公开(公告)号：US09529993B2

公开(公告)日：2016-12-27

申请号：US13411112

申请日：2012-03-02

Applicant: Kaushal Kiran Kapadia ,  Gaurav Gupta ,  Rohit Jaiswal ,  Gaurang Sudhakar Tapase ,  Sachin Sanjay Gujar

Inventor： Kaushal Kiran Kapadia ,  Gaurav Gupta ,  Rohit Jaiswal ,  Gaurang Sudhakar Tapase ,  Sachin Sanjay Gujar

IPC: G06F21/30 ,  G06F21/40 ,  G06F21/33 ,  H04L29/06

CPC classification number: G06F21/40 ,  G06F21/33 ,  G06F2221/2143 ,  H04L63/102 ,  H04L2463/082

Abstract: Access to a privileged account is managed by first requiring authentication of a user logging into the account and then performing a policy evaluation to determine whether the identified user is allowed to log in using the privileged identity. Preferably, the authentication is a two factor authentication. The policy evaluation preferably enforces a policy, such as a role-based access control, and a context-based access control, a combination of such access controls, or the like. Thus, according to this approach, the entity is provided access to the privileged account if the user's identity is verified and a policy is met. In the alternative, the entity is denied access to the privileged account if either the authentication fails, or (assuming authentication does not fail) policy criteria for the user is not met.

公开(公告)号：US20130232541A1

公开(公告)日：2013-09-05

申请号：US13411112

申请日：2012-03-02

Applicant: Kaushal Kiran Kapadia ,  Gaurav Gupta ,  Rohit Jaiswal ,  Gaurang Sudhakar Tapase ,  Sachin Sanjay Gujar

Inventor： Kaushal Kiran Kapadia ,  Gaurav Gupta ,  Rohit Jaiswal ,  Gaurang Sudhakar Tapase ,  Sachin Sanjay Gujar

IPC: G06F21/00 ,  H04L9/32

CPC classification number: G06F21/40 ,  G06F21/33 ,  G06F2221/2143 ,  H04L63/102 ,  H04L2463/082

Abstract: Access to a privileged account is managed by first requiring authentication of a user logging into the account and then performing a policy evaluation to determine whether the identified user is allowed to log in using the privileged identity. Preferably, the authentication is a two factor authentication. The policy evaluation preferably enforces a policy, such as a role-based access control, and a context-based access control, a combination of such access controls, or the like. Thus, according to this approach, the entity is provided access to the privileged account if the user's identity is verified and a policy is met. In the alternative, the entity is denied access to the privileged account if either the authentication fails, or (assuming authentication does not fail) policy criteria for the user is not met.

Abstract translation: 通过首先要求对登录到该帐户的用户进行认证，然后执行策略评估以确定所识别的用户是否被允许使用特权身份登录来管理对特权帐户的访问。 优选地，认证是双因素认证。 策略评估优选地实施策略，诸如基于角色的访问控制，以及基于上下文的访问控制，这样的访问控制的组合等。 因此，根据这种方法，如果用户的身份被验证并且满足了策略，则该实体被提供给特权帐户的访问。 或者，如果身份验证失败，或（假定身份验证未失败），则不实现对用户的策略条件的访问，则该实体被拒绝访问该特权帐户。