Concurrent user access control in stateless network computing service system
First Claim
Patent Images
1. Apparatus for the control of user access over a stateless network to a restricted system which permits simultaneous access by concurrent users, said apparatus comprising:
- means for assigning an internal user ID to each user;
mapping means for recording the number of current logins, the mapping means being in the form of a user login map which contains a plurality of binary words, with each of said binary words containing a plurality of binary bits, and wherein one or more of said binary bits in the same word are indicative of the number of current logins for a particular internal user ID;
validating means for determining if a requested login is permitted; and
logging means for temporarily keeping a record of each access session in progress wherein only one bit of a word is used to indicate the current status for a single user internal user ID.
1 Assignment
0 Petitions
Accused Products
Abstract
System and method for managing user logins to a restricted computer service over a stateless network. Single user and multiple, or concurrent, user accounts can be maintained with this logging system. Users are assigned a data mask and an internal user ID (IUID). During a login attempt, the mask is used to scan a user login map to determine if the login will be permitted. For single users, the login is allowed if a current session is not already in progress, as indicated by the login map. For concurrent users, the login is allowed if the maximum number of concurrent users for the account does not already exist, as indicated by the login map. When a login is not allowed, a current session may be terminated or set to be terminated after a fixed interval of time, thereby allowing the requested login. A state lookup table (SLT) is maintained to temporarily keep track of each session in progress and includes a session identifier, the IUID, the starting time, and any termination time established for the session.
148 Citations
8 Claims
-
1. Apparatus for the control of user access over a stateless network to a restricted system which permits simultaneous access by concurrent users, said apparatus comprising:
-
means for assigning an internal user ID to each user; mapping means for recording the number of current logins, the mapping means being in the form of a user login map which contains a plurality of binary words, with each of said binary words containing a plurality of binary bits, and wherein one or more of said binary bits in the same word are indicative of the number of current logins for a particular internal user ID; validating means for determining if a requested login is permitted; and logging means for temporarily keeping a record of each access session in progress wherein only one bit of a word is used to indicate the current status for a single user internal user ID.
-
-
2. Apparatus for the control of user access over a stateless network to a restricted system which permits simultaneous access by concurrent users, said apparatus comprising:
-
means for assigning an internal user ID to each user; mapping means for recording the number of current logins, the mapping means being in the form of a user login map which contains a plurality of binary words, with each of said binary words containing a plurality of binary bits, and wherein one or more of said binary bits in the same word are indicative of the number of current logins for a particular internal user ID, and wherein a bit group containing a plurality of bits of the same word are used to indicate the current number of logins for a particular concurrent user internal user ID, with said number being determined by weighting individual bits in the group; validating means for determining if a requested login is permitted; and logging means for temporarily keeping a record of each access session in progress. - View Dependent Claims (3)
-
-
4. Apparatus for the control of user access over a stateless network to a restricted system which permits simultaneous access by concurrent users, said apparatus comprising:
-
mapping means for recording the number of current logins; means for assigning an internal user ID to each user; validating means for determining if a requested login is permitted, the validating means including a user mask of binary bits for determining the current logins as recorded in the mapping means, and wherein the validating means also includes number and location identifiers about the words in the mapping means which will be compared with the user mask to determine the current logins; and logging means for temporarily keeping a record of each access session in progress.
-
-
5. A method of controlling user access over a stateless network to a restricted system which permits simultaneous access by concurrent users, said method including the steps of:
-
assigning an internal user identification (IUID) to each user; maintaining a user login map which is indicative of the number of current logins for a particular IUID, wherein the user login map contains a plurality of binary words, with each of said binary words containing a plurality of binary bits, and wherein one of said binary bits of a word is used to indicate the current status for a single user IUID; providing a user mask of binary bits for use with said login map; comparing said user mask with said login map to determine if a login will be permitted; and authorizing the login if said comparison indicates that the maximum number of logins allowed for said IUID will not be exceeded by said authorizing.
-
-
6. A method of controlling user access over a stateless network to a restricted system which permits simultaneous access by concurrent users, said method including the steps of:
-
assigning an internal user identification (IUID) to each user; maintaining a user login map which is indicative of the number of current logins for a particular IUID, wherein the user login map contains a plurality of binary words, with each of said binary words having a bit group containing a plurality of bits that are used to indicate the current number of logins for a particular concurrent user IUID, said number being determined by weighting individual bits in the group; providing a user mask of binary bits for use with said login map; comparing said user mask with said login map to determine if a login will be permitted; and authorizing the login if said comparison indicates that the maximum number of logins allowed for said IUID will not be exceeded by said authorizing.
-
-
7. A method of controlling user access over a stateless network to a restricted system which permits simultaneous access by concurrent users, said method including the steps of:
-
assigning an internal user identification (IUID) to each user; maintaining a user login map which is indicative of the number of current logins for a particular IUID, wherein the user login map contains a plurality of binary words, with each of said binary words containing a plurality of binary bits, and wherein one or more of said binary bits in the same word are indicative of the number of current logins for a particular IUID; providing a user mask of binary bits for use with said login map, the user mask including number and location identifiers about the words in the user login map which will be compared with the user mask to determine the current logins; comparing said user mask with said login map to determine if a login will be permitted; and authorizing the login if said comparison indicates that the maximum number of logins allowed for said IUID will not be exceeded by said authorizing.
-
-
8. A method of controlling user access over a stateless network to a restricted computing service system which permits simultaneous access by concurrent users, said method including the steps of:
-
assigning an internal user identification (IUID) to each user; maintaining a user login map (ULM) which is indicative of the number of current logins for a particular IUID, said login map including a plurality of binary words, with each of said binary words containing a plurality of binary bits, and wherein one or more of said binary bits in the same word are indicative of the number of current logins for a particular IUID; providing a user mask of binary bits for use with said login map, with the user mask including number and location identifiers about the words in the user login map (ULM) which will be compared with the user mask to determine the number of current logins, said user mask defining the bits in said user login map which indicate the number of current logins for a particular IUID; comparing said user mask with said login map to determine if a login will be permitted; authorizing the login if said comparison indicates that the maximum number of logins allowed for that IUID will not be exceeded by said authorizing; updating the user login map (ULM) when a user login is authorized, said updating resulting in the user login map (ULM) then being indicative of the new number of users presently logged on; temporarily logging particulars about each session in progress in a state lookup table (SLT), with said particulars including at least a session ID, the staring time of the session, the IUID used to authorize the session, and any ending time established for the session; and establishing, when the maximum number is logged on, a time-out time for a current session and recording that time in said state lookup table.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsZhao, Yan
-
Primary Examiner(s)Beausoliel, Jr., Robert W.
-
Assistant Examiner(s)Revak, Christopher A.
-
Application NumberUS08/926,207Time in Patent Office910 DaysField of Search395/187.01, 395/186, 395/200.55, 395/188.01, 713/200, 713/201, 713/202, 709/225, 709/227, 709/228, 709/229, 709/224US Class Current726/6CPC Class CodesH04L 63/102 Entity profiles
