Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
2000-08-25
2004-08-31
Winder, Patrice (Department: 2155)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S225000, C713S152000
Reexamination Certificate
active
06785729
ABSTRACT:
TECHNICAL FIELD
The invention pertains to client authorization in a network and specifically to client authorization in such a way that access to a logon screen or menu is avoided until after the client has been authorized to logon.
BACKGROUND OF THE INVENTION
It is well known in network environments to verify that a user is entitled to service by a server or a remote application by presenting the user with a means to logon to the server or the remote application with a user identification and a password. While such means have been used for years with varying degrees of success, deficiencies still exist. For example, the presentation to a user of a logon screen or menu gives the user an opportunity to attempt to access the system, whether or not the user is actually entitled to service. It is also known to authenticate users with certificates provided by a trusted agency before providing to the user a logon screen. However, this certification authentication merely verifies that the user is who the user purports to be. It does not verify that the user is entitled to access. The provision of access alternatives, such as a logon screen or a menu or the like ,to a user after certificate authentication still gives the user an opportunity to attempt to access the system, even though the user may not be so entitled.
SUMMARY OF THE INVENTION
The invention verifies a network user as entitled to access a network node or server on the network node. It does this before the user is presented with any opportunity to access or logon to the system. When a user first attempts to access a network node, an initial exchange of conventional protocol messages occurs between the user and the node to establish initial communications. This is done without presenting to the user any opportunity to logon or to access an application. The network node requests the transmission of an authenticated user certificate from the user and the network node verifies that the user represented by the user certificate is entitled to access the node. If the user as identified by the certificate is not entitled to access, the initial connection is dropped and the user is denied any further access opportunity. If the user represented by the certificate is verified as being entitled to access, then and only then is the user presented with an access screen, such as a logon screen or an application menu.
REFERENCES:
patent: 5689638 (1997-11-01), Sadovsky
patent: 5999711 (1999-12-01), Misra et al.
patent: 6119230 (2000-09-01), Carter
patent: 6128738 (2000-10-01), Doyle et al.
patent: 6182142 (2001-01-01), Win et al.
patent: 6353886 (2002-03-01), Howard et al.
patent: 6401211 (2002-06-01), Brezak et al.
patent: 6484258 (2002-11-01), Haverty
patent: 6598167 (2003-07-01), Devine et al.
IBM International Technical Support Organization, “Security in OS/390-based TCP/IP Networks”, Nov., 1999.
Jakubik Patricia
Overby, Jr. Linwood Hugh
Herndon Jerry W.
Hoffman, Warnick & D'Alessandro LLC
Tran Philip B.
Winder Patrice
LandOfFree
SYSTEM AND METHOD FOR AUTHORIZING A NETWORK USER AS ENTITLED... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with SYSTEM AND METHOD FOR AUTHORIZING A NETWORK USER AS ENTITLED..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and SYSTEM AND METHOD FOR AUTHORIZING A NETWORK USER AS ENTITLED... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3344113