Method for controlled and audited access to privileged accounts on computer systems

US 7,376,838 B2
Filed: 10/07/2003
Issued: 05/20/2008
Est. Priority Date: 07/17/2003
Status: Active Grant

First Claim

Patent Images

1. A method for allowing a user to temporarily gain access to a privileged account on a computer system to perform a maintenance task, the method being a replacement for a conventional switch user command, comprising:

receiving a switch user command login with a user id and an account name as an argument;

retrieving a list of privileged account names;

determining whether the account name is in a list of privileged account names and diverting the user to the conventional switch user command prompt if the account name is not in the privileged account list;

otherwise,determining whether the user id is in a list of user ids having permission to access privileged accounts and allowing access to the account if the user id is in the list of user ids having permission to access privileged accounts;

prompting for a reason for accessing the account;

recording a reason for accessing the account;

notifying a manager of the privileged account of the login;

recording keystrokes in a log file while logged into the account;

terminating the login;

and notifying the manager of the privileged account of the login termination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method that provides access to Privileged Accounts to users with Privileged Account access permission. A message is sent to a Privileged Accounts manager when a user logs into a Privileged Account. The user must enter a reason for access. All keystrokes are logged. At the conclusion of the user session, the log file is closed and another message is sent to the Privileged Accounts manager. The log file may be sent to the manager at this time or saved for a batch transfer periodically.

599 Citations

8 Claims

1. A method for allowing a user to temporarily gain access to a privileged account on a computer system to perform a maintenance task, the method being a replacement for a conventional switch user command, comprising:
- receiving a switch user command login with a user id and an account name as an argument;
  
  retrieving a list of privileged account names;
  
  determining whether the account name is in a list of privileged account names and diverting the user to the conventional switch user command prompt if the account name is not in the privileged account list;
  
  otherwise,determining whether the user id is in a list of user ids having permission to access privileged accounts and allowing access to the account if the user id is in the list of user ids having permission to access privileged accounts;
  
  prompting for a reason for accessing the account;
  
  recording a reason for accessing the account;
  
  notifying a manager of the privileged account of the login;
  
  recording keystrokes in a log file while logged into the account;
  
  terminating the login;
  
  and notifying the manager of the privileged account of the login termination.

2. A method for allowing a user to temporarily gain access to a privileged account on a computer system to perform a maintenance task, the method being a replacement for a conventional switch user command, comprising:
- receiving a switch user command login with a user id and an account name as an argument;
  
  retrieving a list of privileged account names;
  
  determining whether the account name is in a list of privileged account names and diverting the user to the conventional switch user command prompt if the account name is not in the privileged account list;
  
  otherwise,determining whether the user id belongs to a privileged group located in a group list on the computer system having permission to access privileged accounts;
  
  denying access to privileged accounts and notifying the manager if the user id does not belong to the privileged group, otherwise,allowing;
  
  prompting for a reason for accessing the account;
  
  recording a reason for accessing the account;
  
  notifying a manager by email of the access of the privileged account of the switch user login along with the name of a first log file;
  
  recording keystrokes in the first log file while logged into the account;
  
  recording keystrokes in a duplicate log file while logged into the account;
  
  determining whether the first log file was tampered with and if so recording that the first log file was tampered with in the duplicate log file and transmitting the duplicate log file to the manager;
  
  terminating the switch user login;
  
  and notifying the manager by email of the privileged account of the switch user login termination.
- View Dependent Claims (3, 4, 5, 6, 7, 8)
- - 3. A method in accordance with claim 2 further comprising:
    - denying write permission to the log file after the step of terminating the login.
  - 4. A method in accordance with claim 2 further comprising:
    - transmitting the log file to the account manager.
  - 5. A method in accordance with claim 2 further comprising:
    - receiving a password in order to access the privileged account;
      
      determining whether the password associated with the user id matches the entered password; and
      
      permitting access only if the password associated with the user id matches the entered password.
  - 6. A method in accordance with claim 2 further comprising:
    - notifying the manager of the privileged account if the login is not successful.
  - 7. A method in accordance with claim 2 further comprising:
    - compressing the log file after terminating the login.
  - 8. A method in accordance with claim 2 further comprising:
    - deleting the duplicate log file responsive to a determination that the log file has not been tampered with.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Inventors
Narayanan, Lakshmi
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Jackson; Jenise E.

Application Number

US10/680,400
Publication Number

US 20050015628A1
Time in Patent Office

1,687 Days
Field of Search

713/193, 713/194, 726/2, 705/35
US Class Current

713/183
CPC Class Codes

G06F 21/31   User authentication

G06Q 20/0855   involving a third party

G06Q 20/102   Bill distribution or payments

G06Q 20/108   Remote banking, e.g. home b...

G06Q 20/3676   Balancing accounts

Method for controlled and audited access to privileged accounts on computer systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

599 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Method for controlled and audited access to privileged accounts on computer systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

599 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links