Method and means for providing access to a library of digitized documents and images
First Claim
1. In a data library system for controlling user access to a library of images, an image being a data representation of a document or a portion of a document, the system including at least one processor coupled to a client store, a library server coupled to an access control store, a library storage resource to hold the library of images, and one or more image servers coupled to the library storage resource for storage or retrieval of images, a method for transferring an image between a client process executing on the processor and the library storage resource,the library server maintaining in the access control store means for authenticating user identities and a catalog of the images stored in the library storage resource, the catalog containing entries each identifying an image and an associated image server controlling the library storage resource storing the image,the data library system further including a message-passing communication facility connecting the processor, the library server, and the image servers for message-based communication, andthe library storage resource further including means for validating the access control store authority associated with the library server,the method including the steps of:
- the processor providing a first message from the client process to the library server, the first message including a new authenticating token, an associated request for transferring a requested image between the client process and the library and a name of an associated image port at the processor through which the requested image is to be transferred;
in response to receipt by the library server of the first message,the library server using the authenticating means in the access control store to verify the new authenticating token,the library server using the catalog in the access control store to identify an associated image server with access to a library storage resource for storing the requested image, andthe library server providing a second message from the library server to the associated image server, the second message including an image copy identifier unique to this request, a command for setting up transfer of the requested image between the client process and the library storage resource, and the name of the associated image port;
in response to receipt by the associated image server of the second message,the associated image server using the validating means in the library storage resource and the unique image copy identifier to verify the authority of the library server to control the requested image, andthe associated image server providing through the associated image port a third message to the processor for the client process including a command for transferring the requested image between the client process and the library storage resource through the associated image port; and
in response to receipt by the processor of the third message,the processor and the associated image server transferring the requested image between the associated image port and the library storage resource under control of the associated image server.
0 Assignments
0 Petitions
Accused Products
Abstract
Library service protocols are provided for moving large data objects into an out of a data image library with attention to security, authentication, and consistency of related images stored in different machines. The protocol consists of particular message sequences, special tokens within messages, and out-of-sequence database changes.
-
Citations
22 Claims
-
1. In a data library system for controlling user access to a library of images, an image being a data representation of a document or a portion of a document, the system including at least one processor coupled to a client store, a library server coupled to an access control store, a library storage resource to hold the library of images, and one or more image servers coupled to the library storage resource for storage or retrieval of images, a method for transferring an image between a client process executing on the processor and the library storage resource,
the library server maintaining in the access control store means for authenticating user identities and a catalog of the images stored in the library storage resource, the catalog containing entries each identifying an image and an associated image server controlling the library storage resource storing the image, the data library system further including a message-passing communication facility connecting the processor, the library server, and the image servers for message-based communication, and the library storage resource further including means for validating the access control store authority associated with the library server, the method including the steps of: -
the processor providing a first message from the client process to the library server, the first message including a new authenticating token, an associated request for transferring a requested image between the client process and the library and a name of an associated image port at the processor through which the requested image is to be transferred;
in response to receipt by the library server of the first message,the library server using the authenticating means in the access control store to verify the new authenticating token, the library server using the catalog in the access control store to identify an associated image server with access to a library storage resource for storing the requested image, and the library server providing a second message from the library server to the associated image server, the second message including an image copy identifier unique to this request, a command for setting up transfer of the requested image between the client process and the library storage resource, and the name of the associated image port;
in response to receipt by the associated image server of the second message,the associated image server using the validating means in the library storage resource and the unique image copy identifier to verify the authority of the library server to control the requested image, and the associated image server providing through the associated image port a third message to the processor for the client process including a command for transferring the requested image between the client process and the library storage resource through the associated image port; and
in response to receipt by the processor of the third message,the processor and the associated image server transferring the requested image between the associated image port and the library storage resource under control of the associated image server. - View Dependent Claims (2, 3, 4, 5)
-
-
6. In a data library system for controlling user access to a library of images, an image being a data representation of a document or a portion of a document, the system including a library server coupled to an access control store, a library storage resource for holding the library of images and one or more image servers coupled to the library storage resource for storage or retrieval of images, a method for removing images from the library,
the library server maintaining in the access control store means for authenticating user identities and a library catalog of the images stored in the library storage resource, each image in the library being represented by an associated library catalog entry identifying the library storage location for the image and the identification of an associated image server controlling the library resource containing the image storage location, each image server maintaining a server catalog of images stored in the library storage resource under control of the associated image server, each image stored in the library storage resource being represented by an associated server catalog entry, the library storage resource further including means for validating the access control store authority associated with the library server, and the library system including a processor coupled to a client store for executing a client process and a message communication facility connecting the processor, the library server, and the image servers for message-based communication, the method including the steps of: -
the processor providing a first message to the library server including a new authentication token and an associated request from the client process for deletion of a subject image from the library storage resource; the library server, in response to the first message, using the authenticating means in the access control store to verify the new authenticating token, deleting the subject image entry from the library catalog in the access control store and enqueuing the deletion request with any other such deletion requests; the processor sending a second message from the client process to the library server including a request for commitment of any enqueued deletion requests; the library server, in response to the second message, committing library catalog changes in the access control store including deletion of the subject library catalog entry and providing to an associated image server controlling the library storage resource in which the requested image is stored a third message including a request for deletion from the library storage resource of the subject image; and the associated image server, in response to the third message, using the validating means in the library storage resource to verify the authority of the library server to control the requested image and deleting the subject image from the library storage resource. - View Dependent Claims (7)
-
-
8. In a data library system for controlling user access to a library of images, an image being a data representation of a document or a portion of a document, the system including a library server coupled to an access control store, a library storage resource to hold the library of images and one or more image servers coupled to the library storage resource for storage or retrieval of those images, a method for replacing images in the library,
the library server maintaining in the access control store means for authenticating user identities and a library catalog of the images stored in the library storage resource, each image in the library being represented by a respective library catalog entry identifying an image storage location in the library storage resource, identifying an image identifier (ID) unique to the image and including the identification of an associated image server controlling the library storage resource containing the image storage location, each image server maintaining in the storage resource a server catalog of the images stored in the library storage resource under control of the image server, each image stored in the library storage resource being represented by a respective server catalog entry identifying the image storage location in the library storage resource, the library system including a processor coupled to a client store for executing a client process and a message communication facility connecting the processor, the library server, and the image servers for message-based communication, the method including the steps of: -
the processor sending a first message to the library server, the first message including a new authentication token, an associated request from the client process for deletion of a first image from the library and a first image identifier ID unique to the first image and indexed to an entry in the library catalog; the processor sending a second message to the library server, the second message including a request from the client process for storage of a second image to replace the first image and the first image identifier ID, where the second message follows the first message; the library server using the authenticating means in the access control store to verify the new authenticating token; the library server generating in response to receipt of the second message a library catalog entry for the second image indexed to the first image identifier ID; the library server sending a third message to an associated image server controlling the library storage resource where the first image is stored, the third message including a request for storing the second image; the processor providing the second image from the client process to the associated image server; the associated image server using the validating means in the library storage resource to verify the authority of the library server to control the first image; and the associated image server overwriting the first image with the second image. - View Dependent Claims (9, 10)
-
-
11. In a data library system for controlling client process access to a library of images, an image being a data representation of a document, the system including a library server, a library storage resource to hold the library of images, and one or more image servers coupled to the library storage resource for storage or retrieval of images, a method for replacing images in the library,
the library server maintaining in an access control store means for authenticating client process identities and a library catalog of the images stored in the library storage resource, each image in the library being represented by an associated library catalog entry identifying for the storage location for the image and the identification of an associated image server controlling the library storage resource containing the library storage location, each image server maintaining a server catalog of images stored in the library storage resource under control of the associated image server, each image stored in the library storage resource being represented by an associated server catalog entry that identifies the image storage location in the library storage resource, the library storage resource further including means for validating the access control store authority associated with the library server, and the library system including a processor coupled to a client store for executing a client process and a message communication facility connecting the processor, the library server, and the image servers for message-based communications, the method including the steps of: -
the processor sending a first message from the client process to the library server, the first message including a new authentication token and a request for deletion of a first image from the library storage resource and further including a first image identifier ID unique to the first image and indexed to the image library catalog entry; the processor sending a second message from the client process to the library server, the second message including a request for storage of a second image to replace the first image and further including the first image identifier ID, where the second message follows the first message; the library server generating a second image identifier ID'"'"' unique to the storage request; the library server sending a third message to an associated image server controlling the library storage resource where the first image is stored, the third message including a request for storing the second image at a library storage resource location indexed by the second image identifier ID'"'"'; the associated image server in response to the third message using the validating means in the library storage resource to verify the authority of the library server to control the second image; the associated image server storing the second image in a library storage resource controlled by the associated image server at a storage location indexed by the second image identifier ID'"'"'; the library server generating an aliasing relation IDID'"'"' and storing the aliasing relation in a set of aliasing relations in response to storage of the second image; the library server setting an alias flag bit in the library catalog entry corresponding to the first image identifier ID, the alias flag bit operating to direct all subsequent requests for access to the first image to the library storage resource location indexed by the second image identifier ID'"'"'; the processor providing a fourth message from the client process to the library server including a request for commitment of first image deletion and second image storage; the library server providing a fifth message to the associated image server in response to receipt of the fourth message, the fifth message including a request that the first image be overwritten by the second image; the associated image server overwriting the first image with the second image by changing the second image storage location index from the second image identifier ID'"'"' to the first image identifier ID; and the library server deleting the aliasing relation IDID'"'"' from the set of aliasing relations and resetting the aliasing flag in the library catalog entry indexed by the first image identifier ID.
-
-
12. In a data library system for storing a library of images, an image being a data representation of an information object, the data library system including
a library server coupled to an access control store for controlling access to the library of images, a library storage resource to hold the library of images, one or more image servers coupled to the library storage resource for storage or retrieval of images, one or more processors each coupled to a client store for executing one or more client processes, and a message-passing communication facility connecting the library server, the image servers, and the one or more processors for message-based communications, a method for managing library service request messages comprising the steps of: -
the one or more processors providing a sequence of messages from one or more client processes to the library server, each message including at least one library service request directed to an image server, each library service request specifying access to an image; the library server authenticating the identity of the originating client process for each library service request and responsively accumulating from the sequence of messages a plurality of equivalent library service orders directed to an associated image server; and the library server sending the accumulated plurality of equivalent library service orders to the associated image server in a single message.
-
-
13. In a data library system for storing a library of images, an image being a data representation of an information object, the data library system including
a library server coupled to an access control store for controlling access to the library of images, a library storage resource to hold the library of images, one or more processors each coupled to a client store for executing one or more client processes, one or more image servers coupled to the library storage resource for storage or retrieval of images, and a message-passing communication facility connecting the library server, the image servers, and the one or more processors for message based communications, a method for managing library service request messages comprising the steps of: -
the one or more processors providing library service orders to the library server; the library server authenticating the identity of the originating client process for each library service order and responsively providing to the image servers messages that each include at least one authenticated library service order for access to an image; and an associated image server receiving a plurality of authenticated library service orders, validating the library server authority to issue authenticated library service orders, generating responses to the authenticated and validated library service orders, accumulating responses to authenticated and validated library service orders, and sending to the library server the accumulated responses in a single message.
-
-
14. In a data library system for storing a library of images, an image being a data representation of an information object, the data library system including
a library server coupled to an access control store containing a plurality of library catalog entries for controlling access to the library of images, a library storage resource to hold the library of images, one or more processors each coupled to a client store for executing one or more client processes, one or more image servers coupled to the library storage resource for storage or retrieval of images, and a message-passing communication facility connecting the library server, the image servers, and the one or more processors for message based communications, a method for managing requests to discard images from the library comprising the steps of: -
the one or more processors sending to the library server one or more messages including library service orders for discarding images from the library; the library server deleting from the access control store the library catalog entry for an associated image in response to each library service order to discard the associated image; the library server enqueuing the library service discard order with other discard orders; a processor sending a COMMIT order from a client process to the library server for commitment of library service discard orders enqueued for the client process; and the library server committing the library catalog entry deletions for the enqueued discard orders in response to the COMMIT order, thereby effectively discarding the associated images from the library storage resource.
-
-
15. In a data library system for controlling user access to a library of images, an image being a data representation of a document or a portion of a document, the system including one or more processors each coupled to a client store for executing one or more client processes, a library server coupled to an access control store, a library storage resource to hold the library of images, and one or more image servers coupled to the library storage resource for storage or retrieval of images, a method for moving an image between a client process and the library storage resource,
the library server maintaining in the access control store a catalog of the images stored in the library storage resource, the catalog containing entries each identifying an image and an associated image server controlling the library storage resource for storing the image, the data library system further including a communication facility connecting the one or more processors, the library server, and the image servers for communication, and the library storage resource further including means for validating the access control store authority associated with the library server, the method including the steps of: -
a processor providing a first communication to the library server, the first communication including a new authenticating token, an associated request for transferring a requested image between a client process and the library storage resource and a name of an associated image port at the processor through which the requested image is to be transferred;
in response to receipt by the library server of the first communication,the library server using the authenticating means in the access control store to verify the new authenticating token, the library server using the catalog in the access control store to identify an associated image server with access to a library storage resource for storing the requested image, and the library server providing a second communication to the associated image server for setting up transfer of the image between the processor and the library storage resource, the second communication including an image copy identifier unique to this request and the name of the associated image port;
in response to receipt by the associated image server of the second communication,the associated image server using the validating means in the library storage resource to verify the authority of the library server to control the requested image, and the associated image server providing a third communication to the processor and the library storage resource through the associated image port; and
in response to receipt by the processor of the third communication,the processor and the associated image server transferring the image between the associated image port and the library storage resource under control of the associated image server. - View Dependent Claims (16)
-
-
17. In a data library system for controlling user access to a library of images, an image being a data representation of a document or a portion of a document, the system including one or more processors each coupled to a client store for executing one or more client processes, a library server coupled to an access control store, a library server resource to hold the library of images, and one or more image servers coupled to the library storage resource for storage or retrieval of images, a method for copying an image stored at a first library location to a second library location,
the library server maintaining in the access control store means for authenticating user identities and a catalog of the images stored in the library storage resource, the catalog containing entries each identifying an image and an associated image server controlling the library storage resource storing the image, the data library system further including a message-passing communication facility connecting the one or more processors, the library server, and the image servers for message-based communication, and the library storage resource further including means for validating the access control store authority associated with the library server, the method including the steps of: -
a processor providing a first message from a client process to the library server, the first message including a new authenticating token, an associated request for copying a designated image and identification of a receiving library storage resource to which the designated image is to be copied; the library server using the authenticating means in the access control store to verify the new authenticating token; the library server determining a source image server that controls the source library resource location where the designated image is stored; the library server providing a second message to a target image server that controls the receiving library storage resource identified as receiving the designated image; the library server providing a third message to the source image server causing it to send the designated image to the target image server; the source image server providing a fourth message to the target image server, the fourth message including the designated image; the target image server providing a fifth message to the library server acknowledging receipt and storage of the designated image in the target library resource; the target image server providing a sixth message to the source image server acknowledging receipt of the designated image; the source image server providing a seventh message to the library server indicating completion of the transfer of the designated image to the target image server; and the library server providing an eighth message to the initiating processor confirming completion of the requested copying of the designated image.
-
-
18. In a data library system for controlling user access to a library of images, an image being a data representation of a document or a portion of a document, the system including at least one processor coupled to a client store, a library server coupled to an access control store, a library storage resource to hold the library of images, and one or more image servers coupled to the library storage resource for storage or retrieval of images, the library server maintaining in the access control store means for authenticating user identities and a catalog of the images stored in the library storage resource, the catalog containing entries each identifying an image and an associated image server controlling the library storage resource storing the image, the data library system further including a message-passing communication facility connecting the processor, the library server, and the image servers for message-based communication, and the library storage resource further including means for validating the access control store authority associated with the library server, a computer program product for use with the system to transfer images between a client process executing on the processor and the library storage resource, the computer program product comprising:
-
a recording medium; means recorded on the recording medium for directing the processor to provide a first message from the client process to the library server, the first message including a new authenticating token, an associated request for transferring a requested image between the client process and the library and a name of an associated image port at the processor through which the requested image is to be transferred; means recorded on the recording medium for directing, in response to receipt by the library server of the first message, the library server to use the authenticating means in the access control store to verify the new authenticating token, use the catalog in the access control store to identify an associated image server with access to a library storage resource for storing the requested image, and provide from the library server to the associated image server a second message including an image copy identifier unique to this request, a command for setting up transfer of the requested image between the client process and the library storage resource, and the name of the associated image port; means recorded on the recording medium for directing, in response to receipt by the associated image server of the second message, the associated image server to use the validating means in the library storage resource and the unique image copy identifier to verify the authority of the library server to control the requested image, and provide through the associated image port a third message to the processor for the client process including a command for transferring the requested image between the client process and the library storage resource through the associated image port; and means recorded on the recording medium for directing, in response to receipt by the processor of the third message, the processor and the associated image server to transfer the requested image between the associated image port and the library storage resource under control of the associated image server. - View Dependent Claims (19, 20, 21, 22)
-
Specification