Distributed security procedure for intelligent networks

US 4,919,545 A
Filed: 12/22/1988
Issued: 04/24/1990
Est. Priority Date: 12/22/1988
Status: Expired due to Term

First Claim

Patent Images

1. In an intelligent network having a plurality of nodes, a method for authorizing access by a process located in an invocation node to an object located in an execution node, comprising the steps of:

granting permission to the invocation node to access the object by transmitting a capability and a signature from the execution node to the invocation node, said capability including a unique identifier of the object and access rights to the object, said signature being formed by encryption of the capability with an encryption key unique to the invocation node and stored only in the execution node;

transmitting a request for access to the object from the invocation node to the execution node, said request being transmitted with said capability and said signature;

at said execution node, encrypting the capability received from the invocation node with said encryption key to form a test signature; and

authorizing access to the object only when the test signature matches the signature received from the invocation node.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security technique for use in an intelligent network. The security technique provides a method for authorizing access by a process located in an invocation node to an object, or a network resource, located in an execution node. The method includes the steps of granting permission to the invocation node to access the object by transmitting a capability and a signature from the execution node to the invocation node. The capability includes a unique indentifier of the object and access rights to the object. The signature is formed at the execution node by encryption of the capability with an encryption key that is unique to the invocation node and is stored only in the execution node. A request for access to the object is transmitted with the capability and the signature from the invocation node to the execution node. At the execution node, the request is authenticated by encryption of the capability with the encryption key that is associated with the invocation node to form a test signature. Access to the object is authorized only when the test signature matches the signature received from the invocation node.

249 Citations

7 Claims

1. In an intelligent network having a plurality of nodes, a method for authorizing access by a process located in an invocation node to an object located in an execution node, comprising the steps of:
- granting permission to the invocation node to access the object by transmitting a capability and a signature from the execution node to the invocation node, said capability including a unique identifier of the object and access rights to the object, said signature being formed by encryption of the capability with an encryption key unique to the invocation node and stored only in the execution node;
  
  transmitting a request for access to the object from the invocation node to the execution node, said request being transmitted with said capability and said signature;
  
  at said execution node, encrypting the capability received from the invocation node with said encryption key to form a test signature; and
  
  authorizing access to the object only when the test signature matches the signature received from the invocation node.
- View Dependent Claims (2, 3, 4)
- - 2. A method for authorizing access as defined in claim 1 further including the steps ofgranting permission to access the object to one or more nodes different from said invocation node, andusing a different encryption key for forming the signatures transmitted to each of the different nodes to which permission has been granted.
  - 3. A method for authorizing access as defined in claim 2 further including the step of revoking the permission of a selected node to access the object by cancelling or changing the encryption key associated with the selected node.
  - 4. A method for authorizing access as defined in claim 1 wherein the step of transmitting a request for access includes the steps oftransmitting the identity of a required basic service element from the invocation node to the execution node, andchecking the access right received from the invocation node to determine if the access right required to execute the basic service element has been granted.

5. In an intelligent network having at least two nodes, a method for maintaining security when a process in a first node requests access to an object located in a second node, comprising the steps of:
- transmitting a request for access to the object from the first node to the second node with a capability and a signature, said capability including a unique identifier of the object and access rights to the object;
  
  at the second node, encrypting the capability received from the first node with an encryption key associated with the first node to form a test signature; and
  
  authorizing access to the object only when the test signature matches the signature received from the first node.
- View Dependent Claims (6, 7)
- - 6. A method for maintaining security as defined in claim 5 further including the step of storing an encryption key corresponding to each node in said intelligent network to which permission to access the object has been granted.
  - 7. A method for maintaining security as defined in claim 5 wherein the step of transmitting a request for access to the object includes the steps oftransmitting the identity of a basic service element from the first node to the second node, andchecking the basic service element against the access right of the capability to determine if the required access right has been granted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
GTE Laboratories Incorporated (Lumen Technologies, Inc.)
Inventors
Yu, Che-Fn
Primary Examiner(s)
Buczinski, Stephen C.
Assistant Examiner(s)
Wallace, Linda J.

Application Number

US07/288,779
Time in Patent Office

488 Days
Field of Search

380/3, 380/4, 380/23, 380/24, 380/25, 380/30, 340/825.34
US Class Current

713/167
CPC Class Codes

H04L 9/3247 involving digital signatures

Distributed security procedure for intelligent networks

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

249 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed security procedure for intelligent networks

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

249 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links