Connection authorizer for controlling access to system resources
First Claim
1. A method for communicating data, said method comprising the steps of:
- requesting access to system resources via notification to a system authorizer, said access being requested by a first Input-Output Processor (IOP)Connection manager, said first connection manager residing on a first IOP, said first IOP being connected to a bus;
sending an authorization token in response to said requesting step, said authorization token being sent from said system authorizer mechanism to a second IOP connection manager, said second IOP connection manager residing on a second IOP, said second IOP being connected to said bus, said authorization token being sent as part of a first message, said first message being transmitted on said bus;
sending a copy of said authorization token from said system authorizer to said first IOP connection manager, said authorization token being sent as part of a second message, said second message being transmitted on said bus;
requesting a connection with second IOP connection manager, said connection being requested by said first IOP connection manager via a third message, said third message comprising said copy of said token, said third message being transmitted via said bus;
validating said copy of said authorization token, said copy of said authorization token being validated by said second IOP connection manager; and
connecting said first and said second IOPs across said bus when said copy of said authorization token has been validated by said validating step and thereby permitting access to system resources.
0 Assignments
0 Petitions
Accused Products
Abstract
A peer to peer connection authorizer is described. The connection authorizer involves three different entities: a system authorizer mechanism, a client connection manager, and a server connection manager. The system authorizer resides on the main or primary CPU while the client and server connection managers reside on individual IOPs. To obtain information required by a user and/or an application program, the client connection manager issues a request to the system authorizer. When the system authorizer receives the request, it first verifies that the client device is who it claims to be. If the system authorizer determines that the client device should be allowed to access the requested information, it then sends a token to the server device and a copy of the same token to the client device. Upon receipt of the token copy from the system authorizer, the client connection manager packages the token copy into a message that it sends to the server device. When the server connection manager receives the message from the client device, it compares the token copy to the token it received from the system authorizer. If the tokens match, the server connection manager responds to the client device and the connection is established.
-
Citations
43 Claims
-
1. A method for communicating data, said method comprising the steps of:
-
requesting access to system resources via notification to a system authorizer, said access being requested by a first Input-Output Processor (IOP)Connection manager, said first connection manager residing on a first IOP, said first IOP being connected to a bus; sending an authorization token in response to said requesting step, said authorization token being sent from said system authorizer mechanism to a second IOP connection manager, said second IOP connection manager residing on a second IOP, said second IOP being connected to said bus, said authorization token being sent as part of a first message, said first message being transmitted on said bus; sending a copy of said authorization token from said system authorizer to said first IOP connection manager, said authorization token being sent as part of a second message, said second message being transmitted on said bus; requesting a connection with second IOP connection manager, said connection being requested by said first IOP connection manager via a third message, said third message comprising said copy of said token, said third message being transmitted via said bus; validating said copy of said authorization token, said copy of said authorization token being validated by said second IOP connection manager; and connecting said first and said second IOPs across said bus when said copy of said authorization token has been validated by said validating step and thereby permitting access to system resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for communicating data between an interconnected client entity and server entity, said method comprising the steps of:
-
issuing a request for data, said request being issued by said client entity; receiving in conjunction with said request an authorization token, said authorization token being received at said server entity, said authorization token being sent from an authorizer entity, said authorizer entity being connected to said client entity and said server entity; sending a copy of said authorization token from said authorizer entity to said client entity; requesting a connection, said connection being requested via a message sent from said client entity to said server entity, said message comprising a copy of said authorization token; validating said copy of said authorization token, said copy of said authorization token being validated by said server entity; and establishing a connection between said server entity and said client entity when said authorization token has been validated. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for communicating data between an interconnected client entity and server entity, said method comprising the steps of:
-
issuing a request for data, said request being issued by said client entity; receiving in conjunction with said request an authorization token, said authorization token being received at said client entity, said authorization token being sent from an authorizer entity, said authorizer entity being connected to said client entity and said server entity; requesting a connection between said entity and a server entity, said connection being requested via a first message sent from said client entity to said server entity, said message comprising said authorization token; receiving said first message at said server entity, validating said authorization token and responding to said request for data via a second message; and establishing a connection between said client entity and said server entity when said second message indicates that said authorization token been calibrated - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
-
32. An apparatus for communicating data, said apparatus comprising:
-
means for requesting access to system resources, said access being requested by a first connection manager, said first Input-Output-(IOP) connection manager residing on a first IOP, said first IOP being connected to a bus; means for sending an authorization token in response to said requesting step, said authorization token being sent from a system authorizer mechanism to a second IOP connection manager, said second IOP connection manager residing on a second IOP, said second IOP being connected to said bus said authorization token being sent as part of a first message, said first message being transmitted on said bus; means for sending a copy of said authorization token from said system authorizer to said first IOP connection mangager, said authorization token being sent as part of a second message, said second message being transmitted on said bus; means for requesting a connection with said second IOP connection manager, said connection being requested via a third message, said third message comprising said copy of said token, said third message being transmitted via said bus; means for validating said copy of said authorization token, said copy of said authorization token being validated by said second IOP connection manager; and means for connecting said first and said second IOPs across said bus based on the outcome of said validating step. - View Dependent Claims (33, 34, 35, 36, 37)
-
-
38. An apparatus for communicating data between an interconnected client entity and server entity, said apparatus comprising:
-
means for issuing a request for data, said request being issued by said client entity; means for receiving in conjunction with said request an authorization token, said authorization token being received at said server entity, said authorization token being sent from a authorizer entity, said authorizer entity being connected to said client and entity and to said server entity; means for sending a copy of said authorization token from said authorizer entity to said client entity; means for requesting a connection, said connection being requested via a message sent from said client entity to said server entity, said message comprising a copy of said authorization token; means for validating said copy of said authorization token, said copy of said authorization token being validated by said server enitity; and means for establishing a connection between said server entity and said client entity when said authorization token has been validated.
-
-
39. An apparatus for communicating data between an interconnected client entity and server entity, said apparatus comprising:
-
means for issuing a request for data, said request being issued by said client entity; means for receiving in conjunction with said request an authorization token, said authorization token being received at said client entity, said authorization token being sent from an authorizer entity being connected to said client entity and to said server entity; means for requesting a connection between said client entity and said server entity, said connection being requested via a first message sent from said client entity to said server entity, said message comprising said authorization token; means for receiving said first message at said server entity, validating said authorization token and responding to said request for data via a second message; and means for establishing a connection between said client entity and said server entity when said second message indicates that said authorization token has been validated. - View Dependent Claims (40, 41, 42, 43)
-
Specification