Access control in a distributed computer system
First Claim
Patent Images
1. In a distributed computer system, a method of controlling access from a user program to a plurality of target programs, the method comprising the steps:
- (a) issuing said user program with an encrypted privilege attribute certificate (PAC), said PAC indicating which of said target programs the user program is permitted to access,(b) transmitting the encrypted PAC from the user program to one of the target programs,(c) transmitting the encrypted PAC from said one of the target programs to a validation unit,(d) in the validation unit, decrypting the encrypted PAC and checking whether the PAC permits the user program to access said one of the target programs,(e) returning a message from the validation unit to said one of the target programs, indicating whether the user program is permitted to access said one of the target programs, and(f) returning a success/failure indication from said one of the target programs to said user program indicating whether the user program is permitted to access said one of the target programs.
0 Assignments
0 Petitions
Accused Products
Abstract
A distributed computer system, has a number of users and target applications. When a user logs on to the system, an authentication unit issues the user with a privilege attribute certificate (PAC) representing the user'"'"'s access rights. When the user wishes to access a target application, he presents the PAC to that application as evidence of his access rights. The application, in turn, passes the PAC to a PAC use monitor (PUM) which validates the PAC. The PUM is shared between a plurality of applications.
-
Citations
3 Claims
-
1. In a distributed computer system, a method of controlling access from a user program to a plurality of target programs, the method comprising the steps:
-
(a) issuing said user program with an encrypted privilege attribute certificate (PAC), said PAC indicating which of said target programs the user program is permitted to access, (b) transmitting the encrypted PAC from the user program to one of the target programs, (c) transmitting the encrypted PAC from said one of the target programs to a validation unit, (d) in the validation unit, decrypting the encrypted PAC and checking whether the PAC permits the user program to access said one of the target programs, (e) returning a message from the validation unit to said one of the target programs, indicating whether the user program is permitted to access said one of the target programs, and (f) returning a success/failure indication from said one of the target programs to said user program indicating whether the user program is permitted to access said one of the target programs. - View Dependent Claims (2, 3)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Computers Limited (Fujitsu Limited)
-
Original AssigneeInternational Computers Limited (Fujitsu Limited)
-
InventorsParker, Thomas A.
-
Primary Examiner(s)MacDonald, Allen R.
-
Assistant Examiner(s)Sheikh, Ayaz R.
-
Application NumberUS08/042,441Time in Patent Office498 DaysField of Search395/725, 395/425, 395/325, 395/275, 395/600, 380/21, 380/18, 380/10, 380/25, 380/23US Class Current711/221CPC Class CodesG06F 21/41 where a single sign-on prov...G06F 21/6218 to a system of files or obj...G06F 21/629 to features or functions of...G06F 2211/007 Encryption, En-/decode, En-...G06F 2221/2141 Access rights, e.g. capabil...G06F 9/468 Specific access rights for ...
