f) selecting the user developed tool from a network shared drive; and (g) submitting the registration.
-
-
12. A computer security system for controlling a user'"'"'s access rights to protected applications in a computer system whenever the user accesses the protected applications and thus ensuring that the protected applications are accessed by authorized users, comprising:
-
(a) a computer server, comprising processor and memory, for controlling and implementing an authentication process for a user to access the protected applications; (b) a first module for randomly generating and encrypting passwords for the protected applications in configured mechanisms; (c) user developed tools for housing the protected applications in a network shared drive; (d) break-glass databases for housing the randomly-generated and encrypted passwords corresponding to the protected applications in the user developed tools; (e) a second module for registering the user developed tools housing the protected and access-required applications to activate protection on the user developed tools and the protected application(s); (f) a third module for accessing the protected applications via authenticating whether a user is authorized to access the protected applications, retrieving the encrypted passwords from the break-glass databases, decrypting the encrypted passwords, and using the decrypted passwords to launch the protected applications; and (g) a fourth module for retrieving clear-text passwords for the protected applications, and using the clear-text passwords to launch the protected applications when an emergency occurs. - View Dependent Claims (13)
-
Specification