Methods and apparatus for implementing secure name servers in an object-oriented system

US 5,577,252 A
Filed: 07/28/1993
Issued: 11/19/1996
Est. Priority Date: 07/28/1993
Status: Expired due to Term

First Claim

Patent Images

1. A computer implemented method for providing a secure naming system for a set of objects in an object-oriented system having a plurality of name servers, said method comprising the steps of:

implementing a first context object in a first name server, said first context object comprising a first encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object;

implementing a second context object in a second name server, said second context object comprising a second encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object;

binding said second context object to a second context name within said first context object;

binding a desired first object to a first object name within said second context object;

requesting said desired first object for a client using a path name comprised of said second context name and said first object name and a desired set of access rights; and

resolving said request for said desired first object by performing the steps ofresolving said second context name to receive a representation of said second context object located in said second name server;

assuring said second name server that a name resolution from said first name server to said second name server is secure;

resolving said first object name within said second context object to receive a duplicate of said desired object that encapsulates the first encapsulated principal identifier and the desired access rights.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure naming model for objects in an object-oriented system, wherein names are bound to objects within context objects. The context objects are implemented by name servers, and clients request that a context object "resolve" the name for the object. The name server that implements the context returns a duplicate of the desired object. If a name resolution involves more than one name server, an assurance of security is provided by the first name server to the second name server.

165 Citations

12 Claims

1. A computer implemented method for providing a secure naming system for a set of objects in an object-oriented system having a plurality of name servers, said method comprising the steps of:
- implementing a first context object in a first name server, said first context object comprising a first encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object;
  
  implementing a second context object in a second name server, said second context object comprising a second encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object;
  
  binding said second context object to a second context name within said first context object;
  
  binding a desired first object to a first object name within said second context object;
  
  requesting said desired first object for a client using a path name comprised of said second context name and said first object name and a desired set of access rights; and
  
  resolving said request for said desired first object by performing the steps ofresolving said second context name to receive a representation of said second context object located in said second name server;
  
  assuring said second name server that a name resolution from said first name server to said second name server is secure;
  
  resolving said first object name within said second context object to receive a duplicate of said desired object that encapsulates the first encapsulated principal identifier and the desired access rights.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein said step of assuring said second name server that a name resolution from said first name server to said second name server is secure comprises the steps of:
    - comparing said first encapsulated principal identifier in said first context object with said second encapsulated principal identifier in said second context object; and
      
      granting assurance if said first encapsulated principal identifier and said second encapsulated principal identifier are equal.
  - 3. The method of claim 1, wherein said step of assuring said second name server that a name resolution from said first name server to said second name server is secure comprises the step of providing a special relationship between said first name server and said second name server such that said second name server trusts said first name server.
  - 4. The method of claim 1, wherein said step of assuring said second name server that a name resolution from said first name server to said second name server is secure comprises the steps of:
    - raising a "cannot proceed" exception with said client;
      
      returning a powerless duplicate of said second context object and said first object name to said client; and
      
      authenticating said client with said second name server.

5. An apparatus for providing a secure naming system for a set of objects in an object-oriented system having a plurality of name servers, comprising:
- a first name server, said first name server having at least one context object, each of said context objects having an encapsulated principal identifier;
  
  a first context object within said first name server, said first context object comprising a first encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object;
  
  a second name server, said second name server having at least one context object, each of said context objects having an encapsulated principal identifier;
  
  a second context object within said second name server, said second context object comprising a second encapsulated principal identifier and at least one name binding, each of said name bindings comprising a name and an object;
  
  means for binding said second context object to a second context name within said first context object;
  
  means for binding a desired first object to a first object name within said second context object;
  
  means for requesting said desired first object for a client using a path name comprised of said second context name and said first object name and a desired set of access rights; and
  
  means for resolving said request for said desired first object by resolving said second context name to receive a representation of said second context object located in said second name server, and then assuring said second name server that a name resolution from said first name server to said second name server is secure, and then resolving said first object name within said second context object to receive a duplicate of said desired object that encapsulates the first encapsulated principal identifier and the desired access rights.
- View Dependent Claims (6, 7, 8)
- - 6. The apparatus of claim 5, wherein said means for assuring said second name server that a name resolution from said first name server to said second name server is secure comprises:
    - means for comparing said first encapsulated principal identifier in said first context object with said second encapsulated principal identifier in said second context object; and
      
      means for granting assurance if said first encapsulated principal identifier and said second encapsulated principal identifier are equal.
  - 7. The apparatus of claim 5, wherein said means for assuring said second name server that a name resolution from said first name server to said second name server is secure comprises means for providing a special relationship between said first name server and said second name server such that said first name server trusts said second name server.
  - 8. The apparatus of claim 5, wherein said means for assuring said second name server that a name resolution from said first name server to said second name server is secure comprises:
    - means for raising a "cannot proceed" exception with said client;
      
      means for returning a powerless duplicate of said second context object and said first object name to said client; and
      
      means for authenticating said client with said second name server.

9. In an object-oriented system, said object-oriented system having a first name server having a first context object with a first encapsulated principal identifier, a second name server having a second context object with a second encapsulated principal identifier, a method for providing a secure naming system comprising the steps of:
- binding said second context object to a second context name within said first context object;
  
  binding a desired first object to a first object name within said second context object;
  
  sending an object request from a client to said first context object for said desired first object using a path name comprised of said second context name and said first object name and a desired set of access rights; and
  
  resolving said object request for said desired first object by performing a series of steps comprisingresolving said second context name within said first context object to receive a representation of said second context object located in said second name server,assuring said second name server that a name resolution from said first name server to said second name server is secure,resolving said first object name within said second context object to receive a duplicate of said desired object that encapsulates the first encapsulated principal identifier and the desired access rights.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein said step of assuring said second name server comprises the steps of:
    - comparing said first encapsulated principal in said first context object with said second encapsulated principal in said second context object; and
      
      granting security assurance if said first encapsulated principal and said second encapsulated principal are equal.
  - 11. The method of claim 9, wherein said step of assuring said second name server comprises the step of providing a special relationship between said first name server and said second name server such that said second name server trusts said first name server.
  - 12. The method of claim 9, wherein said step of assuring said second name server comprises the steps of:
    - raising a "cannot proceed" exception with said client;
      
      returning a powerless duplicate of said second context object and said first object name to said client; and
      
      authenticating said client with said second name server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Radia, Sanjay R., Hamilton, Graham, Nelson, Michael N.
Primary Examiner(s)
Kriess, Kevin A.
Assistant Examiner(s)
Banankhah, Majid A.

Application Number

US08/099,150
Time in Patent Office

1,210 Days
Field of Search

395/700, 395/200, 395/600, 380/49, 364/284.3, 364/284.4, 364/DIG. 1
US Class Current

718/100
CPC Class Codes

G06F 2209/462   Lookup

G06F 9/4488   Object-oriented

G06F 9/4493   Object persistence

Methods and apparatus for implementing secure name servers in an object-oriented system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

165 Citations

12 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus for implementing secure name servers in an object-oriented system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

165 Citations

12 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others