System and method for network operation
First Claim
1. A system for supporting a distributed network of private resources, comprising:
- a plurality of servers;
means permitting data communication between a user and each of the servers;
a plurality of user accounts hosted on each server;
a plurality of private resources stored on each server within each user account;
a plurality of realm names used to classify the private resources, the realm names spanning any number of user accounts;
means for a first user account to grant a second user account hosted on any of the servers a permission to access all private resources classified by a realm name, if the realm name was created by the first user account, or if the first user account had the right to grant such permission delegated to it.
4 Assignments
0 Petitions
Accused Products
Abstract
A network of secure servers, requiring no central entity to administer user identities or access permissions. Each autonomous server hosts a set of user accounts. Users may link to and access the accounts of all other users in the network. Resources in accounts are private, but users may grant each other partial permissions to them. Links and permissions are independent of the location of accounts, and are cryptographically authenticated. Users may migrate their account between servers without loosing accumulated permissions, or breaking links that others have to their account. The ability to grant permissions may be delegated to reflect complex organizational structures. A permission may be configured to unlock data in a multitude of accounts. The system will support applications that require secure information sharing across multiple organizational boundaries, and provides a distributed security model which is feasible to deploy as it is wholly administered by its users.
-
Citations
30 Claims
-
1. A system for supporting a distributed network of private resources, comprising:
-
a plurality of servers;
means permitting data communication between a user and each of the servers;
a plurality of user accounts hosted on each server;
a plurality of private resources stored on each server within each user account;
a plurality of realm names used to classify the private resources, the realm names spanning any number of user accounts;
means for a first user account to grant a second user account hosted on any of the servers a permission to access all private resources classified by a realm name, if the realm name was created by the first user account, or if the first user account had the right to grant such permission delegated to it. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for supporting a distributed network of private resources, comprising:
-
a plurality of server software applications running on a plurality of first computers functioning as servers;
a plurality of client software applications running on a plurality of second computers functioning as clients which may be the same as or different from the first computers, which client software applications can be used by users to establish sessions to send and receive data from server software applications;
means permitting data communication between client software applications and each of the server software applications;
a plurality of user accounts hosted on each server;
a plurality of private resources stored on each server within each user account;
a plurality of realm names used to classify the private resources, the realm names spanning any number of user accounts; and
means for a first user account to grant a second user account hosted on any of the servers a permission to access all private resources classified by a realm name, if the realm name was created by the first user account, or if the first user account had the right to grant such permission delegated to it.
-
-
15. A system for supporting a network, comprising:
-
a plurality of servers;
means permitting data communication between a user and each of the servers;
a plurality of user accounts hosted on each server;
means for automatically generating for each user an account identifier that is globally unique in the network, which means constructs the globally unique account identifier without reference to existing global account identifiers already in use on the network;
means for associating each account identifier with a location on one of the servers; and
means for permitting transfer of a user account from one server to another while maintaining the same globally unique account identifier. - View Dependent Claims (16)
-
-
17. A system for maintaining contact information, comprising:
-
a server;
a network permitting data communication between the server and a number of electronic devices that maintain or use contact information; and
a plurality of user accounts hosted on the server, each account containing a contact information listing current contact information for the associated user, and a contact list of identifiers for other users also having accounts on the server, which that user has selected. - View Dependent Claims (18, 19, 20, 21)
-
-
22. A method for supporting a distributed network of private resources, which comprises a server, means for transmitting data between the server and user controlled electronic devices, a plurality of user accounts hosted on each server, and a plurality of private resources stored on each server within each user account, comprising the steps of:
-
designating a plurality of realm names used to classify the private resources, the realm names spanning one or more user accounts; and
permitting a user account to grant another user account hosted on the server a permission to access all private resources classified by a realm name, if the realm name was created by the first user account. - View Dependent Claims (23, 24)
-
-
25. A method for maintaining user accounts in a network, which network includes a plurality of servers, means permitting data communication between a user and each of the servers, and a plurality of user accounts hosted on each server, which method comprises:
-
automatically generating to each user an account identifier that is globally unique in the network by constructing the globally unique account identifier without reference to existing global identifiers already in use on the network;
associating each account identifier with a location on one of the servers; and
permitting transfer of a user account from one server to another while maintaining the same globally unique account identifier. - View Dependent Claims (26)
-
-
27. A method for maintaining contact information for a number of users having accounts on a network, the network comprising a number of client electronic devices that use contact information, a server on which the user accounts are hosted, and means permitting data communication between the server and the electronic devices, comprising the steps of:
-
maintaining for each user account a listing of current contact information for the associated user; and
maintaining a contact list of identifiers for persons also having accounts on the server which that user has selected, which contact list can be accessed by the electronic device used by that user. - View Dependent Claims (28, 29, 30)
-
Specification