Method and system for multi-tiered distributed security authentication and filtering

US 9,043,878 B2
Filed: 03/06/2012
Issued: 05/26/2015
Est. Priority Date: 03/06/2012
Status: Active Grant

First Claim

Patent Images

1. A method of managing user access to one or more computing resources, comprising:

centrally maintaining user subscription information comprising user authentication information and system authorization information based on user credentials, wherein the user subscription information is contained in a master list, wherein the system authorization information includes system type per user;

providing relevant subscription information from the user subscription information to multiple remote computing systems including propagating user credentials;

in a remote computing system;

querying the master list for subscription information for relevant users associated with computing resources of the remote computing system;

downloading one or more relevant portions of the master list, wherein the relevant portions downloaded comprise the subscription information for the relevant users associated with the computing resources of the remote computing system;

authenticating a user login to the remote computing system based on user authentication information from the relevant portions downloaded, wherein said user authentication information comprises multilevel authentication and multilevel password information for filtering access to multiple attached systems of the remote computing system and controlling access to the computing resources of the remote computing system based on user credentials of the relevant users associated with the computing resources of the remote computing system, wherein user provided credentials are checked against the multilevel authentication and multilevel password information for authenticating access to the remote computing system, wherein the multilevel authentication and multilevel password information facilitate filtering by user and filtering by limiting access to certain systems, and wherein the multilevel password information comprises personal passwords and system passwords; and

upon authentication of the user login, selectively authorizing user access to the computing resources of the remote computing system based on system authorization information from the relevant portions downloaded.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Multi-tiered distributed security authentication and filtering. One embodiment comprises managing user access to one or more computing resources, by centrally maintaining user subscription information comprising user authentication information and system authorization information, and providing relevant subscription information from the user subscription information to one or more remote computing systems. Managing user access further includes, in a remote computing system, authenticating a user login to the remote computing system based on user authentication information from said relevant subscription information, and upon user authentication, selectively authorizing user access to computing resources of the remote computing system based on system authorization information from said relevant subscription information.

Citations

18 Claims

1. A method of managing user access to one or more computing resources, comprising:
- centrally maintaining user subscription information comprising user authentication information and system authorization information based on user credentials, wherein the user subscription information is contained in a master list, wherein the system authorization information includes system type per user;
  
  providing relevant subscription information from the user subscription information to multiple remote computing systems including propagating user credentials;
  
  in a remote computing system;
  
  querying the master list for subscription information for relevant users associated with computing resources of the remote computing system;
  
  downloading one or more relevant portions of the master list, wherein the relevant portions downloaded comprise the subscription information for the relevant users associated with the computing resources of the remote computing system;
  
  authenticating a user login to the remote computing system based on user authentication information from the relevant portions downloaded, wherein said user authentication information comprises multilevel authentication and multilevel password information for filtering access to multiple attached systems of the remote computing system and controlling access to the computing resources of the remote computing system based on user credentials of the relevant users associated with the computing resources of the remote computing system, wherein user provided credentials are checked against the multilevel authentication and multilevel password information for authenticating access to the remote computing system, wherein the multilevel authentication and multilevel password information facilitate filtering by user and filtering by limiting access to certain systems, and wherein the multilevel password information comprises personal passwords and system passwords; and
  
  upon authentication of the user login, selectively authorizing user access to the computing resources of the remote computing system based on system authorization information from the relevant portions downloaded.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein:
    - providing relevant subscription information from the user subscription information to multiple remote computing systems further includes, for each remote computing system, selectively propagating from the master list to said remote computing system user credentials for relevant users associated with computing resources of said remote computing system; and
      
      said system authorization information comprises filtering information for limiting access to certain computing resources of the multiple remote computing systems for each user.
  - 3. The method of claim 1, wherein:
    - providing relevant subscription information from the user subscription information to multiple remote computing systems further includes, for each remote computing system, providing said remote computing system with subscription information for relevant users that are associated with computing resources of said remote computing system, wherein one or more rows including said subscription information for said relevant users is downloaded from the master list to said remote computing system.
  - 4. The method of claim 3, wherein:
    - selectively authorizing user access to the computing resources of the remote computing system comprises, upon authentication of the user login, limiting access of a user to certain computing resources for the user based on the system authorization information for that user including an assigned level of access.
  - 5. The method of claim 1, wherein:
    - a subscription determines which computing resources a user is allowed to access remotely; and
      
      centrally maintaining user subscription information comprises maintaining and updating the user subscription information in a central computing system in relation to the remote computing systems within a distributed computing system, wherein requests to update subscription information from the master list for relevant users of a particular remote computing system are periodically sent from the particular remote computing system.

6. A system for managing user access to one or more computing resources, comprising:
- a subscription subsystem that centrally maintains user subscription information comprising user authentication information and system authorization information based on user credentials, wherein the user subscription information is contained in a master list, wherein the system authorization information includes system type per user, wherein the subscription subsystem provides relevant subscription information from the user subscription information to multiple remote computing systems including propagating user credentials, wherein said user authentication information comprises multilevel authentication and multilevel password information for filtering access to multiple attached systems of a remote computing system and controlling access to remote computing resources based on user credentials of individual users; and
  
  for a remote computing system, an authentication subsystem that;
  
  queries the master list for subscription information for relevant users associated with computing resources of the remote computing system;
  
  downloading one or more relevant portions of the master list, wherein the relevant portions downloaded comprise the subscription information for the relevant users associated with the computing resources of the remote computing system;
  
  authenticates a user login to a remote computing system based on user authentication information from the relevant portions downloaded, and upon authentication of the user login, selectively authorizes user access to the computing resources of the remote computing system based on system authorization information from the relevant portions downloaded, wherein user provided credentials are checked against the multilevel authentication and multilevel password information for authenticating access to the remote computing system, wherein the multilevel authentication and multilevel password information facilitate filtering by user and filtering by limiting access to certain systems, and wherein the multilevel password information comprises personal passwords and system passwords.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The system of claim 6, wherein, for each remote computing system, the subscription subsystem provides said remote computing system with subscription information for relevant users associated with computing resources of said remote computing system, wherein one or more rows including said subscription information for said relevant users is downloaded from the master list to said remote computing system.
  - 8. The system of claim 7, wherein:
    - for each remote computing system, the subscription subsystem selectively propagates from the master list to said remote computing system user credentials for relevant users associated with computing resources of said remote computing system; and
      
      said system authorization information comprises filtering information for limiting access to certain computing resources of the multiple remote computing systems for each user.
  - 9. The system of claim 8, wherein:
    - the authentication subsystem authenticates a user login to the remote computing system by checking user provided credentials against the multilevel authentication and multilevel password information, for authenticating access to the remote computing system.
  - 10. The system of claim 9, wherein:
    - the authentication subsystem selectively authorizes user access to the computing resources of the remote computing system upon authentication of, the user login by limiting access of a user to certain computing resources for the user based on the system authorization information for the user including an assigned level of access.
  - 11. The system of claim 10, wherein:
    - a subscription determines which computing resources a user is allowed to access remotely; and
      
      the subscription system centrally maintains and updates user subscription information by maintaining the user subscription information in a central computing system in relation to the remote computing systems within a distributed computing system, wherein requests to update subscription information from the master list for relevant users of a particular remote computing system are periodically sent from the particular remote computing system.

12. A computer program product for managing user access to one or more computing resources, the computer program product comprising:
- a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code comprising;
  
  computer readable program code configured to centrally maintain user subscription information comprising user authentication information and system authorization information based on user credentials, wherein the user subscription information is contained in a master list, wherein the system authorization information includes system type per user;
  
  computer readable program code configured to provide relevant subscription information from the user subscription information to multiple remote computing systems including propagating user credentials;
  
  computer readable program code configured to, in a remote computing system;
  
  query the master list for subscription information for relevant users associated with computing resources of the remote computing system;
  
  download one or more relevant portions of the master list, wherein the relevant portions downloaded comprise the subscription information for the relevant users associated with the computing resources of the remote computing system;
  
  authenticate a user login to the remote computing system based on user authentication information from the relevant portions downloaded, wherein said user authentication information comprises multilevel authentication and multilevel password information for filtering access to multiple attached systems of the remote computing system and controlling access to the computing resources of the remote computing system based on user credentials of the relevant users associated with the computing resources of the remote computing system, wherein user provided credentials are checked against the multilevel authentication and multilevel password information for authenticating access to the remote computing system, wherein the multilevel authentication and multilevel password information facilitate filtering by user and filtering by limiting access to certain systems, and wherein the multilevel password information comprises personal passwords and system passwords; and
  
  upon authentication of the user login, selectively authorize user access to the computing resources of the remote computing system based on system authorization information from the relevant portions downloaded.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The computer program product of claim 12, wherein, for each remote computing system, said remote computing system is provided with subscription information for one or more users that are associated with computing resources of said remote computing system, wherein one or more rows including said subscription information for said one or more users is downloaded from the master list to said remote computing system.
  - 14. The computer program product of claim 13, wherein:
    - for each remote computing system, user credentials for relevant users associated with computing resources of said remote computing system is selectively propagated from the master list to said remote computing system; and
      
      said system authorization information comprises filtering information for limiting access to certain computing resources of the multiple remote computing systems for each user.
  - 15. The computer program product of claim 14, further comprising:
    - computer readable program code configured to authenticate a user login to the remote computing system by checking user provided credentials against the multilevel authentication and multilevel password information, for authenticating access to the remote computing system.
  - 16. The computer program product of claim 15, further comprising:
    - computer readable program code configured to selectively authorize user access to the computing resources of the remote computing system by, upon authentication of the user the user login, limiting access of a user to certain computing resources for the user based on the system authorization information for the user including an assigned level of access.
  - 17. The computer program product of claim 16, whereina subscription determines which computing resources a user is allowed to access remotely, and the computer program product further comprises computer readable program code configured to centrally maintain and update user subscription information by maintaining the user subscription information in a central computing system in relation to the remote computing systems within a distributed computing system, wherein requests to update subscription information from the master list for relevant users of a particular remote computing system are periodically sent from the particular remote computing system.

18. A method of managing user access to one or more computing resources, comprising:
- centrally maintaining user subscription information comprising user authentication information and system authorization information based on user credentials, wherein the user subscription information is contained in a master list, wherein the system authorization information includes system type per user; and
  
  providing relevant subscription information from the user subscription information to multiple remote computing systems including propagating user credentials;
  
  wherein each remote computing system;
  
  queries the master list for subscription information for relevant users associated with computing resources of said remote computing system;
  
  downloads one or more relevant portions of the master list, wherein the relevant portions downloaded comprise the subscription information for the relevant users associated with the computing resources of said remote computing system;
  
  authenticates a user login to said remote computing system based on user authentication information from the relevant portions downloaded; and
  
  upon authentication of the user login, selectively authorize user access to the computing resources of said remote computing system based on system authorization information from the relevant portions downloaded, wherein said user authentication information comprises multilevel authentication and multilevel password information for filtering access to multiple attached systems of said remote computing system and controlling access to the computing resources of said remote computing system based on user credentials of the relevant users associated with the computing resources of said remote computing system, wherein user provided credentials are checked against the multilevel authentication and multilevel password information for authenticating access to the remote computing system, wherein the multilevel authentication and multilevel password information facilitate filtering by user and filtering by limiting access to certain systems, and wherein the multilevel password information comprises personal passwords and system passwords.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Terris, Benjamin S., Welp, Richard A.
Primary Examiner(s)
Nalven, Andrew
Assistant Examiner(s)
MALINOWSKI, WALTER J

Application Number

US13/413,563
Publication Number

US 20130239176A1
Time in Patent Office

1,176 Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/31   User authentication

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

Method and system for multi-tiered distributed security authentication and filtering

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for multi-tiered distributed security authentication and filtering

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links