Browse Prior Art Database

Access Authentication for Single Authorized User Functions

IP.com Disclosure Number: IPCOM000132103D
Original Publication Date: 2005-Dec-01
Included in the Prior Art Database: 2005-Dec-01
Document File: 2 page(s) / 22K

Publishing Venue

IBM

Abstract

The idea expressed here shows a methodology for allowing additional levels of security in a web based application in addition to the security provided by the web application server. Also, explained is a method to allow a web application user to move from browser to browser maintaining additional levels of security without security breeches on previously used browsers.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

Access Authentication for Single Authorized User Functions

Developers of a web application would like to provide security for their users. But when the security schema of an application dictates that only one user be authenticated at a time, flexibility is needed to allow that user to move from browser session to browser session and still be recognized as the same user and be afforded the same security level without jeopardizing security at the abandoned browser sessions. Also in many of today's applications, a user is forced to sign off his current session before signing onto another with the same level of security. This is evidenced when an enterprise application is maintained by multiple administrators who all have the same security role or level of security. Each of these administrators may have write access to data critical to the application but some control must be in place to maintain the integrity of the data thus keeping the multiple administrators from overwriting the work accomplished by others. Therefore, of the multiple administrators on the enterprise web application, only one should have the authority to modify configuration or other critical data at a time.

      Also missing from many applications is the flexibility for an administrator who currently has an additional security classification to be able to move this additional level of security from one browser session to another. Then when one administrator needs but cannot gain the additional security level because another administrator has it, a mechanism for identifying which administrator currently has the additional security so that the two can negotiate a switch.

Currently, the only way to achieve this is to require an authenticated user to always sign off a browser session before using another or wait until his current browser session expires due to timeout and then sign on again.

So what we are proposing in this article is that once a user is authenticated and recognized as a user of a certain level of security, an application should/could save identifying information about this user and his session to another location such as a database. Later when the same user attempts to sign on elsewhere but is already signed on, once he gets authenticated at the new location, compare his current information to his previously stored information using the user ID as a key for the search. If the user ID matches but...