System and method for enabling and controlling anonymous file transfer protocol communications

US 6,092,198 A
Filed: 02/25/1997
Issued: 07/18/2000
Est. Priority Date: 02/25/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for operating a digital computer for building a server to enable and control FTP and anonymous FTP processing, comprising the steps of:

defining a server logon exit program interface including user identifier, authentication string, client IP address and return code parameters, said exit program being a program for controlling access to said server and to data residing on said server and a program which is callable by an existing computer application, using a defined interface, which is not part of said application;

defining a request validation exit program interface including an operation identifier, user name, client IP address, operation specific information, and return code parameters; and

providing in a server program a data transformation routine, and routines for controlling server commandsincluding commands for session initialization, directory creation, directory deletion, set current directory, list files, delete file, send file, receive file, rename file and execute operating system command.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Control of anonymous file transfer protocol server using exit programs: FTP and anonymous FTP communications are enabled and controlled by operating a server logon exit program to deny or authorize a logon request based on any combination of a user authentication string and/or client network address; and operating a request validation exit program to deny or authorize an action request based on any combination of type of request, user, client network address, and specific data requested.

Citations

7 Claims

1. A method for operating a digital computer for building a server to enable and control FTP and anonymous FTP processing, comprising the steps of:
- defining a server logon exit program interface including user identifier, authentication string, client IP address and return code parameters, said exit program being a program for controlling access to said server and to data residing on said server and a program which is callable by an existing computer application, using a defined interface, which is not part of said application;
  
  defining a request validation exit program interface including an operation identifier, user name, client IP address, operation specific information, and return code parameters; and
  
  providing in a server program a data transformation routine, and routines for controlling server commandsincluding commands for session initialization, directory creation, directory deletion, set current directory, list files, delete file, send file, receive file, rename file and execute operating system command.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - building and installing a logon exit program and a request validation exit program for enforcing the security policies of a user enterprise with respect to the FTP server.
  - 3. The method of claim 2, further comprising:
    - operating said server to establish a client session, including;
      
      receiving a request for connection from a client;
      
      calling said request validation exit to validate the request;
      
      receiving a return code from said request validation exit program authorizing or rejecting the connection request;
      
      responsive to the return code, if not authorized, rejecting the connection;
      
      otherwise;
      
      activating the connection to the client;
      
      receiving a user subcommand containing the user name;
      
      responsive to a user name of anonymous, requesting an electronic mail address from said user; and
      
      thereafter receiving a command from said user containing the electronic mail address as an authentication string;
      
      responsive to a user name other than anonymous, requesting a password from said user, and thereafter receiving a command from said user containing the password as an authentication string;
      
      calling the server logon exit program, including user name and authentication string and the client network address;
      
      receiving a return code from said server logon exit program;
      
      responsive to a reject return code, rejecting the logon request;
      
      responsive to an unconditional accept return code, accepting the logon request without further authentication; and
      
      responsive to a conditional accept return code, validating the authentication string as a logon password.
  - 4. The method of claim 3, further comprising:
    - operating said server to process requests from the client session, includingreceiving an action request to perform an action on the server system;
      
      calling said request validation exit to validate the action request;
      
      receiving a return code from said request validation exit program authorizing or rejecting the action request;
      
      responsive to the return code, if not authorized, rejecting the action request;
      
      otherwise processing said action request;
      
      whereby said server logon exit program denies or authorizes said logon request based on any combination of user authentication string and client network address; and
      
      said request validation exit program denies or authorizes said action request based on any combination of type of request, user, client network address, and specific data requested.

5. A method for operating a digital computer to enable and control FTP and anonymous FTP processing on a digital computer, comprising the steps of:
- building a server, including;
  
  defining a server logon exit program interface including user identifier, authentication string, client IP address and return code parameters;
  
  defining a request validation exit program interface including an operation identifier, user name, client IP address, operation specific information, and return code parameters;
  
  providing in a server program a data transformation routine, and routines for controlling server commands such as commands for session initialization, directory creation, directory deletion, set current directory, list files, deletefile, send file, receive file, rename file and execute operating system command;
  
  building and installing a logon exit program and a request validation exit program for enforcing the security policies of a user enterprise with respect to the FTP server;
  
  operating said server to establish a client session, including;
  
  receiving a request for connection from a client;
  
  calling said request validation exit to validate the request;
  
  receiving a return code from said request validation exit program authorizing or rejecting the connection request;
  
  responsive to the return code, if not authorized, rejecting the connection;
  
  otherwise;
  
  activating the connection to the client;
  
  receiving a user subcommand containing the user name;
  
  responsive to a user name of anonymous, requesting an e-mail address from said user; and
  
  thereafter receiving a PASS subcommand from said user containing the e-mail address as an authentication string;
  
  responsive to a user name other than anonymous, requesting a password from said user, and thereafter receiving a command from said user containing the password as an authentication string;
  
  calling the server logon exit program, including user name and authentication string and the client network address);
  
  receiving a return code from said server logon exit program;
  
  responsive to a reject return code, rejecting the logon request;
  
  responsive to an unconditional accept return code, accepting the logon request without further authentication; and
  
  responsive to a conditional accept return code, validating the authentication string as a logon password;
  
  operating said server to process requests from the client session, includingreceiving an action request to perform an action on the server system;
  
  calling said request validation exit to validate the action request;
  
  receiving a return code from said request validation exit program authorizing or rejecting the action request;
  
  responsive to the return code, if not authorized, rejecting the action request;
  
  otherwise processing said action request;
  
  whereby said server logon exit program denies or authorizes said logon request based on any combination of user authentication string and client network address; and
  
  said request validation exit program denies or authorizes said action request based on any combination of type of request, user, client network address, and specific data requested.

6. A method for operating a digital computer for building a server to enable and control FTP and anonymous FTP processing, comprising the steps of:
- defining a server logon exit program interface including user identifier, authentication string, client IP address and return code parameters;
  
  defining a request validation exit program interface including an operation identifier, user name, client IP address, operation specific information, and return code parameters;
  
  providing in a server program a data transformation routine, and routines for controlling server commands including commands for session initialization, directory creation, directory deletion, set current directory, list files, delete file, send file, receive file, rename file and execute operating system command;
  
  building and installing a logon exit program and a request validation exit program for enforcing the security policies of a user enterprise with respect to the FTP server;
  
  operating said server to establish a client session, including;
  
  receiving a request for connection from a client;
  
  calling said request validation exit to validate the request;
  
  receiving a return code from said request validation exit program authorizing or rejecting the connection request;
  
  responsive to the return code, if not authorized, rejecting the connection;
  
  otherwise;
  
  activating the connection to the client;
  
  receiving a user subcommand containing the user name;
  
  responsive to a user name of anonymous, requesting an electronic mail address from said user; and
  
  thereafter receiving a command from said user containing the electronic mail address as an authentication string;
  
  responsive to a user name other than anonymous, requesting a password from said user, and thereafter receiving a command from said user containing the password as an authentication string;
  
  calling the server logon exit program, including user name and authentication string and the client network address;
  
  receiving a return code from said server logon exit program;
  
  responsive to a reject return code, rejecting the logon request;
  
  responsive to an unconditional accept return code, accepting the logon request without further authentication; and
  
  responsive to a conditional accept return code, validating the authentication string as a logon password.
- View Dependent Claims (7)
- - 7. The method of claim 6, further comprising:
    - operating said server to process requests from the client session, includingreceiving an action request to perform an action on the server system;
      
      calling said request validation exit to validate the action request;
      
      receiving a return code from said request validation exit program authorizing or rejecting the action request;
      
      responsive to the return code, if not authorized, rejecting the action request;
      
      otherwise processing said action request;
      
      whereby said server logon exit program denies or authorizes said logon request based on any combination of user authentication string and client network address; and
      
      said request validation exit program denies or authorizes said action request based on any combination of type of request, user, client network address, and specific data requested.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Lanzy, Garrett Roman, Pflug, Francis Alan, Stange, Gary Herbert
Primary Examiner(s)
Sheikh, Ayaz R.
Assistant Examiner(s)
PHAN, RAYMOND NGAN

Application Number

US08/806,896
Time in Patent Office

1,239 Days
Field of Search

395/186, 395/187.01, 395/188.01
US Class Current

726/5
CPC Class Codes

H04L 63/0407   wherein the identity of one...

H04L 63/0421   Anonymous communication, i....

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 67/06   specially adapted for file ...

H04L 69/329   in the application layer [O...

System and method for enabling and controlling anonymous file transfer protocol communications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for enabling and controlling anonymous file transfer protocol communications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links