Browse Prior Art Database

Efficiently managing user security information in a high-volume enterprise information system

IP.com Disclosure Number: IPCOM000242106D
Publication Date: 2015-Jun-18
Document File: 2 page(s) / 79K

Publishing Venue

The IP.com Prior Art Database

Abstract

A system and method for managing large quantities of user security information in a fixed amount of online memory in a high-volume enterprise information system such that security checking is not delayed and the cost savings of caching the user information is preserved is disclosed.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Efficiently managing user security information in a high-volume enterprise information system

Disclosed is a system and method for managing large quantities of user security information in a fixed amount of online memory in a high-volume enterprise information system such that security checking is not delayed and the cost savings of caching the user information is preserved.

Securing the Information Technology (IT) assets of enterprises has never been more important than it is today. At the same time, the number of users of and online transactions that require access to those IT assets has never been greater. The great number of users, which can include employees, business partners, customers, and software applications, can reach into the millions. This poses significant challenges for enterprises that must authenticate and authorize each individual user accurately and efficiently. In high-volume, online enterprise information systems (EIS), the security information that is used to authenticate and authorize each user is typically stored on a data storage device where the EIS can retrieve it when a user attempts to access IT assets. However, the I/O required to retrieve security information from a data storage device takes time and CPU cycles, both of which are costly when multiplied by millions of users and millions of access requests. To reduce these I/O costs, EISs frequently cache the security information for their users in online memory, where it can be

retrieved instantly without I/O. In online memory, the security information for a user is commonly stored as an entry in a hash table structure. Unfortunately, the online memory of an EIS is both limited and used for many processes besides security checking. If the online memory of an EIS is all used up, the EIS is likely to crash, the cost of which can be astronomical to an enterprise. Consequently, EIS administrators must limit the amount of online memory that can be used to cache security information,

which in turn limits the number of users that the EIS can cache security information for. When that limit is reached, the security information for users that are not already cached cannot be loaded into online memory without taking some kind of action, such as removing the hash table entries of other users. If the security information for a user cannot be loaded into online memory, the information must be retrieved from the data storage device. Freeing online memory by removing the security information of other users also requires time and CPU cycles. The access requests of the new users can't be delayed and the added cost of freeing online memory then negates the cost savings of caching the security information in the first place. For these reasons, this article describes how to manage large quantities of user security information in a fixed amount of online memory in a high-volume EIS such that security checking is not delayed and the costs savings of caching the user infor...