HIGH PERFORMANCE SECURE CACHING IN THE MID-TIER

US 20090158047A1
Filed: 11/21/2008
Published: 06/18/2009
Est. Priority Date: 07/06/2004
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method comprising:

storing cache versions of security descriptors in a mid-tier cache of a middle tier of a multiple-tier data server system, said security descriptors being from a first tier of the multiple-tier data server system;

storing, in said mid-tier cache, cache versions of resources subject to said security descriptors,wherein a set of resources includes said resources that are subject to said security descriptors,wherein said set of resources are stored in said first tier;

storing, in the mid-tier cache, association data that associates said cache versions of security descriptors with a strict subset of said set of resources;

wherein said cache versions of security descriptors include a certain cache version of a certain security descriptor of said security descriptors; and

said middle tier determining whether a particular entity may be granted access to a certain resource of said set of resources based on said association data and said certain cache version of said certain security descriptor.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a multi-tier data server system, data from the first tier is cached in a mid-tier cache of the middle tier. Access control information from the first tier for the data is also cached within the mid-tier cache. Caching the security information in the middle tier allows the middle tier to make access control decisions regarding requests for data made by clients in the outer tier.

110 Citations

26 Claims

1. A computer-implemented method comprising:
- storing cache versions of security descriptors in a mid-tier cache of a middle tier of a multiple-tier data server system, said security descriptors being from a first tier of the multiple-tier data server system;
  
  storing, in said mid-tier cache, cache versions of resources subject to said security descriptors,wherein a set of resources includes said resources that are subject to said security descriptors,wherein said set of resources are stored in said first tier;
  
  storing, in the mid-tier cache, association data that associates said cache versions of security descriptors with a strict subset of said set of resources;
  
  wherein said cache versions of security descriptors include a certain cache version of a certain security descriptor of said security descriptors; and
  
  said middle tier determining whether a particular entity may be granted access to a certain resource of said set of resources based on said association data and said certain cache version of said certain security descriptor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, the steps further including storing in said mid-tier cache versions of user authentication information from said first tier.
  - 3. The method of claim 2, using said user authentication information to authenticate a user associated with a request for said certain resource received by the middle tier from a client in an outer tier of said multiple-tier data server system.
  - 4. The method of claim 1, the steps further including storing, in said mid-tier cache, cache versions of descriptor-resource mappings from said first tier, said descriptor-resource mappings describing which security descriptors apply to at least a portion of said resources.
  - 5. The method of claim 4, the steps further including said middle tier determining which one or more security descriptors apply to said certain resource based on said cache versions of the descriptor-resource mappings.
  - 6. The method of claim 1, wherein:
    - the cache versions of resources include a particular cache version of a particular resource in said first tier; and
      
      the steps further include;
      
      receiving, from the first tier, a message that indicates that the particular cache version of the particular resource is no longer coherent with the particular resource, andin response to receiving said message, handling said particular cache version as an invalid cache version.
  - 7. The method of claim 1, wherein the steps further include:
    - storing, in said mid-tier cache, cache versions of descriptor-resource mappings from said first tier, said descriptor-resource mappings describing which security descriptors apply to at least a portion of said resources;
      
      receiving, from the first tier, a message that indicates that at least a portion of said cache versions of descriptor-resource mappings is no longer coherent with descriptor-resource mappings in said first tier; and
      
      in response to receiving said message, handling said at least a portion of said cache versions as an invalid cache version.
  - 8. The method of claim 1, wherein:
    - said cache versions of resources include a certain cache version of said certain resource; and
      
      said middle tier determining whether the particular entity may be granted access to the certain resource includes said middle tier determining whether the particular entity may be granted access to said certain version of said certain resource.
  - 9. The method of claim 1, wherein each of one or more of said security descriptors is an Access Control List (ACL).
  - 14. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 1.
  - 15. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 2.
  - 16. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 3.
  - 17. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 4.
  - 18. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 5.
  - 19. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 6.
  - 20. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 7.
  - 21. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 8.
  - 22. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 9.

10. A machine-implemented method, comprising the steps of:
- a first tier storing resources accessible to clients in an outer tier of a multi-tier data server system that includes said first tier;
  
  said first tier providing, to a middle tier of said multi-tier data server system for storage in a middle tier cache of said middle tier, copies of a first strict subset of said resources;
  
  said first tier storing security descriptors that apply to said resources;
  
  said first tier providing, to said middle tier for storage in the middle tier cache, versions of security descriptors that apply to a second strict subset of said resources; and
  
  said first tier providing, to said middle tier for storage in the middle tier cache, association data that associates said versions of security descriptors with said second strict subset of said resources.
- View Dependent Claims (11, 12, 13, 23, 24, 25, 26)
- - 11. The method of claim 10, the steps further including said first tier sending said middle tier a message indicating that at least a portion of said versions of security descriptors is no longer coherent with said security descriptors.
  - 12. The method of claim 10, wherein the steps further include:
    - said first tier storing user authentication information from said first tier; and
      
      said first tier providing said user authentication information to said middle tier for storage in said middle tier cache.
  - 13. The method of claim 12, the steps further including said first tier sending said middle tier a message indicating that at least a portion of user authentication information stored in said middle tier is no longer coherent with user authentication information stored in said first tier.
  - 23. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 10.
  - 24. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 11.
  - 25. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 12.
  - 26. A machine-readable storage medium storing instructions which, when executed by one or more processors, causes the one or more processors to perform the steps recited in claim 13.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Lei, Ming, Desai, Ajay, Ling, Shu, Jacobs, Lawrence, Zalpuri, Naveen, Sedlar, Eric, Tarachandani, Asha, Baby, Thomas, Idicula, Sam, Murthy, Ravi, Agarwal, Nipun, Goell, Fredric Scott

Application Number

US12/276,182
Publication Number

US 20090158047A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 12/0813   with a network or matrix co...

G06F 12/0875   with dedicated cache, e.g. ...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

H04L 67/14   Session management for real...

H04L 67/142   Managing session states for...

H04L 67/145   avoiding end of session, e....

H04L 67/56   Provisioning of proxy servi...

H04L 67/564   Enhancement of application ...

H04L 67/568   Storing data temporarily at...

HIGH PERFORMANCE SECURE CACHING IN THE MID-TIER

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

110 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

HIGH PERFORMANCE SECURE CACHING IN THE MID-TIER

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others