Authentication enforcement at resource level

US 8,640,208 B2
Filed: 11/28/2007
Issued: 01/28/2014
Est. Priority Date: 07/17/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

providing authentication enforcement at resource level by;

receiving, at a server, a request from a requester through a client to access a particular database of a resource;

enforcing authentication of the requester by challenging the requester to provide at least one authentication credential corresponding to at least one authentication key that is an attribute of a table of the particular database being accessed to verify an identity of the requester, the at least one authentication key being specified at design time; and

authenticating the requester by comparing the at least one authentication credential against the at least one authentication key that is an entry of the attribute in the table of the particular database being accessed.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present description refers in particular to a computer-implemented method, a computer system, and a computer program product. The method may comprise providing authentication enforcement at resource level by specifying at design time at least one authentication key for at least one data storage unit of a resource. A request may be received at a server from a requester through a client to access the resource. Authentication of the requester may be enforced through the at least one authentication key at the at least one data storage unit of the resource.

5 Citations

View as Search Results

22 Claims

1. A computer-implemented method comprising:
- providing authentication enforcement at resource level by;
  
  receiving, at a server, a request from a requester through a client to access a particular database of a resource;
  
  enforcing authentication of the requester by challenging the requester to provide at least one authentication credential corresponding to at least one authentication key that is an attribute of a table of the particular database being accessed to verify an identity of the requester, the at least one authentication key being specified at design time; and
  
  authenticating the requester by comparing the at least one authentication credential against the at least one authentication key that is an entry of the attribute in the table of the particular database being accessed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, wherein enforcing authentication of the requester further comprises:
    - propagating the at least one authentication key through at least one cross-reference between the table and at least one further table of the particular database being accessed.
  - 3. The method according to claim 2, wherein the at least one cross-reference is at least one referential integrity constraint between the table and the at least one further table of the particular database being accessed.
  - 4. The method according to claim 3, wherein the at least one referential integrity constraint defines a relationship between at least one primary key of the table and at least one foreign key of the at least one further table of the particular database being accessed.
  - 5. The system according to claim 2, wherein the authentication mechanism is further operable to perform operations comprising:
    - enforcing the at least one authentication key through a database management system.
  - 6. The method according claim 1 further comprising:
    - monitoring the at least one authentication key by at least one trigger.
  - 7. The method according to claim 6 further comprising:
    - the at least one trigger obliging the requester to provide the at least one authentication credential represented by the at least one authentication key, the at least one authentication credential being a shared secret.
  - 8. The method according to claim 1, wherein enforcing is performed by enforcing the at least one authentication key through at least one trigger operation.
  - 9. The method according to claim 8, wherein enforcing the at least one authentication key through the at least one trigger operation is performed prior to an insert, update, and/or delete operation performed on the table.
  - 10. The method according to claim 1, wherein enforcing is performed by enforcing the at least one authentication key through a database management system.
  - 11. The method according to claim 1 further comprising:
    - invoking a rollback operation in case of an authentication failure.
  - 12. The method of claim 1, wherein the authentication key does not include a null value.

13. A computer program product comprising computer readable instructions, which when loaded and run in a computer or computer network system, causes the computer system or the computer network system to perform operations including:
- receiving, at a server, a request from a requester through a client to access a particular database of a resource;
  
  enforcing authentication of the requester by challenging the requester to provide at least one authentication credential corresponding to at least one authentication key that is an attribute of table of the particular database being accessed to verify an identity of the user, the at least one authentication key being specified at design time; and
  
  authenticating the requester by comparing the at least one authentication credential against the at least one authentication key that is an entry of the attribute in the table of the particular database being accessed.

14. A non-transitory machine-readable medium embodying instructions, which when executed by at least one processing unit of a machine, cause the machine to perform operations comprising:
- receiving, at a server, a request from a requester through a client to access a particular database of a resource;
  
  enforcing authentication of the requester by challenging the requester to provide at least one authentication credential corresponding to at least one authentication key that is an attribute of a table of the particular database being accessed to verify an identity of the requester, the at least one authentication key being specified at design time; and
  
  authenticating the requester by comparing the at least one authentication credential against the at least one authentication key that is an entry of the attribute in the table of the particular database being accessed.

15. A computer system comprising:
- an authentication mechanism having at least one processing unit for authentication enforcement at a table level of a particular database, operable to perform operations comprising;
  
  receiving, at a server, a request from a requester through a client to access the particular database in a resource;
  
  enforcing authentication of the requester by challenging the requester to provide at least one authentication credential corresponding to at least one authentication key that is an attribute of a table of the particular database being accessed to verify an identity of the requester, the at least one authentication key being specified at design time; and
  
  authenticating the requester by comparing the at least one authentication credential against the at least one authentication key that is an entry of the attribute in the table of the particular database being accessed.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system according to claim 15, wherein the authentication mechanism is further operable to perform operations comprising:
    - monitoring the at least one authentication key by at least one trigger.
  - 19. The system according to claim 18, wherein the at least one trigger is operable to perform operations comprising:
    - obliging the requester to provide the at least one authentication credential represented by the at least one authentication key, the at least one authentication credential being a shared secret.
  - 20. The system according to claim 15, wherein the authentication mechanism is further operable to perform operations comprising:
    - enforcing the at least one authentication key through at least one trigger operation.
  - 21. The system according to claim 20, wherein the at least one trigger is operable to enforce the at least one authentication key prior to an insert, update, or delete operation performed on the table.
  - 22. The system according to claim 15, wherein the authentication mechanism is further operable to perform operations comprising:
    - invoking a rollback operation in case of an authentication failure.

16. A computer program product comprising computer readable instructions store on a device, which when loaded and run in a computer or computer network system, causes the computer system or the computer network system to perform operations including:
- receiving at a server a request from a requester through a client to access a particular database of a resource;
  
  enforcing authentication of the requester by challenging the requester to provide at least one authentication credential corresponding to at least one authentication key that is an attribute of a table of the particular database being accessed to verify an identity of the user, the at least one authentication key being specifying at design time; and
  
  authenticating the requester by comparing the at least one authentication credential against the at least one authentication key that is an entry of the attribute in the table of the particular database being accessed.
- View Dependent Claims (17)
- - 17. The system according to claim 16, wherein the at least one cross-reference is at least one referential integrity constraint between the table and the at least one further table of the particular database being accessed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Benameur, Azzedine, El Khoury, Paul, Ulmer, Cedric S. P.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US11/998,141
Publication Number

US 20090025068A1
Time in Patent Office

2,253 Days
Field of Search

726/2
US Class Current

726/5
CPC Class Codes

G06F 21/31 User authentication

G06F 21/6227 where protection concerns t...

Authentication enforcement at resource level

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

5 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Authentication enforcement at resource level

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others