Indirect user authentication
First Claim
Patent Images
1. A method executed by one or more processors, the method comprising:
- receiving, from one or more users, a request for access to a shared system, wherein the request comprises a shared system identifier that indicates the shared system for which access is being requested, a shared user identifier, and a user identifier and a user password corresponding to the one or more users;
determining if the one or more users are authorized to access the shared system by confirming the user identifier of each of the one or more users includes at least the same level of authorization as the shared user identifier and one or more of;
confirming the one or more users are included in an authorized user list, andconfirming the one or more users are a member of an authorized user group;
responsive to determining that the one or more users are authorized to access the shared system, requesting, from an identity manager, the shared user identifier and a shared password corresponding to the shared system;
receiving, from the identity manager, the shared user identifier and the shared password, and providing the shared user identifier to each of the one or more users, and automatically authenticating each of the one or more users on the shared system using the shared user identifier and the shared password;
using the shared user identifier and the shared password of each of the one or more users to enable the one or more users to use the shared system, wherein the shared password is not provided to the any of the one or more users; and
retaining details corresponding to the request for access to the shared system by the one or more users in one or more logs, analyzing the one or more logs to determine that a particular user of the shared system is accessing the shared system without following a required protocol to gain access, prohibiting access to the shared system by the particular user by terminating an active session of the particular user, and sending an alert to a security administrator, wherein the alert comprises one or more of login time of the particular user, connection client information corresponding to the particular user, and activity of the particular user.
1 Assignment
0 Petitions
Accused Products
Abstract
As disclosed herein a method, executed by a computer, includes receiving, from a user, a request for access to a shared system, wherein the request comprises a user identifier and a user password corresponding to the user, and determining privileges corresponding to the shared system using the user identifier. The method further includes requesting, from an identity manager, a shared identifier and a shared password corresponding to the shared system, receiving, from the identity manager, the shared identifier and the shared password, and using the shared identifier and the shared password to enable the user to use the shared system. A computer system, and a computer program product corresponding to the above method are also disclosed herein.
26 Citations
1 Claim
-
1. A method executed by one or more processors, the method comprising:
-
receiving, from one or more users, a request for access to a shared system, wherein the request comprises a shared system identifier that indicates the shared system for which access is being requested, a shared user identifier, and a user identifier and a user password corresponding to the one or more users; determining if the one or more users are authorized to access the shared system by confirming the user identifier of each of the one or more users includes at least the same level of authorization as the shared user identifier and one or more of; confirming the one or more users are included in an authorized user list, and confirming the one or more users are a member of an authorized user group; responsive to determining that the one or more users are authorized to access the shared system, requesting, from an identity manager, the shared user identifier and a shared password corresponding to the shared system; receiving, from the identity manager, the shared user identifier and the shared password, and providing the shared user identifier to each of the one or more users, and automatically authenticating each of the one or more users on the shared system using the shared user identifier and the shared password; using the shared user identifier and the shared password of each of the one or more users to enable the one or more users to use the shared system, wherein the shared password is not provided to the any of the one or more users; and retaining details corresponding to the request for access to the shared system by the one or more users in one or more logs, analyzing the one or more logs to determine that a particular user of the shared system is accessing the shared system without following a required protocol to gain access, prohibiting access to the shared system by the particular user by terminating an active session of the particular user, and sending an alert to a security administrator, wherein the alert comprises one or more of login time of the particular user, connection client information corresponding to the particular user, and activity of the particular user.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsHimberger, Kevin D., Palmer, Jake, Parees, Benjamin M.
-
Primary Examiner(s)Korsak, Oleg
-
Application NumberUS15/009,976Publication NumberTime in Patent Office333 DaysField of SearchUS Class Current1/1CPC Class CodesG06F 12/1458 by checking the subject acc...G06F 12/1475 in a virtual system, e.g. w...G06F 2212/1052 Security improvementG06F 3/0622 in relation to accessG06F 3/0637 PermissionsG06F 3/0671 In-line storage systemH04L 63/02 for separating internal fro...H04L 63/08 for authentication of entit...H04L 63/083 using passwords cryptograph...H04L 63/101 Access control lists [ACL]H04L 63/102 Entity profilesH04L 63/104 Grouping of entities
