Telecommunication access management system for a packet switching network
First Claim
1. A system for managing access to data among users and host computers in a public data communications network applied to provide data communications paths between and among the users and the host computers via communication links and transmit nodes of the network, in which the nature and degree of access by or to each user and host computer is designated in advance by respective ones of the plurality of network customers who maintain the host computers and who allow authorized user access thereto, said system comprisinga multiplicity of potential user stations,a multiplicity of host computers for compiling and furnishing data on request of users and other host computers,a multiplicity of switch means operatively associated with respective ones of said user stations and said host computers, and located at points of entry to said data communications paths of said network remote from said respective ones of said user stations and said host computers, for establishing and disconnecting a communication path through the network between a user station and a host computer to which access is requested by said user station for a communication session therewith, andaccess management means operatively associated with each of said switch means for examining requests for establishing a data communications path through said network between a user station and a host computer received by the associated one of said switch means for validation of said requests and for granting and denying the respective requests by issuance of corresponding instruction signals to said switch means, according to the nature and degree of access designated by the respective network customer.
3 Assignments
0 Petitions
Accused Products
Abstract
A security access management system for a packet switched data communications network has access management apparatus operatively associated with the packet switches at each entry point of the network. The access management apparatus includes an administrative host processor for examining user terminal authorization information in packets received at the associated packet switch for transmission through the network to destination addresses for the packets. A database associated with the administrative host stores information including levels of authorization of the user terminals for the respective entry point of the network for access to specified destinations, as pre-assigned by the network customer. Also included in the access management apparatus is a validation host processor which responds to comparisons between the user terminal authorization information contained in the packet and the pre-assigned level of authorization for the same user terminal, and, if they correspond, to grant access by that user terminal through the associated packet switch to the destination address with which a communication session is requested; or, if they differ, to deny such access. The access management apparatus is located remote from the user terminals using the particular entry point for the network.
-
Citations
12 Claims
-
1. A system for managing access to data among users and host computers in a public data communications network applied to provide data communications paths between and among the users and the host computers via communication links and transmit nodes of the network, in which the nature and degree of access by or to each user and host computer is designated in advance by respective ones of the plurality of network customers who maintain the host computers and who allow authorized user access thereto, said system comprising
a multiplicity of potential user stations, a multiplicity of host computers for compiling and furnishing data on request of users and other host computers, a multiplicity of switch means operatively associated with respective ones of said user stations and said host computers, and located at points of entry to said data communications paths of said network remote from said respective ones of said user stations and said host computers, for establishing and disconnecting a communication path through the network between a user station and a host computer to which access is requested by said user station for a communication session therewith, and access management means operatively associated with each of said switch means for examining requests for establishing a data communications path through said network between a user station and a host computer received by the associated one of said switch means for validation of said requests and for granting and denying the respective requests by issuance of corresponding instruction signals to said switch means, according to the nature and degree of access designated by the respective network customer.
-
7. A method for upgrading security in a public data communications network to assure that the dictates of each network customer are followed with respect to accessibility by network users via terminals to host computers maintained by the respective network customer, said method comprising
installing at points of entry to data communications links of said network a plurality of switch means for operative association with respective user terminals and host computers but physically remote therefrom, to establish connection and disconnection of data communications link through the network among user terminals and host computers on demand by authorized users, installing in association with said network an access management host computer and relational database designating authorized users and their attributes and destination addresses to which the various users are authorized access based on said dictates of the network customers, for analyzing requests for access among said users and host computers and issuing instructions respecting establishment of connections and disconnections to the respective switch means based on information contained in said relational database, and providing a data link between said access management host computer and each of said switch means for communication of access requests and responsive instructions therebetween.
-
8. In a security access management system for a packet switched data communications network adapted to selectively provide transmission paths for communication sessions between a multiplicity of data terminal equipments (DTEs) located outside the network via communication links and transit nodes within the network through a plurality of packet switches each located at a respective one of a plurality of entry points to the network and associated with one or more of the DTEs for routing packets therefrom and thereto at that entry point, according to the destination DTE address and source DTE authorization information contained within the packets assembled for transmission from a source DTE, and wherein the extent of access between and among a group of the DTEs associated with a particular customer of the network is mandated by that customer such that different DTEs within the same group may be authorized for different levels of access to destinations within the group, the improvement comprising:
plural access management means each respectively operatively associated with a packet switch at an entry point of the network, each access management means including; administrative means for examining source DTE authorization information contained within packets received at the associated packet switch for transmission through the network to destination addresses for the packets, database means maintained by the administrative means for storing information relating to pre-assigned levels of authorization of the source DTEs using the respective entry point of the network for access to specified destinations, and validation means responsive to comparison of the DTE source authorization information contained in a packet under examination by the administrative means to the pre-assigned level of authorization for that source DTE for granting or denying access thereby through the associated packet switch to the destination address with which a communication session is requested. - View Dependent Claims (9, 10, 11, 12)
Specification