Database for access control center

US 8,271,528 B1
Filed: 07/25/2008
Issued: 09/18/2012
Est. Priority Date: 07/25/2008
Status: Active Grant

First Claim

Patent Images

1. A system of managing information used for controlling access by technical support personnel to a company'"'"'s computing system, the system comprising:

at least one subsystem configured to store identification information for the technical support personnel in a first main data table, the technical support personnel being physically and logically isolated from the company'"'"'s computing system;

at least one subsystem configured to store access approval information for the technical support personnel in a second main data table, the access approval authorizing the technical support personnel to access a portion of the company'"'"'s computing system that is affected by a technical support incident; and

at least one subsystem configured to use the identification information and the access approval information stored in the first main data table and the second main data table to allow the technical support personnel to access the portion of the company'"'"'s computing system affected by the technical support incident through a thin client terminal that has a limited functionality and a reduced set of applications; and

at least one subsystem that sends a description of the technical support incident to the thin client terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for providing a database schema that links various system components and information to provide oversight and automated access control across disparate systems and applications. In one implementation, the database schema may use separate centralized tables to tie the various system components and information together. For example, one table may store information concerning technical support personnel authorized to address a given technical support incident, and another table may store information concerning approval given to do the technical support personnel to access a resource needed to provide the technical support, and the level of access needed to address provide technical support. Auxiliary tables may then be provided to support the centralized tables. Such an arrangement has a number of advantages, including the ability to allow the technical support personnel to access user ID-protected and/or password-protected systems/applications without using or knowing the user IDs and passwords.

Citations

21 Claims

1. A system of managing information used for controlling access by technical support personnel to a company'"'"'s computing system, the system comprising:
- at least one subsystem configured to store identification information for the technical support personnel in a first main data table, the technical support personnel being physically and logically isolated from the company'"'"'s computing system;
  
  at least one subsystem configured to store access approval information for the technical support personnel in a second main data table, the access approval authorizing the technical support personnel to access a portion of the company'"'"'s computing system that is affected by a technical support incident; and
  
  at least one subsystem configured to use the identification information and the access approval information stored in the first main data table and the second main data table to allow the technical support personnel to access the portion of the company'"'"'s computing system affected by the technical support incident through a thin client terminal that has a limited functionality and a reduced set of applications; and
  
  at least one subsystem that sends a description of the technical support incident to the thin client terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the first main data table has a one-to-many relationship with the second main data table.
  - 3. The system of claim 1, further comprising at least one subsystem configured to support the first main data table with one or more first auxiliary tables, the one or more first auxiliary tables including:
    - a virtual desktop table, a service area table, and a personnel/system area mapping table.
  - 4. The system of claim 3, wherein the service area table is related to the virtual desktop table and the personnel/system area mapping table by one-to-many relationships.
  - 5. The system of claim 4, further comprising at least one subsystem configured to support the second main data table with one or more second auxiliary tables, the one or more second auxiliary tables including:
    - a system/system access mapping table, a system type table, a system access table, and a personnel/system access mapping table.
  - 6. The system of claim 5, wherein the system/system access mapping table is related to the system access table and the system type table by many-to-one relationships.
  - 7. The system of claim 6, wherein the first main data table is related to the service area table by a many-to-one relationship and the second main data table is related to the system/system access mapping table by a many-to-one relationship.

8. A method of managing information used for controlling access by technical support personnel to a company'"'"'s computing system, the method comprising:
- storing identification information for the technical support personnel in a first main data table, the technical support personnel being physically and logically isolated from the company'"'"'s computing system;
  
  storing access approval information for the technical support personnel in a second main data table, the access approval authorizing the technical support personnel to access a portion of the company'"'"'s computing system that is affected by a technical support incident;
  
  using the identification information and the access approval information stored in the first main data table and the second main data table to allow the technical support personnel to access the portion of the company'"'"'s computing system affected by the technical support incident through a thin client terminal that has a limited functionality and a reduced set of applications; and
  
  sending a description of the technical support incident to the thin client terminal.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the first main data table has a one-to-many relationship with the second main data table.
  - 10. The method of claim 8, further comprising supporting the first main data table with one or more first auxiliary tables, the one or more first auxiliary tables including:
    - a virtual desktop table, a service area table, and a personnel/system area mapping table.
  - 11. The method of claim 10, wherein the service area table is related to the virtual desktop table and the personnel/system area mapping table by one-to-many relationships.
  - 12. The method of claim 11, further comprising supporting the second main data table with one or more second auxiliary tables, the one or more second auxiliary tables including:
    - a system/system access mapping table, a system type table, a system access table, and a personnel/system access mapping table.
  - 13. The method of claim 12, wherein the system/system access mapping table is related to the system access table and the system type table by many-to-one relationships.
  - 14. The method of claim 13, wherein the first main data table is related to the service area table by a many-to-one relationship and the second main data table is related to the system/system access mapping table by a many-to-one relationship.

15. A non-transitory computer-readable medium encoded with computer-readable instructions for managing information used for controlling access by technical support personnel to a company'"'"'s computing system, the computer-readable instructions comprising instructions for causing a computer to:
- store identification information for the technical support personnel in a first main data table, the technical support personnel being physically and logically isolated from the company'"'"'s computing system;
  
  store access approval information for the technical support personnel in a second main data table, the access approval authorizing the technical support personnel to access a portion of the company'"'"'s computing system that is affected by a technical support incident;
  
  use the identification information and the access approval information stored in the first main data table and the second main data table to allow the technical support personnel to access the portion of the company'"'"'s computing system affected by the technical support incident through a thin client terminal that has a limited functionality and a reduced set of applications; and
  
  send a description of the technical support incident to the thin client terminal.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer-readable medium of claim 15, wherein the first main data table has a one-to-many relationship with the second main data table.
  - 17. The computer-readable medium of claim 15, further comprising instructions for causing a computer to support the first main data table with one or more first auxiliary tables, the one or more first auxiliary tables including:
    - a virtual desktop table, a service area table, and a personnel/system area mapping table.
  - 18. The computer-readable medium of claim 17, wherein the service area table is related to the virtual desktop table and the personnel/system area mapping table by one-to-many relationships.
  - 19. The computer-readable medium of claim 18, further comprising instructions for causing a computer to support the second main data table with one or more second auxiliary tables, the one or more second auxiliary tables including:
    - a system/system access mapping table, a system type table, a system access table, and a personnel/system access mapping table.
  - 20. The computer-readable medium of claim 19, wherein the system/system access mapping table is related to the system access table and the system type table by many-to-one relationships.
  - 21. The computer-readable medium of claim 20, wherein the first main data table is related to the service area table by a many-to-one relationship and the second main data table is related to the system/system access mapping table by a many-to-one relationship.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
United Services Automobile Association
Original Assignee
United Services Automobile Association
Inventors
Wilkinson, Christopher Thomas, Francovich, Edward Allen, Guild, Stuart Matthew
Primary Examiner(s)
Kerzhner, Aleksandr

Application Number

US12/180,480
Time in Patent Office

1,516 Days
Field of Search

707/783, 707/784, 707/999.009
US Class Current

707/783
CPC Class Codes

G06F 16/211 Schema design and management

G06F 21/604 Tools and structures for ma...

Database for access control center

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Database for access control center

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links