Collecting account access statistics from information provided by presence of client certificates

US 8,412,932 B2
Filed: 02/28/2008
Issued: 04/02/2013
Est. Priority Date: 02/28/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

requesting, by a computer system, a client certificate from a remote terminal that requests to access a computing resource, the client certificate identifying the remote terminal and an authorized user of the remote terminal, wherein the client certificate is not used by the computer system to determine access to the computing resource;

receiving, by the computer system, access credentials of a user from the remote terminal, wherein the access credentials are used by the computer system to grant access to the computer resource;

determining whether the client certificate is provided by the remote terminal, and if so, determining whether information of the authorized user in the client certificate matches the access credentials of the user; and

updating account access statistics to show whether the access of the computing resource was associated with a client certificate and whether such client certificate matched the access credentials of the user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for collecting account access statistics from information provided by client certificates. In one embodiment, the method comprises requesting client certificates from remote terminals that request to access a computing resource. The method further comprises updating the account access statistics based on information provided by presence or absence of the client certificates and contents of the client certificates for the client certificates that are present.

33 Citations

View as Search Results

14 Claims

1. A method comprising:
- requesting, by a computer system, a client certificate from a remote terminal that requests to access a computing resource, the client certificate identifying the remote terminal and an authorized user of the remote terminal, wherein the client certificate is not used by the computer system to determine access to the computing resource;
  
  receiving, by the computer system, access credentials of a user from the remote terminal, wherein the access credentials are used by the computer system to grant access to the computer resource;
  
  determining whether the client certificate is provided by the remote terminal, and if so, determining whether information of the authorized user in the client certificate matches the access credentials of the user; and
  
  updating account access statistics to show whether the access of the computing resource was associated with a client certificate and whether such client certificate matched the access credentials of the user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein updating account access statistics further comprises:
    - collecting the account access statistics of users who fail to provide client certificates.
  - 3. The method of claim 1, wherein updating account access statistics further comprises:
    - collecting the account access statistics of users whose access credentials do not match information in client certificates provided by the users.
  - 4. The method of claim 1, further comprising:
    - identifying, from the account access statistics, an indication of non-compliance with a company policy.
  - 5. The method of claim 1, wherein updating statistics further comprises:
    - updating the account access statistics in a real-time process that manages account access.
  - 6. The method of claim 1, wherein updating statistics further comprises:
    - scanning a log file, in a background process, to update the account access statistics.

7. A system comprising:
- data storage to store a collection of statistics; and
  
  a computing entity coupled to the data storage, the computing entity to request a client certificate from a remote terminal that requests to access a computing resource, wherein the client certificate identifies the remote terminal and an authorized user of the remote terminal and is not used by the computer system to determine access to the computing resource, the computer entity to;
  
  receive access credentials of a user from the remote terminal, wherein the access credentials are used by the computer system to grant access to the computer resource,determining whether the client certificate is provided by the remote terminal, and if so, determining whether information of the authorized user in the client certificate matches the access credentials of the user, andupdate account access statistics to show whether the access of the computing resource was associated with a client certificate and whether such client certificate matched the access credentials of the user.
- View Dependent Claims (8, 9, 10)
- - 8. The system of claim 7, wherein the account access statistics comprises the account access statistics of users who fail to provide client certificates.
  - 9. The system of claim 7, wherein the account access statistics comprises the account access statistics of users whose access credentials do not match information in client certificates provided by the users.
  - 10. The system of claim 7, wherein the computing resource is a web application or a mail application.

11. A non-transitory computer readable storage medium including instructions that, when executed by a processing system, cause the processing system to perform a method comprising:
- requesting a client certificate from a remote terminal that requests to access a computing resource, the client certificate identifying the remote terminal and an authorized user of the remote terminal, wherein the client certificate is not used by the computer system to determine access to the computing resource;
  
  receiving access credentials of a user from the remote terminal, wherein the access credentials are used by the computer system to grant access to the computer resource;
  
  determining whether the client certificate is provided by the remote terminal, and if so, determining whether information of the authorized user in the client certificate matches the access credentials of the user; and
  
  updating account access statistics to show whether the access of the computing resource was associated with a client certificate and whether such client certificate matched the access credentials of the user.
- View Dependent Claims (12, 13, 14)
- - 12. The computer readable storage medium of claim 11, wherein updating account access statistics further comprises:
    - collecting the account access statistics of users who fail to provide client certificates.
  - 13. The computer readable storage medium of claim 11, wherein updating account access statistics further comprises:
    - collecting the account access statistics of users whose access credentials do not match information in client certificates provided by the users.
  - 14. The computer readable storage medium of claim 11, wherein further comprising:
    - identifying, from the statistics, an indication of non-compliance with a company policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Schneider, James P.
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
SONG, HEE K

Application Number

US12/039,152
Publication Number

US 20090222901A1
Time in Patent Office

1,860 Days
Field of Search

726/10, 726/5, 726/18, 726/2, 726/9, 726/15, 713/156, 713/173, 713/175, 713/172, 713/171, 713/168, 713/186, 713/183, 713/182
US Class Current

713/164
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

Collecting account access statistics from information provided by presence of client certificates

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Collecting account access statistics from information provided by presence of client certificates

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links