Full group privileges access system providing user access security protection for a telecommunications switching system
First Claim
1. A full group privileges access mechanism for providing security protection for a telecommunications switching system which is accessible by authorized users using a computer, comprising:
- a server having an application program to access the telecommunications switching system;
a computer operable to communicate with the server over a first communication link, the server operable to provide the application program to the computer upon request, the computer operable to execute the application program, the computer operable to establish communications with the telecommunications switching system over a second communication link according to the application program;
storage files in the telecommunications switching system containing first information and second information associated with authorized user identification;
a system manager building block in the telecommunications switching system in communication with said computer, said system manager building block also being in communication with said storage files in order to access said first information for determining if a computer user is an authorized user, and in order to modify said first information;
a system security manager client building block in the telecommunications switching system in communication with said system manager building block; and
a system security manager server building block in the telecommunications switching system in communication with said system security manager client building block, said system security manager client building block and said system security manager server building block being jointly in communication with said storage files in order to access said second information, and in order to modify said second information, wherein said system manager building block provides communication between said computer and said system security manager client building block, and wherein said system security manager client building block provides communication between said system manager building block and said system security manager server building block.
2 Assignments
0 Petitions
Accused Products
Abstract
A full group privileges access mechanism which provides security protection for a telecommunications switching system which is accessible by users using a computer. The full group privileges access mechanism contains storage files which store information related to authorized users, a system manager building block which is in communication with the computer, a system security manager client building block which is in communication with the system manager building block, and a system security manager server building block which is in communication with the system security manager client building block. The system manager building block in combination with the system security manager client building block and the system security manager server building block are in communication with the storage files which contain information related to the authorized users. The system manager building block in combination with the system security manager client building block and the system security manager server building block can access the storage file information related to the authorized users in order to determine whether, and to what extent, users can access the telecommunications switching system.
108 Citations
26 Claims
-
1. A full group privileges access mechanism for providing security protection for a telecommunications switching system which is accessible by authorized users using a computer, comprising:
-
a server having an application program to access the telecommunications switching system;
a computer operable to communicate with the server over a first communication link, the server operable to provide the application program to the computer upon request, the computer operable to execute the application program, the computer operable to establish communications with the telecommunications switching system over a second communication link according to the application program;
storage files in the telecommunications switching system containing first information and second information associated with authorized user identification;
a system manager building block in the telecommunications switching system in communication with said computer, said system manager building block also being in communication with said storage files in order to access said first information for determining if a computer user is an authorized user, and in order to modify said first information;
a system security manager client building block in the telecommunications switching system in communication with said system manager building block; and
a system security manager server building block in the telecommunications switching system in communication with said system security manager client building block, said system security manager client building block and said system security manager server building block being jointly in communication with said storage files in order to access said second information, and in order to modify said second information, wherein said system manager building block provides communication between said computer and said system security manager client building block, and wherein said system security manager client building block provides communication between said system manager building block and said system security manager server building block. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
a tester user group having members authorized to access said functions and execute said commands for performing testing on the telecommunications switching system;
a maintenance user group having members authorized to access said functions and execute said commands for performing maintenance on the telecommunications switching system; and
an administrator user group having members authorized to access said functions and execute said commands for providing administration of the telecommunications switching system.
-
-
12. The full group privileges access mechanism of claim 11, wherein said members of said administrator user group are authorized to access a greater number of functions and execute a greater number of commands than said members of said tester user group and said members of said maintenance user group, and wherein said members of said maintenance user group are authorized to access a greater number of functions and execute a greater number of commands than said members of said tester user group.
-
13. The full group privileges access mechanism of claim 1, wherein said system manager building block communicates with the computer using an internet inter-ORB protocol (IIOP) communications protocol.
-
14. The full group privileges access mechanism of claim 1, wherein said system manager building block communicates with the computer using a hypertext transport protocol (HTTP) communications protocol.
-
15. The full group privileges access mechanism of claim 1, wherein said system security manager client building block and said system security manager server building block conform to a common object request broker architecture (COBRA), and communicate with one another using a CORBA communications protocol.
-
16. A method for providing a full group privileges access mechanism to provide security protection for a telecommunications switching system which is accessible by users using a computer, the telecommunications switching system providing functions which can be accessed and commands which can be executed, comprising the steps of:
-
receiving a request to access the telecommunications switching system at a server from the computer over a first communication link;
providing an access application program to the computer from the server in response to the request;
executing the access application program at the computer;
establishing a second communication link from the computer to the telecommunications switching system according to execution of the access application program;
maintaining first information identifying authorized users and second information associating authorized users with access authorization data;
receiving identification data entered by a computer user;
comparing said identification data to said first information;
receiving command data entered by said user; and
comparing said second information associated with said user to access authorization data associated with the command or function represented by said command data to determine the authority of said computer user to access said command or function. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25)
maintaining an authorization level for each authorized user; and
maintaining information designating a minimum authorization level for each function and for each command of the telecommunications switching system, wherein for each function access will not be provided unless a computer user has an authorization level greater than or equal to the minimum authorization level for the function, and wherein for each command execution will not be permitted unless the computer user has an authorization level greater than or equal to the minimum authorization level for the command.
-
-
20. The method of claim 16, wherein said step of maintaining second information further comprises the step of maintaining information identifying at least one user group, each user group having members comprising at least one authorized user group, wherein at least one user group is authorized to access each function and at least one user group is authorized to execute each command, and wherein for each function access will not be provided unless a computer user is a member of at least one user group authorized to access the function, and wherein for each command execution will not be permitted unless the computer user is a member of at least one said user group authorized to execute the command.
-
21. The method of claim 16, wherein said step of maintaining second information further comprises the steps of:
-
maintaining information identifying an authorization level for each authorized user;
maintaining information identifying a minimum authorization level for each function and for each command of the telecommunications switching system; and
maintaining information designating at least one user group, each user group having members comprising at least one authorized user, wherein at least one user is authorized to access each function and at least one user group is authorized to execute each command, and wherein for each function, access will not be provided unless the computer user has an authorization level greater than or equal to the minimum authorization level for the function, and is a member of at least one user group authorized to access the function, and wherein for each command, execution will not be permitted unless the computer user has an authorization level greater than or equal to the minimum authorization level for the command, and is a member of at least one user group authorized to execute the command.
-
-
22. The method of claim 21, further comprising the step of generating records of unauthorized attempts to access the functions of the telecommunications switching system or execute the commands of the telecommunications switching system.
-
23. The method of claim 21, wherein said step of maintaining at least one user group further comprises the step of maintaining a plurality of user groups, wherein the members of each of the plurality of user groups are authorized to access a different number of functions and execute a different number of commands than the members of the remainder of the plurality of user groups.
-
24. The method of claim 21, wherein said step of maintaining information identifying at least one user group further comprises the steps of:
-
maintaining information identifying a tester user group having members authorized to access functions and execute commands for performing testing on the telecommunications switching system;
maintaining information identifying a maintenance user group having members authorized to access functions and execute commands for performing maintenance on the telecommunications switching system; and
maintaining information identifying an administrator user group having members authorized to access functions and execute commands for providing administration of the telecommunications switching system.
-
-
25. The method of claim 24, wherein the members of the administrator user group are authorized to access a greater number of functions and execute a greater number of commands than the members of the tester user group and the members of the maintenance user group, and wherein the members of the maintenance user group are authorized to access a greater number of functions and execute a greater number of commands than the members of the tester user group.
-
26. A full group privileges access mechanism for providing security protection for a telecommunications switching system which is accessible by authorized users using a computer, and which provides functions which can be accessed by the authorized users and commands which can be executed by the authorized users, comprising:
-
a server having an application program to access the telecommunications switching system;
a computer operable to communicate with the server over a first communication link, the server operable to provide the application program to the computer upon request, the computer operable to execute the application program, the computer operable to establish communications with the telecommunications switching system over a second communication link according to the application program;
a memory in the telecommunications switching system containing information related to the authorized users, said information including first information comprising an authorized user identification for each authorized user and a password for each authorized user, said information also including second information comprising an authorization level for each authorized user and a minimum authorization level for each function and for each command provided by the telecommunications switching system, said second information also identifying users who are members of at least one user group, at least one said user group being authorized to access each function, and at least one said user group being authorized to execute each command;
a system manager building block in the telecommunications switching system having a CORBA architecture and having a runtime library accessing said memory, said system manager building block being in communication with said computer and accessing said first information for determining the authorization of users to access the telecommunications switching system, and said system manager building block accessing said memory to modify said information related to said authorized users for controlling the ability of users of the computer to access the telecommunications switching system;
a system security manager client building block in the telecommunications switching system having a CORBA architecture and being in communication with said system manager building block in the telecommunications switching system using a CORBA communications protocol; and
a system security manager server building block having a CORBA architecture and being in communication with said system security manager client building block using a CORBA communications protocol, said system security manager client building block and said system security manager server building block being in joint communication with said memory in order to access said second information for determining the ability of users of the computer to access the telecommunications switching system, and in order to modify said second information, wherein for each function a user of the computer will not be provided access to the function unless the user provides an authorized user identification and an authorized password corresponding to said first information, has an authorization level greater than or equal to said minimum authorization level for the function, and is a member of at least one said user group authorized to access said function, and wherein for each command a user of the computer will not be permitted to execute the command unless the user provides an authorized user identification and an authorized password corresponding to said first information, has an authorization level greater than or equal to said minimum authorization level for the command, and is a member of at least one said user group authorized to execute said command, and wherein said system manager building block provides communication between the computer and said system security manager client building block, and wherein said system security manager client building block provides communication between said system manager building block and said system security manager server building block.
-
Specification