Information security – Access control or authentication – Network
Reexamination Certificate
2006-12-05
2006-12-05
Louis-Jacques, Jacques H. (Department: 2134)
Information security
Access control or authentication
Network
Reexamination Certificate
active
07146635
ABSTRACT:
An apparatus and method use the built-in authentication and authorization functions of a directory service to perform authentication and authorization for resources that are external to the directory service. A Lightweight Directory Access Protocol (LDAP) service is used in the preferred embodiments. The LDAP directory includes built-in functions for authenticating a user that requests access to an entry. Each resource that needs to be protected is mapped to an entry in the LDAP directory. These entries that correspond to protected resources external to the LDAP directory are called proxy entries. Proxy entries contain the authorization information for the corresponding protected resource in the form of an access control list for each entry that specifies the authorized users of the entry. When a user needs to access a protected resource, the user or an application uses the LDAP directory to determine whether the user is authenticated and authorized to access the proxy entry in the directory that corresponds to the resource. If the user is authenticated and authorized to access the proxy entry, the user may then access the corresponding external protected resource. The present invention thus allows the use of the internal LDAP authentication and authorization functions to determine which users are allowed to access protected resources that are external to the LDAP directory.
REFERENCES:
patent: 5935210 (1999-08-01), Stark
patent: 6463470 (2002-10-01), Mohaban et al.
patent: 6466984 (2002-10-01), Naveh et al.
Heinz Johner, Larry Brown, Franz-Stephan Hinner, Wolfgang Reis, Johan Westman, Understanding LDAP, Jun. 1998, IBM, International Technical Support Organization.
Pending U.S. Appl. No. 08/968,100 “Method for Securing Sensitive Data in a Directory Service”, filed Nov. 12, 1997.
Pending U.S. Appl. No. 09/455,702 “Method and System for Managing Multiple Lightweight Directory Access Protocol Directory Servers”, filed Dec. 7, 1999.
Pending U.S. Appl. No. 09/460,849 “Method and System for Usage of Non-Local Data Within a Lightweight Directory Access Protocol Directory Environment”, filed Dec. 14, 1999.
Eggebraaten Thomas John
Fleming Patrick Jerome
Louis-Jacques Jacques H.
Martin Derek P.
Martin & Associates
LandOfFree
Apparatus and method for using a directory service for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Apparatus and method for using a directory service for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus and method for using a directory service for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3665096