METHOD AND SYSTEM FOR SECURELY EXTENDING A PATH OF A MOBILE AGENT WITHIN A NETWORK SYSTEM
First Claim
1. A method of securely extending an initial path of a mobile agent from a first server within a network system having a plurality of servers, at least an initial number of which the mobile agent must pass according to a pre-given chronology which defines the initial path of the mobile agent, the method comprising:
- extending the initial path of the mobile agent from an initiator server by a second number of servers of the plurality of servers, when the initiator server is reached by the mobile agent in the pre-given chronology, wherein the second number of servers includes the server following the initiator server according to the initial path thereby defining an extension of the initial path;
jointly encrypted within a nested structure the extension of the initial path and data intended for any one of the second number of servers;
giving the nested structure to the mobile agent to take with it, the nested structure being built up of a number of nested terms corresponding to the second number of servers, each nested term being decryptable by exactly one server of the second number of servers in such a manner that each server of the second number of servers gets access only to the data intended for it and to a section of the extended path, when being reached by the mobile agent in the defined chronology of the extension, the nested structure further including a signature of the initiator server of the extension.
2 Assignments
0 Petitions
Accused Products
Abstract
The present description refers in particular to a method, a system, and a computer program product for access control using resource filters for a strict separation of application and security logic. The computer-implemented method for access control may include receiving at least one access request to at least one resource from an application; providing a resource hierarchy for the at least one resource, the resource having at least one resource class, wherein the resource hierarchy is defined in a single resource; providing a policy comprising at least one access control rule for accessing at least one element of the at least one resource class; verifying the at least one access request based on the policy through an authorization service; and processing the at least one access request through a service interface.
-
Citations
26 Claims
-
1. A method of securely extending an initial path of a mobile agent from a first server within a network system having a plurality of servers, at least an initial number of which the mobile agent must pass according to a pre-given chronology which defines the initial path of the mobile agent, the method comprising:
-
extending the initial path of the mobile agent from an initiator server by a second number of servers of the plurality of servers, when the initiator server is reached by the mobile agent in the pre-given chronology, wherein the second number of servers includes the server following the initiator server according to the initial path thereby defining an extension of the initial path; jointly encrypted within a nested structure the extension of the initial path and data intended for any one of the second number of servers; giving the nested structure to the mobile agent to take with it, the nested structure being built up of a number of nested terms corresponding to the second number of servers, each nested term being decryptable by exactly one server of the second number of servers in such a manner that each server of the second number of servers gets access only to the data intended for it and to a section of the extended path, when being reached by the mobile agent in the defined chronology of the extension, the nested structure further including a signature of the initiator server of the extension. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a mobile agent; a plurality of servers that the mobile agent must pass according to a pre-given chronology that defines an initial path of the mobile agent; and an initiator server, selected from the plurality of servers, and configured such that when the initiator server is reached by the mobile agent in the pre-given chronology it extends the initial path of the mobile agent by a second number of servers, including a server following the initiator server according to the initial path, thereby defining an extension of the initial path, wherein the mobile agent carries the extended path and data intended for any one of the second number of servers and wherein the extended path and the data are jointly encrypted within a nested structure, the nested structure being built up of a number of nested terms corresponding to the second number of servers, each nested term being decryptable by exactly one server of the second number of servers in such a manner that each server of the second number of servers gets access only to the data intended for it and to a section of the path, when being reached by the mobile agent in the defined chronology of the extension, the nested structure further being signed by a signature of the initiator server of the extension. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A computer program stored on the computer-readable medium with a program code that when executed on a computer enables the computer to securely extend an initial path of a mobile agent from a first server within a network system having a plurality of servers, at least an initial number of which the mobile agent must pass according to a pre-given chronology which defines the initial path of the mobile agent, by:
-
extending the initial path of the mobile agent from an initiator server by a second number of servers of the plurality of servers, when the initiator server is reached by the mobile agent in the pre-given chronology, wherein the second number of servers includes the server following the initiator server according to the initial path thereby defining an extension of the initial path; jointly encrypted within a nested structure the extension of the initial path and data intended for any one of the second number of servers; giving the nested structure to the mobile agent to take with it, the nested structure being built up of a number of nested terms corresponding to the second number of servers, each nested term being decryptable by exactly one server of the second number of servers in such a manner that each server of the second number of servers gets access only to the data intended for it and to a section of the extended path, when being reached by the mobile agent in the defined chronology of the extension, the nested structure further including a signature of the initiator server of the extension.
-
Specification