Method and System for Access Control in Distributed Object-Oriented Systems

US 20070233883A1
Filed: 05/04/2004
Published: 10/04/2007
Est. Priority Date: 05/04/2004
Status: Abandoned Application

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for accessing services provided by network resources in communication networks. Access to service capabilities is controlled at the application level by controlling the access through a gateway wherein an object-oriented service architecture based on abstracted application programming interfaces is implemented. Preferably, the service architecture is defined in OSA/Parlay standards. Access control is carried out by means of a logical entity, the service reference monitor, which is linked to the gateway and configured so that it intercepts all the communications passing between the client applications and the gateway. The service reference monitor captures the object reference to the service capability and assigns to the object reference a lifetime. At the expiration of the lifetime, the service reference monitor destroys the service capability. The probability of a malicious attack is lowered by limiting the time window of the life of access to a service.

Citations

40 Claims

1-20. -20. (canceled)

21. A method for controlling access to services provided by network resources through at least a gateway that enables communications between the network resources and one or more client applications, wherein an object-oriented service architecture comprising a set of application programming interfaces is implemented in said at least one gateway, comprising the steps of:
- intercepting, by means of a logical entity linked to the at least one gateway, communications between a client application making a request for a service and the at least one gateway;
  
  recognizing among said communications those related to said application programming interfaces;
  
  capturing among said communications related to said application programming interfaces at least an object reference that enables the client application to obtain a service capability associated with the service so as to provide an object reference to the service capability; and
  
  assigning a lifetime to the object reference to the service capability, and deleting the object reference to the service capability when the assigned lifetime has expired.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 22. The method of claim 21, wherein the step of capturing comprises capturing an object reference identifying the client application making the request for the service.
  - 23. The method of claim 21, wherein the step of capturing comprises registering the object references and comparing the intercepted communications with the registered object references.
  - 24. The method of claim 21, further comprising the step of registering the time at which the object reference to the service capability is created.
  - 25. The method of claim 24, wherein assigning a lifetime comprises associating a time slot to the object reference to the service capability.
  - 26. The method of claim 21, wherein capturing comprises capturing the object reference to the service capability.
  - 27. The method of claim 26, wherein assigning a lifetime comprises associating a maximum number of invocations to the object reference to the service capability.
  - 28. The method of claim 26, wherein assigning a lifetime comprises associating a time slot to the object reference to the service capability, said time slot being the elapsed time since no activity has taken place with the service capability.
  - 29. The method of claim 22, wherein the application programming interfaces are defined in OSA/Parlay standard.
  - 30. The method of claim 29, wherein the step of capturing comprises capturing a service token related to the requested service.
  - 31. The method of claim 30, further comprising the step of deleting the service token after expiration of the lifetime.
  - 32. The method of claim 29, wherein OSA/Parlay application programming interfaces use CORBA as middleware infrastructure.
  - 33. A service comprising the method according to claim 21.

34. A system for controlling access to services provided by network resources comprising at least a gateway for enabling communications between the network resources and one or more client applications, wherein object-oriented service architecture comprising a set of application programming interfaces is implemented in said at least one gateway, and a logical entity linked with the at least one gateway is capable of performing the following functions:
- to intercept communications between the client applications and the gateway;
  
  to recognize among said communications those related to said application programming interfaces;
  
  to capture among said communications related to said application programming interfaces at least an object reference that enables the client application to obtain a service capability associated with the service so as to provide an object reference to the service capability;
  
  to assign a lifetime to the object reference to the service capability; and
  
  to delete the object reference to the service capability when the assigned lifetime has expired.
- View Dependent Claims (35, 36, 37, 38, 39, 40)
- - 35. The system of claim 34, wherein the logical entity comprises a first software entity capable of locating and capturing the communications between the client applications and the gateway and the object references identifying the client applications and the requested services.
  - 36. The system of claim 35, wherein the logical entity further comprises a second software entity which is linked to the first software entity and is capable of receiving and recording the object references and method invocations captured by the first software entity.
  - 37. The system of claim 36, wherein the logical entity further comprises a list of the captured object references, said list being created and managed by the second software entity.
  - 38. The system of claim 37, wherein the logical entity acts as a transparent proxy to the client applications.
  - 39. The system of claim 34, wherein the application programming interfaces are defined in OSA/Parlay standard.
  - 40. The system of claim 39, wherein OSA/Parlay application programming interfaces use CORBA as middleware infrastructure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telecom Italia S.p.A.
Original Assignee
Telecom Italia S.p.A.
Inventors
De Lutiis, Paolo, Moiso, Corrado, Di Caprio, Gaetano

Application Number

US11/579,604
Publication Number

US 20070233883A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 63/14   for detecting or protecting...

Method and System for Access Control in Distributed Object-Oriented Systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Access Control in Distributed Object-Oriented Systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links