Impersonation in an access system
First Claim
1. A method for impersonating, comprising the steps of:
- receiving authentication credentials for a first entity and an identification of a second entity;
authenticating said first entity based on said authentication credentials for said first entity;
creating a cookie that stores an indication of said second entity if said step of authenticating is performed successfully; and
authorizing said first entity to access a first resource as said second entity based on said cookie.
5 Assignments
0 Petitions
Accused Products
Abstract
The present invention pertains to a system for managing network access to resources that allows a first entity to impersonate a second entity. In one embodiment, the first entity can impersonate the second entity without knowing the second entity'"'"'s password and/or without altering anything in the entity'"'"'s set of personal information. This invention provides the first entity with the ability to troubleshoot in a live production system without disrupting the users or the system. In one embodiment, the first entity authenticates as itself. Access to resources is provided in response to an authorization process based on the identity of the entity being impersonated.
154 Citations
48 Claims
-
1. A method for impersonating, comprising the steps of:
-
receiving authentication credentials for a first entity and an identification of a second entity;
authenticating said first entity based on said authentication credentials for said first entity;
creating a cookie that stores an indication of said second entity if said step of authenticating is performed successfully; and
authorizing said first entity to access a first resource as said second entity based on said cookie. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for impersonating, comprising the steps of:
-
receiving authentication credentials for a first entity and an identification of a second entity at an access system, said access system protects a first resource that is separate from said access system;
authenticating said first entity based on said authentication credentials for said first entity, said step of authenticating is performed by said access system; and
authorizing said first entity to access said first resource as said second entity, said step of authorizing is performed by said access system. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. A method for impersonating, comprising the steps of:
-
receiving authentication credentials for a first entity and an identification of a second entity at an access system, said access system protects a plurality of resources;
receiving an indication of one or more of said plurality of resources;
authenticating said first entity based on said authentication credentials for said first entity, said step of authenticating is performed by said access system; and
authorizing said first entity to access said one or more of said plurality of resources as said second user, said step of authorizing is performed by said access system. - View Dependent Claims (25, 26, 27)
-
-
28. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
receiving authentication credentials for a first entity and an identification of a second entity;
authenticating said first entity based on said authentication credentials for said first entity;
creating a cookie that stores an indication of said second entity if said step of authenticating is performed successfully; and
authorizing said first entity to access a first resource as said second entity based on said cookie. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. An apparatus for providing access management that allows for impersonating, comprising:
-
a communication interface;
a storage device; and
a processing unit in communication with said communication interface and said storage device, said processing unit performs a method comprising the steps of;
receiving authentication credentials for a first entity and an identification of a second entity, authenticating said first entity based on said authentication credentials for said first entity, creating a cookie that stores an indication of said second entity if said step of authenticating is performed successfully, and authorizing said first entity to access a first resource as said second entity based on said cookie. - View Dependent Claims (36, 37, 38)
-
-
39. One or more processor readable storage devices having processor readable code embodied on said processor readable storage devices, said processor readable code for programming one or more processors to perform a method comprising the steps of:
-
receiving authentication credentials for a first entity and an identification of a second entity at an access system, said access system protects a first resource that is separate from said access system;
authenticating said first entity based on said authentication credentials for said first entity, said step of authenticating is performed by said access system; and
authorizing said first entity to access said first resource as said second entity, said step of authorizing is performed by said access system. - View Dependent Claims (40, 41, 42, 43, 44)
-
-
45. An apparatus for providing access management that allows for impersonating, comprising:
-
a communication interface;
a storage device; and
a processing unit in communication with said communication interface and said storage device, said processing unit performs a method comprising the steps of;
receiving authentication credentials for a first entity and an identification of a second entity at an access system, said access system protects a first resource that is separate from said access system, authenticating said first entity based on said authentication credentials for said first entity, said step of authenticating is performed by said access system, and authorizing said first entity to access said first resource as said second entity, said step of authorizing is performed by said access system. - View Dependent Claims (46, 47, 48)
-
Specification