Techniques for providing role-based access control using dynamic shared accounts

US 8,869,244 B1
Filed: 12/29/2011
Issued: 10/21/2014
Est. Priority Date: 05/03/2011
Status: Active Grant

First Claim

Patent Images

1. A system for providing role-based access using dynamic shared accounts comprising:

one or more processors communicatively coupled to a network, wherein the one or more processors are configured to;

receive a request for access to an account, wherein the request comprises an identifier associated with a user;

authenticate the user for access to the account;

identify one or more predetermined roles associated with the account for the user;

identify one or more pseudo accounts corresponding to the one or more predetermined roles, wherein the one or more pseudo accounts enable role-based access control using dynamic shared accounts compatible across multiple applications;

determine availability of the one or more pseudo accounts and possible alternative pseudo accounts based upon current status;

map the user to the one or more pseudo accounts; and

provide user access to the account based on the mapping and with access privileges associated with the one or more predetermined roles associated with the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for providing role-based access control using dynamic shared accounts are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system and method for providing role-based access using dynamic shared accounts. For example, the system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to: receive a request for access to an account, wherein the request comprises an identifier associated with a user; authenticate the user for access to the account; identify one or more predetermined roles associated with the account for the user; identify one or more pseudo accounts corresponding to the one or more predetermined roles; map the user to the one or more pseudo accounts; and provide user access to the account based on the mapping and with access privileges associated with the one or more predetermined roles associated with the user.

Citations

20 Claims

1. A system for providing role-based access using dynamic shared accounts comprising:
- one or more processors communicatively coupled to a network, wherein the one or more processors are configured to;
  
  receive a request for access to an account, wherein the request comprises an identifier associated with a user;
  
  authenticate the user for access to the account;
  
  identify one or more predetermined roles associated with the account for the user;
  
  identify one or more pseudo accounts corresponding to the one or more predetermined roles, wherein the one or more pseudo accounts enable role-based access control using dynamic shared accounts compatible across multiple applications;
  
  determine availability of the one or more pseudo accounts and possible alternative pseudo accounts based upon current status;
  
  map the user to the one or more pseudo accounts; and
  
  provide user access to the account based on the mapping and with access privileges associated with the one or more predetermined roles associated with the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the account is a shared Software-as-a-Service (SaaS) account.
  - 3. The system of claim 1, wherein the identifier comprises at least one of a user identifier and password.
  - 4. The system of claim 1, wherein authenticating the user further comprises providing single sign-on access to at least the account.
  - 5. The system of claim 1, wherein mapping the user to the one or more pseudo accounts comprises a dynamic mapping, wherein the dynamic mapping comprises performing an action in the event the one or more pseudo accounts are unavailable.
  - 6. The system of claim 5, wherein the action comprises at least one of following:
    - notifying the user of the unavailability of the one or more pseudo accounts;
      
      halting the mapping action; and
      
      determining availability of one or more other pseudo accounts of equal or lesser access privileges and mapping the user to the one or more other pseudo accounts.
  - 7. The system of claim 1, wherein the one or more processors are further configured to:
    - receive a request for access to a second account;
      
      authenticate the user for access to the second account based on a single sign-on access to the second account;
      
      identify one or more predetermined roles associated with the second account for the user;
      
      identify one or more pseudo accounts corresponding to the one or more predetermined roles associated with the second account;
      
      map the user to the one or more pseudo accounts associated with the second account; and
      
      provide access to the second account based on the mapping and with access privileges associated with the one or more predetermined roles associated with the user for the second account.

8. A method for providing role-based access using dynamic shared accounts comprising:
- receiving a request for access to an account, wherein the request comprises an identifier associated with a user;
  
  authenticating, using at least one computer processor, the user for access to the account;
  
  identifying one or more predetermined roles associated with the account for the user;
  
  identifying one or more pseudo accounts corresponding to the one or more predetermined roles, wherein the one or more pseudo accounts enable role-based access control using dynamic shared accounts compatible across multiple applications;
  
  determining availability of the one or more pseudo accounts and possible alternative pseudo accounts based upon current status;
  
  mapping the user to the one or more pseudo accounts; and
  
  providing user access to the account based on the mapping and with access privileges associated with the one or more predetermined roles associated with the user.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, wherein the account is a shared Software-as-a-Service (SaaS) account.
  - 10. The method of claim 8, wherein the identifier comprises at least one of a user identifier and password.
  - 11. The system of claim 8, wherein authenticating the user further comprises providing single sign-on access to at least the account.
  - 12. The method of claim 8, wherein mapping the user to the one or more pseudo accounts comprises a dynamic mapping, wherein the dynamic mapping comprises performing an action in the event the one or more pseudo accounts are unavailable.
  - 13. The method of claim 12, wherein the action comprises at least one of following:
    - notifying the user of the unavailability of the one or more pseudo accounts;
      
      halting the mapping action; and
      
      determining availability of one or more other pseudo accounts of equal or lesser access privileges and mapping the user to the one or more other pseudo accounts.
  - 14. The method of claim 8, further comprising:
    - receiving a request for access to a second account;
      
      authenticating the user for access to the second account based on a single sign-on access to the second account;
      
      identifying one or more predetermined roles associated with the second account for the user;
      
      identifying one or more pseudo accounts corresponding to the one or more predetermined roles associated with the second account;
      
      mapping the user to the one or more pseudo accounts associated with the second account; and
      
      providing user access to the second account based on the mapping and with access privileges associated with the one or more predetermined roles associated with the user for the second account.
  - 15. A non-transitory computer-readable storage medium storing a computer program of instructions configured to be readable by at least one computer processor for instructing the at least one computer processor to execute a computer process for performing the method of claim 8.

16. A system for providing role-based access using dynamic shared accounts comprising:
- one or more processors communicatively coupled to a network, wherein the one or more processors are configured to;
  
  create at least one account associated with a service;
  
  create one or more roles for the at least one account;
  
  create at least one pseudo account corresponding to each of the one or more roles, wherein the at least one pseudo account enables role-based access control using dynamic shared accounts compatible across multiple applications;
  
  determine availability of the at least one pseudo account and possible alternative pseudo accounts based upon current status; and
  
  assign at least one of the one or more roles to a user for dynamically mapping the user to the at least one pseudo account for access to the at least one account based on the one or more roles.
- View Dependent Claims (17)
- - 17. The system of claim 16, wherein the at least one account is at least one shared account and the service is a Software-as-a-Service.

18. A method for providing role-based access using dynamic shared accounts comprising:
- creating at least one account associated with a service;
  
  creating one or more roles for the at least one account;
  
  creating, using at least one computer processor, at least one pseudo account corresponding to each of the one or more roles, wherein the at least one pseudo account enables role-based access control using dynamic shared accounts compatible across multiple applications;
  
  determining availability of the at least one pseudo account and possible alternative pseudo accounts based upon current status; and
  
  assigning at least one of the one or more roles to a user for dynamically mapping the user to the at least one pseudo account for access to the at least one account based on the one or more roles.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the at least one account is at least one shared account and the service is a Software-as-a-Service.
  - 20. A non-transitory computer-readable storage medium storing a computer program of instructions configured to be readable by at least one computer processor for instructing the at least one computer processor to execute a computer process for performing the method of claim 18.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sundaram, Sharada, Sawhney, Sanjay, Koeten, Robert
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US13/340,264
Time in Patent Office

1,027 Days
Field of Search

726/2, 726/4
US Class Current

726/4
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 21/00   Security arrangements for p...

G06F 21/50   Monitoring users, programs ...

G06F 21/604   Tools and structures for ma...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 9/5061   Partitioning or combining o...

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/104   Grouping of entities

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 67/10   in which an application is ...

H04L 9/32   including means for verifyi...

Techniques for providing role-based access control using dynamic shared accounts

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for providing role-based access control using dynamic shared accounts

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links