High performance secure caching in the mid-tier

US 20070208946A1
Filed: 02/21/2006
Published: 09/06/2007
Est. Priority Date: 07/06/2004
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method comprising, storing cache versions of security descriptors in a mid-tier cache of a middle tier of a multiple-tier data server system, said security descriptors being from a first tier of the multiple-tier data server system;

storing, in said mid-tier cache, cache versions of resources subject to said security descriptors;

wherein said cache versions of security descriptors include a certain cache version of a certain security descriptor of said security descriptors; and

said mid-tier determining whether a particular entity may be granted access to a certain resource of said resources based on said certain cache version of said certain security descriptor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a multi-tier data server system, data from the first tier is cached in a mid-tier cache of the middle tier. Access control information from the first tier for the data is also cached within the mid-tier cache. Caching the security information in the middle tier allows the middle tier to make access control decisions regarding requests for data made by clients in the outer tier.

Citations

23 Claims

1. A computer-implemented method comprising, storing cache versions of security descriptors in a mid-tier cache of a middle tier of a multiple-tier data server system, said security descriptors being from a first tier of the multiple-tier data server system;
- storing, in said mid-tier cache, cache versions of resources subject to said security descriptors;
  
  wherein said cache versions of security descriptors include a certain cache version of a certain security descriptor of said security descriptors; and
  
  said mid-tier determining whether a particular entity may be granted access to a certain resource of said resources based on said certain cache version of said certain security descriptor.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, the steps further including storing in said mid-tier cache versions of user authentication information from said first tier.
  - 3. The method of claim 2, using said user authentication information to authenticate a user associated with a request for said certain resource received by the middle tier from a client in an outer tier of said multiple-tier data server system.
  - 4. The method of claim 1, the steps further including storing in said mid-tier cache cache versions of descriptor-resource mappings from said first tier, said descriptor-resource mappings describing which security descriptors apply to at least a portion of said resources.
  - 5. The method of claim 4, the steps further including said middle tier determining which one or more security descriptors apply to said certain resource based on said cache versions of the descriptor-resource mappings.
  - 6. The method of claim 1, wherein:
    - the cache versions of resources include a particular cache version of a particular resource in said first tier; and
      
      the steps further include;
      
      receiving a message from the first tier indicating that the particular cache version of the particular resource is no longer coherent with the particular resource, and in response to receiving said message, handling said particular cache version as an invalid cache version.
  - 7. The method of claim 1, wherein the steps further include:
    - storing in said mid-tier cache cache versions of descriptor-resource mappings from said first tier, said descriptor-resource mappings describing which security descriptors apply to at least a portion of said resources;
      
      receiving a message from the first tier indicating that at least a portion of said cache versions of descriptor-resource mappings is no longer coherent with descriptor-resource mappings in said first tier; and
      
      in response to receiving said message, handling said at least a portion of said cache versions as an invalid cache version.

8. A computer-implemented method, comprising:
- a first tier storing resources accessible to clients in an outer tier of a multi-tier data server system that includes said first tier;
  
  said first tier providing copies of said resources to a middle tier of said multi-tier data server system for storage in a middle tier cache of said middle tier;
  
  said first tier storing security descriptors that apply to said resources; and
  
  said first tier providing versions of security descriptors that apply to said resources to said middle tier for storage in the middle tier cache.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, the steps further including said first tier sending said middle tier a message indicating that at least a portion of said versions of security descriptors is no longer coherent with said security descriptors.
  - 10. The method of claim 8, wherein the steps further include:
    - said first tier storing user authentication information from said first tier; and
      
      said first tier providing said user authentication information to said middle tier for storage in said middle tier cache.
  - 11. The method of claim 10, the steps further including said first tier sending said middle tier a message indicating that at least a portion of user authentication information stored in said middle tier is no longer coherent with user authentication information stored in said first tier.

12. A machine-readable medium carrying one or more sequences of instructions, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
- storing cache versions of security descriptors in a mid-tier cache of a middle tier of a multiple-tier data server system, said security descriptors being from a first tier of the multiple-tier data server system;
  
  storing, in said mid-tier cache, cache versions of resources subject to said security descriptors;
  
  wherein said cache versions of security descriptors include a certain cache version of a certain security descriptor of said security descriptors; and
  
  said mid-tier determining whether a particular entity may be granted access to a certain resource of said resources based on said certain cache version of said certain security descriptor.

13. A machine-readable medium carrying one or more sequences of instructions, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
- storing cache versions, of security descriptors in a mid-tier cache of a middle tier of a multiple-tier data server system, said security descriptors being from a first tier of the multiple-tier data server system;
  
  storing, in said mid-tier cache, cache versions of resources subject to said security descriptors;
  
  wherein said cache versions of security descriptors include a certain cache version of a certain security descriptor of said security descriptors; and
  
  said mid-tier determining whether a particular entity may be granted access to a certain resource of said resources based on said certain cache version of said certain security descriptor.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The machine-readable medium of claim 13, the steps further including storing in said mid-tier cache versions of user authentication information from said first tier.
  - 15. The machine-readable medium of claim 14, using said user authentication information to authenticate a user associated with a request for said certain resource received by the middle tier from a client in an outer tier of said multiple-tier data server system.
  - 16. The machine-readable medium of claim 13, the steps further including storing in said mid-tier cache cache versions of descriptor-resource mappings from said first tier, said descriptor-resource mappings describing which security descriptors apply to at least a portion of said resources.
  - 17. The machine-readable medium of claim 16, the steps further including said middle tier determining which one or more security descriptors apply to said certain resource based on said cache versions of the descriptor-resource mappings.
  - 18. The machine-readable medium of claim 13, wherein:
    - the cache versions of resources include a particular cache version of a particular resource in said first tier; and
      
      the steps further include;
      
      receiving a message from the first tier indicating that the particular cache version of the particular resource is no longer coherent with the particular resource, and in response to receiving said message, handling said particular cache version as an invalid cache version.
  - 19. The machine-readable medium of claim 13, wherein the steps further include:
    - storing in said mid-tier cache cache versions of descriptor-resource mappings from said first tier, said descriptor-resource mappings describing which security descriptors apply to at least a portion of said resources;
      
      receiving a message from the first tier indicating that at least a portion of said cache versions of descriptor-resource mappings is no longer coherent with descriptor-resource mappings in said first tier; and
      
      in response to receiving said message, handling said at least a portion of said cache versions as an invalid cache version.

20. A machine-readable medium carrying one or more sequences of instructions, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
- a first tier storing resources accessible to clients in an outer tier of a multi-tier data server system that includes said first tier;
  
  said first tier providing copies of said resources to a middle tier of said multi-tier data server system for storage in a middle tier cache of said middle tier;
  
  said first tier storing security descriptors that apply to said resources; and
  
  said first tier providing versions of security descriptors that apply to said resources to said middle tier for storage in the middle tier cache.
- View Dependent Claims (21, 22, 23)
- - 21. The machine-readable medium of claim 20, the steps further including said first tier sending said middle tier a message indicating that at least a portion of said versions of security descriptors is no longer coherent with said security descriptors.
  - 22. The machine-readable medium of claim 20, wherein the steps further include:
    - said first tier storing user authentication information from said first tier; and
      
      said first tier providing said user authentication information to said middle tier for storage in said middle tier cache.
  - 23. The machine-readable medium of claim 22, wherein the steps further include said first tier sending said middle tier a message indicating that at least a portion of user authentication information stored in said middle tier is no longer coherent with user authentication information stored in said first tier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Sedlar, Eric, Tarachandani, Asha, Baby, Thomas, Idicula, Sam, Murthy, Ravi, Agarwal, Nipun, Zalpuri, Naveen, Goell, Fredric, Ling, Gary

Application Number

US11/359,236
Publication Number

US 20070208946A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 12/0813   with a network or matrix co...

G06F 12/0875   with dedicated cache, e.g. ...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

H04L 67/14   Session management for real...

H04L 67/142   Managing session states for...

H04L 67/145   avoiding end of session, e....

H04L 67/56   Provisioning of proxy servi...

H04L 67/564   Enhancement of application ...

H04L 67/568   Storing data temporarily at...

High performance secure caching in the mid-tier

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

High performance secure caching in the mid-tier

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links