Setuid-filter method for providing secure access to a credentials store for computer systems
First Claim
1. A method for use in a computer system that effects secure access to a store comprising:
- providing said store with an exclusive user id;
initiating a process responsive to a store access request;
changing a context of the process to the user id of said store;
communicating between said process and said store via private communications channels; and
obtaining data responsive to said store access request.
1 Assignment
0 Petitions
Accused Products
Abstract
A method that provides access to Privileged Accounts to users by way of a two-way-encrypted credential store. In accordance with this invention, a process that needs to retrieve credentials for a third party system causes the operating system to launch a second process. This second process runs under a secured user id without interactive access. The requesting process can then pass generalized command streams to the second process, including tokenized credential retrieval requests. These tokenized credential retrieval requests are processed to authenticate the requests, perform audit logging of requests and retrieval of credentials. Tokenized credential requests transformed by the second process into credentials, which can be embedded within a command stream and then either forwarded to a sub-process or returned to the requesting process.
96 Citations
8 Claims
-
1. A method for use in a computer system that effects secure access to a store comprising:
-
providing said store with an exclusive user id;
initiating a process responsive to a store access request;
changing a context of the process to the user id of said store;
communicating between said process and said store via private communications channels; and
obtaining data responsive to said store access request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer system comprising:
-
a data store having an exclusive user id in the computer system;
a system for providing secure access to said data store, said system being configured to be responsive to a request for access to said data store by changing its user id to the exclusive user id; and
private communications channels between said system and said data store for communicating and responding to requests for data. - View Dependent Claims (7, 8)
-
Specification