Content management system and methodology employing non-transferable access tokens to control data access

US 20030200202A1
Filed: 04/23/2002
Published: 10/23/2003
Est. Priority Date: 04/23/2002
Status: Active Grant

First Claim

Patent Images

1. A method of accessing information in a content management system comprising:

receiving, by the system, a request from a client user for an object stored in the system;

generating, by the system, a unique object identifier associated with the requested object; and

generating, by the system, a non-transferable access token coded with information unique to the client user such that when submitted to the system by a user other than the client user, the system denies access to the requested object.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for accessing information in a content management system including a library server for generating non-transferable access tokens and an object server for storing objects to which access may be requested by a client user. Enhanced security is achieved by generating non-transferable access tokens which can be used by a particular client user to access a particular data object in the object server. However, should the token be transferred to a user other then the client user for which the token was generated, the system will not permit access to the object.

176 Citations

26 Claims

1. A method of accessing information in a content management system comprising:
- receiving, by the system, a request from a client user for an object stored in the system;
  
  generating, by the system, a unique object identifier associated with the requested object; and
  
  generating, by the system, a non-transferable access token coded with information unique to the client user such that when submitted to the system by a user other than the client user, the system denies access to the requested object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising transmitting, by the system, the non-transferable access token to the client user.
  - 3. The method of claim 1 further comprising setting a non-transferable flag in the access token to indicate that the access token is non-transferable to a user other than the client user.
  - 4. The method of claim 1 further comprising querying the client user for username and password.
  - 5. The method of claim 4 further comprising encrypting the username and password to provide an encrypted username and encrypted password.
  - 6. The method of claim 5 further comprising embedding the encrypted username and encrypted password in the non-transferable access token.
  - 7. The method of claim 6 further comprising transmitting to the system, by the client user, an object request including the unique object identifier and the non-transferable access token.
  - 8. The method of claim 7 further comprising prompting, by the system, the client user for username and password to provide a prompted username and prompted password.
  - 9. The method of claim 8 further comprising decrypting, by the system, the non-transferable access token to provide a decrypted username and decrypted password.
  - 10. The method of claim 9 further comprising testing, by the system, to determine if the prompted username and prompted password from the client user match the decrypted username and decrypted password from the non-transferable access token.
  - 11. The method of claim 10 further comprising denying access to the object if a match is not found in the testing step or granting access to the object if a match is found in the testing step.

12. A method of accessing information in a content management system including a library server for generating access tokens and an object server for storing objects, the method comprising:
- receiving, by the library server, a request from a client user for an object stored in the object server;
  
  generating, by the library server, a unique object identifier associated with the requested object; and
  
  generating, by the library server, a non-transferable access token coded with information unique to the client user such that when submitted to the system by a user other than the client user, the system denies access to the requested object.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12 further comprising transmitting, by the library server, the non-transferable access token to the client user.
  - 14. The method of claim 12 further comprising setting, by the library server, a non-transferable flag in the access token to indicate that the access token is non-transferable to a user other than the client user.
  - 15. The method of claim 12 further comprising querying, by the library server, the client user for username and password.
  - 16. The method of claim 15 further comprising encrypting, by the library server, the username and password to provide an encrypted username and encrypted password.
  - 17. The method of claim 16 further comprising embedding, by the library server, the encrypted username and encrypted password in the non-transferable access token.
  - 18. The method of claim 17 further comprising transmitting to the object server, by the client user, an object request including the unique object identifier and non-transferable access token.
  - 19. The method of claim 18 further comprising prompting, by the object server, the client user for username and password to provide a prompted username and prompted password.
  - 20. The method of claim 19 further comprising decrypting, by the object server, the non-transferable access token to provide a decrypted username and decrypted password.
  - 21. The method of claim 20 further comprising testing, by the object server, to determine if the prompted username and prompted password from the client user match the decrypted username and decrypted password from the non-transferable access token.
  - 22. The method of claim 21 further comprising denying access to the requested object if a match is not found in the testing step or granting access to the requested object if a match is found in the testing step.

23. A content management system comprising:
- an object server for storing objects to be accessed by client users;
  
  a library server for generating access tokens having a flag which is settable to indicate that a token is non-transferable or which remains unset to indicate that a token is transferable; and
  
  an application program interface, coupled to the object server and the library server, to provide a communication port between the system and a client user requesting access to an object.

24. A computer program product for organizing information in a content management system, the computer program product including a plurality of computer executable instructions stored on a computer readable medium, wherein the instructions, when executed by the content management system, cause the system to perform the steps of:
- receiving, by the system, a request from a client user for an object stored in the system;
  
  generating, by the system, a unique object identifier associated with the requested object; and
  
  generating, by the system, a non-transferable access token coded with information unique to the client user such that when submitted to the system by a user other than the client user, the system denies access to the requested object.
- View Dependent Claims (25, 26)
- - 25. The computer program product of claim 24 wherein the computer readable medium is an optical disk.
  - 26. The computer program product of claim 24 wherein the computer readable medium is a magnetic disk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Mega, Cataldo, Hsiao, Hui-I, Laue, Matthew

Granted Patent

US 7,035,854 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/3
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

Y10S 707/99931   Database or file accessing

Y10S 707/99939   Privileged access

Y10S 707/99943   Generating database or data...

Y10S 707/99944   Object-oriented database st...

Content management system and methodology employing non-transferable access tokens to control data access

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

176 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Content management system and methodology employing non-transferable access tokens to control data access

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

176 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others