Matching entitlement information for multiple sources

US 9,137,227 B2
Filed: 08/24/2005
Issued: 09/15/2015
Est. Priority Date: 08/24/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method comprising:

an Entitlement Broker Service (EBS) receiving, from an External Authentication Application (EAA), an entitlement credential identifying one or more entitled users who are entitled to access a protected computer resource, wherein the protected computer resource is available only to entitled users, and wherein access to the protected computer resource has been requested of an External Client Application (ECA) by a requesting user;

the EBS sending a request to an Entitlement Source (ES) for entitlement information for the requesting user based on the entitlement credential for the requesting user;

the EBS receiving, from the ES, the entitlement information for the requesting user;

the EBS transmitting the entitlement information, for the requesting user, to the ECA, wherein the EBS brokers the entitlement information from the ES to the ECA such that the requesting user is able to access the protected computer resource according to information in the entitlement information; and

the EBS filtering entitlement identifiers by using an entitlement wildcard, wherein the entitlement wildcard permits the requesting user to access the protected computer resource if the requesting user has only an incomplete portion of entitlement criteria required by the protected computer resource for access to the protected computer resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus and computer-usable medium for executing, at an Entitlement Broker Service (EBS), a request from a requesting user for a protected computer resource that is available only to entitled users. Entitlement identifications are located using a Standardized Entitlement Credentials Data Store (SECDS) in the EBS. The SECDS contains entitlement identification in a standardized format that can be used to contact an Entitlement Source (ES) for entitlement information regarding the requesting user and the requested protected computer resource. The located entitlement information, for the requesting user, is then transmitted from the EBS to an External Client Application (ECA) that manages the protected computer resource, thus affording the requesting user access to the protected computer resource.

17 Citations

17 Claims

1. A computer-implemented method comprising:
- an Entitlement Broker Service (EBS) receiving, from an External Authentication Application (EAA), an entitlement credential identifying one or more entitled users who are entitled to access a protected computer resource, wherein the protected computer resource is available only to entitled users, and wherein access to the protected computer resource has been requested of an External Client Application (ECA) by a requesting user;
  
  the EBS sending a request to an Entitlement Source (ES) for entitlement information for the requesting user based on the entitlement credential for the requesting user;
  
  the EBS receiving, from the ES, the entitlement information for the requesting user;
  
  the EBS transmitting the entitlement information, for the requesting user, to the ECA, wherein the EBS brokers the entitlement information from the ES to the ECA such that the requesting user is able to access the protected computer resource according to information in the entitlement information; and
  
  the EBS filtering entitlement identifiers by using an entitlement wildcard, wherein the entitlement wildcard permits the requesting user to access the protected computer resource if the requesting user has only an incomplete portion of entitlement criteria required by the protected computer resource for access to the protected computer resource.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implementable method of claim 1, further comprising:
    - the EBS determining if the requesting user is entitled to receive access to the protected computer resource through the use of an Adjunct User Interface Application (AUIA), wherein the AUIA is capable of directing the requesting user to additional help resources to enable the requesting user in obtaining requisite entitlement information needed to access the protected computer resource.
  - 3. The computer-implementable method of claim 1, further comprising:
    - the EBS storing a result of a previous entitlement query;
      
      the EBS receiving a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, the EBS transmitting the entitlement information, for the requesting user, to the ECA to authorize access, for the requesting user, to the protected computer resource.
  - 4. The computer-implementable method of claim 1, further comprising:
    - permitting access to the protected computer resource by the requesting user.
  - 5. The computer-implementable method of claim 1, further comprising:
    - storing a result of a previous entitlement query in an Entitlement Connector (EC), wherein the EC determines which user credentials are required to identify and authenticate the requesting user as an authorized user of the protected computer resource;
      
      the EBS receiving a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user not being currently connected to the protected computer resource but having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, transmitting the entitlement information, for the requesting user, from the EC to the ECA to authorize access, for the requesting user, to the protected computer resource.

6. A system comprising:
- a processor;
  
  a data bus coupled to the processor;
  
  a memory coupled to the data bus; and
  
  a computer-usable medium embodying computer program code, the computer program code comprising instructions executable by the processor and configured for;
  
  an Entitlement Broker Service (EBS) receiving, from an External Authentication Application (EAA), an entitlement credential identifying one or more entitled users who are entitled to access a protected computer resource, wherein the protected computer resource is available only to entitled users, and wherein access to the protected computer resource has been requested of an External Client Application (ECA) by a requesting user;
  
  the EBS sending a request to an Entitlement Source (ES) for entitlement information for the requesting user based on the entitlement credential for the requesting user;
  
  the EBS receiving, from the ES, the entitlement information for the requesting user;
  
  the EBS transmitting the entitlement information, for the requesting user, to the ECA, wherein the EBS brokers the entitlement information from the ES to the ECA such that the requesting user is able to access the protected computer resource according to information in the entitlement information; and
  
  filtering, at the EBS, entitlement identifiers by using an entitlement wildcard, wherein the entitlement wildcard permits the requesting user to access the protected computer resource if the requesting user has only an incomplete portion of entitlement criteria required by the protected computer resource for access to the protected computer resource.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein the instructions are further configured to:
    - determine at the EBS if the requesting user is entitled to receive access to the protected computer resource through the use of an Adjunct User Interface Application (AUIA), wherein the AUIA is capable of directing the requesting user to additional help resources to enable the requesting user in obtaining requisite entitlement information needed to access the protected computer resource.
  - 8. The system of claim 6, wherein the instructions are further configured to:
    - store, in the EBS, a result of a previous entitlement query;
      
      receive a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, transmit the entitlement information, for the requesting user, from the EBS to the ECA to authorize access, for the requesting user, to the protected computer resource.
  - 9. The system of claim 6, wherein the instructions are further configured to:
    - permit access to the protected computer resource by the requesting user.
  - 10. The system of claim 6, wherein the instructions are further configured to:
    - store a result of a previous entitlement query in an Entitlement Connector (EC), wherein the EC determines which user credentials are required to identify and authenticate the requesting user as an authorized user of the protected computer resource;
      
      receive, at the EBS, a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user not being currently connected to the protected computer resource but having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, transmit the entitlement information, for the requesting user, from the EC to the ECA to authorize access, for the requesting user, to the protected computer resource.

11. A non-transitory computer storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
- an Entitlement Broker Service (EBS) receiving, from an External Authentication Application (EAA), an entitlement credential identifying one or more entitled users who are entitled to access a protected computer resource, wherein the protected computer resource is available only to entitled users, and wherein access to the protected computer resource has been requested of an External Client Application (ECA) by a requesting user;
  
  the EBS sending a request to an Entitlement Source (ES) for entitlement information for the requesting user based on the entitlement credential for the requesting user;
  
  the EBS receiving, from the ES, the entitlement information for the requesting user; and
  
  the EBS transmitting the entitlement information, for the requesting user, to the ECA, wherein the EBS brokers the entitlement information from the ES to the ECA such that the requesting user is able to access the protected computer resource according to information in the entitlement information; and
  
  filtering, at the EBS, entitlement identifiers by using an entitlement wildcard, wherein the entitlement wildcard permits the requesting user to access the protected computer resource if the requesting user has only an incomplete portion of entitlement criteria required by the protected computer resource for access to the protected computer resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The non-transitory computer storage medium of claim 11, wherein the embodied computer program code further comprises computer executable instructions configured to:
    - determine at the EBS if the requesting user is entitled to receive access to the protected computer resource through the use of an Adjunct User Interface Application (AUIA), wherein the AUIA is capable of directing the requesting user to additional help resources to enable the requesting user in obtaining requisite entitlement information needed to access the protected computer resource.
  - 13. The tangible computer storage medium of claim 11, wherein the embodied computer program code further comprises computer executable instructions configured to:
    - store, in the EBS, a result of a previous entitlement query;
      
      receive a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, transmit the entitlement information, for the requesting user, from the EBS to the ECA to authorize access, for the requesting user, to the protected computer resource.
  - 14. The non-transitory computer storage medium of claim 11, wherein the embodied computer program code further comprises computer executable instructions configured to:
    - permit access to the protected computer resource by the requesting user.
  - 15. The non-transitory computer storage medium of claim 11, wherein the embodied computer program code further comprises computer executable instructions configured to:
    - store a result of a previous entitlement query in an Entitlement Connector (EC), wherein the EC determines which user credentials are required to identify and authenticate the requesting user as an authorized user of the protected computer resource;
      
      receive, at the EBS, a subsequent request for entitlement information needed to access the protected computer resource; and
      
      in response to the requesting user not being currently connected to the protected computer resource but having been previously granted access to the protected computer resource according to the stored result from the previous entitlement query, transmit the entitlement information, for the requesting user, from the EC to the ECA to authorize access, for the requesting user, to the protected computer resource.
  - 16. The non-transitory computer storage medium of claim 11, wherein the computer executable instructions are deployed to a client computer from a server at a remote location.
  - 17. The non-transitory computer storage medium of claim 11, wherein the computer executable instructions are provided by a service provider to a customer in an on-demand basis.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Illg, Jason J., Murray, Sean, Pisello, John M.
Primary Examiner(s)
Chacko, Joe

Application Number

US11/211,005
Publication Number

US 20070056044A1
Time in Patent Office

3,674 Days
Field of Search

709/229, 709/226
US Class Current

1/1
CPC Class Codes

H04L 63/08 for authentication of entit...

H04L 63/0884 by delegation of authentica...

Matching entitlement information for multiple sources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Matching entitlement information for multiple sources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links