Information handling system, method, and article of manufacture including a vault object for encapsulation of object security credentials

US 5,802,276 A
Filed: 01/03/1996
Issued: 09/01/1998
Est. Priority Date: 01/03/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for improving object security in an information handling system employing object oriented technology, comprising the steps of:

creating one or more vault objects for encapsulating security relevant objects;

retrieving security credentials associated with an owner of a process;

examining retrieved security credentials against security relevant objects in the vault to determine if the owner of the process is authorized for access to data related to the encapsulated security relevant objects; and

creating a persona object, representing an authenticated identity, the personal object comprising pointers to privileges and capabilities of the owner.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and article of manufacture for improving object security in distributed object systems, in an information handling system employing object oriented technology, includes one or more workstations, each workstation having one or more processors, a memory system, an input/output subsystem which may include one or more input/output controllers, each controlling one or more input/output devices, such as communications devices, cursor control devices, keyboards, and display devices, an operating system program such as the OS/2 multi-tasking operating system (OS/2 is a registered trademark of International Business Machines Corporation), and an object oriented control program such as the Distributed System Object Method (DSOM) program available from International Business Machines Corporation, wherein the object oriented control program includes a vault object containing security credentials for objects in the distributed system.

Citations

12 Claims

1. A method for improving object security in an information handling system employing object oriented technology, comprising the steps of:
- creating one or more vault objects for encapsulating security relevant objects;
  
  retrieving security credentials associated with an owner of a process;
  
  examining retrieved security credentials against security relevant objects in the vault to determine if the owner of the process is authorized for access to data related to the encapsulated security relevant objects; and
  
  creating a persona object, representing an authenticated identity, the personal object comprising pointers to privileges and capabilities of the owner.
- View Dependent Claims (2, 3, 4)
- - 2. A method according to claim 1, wherein the persona object further comprises:
    - information for an established security context local to the owner'"'"'s address space or process; and
      
      information on the quality of message protection and types of underlying mechanisms providing for the security services available to the owner.
  - 3. A method according to claim 1, wherein the step of creating the persona object further comprises the steps of:
    - providing a secret key evidencing a right of the owner to an account defined for the owner.
  - 4. A method according to claim 1, further comprising the steps of:
    - creating one or more shared security context objects, each representing a security association between two or more owners across two or more address spaces.

5. A computer readable medium comprising means for improving object services in an information handling system employing object oriented technology, comprising:
- means for creating one or more vault objects for encapsulating security relevant objects;
  
  means for retrieving security credentials associated with an owner of a process;
  
  means for examining retrieved security credentials against security relevant objects in the vault to determine if the owner of the process is authorized for access to data related to the encapsulated security relevant objects; and
  
  means for creating a persona object, representing an authenticated identity, the persona object comprising pointers to privileges and capabilities of the owner.
- View Dependent Claims (6, 7, 8)
- - 6. A computer readable medium, according to claim 5, wherein the persona object further comprises:
    - information for an established security context local to the owner'"'"'s address space or process; and
      
      information on the quality of message protection and types of underlying mechanisms providing for the security services available to the owner.
  - 7. A computer readable medium, according to claim 5, wherein the means for creating the persona object further comprises:
    - means for providing a secret key evidencing a right of the owner to an account defined for the owner.
  - 8. A computer readable medium, according to claim 5, further comprises:
    - means for creating one or more shared security context objects, each representing a security association between two or more owners across two or more address spaces.

9. An information handling system, comprising:
- one or more processors;
  
  a storage system;
  
  one or more I/O controllers;
  
  a system bus, operatively connecting the processors, the storage system and the I/O controllers;
  
  a system control program for controlling the operation of the system;
  
  means for creating one or more vault objects for encapsulating security relevant objects;
  
  means for retrieving security credentials associated with an owner of a process;
  
  means for examining retrieved security credentials against security relevant objects in the vault to determine if the owner of the process is authorized for access to data related to the encapsulated security relevant objects; and
  
  means for creating a persona object, representing an authenticated identity, the persona object comprising pointers to privileges and capabilities of the owner.
- View Dependent Claims (12)
- - 12. An information handling system, according to claim 9, further comprising:
    - means for creating one or more shared security context objects, each representing a security association between two or more owners across two or more address spaces.

11. An information handling system, according to claim 11, further comprising:
- means for providing a secret key evidencing a right of the owner to an account defined for the owner.
- View Dependent Claims (10)
- - 10. An information handling system, according to claim 11, further comprising:
    - information for an established security context local to the owner'"'"'s address space or process; and
      
      information on the quality of message protection and types of underlying mechanisms providing for the security services available to the owner.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Phoenicia Innovations LLC Subsidiary of Pendrell Technologies LLC
Original Assignee
International Business Machines Corporation
Inventors
Benantar, Messaoud, Blakley, III, George Robert, Nadalin, Anthony Joseph
Primary Examiner(s)
PALYS, JOSEPH E

Application Number

US08/582,551
Time in Patent Office

972 Days
Field of Search

395/186, 395/188.01, 395/187.01, 395/609, 395/614, 395/670, 395/674, 395/677, 395/678, 380/3, 380/4, 380/23, 380/25, 707/9, 707/103
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2149   Restricted operating enviro...

G06F 9/4492   Inheritance

Information handling system, method, and article of manufacture including a vault object for encapsulation of object security credentials

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Information handling system, method, and article of manufacture including a vault object for encapsulation of object security credentials

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links