Connection authorizer for controlling access to system resources

US 5,506,961 A
Filed: 10/17/1994
Issued: 04/09/1996
Est. Priority Date: 09/11/1992
Status: Expired due to Term

First Claim

Patent Images

1. A method for communicating data, said method comprising the steps of:

requesting access to system resources via notification to a system authorizer, said access being requested by a first Input-Output Processor (IOP)Connection manager, said first connection manager residing on a first IOP, said first IOP being connected to a bus;

sending an authorization token in response to said requesting step, said authorization token being sent from said system authorizer mechanism to a second IOP connection manager, said second IOP connection manager residing on a second IOP, said second IOP being connected to said bus, said authorization token being sent as part of a first message, said first message being transmitted on said bus;

sending a copy of said authorization token from said system authorizer to said first IOP connection manager, said authorization token being sent as part of a second message, said second message being transmitted on said bus;

requesting a connection with second IOP connection manager, said connection being requested by said first IOP connection manager via a third message, said third message comprising said copy of said token, said third message being transmitted via said bus;

validating said copy of said authorization token, said copy of said authorization token being validated by said second IOP connection manager; and

connecting said first and said second IOPs across said bus when said copy of said authorization token has been validated by said validating step and thereby permitting access to system resources.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A peer to peer connection authorizer is described. The connection authorizer involves three different entities: a system authorizer mechanism, a client connection manager, and a server connection manager. The system authorizer resides on the main or primary CPU while the client and server connection managers reside on individual IOPs. To obtain information required by a user and/or an application program, the client connection manager issues a request to the system authorizer. When the system authorizer receives the request, it first verifies that the client device is who it claims to be. If the system authorizer determines that the client device should be allowed to access the requested information, it then sends a token to the server device and a copy of the same token to the client device. Upon receipt of the token copy from the system authorizer, the client connection manager packages the token copy into a message that it sends to the server device. When the server connection manager receives the message from the client device, it compares the token copy to the token it received from the system authorizer. If the tokens match, the server connection manager responds to the client device and the connection is established.

Citations

43 Claims

1. A method for communicating data, said method comprising the steps of:
- requesting access to system resources via notification to a system authorizer, said access being requested by a first Input-Output Processor (IOP)Connection manager, said first connection manager residing on a first IOP, said first IOP being connected to a bus;
  
  sending an authorization token in response to said requesting step, said authorization token being sent from said system authorizer mechanism to a second IOP connection manager, said second IOP connection manager residing on a second IOP, said second IOP being connected to said bus, said authorization token being sent as part of a first message, said first message being transmitted on said bus;
  
  sending a copy of said authorization token from said system authorizer to said first IOP connection manager, said authorization token being sent as part of a second message, said second message being transmitted on said bus;
  
  requesting a connection with second IOP connection manager, said connection being requested by said first IOP connection manager via a third message, said third message comprising said copy of said token, said third message being transmitted via said bus;
  
  validating said copy of said authorization token, said copy of said authorization token being validated by said second IOP connection manager; and
  
  connecting said first and said second IOPs across said bus when said copy of said authorization token has been validated by said validating step and thereby permitting access to system resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein said sending an authorization token step comprises the step of sending a generic authorization token.
  - 3. The method of claim 1 wherein said sending an authorization token step comprises the step of sending a reusable authorization token.
  - 4. The method of claim 1 wherein said sending an authorization token step comprises the step of sending a single-use authorization token.
  - 5. The method of claim 1 wherein said sending an authorization token step comprises the step of encrypting said authorization token.
  - 6. The method of claim 5 wherein said sending a copy of said authorization token step comprises the step of encrypting said copy of said authorization token.
  - 7. The method of claim 6 wherein said validating step comprises the step of decrypting said authorization token and said copy of said authorization token.
  - 8. The method of claim 1 wherein said connecting step comprises the step of reporting the outcome of said validating step to said client IOP connection manager.
  - 9. The method of claim 1 wherein said establishing step comprises the step of reporting the outcome of said validating step to said system authorizer.
  - 10. The method of claim 1 wherein said sending an authorization token step comprises the step of sending said authorization token to a first server IOP connection manager and to a second server IOP connection manager.
  - 11. The method of claim 1 wherein said sending a copy of said authorization token step comprises the step of sending said copy of said authorization token to a first client connection manager and to a second client connection manager.
  - 12. The method of claim 10 wherein said sending a copy of said authorization token step comprises the step of sending said copy of said authorization token to a first client connection manager and to a second client connection manager.

13. A method for communicating data between an interconnected client entity and server entity, said method comprising the steps of:
- issuing a request for data, said request being issued by said client entity;
  
  receiving in conjunction with said request an authorization token, said authorization token being received at said server entity, said authorization token being sent from an authorizer entity, said authorizer entity being connected to said client entity and said server entity;
  
  sending a copy of said authorization token from said authorizer entity to said client entity;
  
  requesting a connection, said connection being requested via a message sent from said client entity to said server entity, said message comprising a copy of said authorization token;
  
  validating said copy of said authorization token, said copy of said authorization token being validated by said server entity; and
  
  establishing a connection between said server entity and said client entity when said authorization token has been validated.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13 wherein said receiving step comprises receiving a generic authorization token.
  - 15. The method of claim 13 wherein said receiving step comprises the step of receiving a reusable authorization token.
  - 16. The method of claim 13 wherein said receiving step comprises the step of receiving a single-use authorization token.
  - 17. The method of claim 13 wherein said receiving step comprises the step of encrypting said authorization token.
  - 18. The method of claim 17 wherein said sending step comprises the step of encrypting said copy of said authorization token.
  - 19. The method of claim 18 wherein said validating step comprises the step of decrypting said authorization token.
  - 20. The method of claim 13 wherein said establishing step comprises the step of reporting the outcome of said validating step to said client entity.
  - 21. The method of claim 13 wherein said establishing step comprises the step of reporting the outcome of said validating step to said authorizer entity.
  - 22. The method of claim 13 wherein said receiving step comprises the step of receiving said authorization token at a first server entity and at a second server entity.
  - 23. The method of claim 13 wherein said sending step comprises the step of sending said copy of said authorization token to a first client entity and a second client entity.
  - 24. The method of claim 22 wherein said sending step comprises the step of sending said copy of said authorization token to a first client entity and a second client entity.

25. A method for communicating data between an interconnected client entity and server entity, said method comprising the steps of:
- issuing a request for data, said request being issued by said client entity;
  
  receiving in conjunction with said request an authorization token, said authorization token being received at said client entity, said authorization token being sent from an authorizer entity, said authorizer entity being connected to said client entity and said server entity;
  
  requesting a connection between said entity and a server entity, said connection being requested via a first message sent from said client entity to said server entity, said message comprising said authorization token;
  
  receiving said first message at said server entity, validating said authorization token and responding to said request for data via a second message; and
  
  establishing a connection between said client entity and said server entity when said second message indicates that said authorization token been calibrated
- View Dependent Claims (26, 27, 28, 29, 30, 31)
- - 26. The method of claim 25 wherein said receiving step comprises receiving a generic authorization token.
  - 27. The method of claim 25 wherein said receiving step comprises the step of receiving a reusable authorization token.
  - 28. The method of claim 25 wherein said receiving step comprises the step of receiving a single-use authorization token.
  - 29. The method of claim 25 wherein said establishing step comprises the step of reporting the outcome of said validating step to said authorizer entity.
  - 30. The method of claim 25 wherein said validating step comprises the step of encrypting said authorization token.
  - 31. The method of claim 25 wherein said validating step comprises the step of decrypting said authorization token.

32. An apparatus for communicating data, said apparatus comprising:
- means for requesting access to system resources, said access being requested by a first connection manager, said first Input-Output-(IOP) connection manager residing on a first IOP, said first IOP being connected to a bus;
  
  means for sending an authorization token in response to said requesting step, said authorization token being sent from a system authorizer mechanism to a second IOP connection manager, said second IOP connection manager residing on a second IOP, said second IOP being connected to said bus said authorization token being sent as part of a first message, said first message being transmitted on said bus;
  
  means for sending a copy of said authorization token from said system authorizer to said first IOP connection mangager, said authorization token being sent as part of a second message, said second message being transmitted on said bus;
  
  means for requesting a connection with said second IOP connection manager, said connection being requested via a third message, said third message comprising said copy of said token, said third message being transmitted via said bus;
  
  means for validating said copy of said authorization token, said copy of said authorization token being validated by said second IOP connection manager; and
  
  means for connecting said first and said second IOPs across said bus based on the outcome of said validating step.
- View Dependent Claims (33, 34, 35, 36, 37)
- - 33. The apparatus of claim 32 wherein said means for sending authorization token comprises means for sending a generic authorization token.
  - 34. The apparatus of claim 32 wherein said means for sending an authorization token comprises means for sending a reusable authorization token.
  - 35. The apparatus of claim 32 wherein said means for sending an authorization token comprises means for sending a single-use authorization token.
  - 36. The apparatus of claim 32 wherein said means for connecting comprises means for reporting the outcome of said means for validating to said client IOP connection manager.
  - 37. The apparatus of claim 32 wherein said means for establishing comprises means for reporting the outcome of said means for validating to said system authorizer.

38. An apparatus for communicating data between an interconnected client entity and server entity, said apparatus comprising:
- means for issuing a request for data, said request being issued by said client entity;
  
  means for receiving in conjunction with said request an authorization token, said authorization token being received at said server entity, said authorization token being sent from a authorizer entity, said authorizer entity being connected to said client and entity and to said server entity;
  
  means for sending a copy of said authorization token from said authorizer entity to said client entity;
  
  means for requesting a connection, said connection being requested via a message sent from said client entity to said server entity, said message comprising a copy of said authorization token;
  
  means for validating said copy of said authorization token, said copy of said authorization token being validated by said server enitity; and
  
  means for establishing a connection between said server entity and said client entity when said authorization token has been validated.

39. An apparatus for communicating data between an interconnected client entity and server entity, said apparatus comprising:
- means for issuing a request for data, said request being issued by said client entity;
  
  means for receiving in conjunction with said request an authorization token, said authorization token being received at said client entity, said authorization token being sent from an authorizer entity being connected to said client entity and to said server entity;
  
  means for requesting a connection between said client entity and said server entity, said connection being requested via a first message sent from said client entity to said server entity, said message comprising said authorization token;
  
  means for receiving said first message at said server entity, validating said authorization token and responding to said request for data via a second message; and
  
  means for establishing a connection between said client entity and said server entity when said second message indicates that said authorization token has been validated.
- View Dependent Claims (40, 41, 42, 43)
- - 40. The apparatus of claim 39 wherein said means for receiving comprises means for receiving a generic authorization token.
  - 41. The apparatus of claim 39 wherein said means for receiving comprises means for receiving a reusable authorization token.
  - 42. The apparatus of claim 39 wherein said means for receiving comprises means for receiving a single-use authorization token.
  - 43. The apparatus of claim 39 wherein said means for establishing comprises means for reporting the outcome of said validating step to said authorizer entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Carlson, Brent A., Huss, Frederic L., Schmucki, Nancy M., Zelenski, Richard E.
Primary Examiner(s)
Ray, Gopal C.

Application Number

US08/324,289
Time in Patent Office

540 Days
Field of Search

395/425, 395/725, 395/325, 395/575, 395/200.09, 395/186, 395/650, 395/427, 395/4, 395/23, 395/25, 280/4, 280/23, 280/25, 370/85.4
US Class Current

726/5
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/335   for accessing specific reso...

G06F 21/606   by securing the transmissio...

G06F 21/85   interconnection devices, e....

Connection authorizer for controlling access to system resources

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Connection authorizer for controlling access to system resources

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links