Method and apparatus for community management in remote system servicing
First Claim
1. A method for allowing access to a protected software application by a remote system user via a network, comprising the steps of:
- storing a community management database at a central facility, said community management database comprising, for each one of a plurality of protected software applications, a respective rule for defining a community of members entitled to access the respective protected software application, and further comprising information for a plurality of variables, each variable of said plurality belonging to one of the following categories;
remote system information variables, remote system site variables, remote system variables, and remote system contract variables, each of said rules being a function of one or more of said variables;
said remote system user sending a request for access to a particular protected software application, said request being sent to a server that can provide access to said particular protected software application via said network;
said remote system user sending a user identification and a password to said server via said network;
said server in turn sending said user identification and said password to said central facility;
said central facility determining whether said password is authentic;
said central facility determining whether said remote system user is authorized to access said particular protected software application; and
allowing said remote system user to access said particular protected software application if a number of conditions are met, said conditions including at least the following;
said password is authentic and said remote system user is authorized to access said particular protected software application, wherein said step of determining whether said remote system user is authorized comprises the following steps;
retrieving a particular rule corresponding to said particular protected software application from said community management database;
retrieving information for one or more variables from said community management database, said information being related to said user identification; and
determining whether said retrieved variable information satisfies said retrieved rule, access being not authorized if said retrieved variable information does not satisfy said retrieved rule.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a system for delivery of protected software applications to remote systems from a central service facility wherein delivery is managed on the basis of the community membership of the remote system user. Business rules are utilized to determine whether a particular authenticated user seeking access to a protected software application from a particular remote site should be authorized. A multiplicity of web servers are programmed to allow selective access to one or more resident software applications by remote system users via a network. Access is managed by a central policy server based on user and system information and community definitions stored in a database. The policy server communicates with each web server via an agency module incorporated in the web server. The agency module intercepts requests for access from remote system users and then interfaces with the policy server. If the remote system user has input an authentic identification code, the policy server then applies the business rules to determine whether the requesting remote system user is authorized to access the protected software being requested.
383 Citations
27 Claims
-
1. A method for allowing access to a protected software application by a remote system user via a network, comprising the steps of:
-
storing a community management database at a central facility, said community management database comprising, for each one of a plurality of protected software applications, a respective rule for defining a community of members entitled to access the respective protected software application, and further comprising information for a plurality of variables, each variable of said plurality belonging to one of the following categories;
remote system information variables, remote system site variables, remote system variables, and remote system contract variables, each of said rules being a function of one or more of said variables;
said remote system user sending a request for access to a particular protected software application, said request being sent to a server that can provide access to said particular protected software application via said network;
said remote system user sending a user identification and a password to said server via said network;
said server in turn sending said user identification and said password to said central facility;
said central facility determining whether said password is authentic;
said central facility determining whether said remote system user is authorized to access said particular protected software application; and
allowing said remote system user to access said particular protected software application if a number of conditions are met, said conditions including at least the following;
said password is authentic and said remote system user is authorized to access said particular protected software application,wherein said step of determining whether said remote system user is authorized comprises the following steps;
retrieving a particular rule corresponding to said particular protected software application from said community management database;
retrieving information for one or more variables from said community management database, said information being related to said user identification; and
determining whether said retrieved variable information satisfies said retrieved rule, access being not authorized if said retrieved variable information does not satisfy said retrieved rule. - View Dependent Claims (2, 3, 4)
-
-
5. A system comprising:
-
a network;
a web server connected to said network and comprising an agency module programmed to enable access to a particular protected software application in response to an authorization;
a remote system having a web browser for sending to said web server via said network a request for access to said particular protected software application, a user identification, and a password;
a community management database comprising, for each one of a plurality of protected software applications, a respective rule for defining a community of members entitled to access the respective protected software application, and further comprising information for a plurality of variables, each variable of said plurality belonging to one of the following categories;
remote system information variables, remote system site variables, remote system variables, and remote system contract variables, each of said rules being a function of one or more of said variables; and
a policy server which communicates with said community management database and with said agency module, said policy server being programmed to perform the following steps;
determining whether said password is authentic;
determining whether said remote system user is authorized to access said particular protected software application; and
sending said authorization to said agency module if a number of conditions are met, said conditions including at least the following;
said password is authentic and said remote system user is authorized to access said particular protected software application,wherein said step of determining whether said remote system user is authorized comprises the following steps;
retrieving a particular rule corresponding to said particular protected software application from said community management database;
retrieving information for one or more variables from said community management database, said information being related to said user identification; and
determining whether said retrieved variable information satisfies said retrieved rule, access being not authorized if said retrieved variable information does not satisfy said retrieved rule. - View Dependent Claims (6, 7)
receiving said request for access, said user identification, and said password from said agency module;
retrieving from said community management database a password with said received user identification; and
determining whether said retrieved password matches said received password.
-
-
7. The system as recited in claim 5, further comprising a firewall between said web server and said policy server.
-
8. A method for providing software applications to a multiplicity of remote systems via networks, comprising the steps of:
-
constructing an electronically accessible community management database comprising information sufficient for a processor to determine whether a particular system user identified by a user code in said database belongs to a community having access rights to a particular software application identified by an application code in said database;
detecting the application code of a first software application being requested by a particular remote system user;
receiving the user code of said particular remote system user via a network;
checking said community management database to determine whether said particular remote system user is a member of a community having access rights to said first software application;
denying said particular remote system user access to said first software application if said particular remote system user is not a member of a community having access rights to said first software application;
checking said community management database to determine whether said user code is authentic;
granting said particular remote system user access to said first software application if said user code is authentic and if said particular remote system user is a member of a community having access rights to said first software application;
storing in said remote system a first network address whereat said first software application can be accessed;
requesting access to said first software application by interacting with a web browser at said remote system; and
addressing said request for access to said first network address. - View Dependent Claims (9, 10, 11, 12)
sending a log-in request to said web browser in response to receipt of said request for access at said first network address;
logging in by inputting said user code via said web browser;
storing said user code in a log-in cache in said web browser; and
sending said user code to said first network address in response to said log-in.
-
-
10. The method as recited in claim 9, further comprising the steps of:
-
storing in said remote system a second network address whereat a second software application can be accessed;
checking said community management database to determine whether said user code is authentic;
if said user code is authentic, delivering an authenticity tag to said remote system for storage in said log-in cache in said web browser;
requesting access to said second software application by interacting with said web browser; and
automatically sending said user code and said authenticity tag to said second network address along with said request for access to said second software application.
-
-
11. The method as recited in claim 8, further comprising the step of sending a list of software applications to said web browser if said particular remote system user is not a member of a community having access rights to said first software application, said list identifying all software applications to which said particular remote system user has access rights.
-
12. The method as recited in claim 8, further comprising the steps of:
-
personalizing said first software application if said particular remote system user is granted access; and
delivering said personalized first software application to said web browser.
-
-
13. A system comprising:
-
a community management database comprising a set of application codes for identifying protected software applications, a respective rule for each one of said protected software applications for defining a community of members entitled to access the respective protected software application, and information for a plurality of variables, each variable of said plurality belonging to one of the following categories;
remote system information variables, remote system site variables, remote system variables, and remote system contract variables, each of said rules being a function of one or more of said variables; and
a policy server programmed to perform the following steps;
receiving a user code of a requesting remote system user;
detecting an application code of a first protected software application being requested by said requesting remote system user;
accessing said community management database to determine whether said requesting remote system user belongs to a community having access rights to said first protected software application; and
issuing a signal representing authorization if a number of conditions are met, said conditions including at least the following;
said user code is authentic and said remote system user is authorized to access said first protected software application,wherein said step of determining whether said remote system user is authorized comprises the following steps;
retrieving a particular rule corresponding to said first protected software application from said community management database;
retrieving information for one or more variables from said community management database, said information being related to said user code; and
determining whether said retrieved variable information satisfies said retrieved rule, access being not authorized if said retrieved variable information does not satisfy said retrieved rule. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
a network;
a first web server accessible via said network and programmed to provide selective access to said first protected software application; and
a remote system comprising means for accessing said first web server via said network, means for requesting access to said first protected software application, and means for logging in said user code of said requesting remote system user, wherein said policy server is programmed to issue a signal representing an instruction to said first web server to grant access to said first protected software application if said user code is authentic and said remote system user has access rights to said requested first protected software application, and said first web server is programmed to deliver said requested first protected software application to said remote system in response to said instruction to grant access.
-
-
15. The system as recited in claim 14, wherein said policy server is programmed to issue a signal representing an instruction to said first web server to deny access to said first protected software application if said remote system user does not have access rights to said first protected software application, and said first web server is programmed to deliver a list of allowed applications to said remote system in response to said instruction to deny access.
-
16. The system as recited in claim 14, wherein said first web server is programmed with an agency module for handling communications with said policy server.
-
17. The system as recited in claim 16, wherein said requesting means and said logging-in means of said remote system are incorporated in a web browser, and wherein each of said web browser, said agency module and said policy server comprise a respective log-in cache, and said policy server is programmed to generate an authenticity tag in response to authentication of said user code, said authenticity tag being stored in each of said log-in caches along with said user code.
-
18. The system as recited in claim 17, further comprising a second web server accessible via said network, programmed to allow selective access to a second protected software application, and comprising a log-in cache, wherein said remote system comprises means for automatically sending said user code and said authenticity tag to said second web server along with said request for access to said second protected software application, said second web server being further programmed to send said user code and said authenticity tag to said policy server, and said policy server being further programmed to verify said user code and said authenticity tag received from said second web server.
-
19. The system as recited in claim 14, wherein said means for accessing said first web server via said network comprises a network address hard-coded in said remote system.
-
20. The system as recited in claim 14, further comprising a firewall between said first web server and said policy server.
-
21. A system comprising:
-
a network;
a web server accessible via said network and programmed to provide selective access to a protected software application;
a remote system comprising means for accessing said web server via said network, means for requesting access to said protected software application, and means for logging in a user code of a remote system user requesting access to said protected software application;
a community management database comprising a set of business rules for defining communities of remote system users, a set of user codes for identifying remote system users, and a set of application codes for identifying protected software applications to which various communities of remote system users have access rights; and
a policy server programmed to perform the following steps;
receiving said user code of said requesting remote system user;
detecting an application code of said protected software application being requested by said requesting remote system user;
accessing said community management database to determine whether said requesting remote system user belongs to a community having access rights to said requested protected software application; and
issuing a signal representing the results of said determination, wherein said policy server is programmed to issue a signal representing an instruction to said web server to grant access to said protected software application if said user code is authentic and said remote system user has access rights to said protected software application, and said web server is programmed to perform the steps of;
personalizing said software application if said requesting remote system user is granted access; and
delivering said personalized software application to said remote system.
-
-
22. A system comprising:
-
a network;
first and second web servers accessible via said network and programmed to provide selective access to first and second protected software applications, respectively;
a remote system comprising a web browser for requesting access to said first and second protected software applications and logging in a user code of a remote system user, a community management database comprising, for each of said first and second protected software applications, a respective rule for defining a community of members entitled to access the respective protected software application, and further comprising information for a plurality of variables, each variable of said plurality belonging to one of the following categories;
remote system information variables, remote system site variables, remote system variables, and remote system contract variables, each of said rules being a function of one or more of said variables; and
a computer programmed to manage access to either of said first and second protected software applications by said remote system user in accordance with said respective rule in said community management database by applying said respective rule to variable information associated with said user code in said community management database. - View Dependent Claims (23, 24, 25, 26, 27)
-
Specification