Distributed security procedure for intelligent networks
First Claim
1. In an intelligent network having a plurality of nodes, a method for authorizing access by a process located in an invocation node to an object located in an execution node, comprising the steps of:
- granting permission to the invocation node to access the object by transmitting a capability and a signature from the execution node to the invocation node, said capability including a unique identifier of the object and access rights to the object, said signature being formed by encryption of the capability with an encryption key unique to the invocation node and stored only in the execution node;
transmitting a request for access to the object from the invocation node to the execution node, said request being transmitted with said capability and said signature;
at said execution node, encrypting the capability received from the invocation node with said encryption key to form a test signature; and
authorizing access to the object only when the test signature matches the signature received from the invocation node.
11 Assignments
0 Petitions
Accused Products
Abstract
A security technique for use in an intelligent network. The security technique provides a method for authorizing access by a process located in an invocation node to an object, or a network resource, located in an execution node. The method includes the steps of granting permission to the invocation node to access the object by transmitting a capability and a signature from the execution node to the invocation node. The capability includes a unique indentifier of the object and access rights to the object. The signature is formed at the execution node by encryption of the capability with an encryption key that is unique to the invocation node and is stored only in the execution node. A request for access to the object is transmitted with the capability and the signature from the invocation node to the execution node. At the execution node, the request is authenticated by encryption of the capability with the encryption key that is associated with the invocation node to form a test signature. Access to the object is authorized only when the test signature matches the signature received from the invocation node.
249 Citations
7 Claims
-
1. In an intelligent network having a plurality of nodes, a method for authorizing access by a process located in an invocation node to an object located in an execution node, comprising the steps of:
-
granting permission to the invocation node to access the object by transmitting a capability and a signature from the execution node to the invocation node, said capability including a unique identifier of the object and access rights to the object, said signature being formed by encryption of the capability with an encryption key unique to the invocation node and stored only in the execution node; transmitting a request for access to the object from the invocation node to the execution node, said request being transmitted with said capability and said signature; at said execution node, encrypting the capability received from the invocation node with said encryption key to form a test signature; and authorizing access to the object only when the test signature matches the signature received from the invocation node. - View Dependent Claims (2, 3, 4)
-
-
5. In an intelligent network having at least two nodes, a method for maintaining security when a process in a first node requests access to an object located in a second node, comprising the steps of:
-
transmitting a request for access to the object from the first node to the second node with a capability and a signature, said capability including a unique identifier of the object and access rights to the object; at the second node, encrypting the capability received from the first node with an encryption key associated with the first node to form a test signature; and authorizing access to the object only when the test signature matches the signature received from the first node. - View Dependent Claims (6, 7)
-
Specification