Security system

US 4,995,112 A
Filed: 06/30/1989
Issued: 02/19/1991
Est. Priority Date: 07/05/1988
Status: Expired due to Fees

First Claim

Patent Images

1. A security system for use in a distributed processing system having a plurality of nodes, comprising:

passthrough means for passing access request data through an intra node to another one of said plurality of nodes, said access request data including at least address information for specifying one of said plurality of nodes and security information for obtaining access to one of said plurality of nodes;

node directory storing means for storing a node directory representing a correspondence between each of said plurality of nodes and respective security information; and

control means for receiving said access request data, and upon determining that said address information does not specify said intra node and that said security information of said access request data corresponds to said address information in accordance with said correspondence represented by said node directory, for causing said passthrough means to pass said access request data through said intra node to said other one of said plurality of nodes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a distributed processing system having a plurality of nodes, a correspondence table, which represents a correspondence between the nodes and corresponding passwords that grant access to the nodes, stored in a disk device. Each of the nodes includes a passthrough device which permits passthrough of access request data to a node of the next hierarchical level. Upon receipt of access request data, the passthrough device refers to the correspondence table to check a password contained in the received access request data for validity of access to the node. When the password is valid, the passthrough of the access request data is permitted.

60 Citations

View as Search Results

9 Claims

1. A security system for use in a distributed processing system having a plurality of nodes, comprising:
- passthrough means for passing access request data through an intra node to another one of said plurality of nodes, said access request data including at least address information for specifying one of said plurality of nodes and security information for obtaining access to one of said plurality of nodes;
  
  node directory storing means for storing a node directory representing a correspondence between each of said plurality of nodes and respective security information; and
  
  control means for receiving said access request data, and upon determining that said address information does not specify said intra node and that said security information of said access request data corresponds to said address information in accordance with said correspondence represented by said node directory, for causing said passthrough means to pass said access request data through said intra node to said other one of said plurality of nodes.
- View Dependent Claims (2, 3, 4)
- - 2. The system according to claim 1, wherein said control means includes:
    - means for determining if said address information specifies said intra node;
      
      means for determining if said security information of said access request data corresponds to said address information specifying said intra node in accordance with said correspondence represented by said node directory; and
      
      means for permitting access to said intra node when said address information specifies said intra node and when said security information of said access request data corresponds to said address information specifying said intra node in accordance with said correspondence represented by said node directory.
  - 3. The system according to claim 2, further comprising means for sending an error message to a node issuing said access request data when said security information of said access request data does not correspond to said address information specifying said intra node in accordance with said correspondence represented by said node directory.
  - 4. The system according to claim 1, wherein said control means includes:
    - means for determining if said security information of said access request data corresponds to said address information in accordance with said correspondence represented by said node directory; and
      
      means for sending an error message to a node issuing said access request data when said security information of said access request data does not correspond to said address information specifying said other one of said plurality of nodes in accordance with said correspondence represented by said node directory.

5. In a distributed processing system with a plurality of nodes which accesses one node through another node, a security method of checking validity of access request data having at least node data for specifying a node to access and a password indicating whether access to the node is valid or not, the security method comprising the steps of:
- preparing correspondence information representing a correspondence between the node data and passwords corresponding to the nodes;
  
  determining whether or not the password designated in the access request data coincides with a password in the correspondence information that corresponds to the node data designated in the access request data; and
  
  passing the access request data through an intra node to another node upon coincidence of the passwords.
- View Dependent Claims (6, 7, 8)
- - 6. The method according to claim 5, wherein said determining step includes the steps of:
    - determining if the node data included in the access request data specifies the intra node;
      
      determining if the password included in the access request data coincides with the password of the node to be accessed when the node data included in the access request data specifies the intra node; and
      
      permitting access to the intra node.
  - 7. The method according to claim 6, further comprising the steps of:
    - sending an error message to a node issuing the access request data if the password included in the access request data does not coincide with the password of the node to be accessed when the node data included in the access request data specifies the intra node.
  - 8. The method according to claim 5, wherein said determining step includes the steps of:
    - determining if the password included in the access request data coincides with the password corresponding to the specified node data; and
      
      sending an error message to a node issuing the access request data if the password included in the access request data does not coincide with the password corresponding to the specified node data.

9. A security system in a distributed processing system wherein a plurality of nodes are arranged in a hierarchical structure of different hierarchical levels, comprising:
- a terminal serving as a source node, for issuing access request data including node specifying data for specifying a destination node to be accessed, and a password for accessing the destination node;
  
  a host unit which serves as the destination node;
  
  a subhost unit which serves as an intra node and which is connected between said terminal and said host unit, including,table memory means for storing a correspondence between node specifying data and passwords;
  
  passthrough means for passing the access request data through the intra node to a node of a different hierarchical level; and
  
  control means for determining whether or not the node specifying data included in the access request data specifies the intra node, for referring to said table memory means to determine whether or not the password included in the access request data coincides with a password of the destination node stored in said table memory means and whether or not the node specifying data designates a node at a higher level in the hierarchy than the intra node, and for passing the access request data to said host unit if the password included in the access request data coincides with the password of the destination node stored in said table memory means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation)
Inventors
Aoyama, Mitsunobu
Primary Examiner(s)
Tarcza, Thomas H.
Assistant Examiner(s)
Cain, David

Application Number

US07/374,067
Time in Patent Office

599 Days
Field of Search

380/4, 380/25, 364/242.95
US Class Current

726/6
CPC Class Codes

G06F 21/31 User authentication

Security system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Security system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links