Impersonation in an access system
First Claim
1. A method of allowing a first user to impersonate a second user, the method comprising:
- receiving at an access system authentication credentials for the first user and an identification of the second user;
authenticating by the access system said first user based on said authentication credentials for said first user;
creating by the access system a cookie that stores an indication of said second user in response to authenticating successfully; and
authorizing by the access system said first user to access a first resource as said second user based on said cookie.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention pertains to a system for managing network access to resources that allows a first entity to impersonate a second entity. In one embodiment, the first entity can impersonate the second entity without knowing the second entity'"'"'s password and/or without altering anything in the entity'"'"'s set of personal information. This invention provides the first entity with the ability to troubleshoot in a live production system without disrupting the users or the system. In one embodiment, the first entity authenticates as itself. Access to resources is provided in response to an authorization process based on the identity of the entity being impersonated.
361 Citations
48 Claims
-
1. A method of allowing a first user to impersonate a second user, the method comprising:
-
receiving at an access system authentication credentials for the first user and an identification of the second user; authenticating by the access system said first user based on said authentication credentials for said first user; creating by the access system a cookie that stores an indication of said second user in response to authenticating successfully; and authorizing by the access system said first user to access a first resource as said second user based on said cookie. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for impersonating, comprising:
-
receiving at an access system authentication credentials for an impersonator and an identification of an impersonatee at an access system, wherein said access system protects a first resource that is separate from said access system; authenticating by the access system said impersonator based on said authentication credentials for said impersonator; and authorizing by the access system said impersonator to access said first resource as said impersonatee. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
-
24. A method of allowing a first entity to impersonate a second entity, the method comprising:
-
receiving at an access system authentication credentials for the first entity and an identification of the second entity at an access system, wherein said access system protects a plurality of resources; receiving at the access system an indication of one or more of said plurality of resources; authenticating by the access system said first entity based on said authentication credentials for said first entity; and authorizing by the access system said first entity to access said one or more of said plurality of resources as said second entity. - View Dependent Claims (25, 26, 27)
-
-
28. One or more processor readable storage devices having processor readable code stored thereon, said processor readable code, when executed by one or more processors, cause the processors to perform a method comprising:
-
receiving authentication credentials for a first user and an identification of a second user; authenticating said first user based on said authentication credentials for said first user; creating a cookie that stores an indication of said second user in response to authenticating successfully; and authorizing said first user to access a first resource as said second user based on said cookie. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. An apparatus for providing access management that allows for impersonating, comprising:
-
a communication interface; a storage device; and a processing unit in communication with said communication interface and said storage device, said processing unit performs a method comprising; receiving authentication credentials for a first user and an identification of a second user, authenticating said first user based on said authentication credentials for said first user, creating a cookie that stores an indication of said second user in response to authenticating successfully, and authorizing said first user to access a first resource as said second user based on said cookie. - View Dependent Claims (36, 37, 38)
-
-
39. One or more processor readable storage devices having processor readable code stored thereon said processor readable code, when executed by one or more processors, cause the processors to perform a method comprising:
-
receiving authentication credentials for an impersonator and an identification of an impersonatee at an access system, said access system protects a first resource that is separate from said access system; authenticating said impersonator based on said authentication credentials for said impersonator, wherein authenticating is performed by said access system; and authorizing said impersonator to access said first resource as said impersonatee, wherein authorizing is performed by said access system. - View Dependent Claims (40, 41, 42, 43, 44)
-
-
45. An apparatus for providing access management that allows for impersonating, comprising:
-
a communication interface; a storage device; and a processing unit in communication with said communication interface and said storage device, said processing unit performs a method comprising; receiving authentication credentials for an impersonator and an identification of an impersonatee at an access system, said access system protects a first resource that is separate from said access system, authenticating said impersonator based on said authentication credentials for said impersonator, wherein authenticating is performed by said access system, and authorizing said impersonator to access said first resource as said impersonatee, wherein authorizing is performed by said access system. - View Dependent Claims (46, 47, 48)
-
Specification