Access control in a distributed computer system
First Claim
Patent Images
1. In a distributed computer system, a method of controlling access from a user program to a plurality of target programs, the method comprising the steps:
- (a) issuing said user program with an encrypted privilege attribute certificate (PAC), said PAC indicating which of said target programs the user program is permitted to access,(b) transmitting the encrypted PAC from the user program to one of the target programs,(c) transmitting the encrypted PAC from said one of the target programs to a validation unit,(d) in the validation unit, decrypting the encrypted PAC and checking whether the PAC permits the user program to access said one of the target programs,(e) returning a message from the validation unit to said one of the target programs, indicating whether the user program is permitted to access said one of the target programs, and(f) returning a success/failure indication from said one of the target programs to said user program indicating whether the user program is permitted to access said one of the target programs.
0 Assignments
0 Petitions
Accused Products
Abstract
A distributed computer system, has a number of users and target applications. When a user logs on to the system, an authentication unit issues the user with a privilege attribute certificate (PAC) representing the user'"'"'s access rights. When the user wishes to access a target application, he presents the PAC to that application as evidence of his access rights. The application, in turn, passes the PAC to a PAC use monitor (PUM) which validates the PAC. The PUM is shared between a plurality of applications.
-
Citations
3 Claims
-
1. In a distributed computer system, a method of controlling access from a user program to a plurality of target programs, the method comprising the steps:
-
(a) issuing said user program with an encrypted privilege attribute certificate (PAC), said PAC indicating which of said target programs the user program is permitted to access, (b) transmitting the encrypted PAC from the user program to one of the target programs, (c) transmitting the encrypted PAC from said one of the target programs to a validation unit, (d) in the validation unit, decrypting the encrypted PAC and checking whether the PAC permits the user program to access said one of the target programs, (e) returning a message from the validation unit to said one of the target programs, indicating whether the user program is permitted to access said one of the target programs, and (f) returning a success/failure indication from said one of the target programs to said user program indicating whether the user program is permitted to access said one of the target programs. - View Dependent Claims (2, 3)
-
Specification