Mario W Lim

US Patent:

7155737, Dec 26, 2006

Filed:

May 11, 1999

Appl. No.:

09/309360

Inventors:

Mario Lim - South San Francisco CA, US
Teresa Win - Sunnyvale CA, US
Emilio Belmonte - Seville, ES

Assignee:

Entrust, Inc. - Plano TX

International Classification:

G06F 12/02
G06F 13/28
H04L 9/00
G06F 15/173

US Classification:

726 2, 713155, 713162, 713165, 713166, 713167, 713176, 713179, 713180, 726 1, 726 3, 709223, 709224, 709225, 709226, 709229

Abstract:

A method and apparatus is provided for securely executing access control functions that may be customized by or on behalf of administrators of information access systems. Examples of such functions include changing a password of a user, determining whether or not data specifying a user and a password identifies an authentic user, and displaying a message indicating whether a login attempt was successful. An access control function is mapped to a digital signature. The digital signature is used to verify that an executable element retrieved for executing the access control function is the proper executable element. The access control functions may be invoked upon the occurrence of access control events, such as a user successfully logging onto an information access system or the modification of a user's password. A mapping contains data used to determine what events are tied to what access control functions, and whether the access control function should be executed. Upon the occurrence of an extension event that is tied to an extension, an executable element for the extension is retrieved.

US Patent:

6728884, Apr 27, 2004

Filed:

Oct 1, 1999

Appl. No.:

09/410509

Inventors:

Mario Lim - South San Francisco CA

Assignee:

Entrust, Inc. - Plano TX

International Classification:

H04L 932

US Classification:

713201, 709219, 709225, 709229, 713155

Abstract:

A method and apparatus are provided for selectively authenticating and authorizing a client seeking access to one or more protected computer systems over a network. A request of a client to access one of the computer systems is received. A proxy security server is requested to authenticate the client using information identifying the client. An authorization of the client from the proxy security server is received, based on authentication results received from a remote security server that is coupled to the proxy security server. In response, access rights of the client are established, based on one or more access information records received from remote security server through the proxy security server. As a result, one or more legacy security servers may be easily integrated into an application access system without complicated modifications to the application access system.