Browse Prior Art Database

Application and Workstation Access Control by User ID on a Token Ring Local Area Network

IP.com Disclosure Number: IPCOM000118807D
Original Publication Date: 1997-Jul-01
Included in the Prior Art Database: 2005-Apr-01
Document File: 2 page(s) / 95K

Publishing Venue

IBM

Related People

Hobern, D: AUTHOR [+4]

Abstract

A method to control access to workstations on a Token Ring Local Area Network (LAN) is needed. The access should be able to be controlled on a user Identification (ID) by user ID basis, as well as a workstation by workstation basis. An audit log should be kept of all successful and unsuccessful logon attempts. A count of the number of concurrent logons for a user ID should be kept, and a maximum number of allowable concurrent logons should be enforced. Likewise, for a workstation, the number of concurrent logons should be kept, and a maximum number of allowable logged-on users to a workstation should be enforced. Both of these limits should be on a user-by-user and workstation-by-workstation basis. Default values should also be supported.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 53% of the total text.

Application and Workstation Access Control by User ID on a Token
Ring Local Area Network

      A method to control access to workstations on a Token Ring
Local Area Network (LAN) is needed.  The access should be able to be
controlled on a user Identification (ID) by user ID basis, as well as
a workstation by workstation basis.  An audit log should be kept of
all successful and unsuccessful logon attempts.  A count of the
number of concurrent logons for a user ID should be kept, and a
maximum number of allowable concurrent logons should be enforced.
Likewise, for  a workstation, the number of concurrent logons should
be kept, and a maximum number of allowable logged-on users to a
workstation should be  enforced.  Both of these limits should be on a
user-by-user and workstation-by-workstation basis.  Default values
should also be supported.

      To keep each workstation secure, the normal windows which
appear when an OS/2* Presentation Manager* machine is booted must be
prevented from coming up or they must be hidden.  When the system is
started, the only window that becomes visible is the logon window.
This keeps users from being able to start programs through the normal
methods.  Most windows are just stopped from being started, but some
programs need special treatment.  The DOS box must be started at boot
time if it is to be used at all.  Communications Manager must be
started in order to communicate with other workstations and the
database machine.  Both of these programs have icons which could be
selected, therefore, must be hidden to prevent users from being able
to enter the system to do undesirable actions.  Their window
information must be saved so that the windows can be unhidden if an
authorized user wants to get access to them.  Another program is
provided that unhides the DOS box and Communications Manager icons,
and starts the standard Presentation Manager Shell (which displays
the Desktop Manager and all of the applicable groups).

      Once the logon is displayed, the user must then enter the user
ID and password.  The following events then occur to validate the
user ID and password:
  1.  Validate the encrypted password from the database; if the
       password or user ID is not correct, log an error in the
       audit trail, display a message to the user describing a bad
       password or user ID error, and return to the logon screen.
  2.  Validate that this user is allowed to use workstation; if
       this is not true, log an error in the audit trail, display
       a message to the user describing that they are not allowed
       to use this workstation, and return to the logon screen.
  3.  Check if this user is already logged onto this workstat...