Method and System for Access Control in Distributed Object-Oriented Systems
1 Assignment
0 Petitions
Accused Products
Abstract
A method and a system for accessing services provided by network resources in communication networks. Access to service capabilities is controlled at the application level by controlling the access through a gateway wherein an object-oriented service architecture based on abstracted application programming interfaces is implemented. Preferably, the service architecture is defined in OSA/Parlay standards. Access control is carried out by means of a logical entity, the service reference monitor, which is linked to the gateway and configured so that it intercepts all the communications passing between the client applications and the gateway. The service reference monitor captures the object reference to the service capability and assigns to the object reference a lifetime. At the expiration of the lifetime, the service reference monitor destroys the service capability. The probability of a malicious attack is lowered by limiting the time window of the life of access to a service.
-
Citations
40 Claims
-
1-20. -20. (canceled)
-
21. A method for controlling access to services provided by network resources through at least a gateway that enables communications between the network resources and one or more client applications, wherein an object-oriented service architecture comprising a set of application programming interfaces is implemented in said at least one gateway, comprising the steps of:
-
intercepting, by means of a logical entity linked to the at least one gateway, communications between a client application making a request for a service and the at least one gateway;
recognizing among said communications those related to said application programming interfaces;
capturing among said communications related to said application programming interfaces at least an object reference that enables the client application to obtain a service capability associated with the service so as to provide an object reference to the service capability; and
assigning a lifetime to the object reference to the service capability, and deleting the object reference to the service capability when the assigned lifetime has expired. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A system for controlling access to services provided by network resources comprising at least a gateway for enabling communications between the network resources and one or more client applications, wherein object-oriented service architecture comprising a set of application programming interfaces is implemented in said at least one gateway, and a logical entity linked with the at least one gateway is capable of performing the following functions:
-
to intercept communications between the client applications and the gateway;
to recognize among said communications those related to said application programming interfaces;
to capture among said communications related to said application programming interfaces at least an object reference that enables the client application to obtain a service capability associated with the service so as to provide an object reference to the service capability;
to assign a lifetime to the object reference to the service capability; and
to delete the object reference to the service capability when the assigned lifetime has expired. - View Dependent Claims (35, 36, 37, 38, 39, 40)
-
Specification