System and method for regulating a network service provider's ability to host distributed applications in a distributed processing environment

US 6,374,357 B1
Filed: 04/16/1998
Issued: 04/16/2002
Est. Priority Date: 04/16/1998
Status: Expired due to Term

First Claim

Patent Images

1. In a distributed processing system that includes at least one network service provider (NSP) that is capable of providing network services to a plurality of remotely connected clients, including the ability to host use of a distributed application by the remotely connected clients, a method for regulating access to the distributed application via an NSP, the method comprising the following steps:

initiating, via a transport service provider (TSP) configured as a first driver, remote communications access to one of the NSPs by a client;

requesting access to the network services of the NSP on behalf of the distributed application executing at the client;

verifying, by a distributed application interface configured as a second driver, that the NSP is authorized to provide network services to the distributed application through the use of a permit created and issued by the vendor of the distributed application for which authorization is being granted; and

allowing the distributed application to access the network services of the NSP only if the NSP is authorized to provide network services to the distributed application executing at the requesting client at the time the request is made, wherein the second driver is configured to provide a defined application program interface between the distributed application and the TSP communication services provided by the first driver so that the distributed application can be hosted by a variety of NSPs, regardless of the communications protocol used by such NSPs, and the authority of the NSPs to host the distributed application can be verified, without having to alter or customize the distributed application for any particular NSP.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to a novel system and method for regulating a network service provider'"'"'s ability to provide network services to a distributed application executing on a network connected computer, which is dependent upon whether the NSP possesses a valid permit. The permit is a data structure created by a vendor or distributor of a distributed application. The vendor can selectively issue a permit to the NSP (or NSPs) for which authorization is being granted. When the distributed application is being executed at a client computer, and the services of a particular NSP are requested, an application running at the client first requests that the NSP provide the client with a valid permit. If the permit is valid and authentic, and the identity of the NSP is confirmed, then the application executing at the client will permit the distributed application to utilize the network services of the selected NSP.

Citations

21 Claims

1. In a distributed processing system that includes at least one network service provider (NSP) that is capable of providing network services to a plurality of remotely connected clients, including the ability to host use of a distributed application by the remotely connected clients, a method for regulating access to the distributed application via an NSP, the method comprising the following steps:
- initiating, via a transport service provider (TSP) configured as a first driver, remote communications access to one of the NSPs by a client;
  
  requesting access to the network services of the NSP on behalf of the distributed application executing at the client;
  
  verifying, by a distributed application interface configured as a second driver, that the NSP is authorized to provide network services to the distributed application through the use of a permit created and issued by the vendor of the distributed application for which authorization is being granted; and
  
  allowing the distributed application to access the network services of the NSP only if the NSP is authorized to provide network services to the distributed application executing at the requesting client at the time the request is made, wherein the second driver is configured to provide a defined application program interface between the distributed application and the TSP communication services provided by the first driver so that the distributed application can be hosted by a variety of NSPs, regardless of the communications protocol used by such NSPs, and the authority of the NSPs to host the distributed application can be verified, without having to alter or customize the distributed application for any particular NSP.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. A computer-readable medium having computer-executable instructions for performing the steps recited in claim 1.
  - 3. A method as defined in claim 1, wherein the permit comprises at least one of the following verification parameters:
    - an application identifier;
      
      a permit effective date;
      
      a permit expiration date;
      
      a public certificate containing a public key owned by a NSP; and
      
      a unique digital signature.
  - 4. A method as defined in claim 3, wherein the application identifier comprises at least one of the following application parameters:
    - a version number for the distributed application for which the permit is created;
      
      a release number for the distributed application for which the permit is created; and
      
      an application identifier code that identifies the distributed application for which the permit is created.
  - 5. A method as defined in claim 3, wherein the digital signature is created by using a private encryption key owned by the vendor of the distributed application for which the permit is created.
  - 6. A method as defined in claim 1, wherein the permit is verified at the client by receiving predetermined data parameters from the distributed application executing at the client and comparing the data parameters to at least one parameter contained within the verification data contained within the permit transferred to the client.
  - 7. A method as defined in claim 6, wherein the parameters contained within permit that are compared to data parameters received from the distributed application include at least one of the following parameters:
    - an application version number;
      
      an application release number;
      
      an application identifier code;
      
      a permit effective date; and
      
      a permit expiration date.
  - 8. A method as defined in claim 1, wherein the permit is verified at the client by verifying the authenticity of a unique digital signature contained within the permit by using a public decryption key owned by the vendor of the distributed application for which the permit is created and contained within the distributed application executing at the client.
  - 9. A method as defined in claim 1, wherein the permit comprises at least one of the following parameters:
10. A method as defined in claim 9 wherein the digital signature is created by using a private encryption key owned by the vendor of the distributed application for which the permit is created.
11. A method as defined in claim 1 further comprising the steps of:
- (a) verifying at the client the identity if the NSP that transfers the permit; and
  
  (b) allowing the distributed application to access the network services of the NSP only if the identity of the NSP is confirmed.
12. A method as defined in claim 11, wherein the identity of the NSP is verified by utilizing a public decryption key contained within the permit to verify the authenticity of a digital signature appended to a communications module executing at the client to facilitate remote communications with the NSP.
13. A method as defined in claim 1, further comprising the steps of:
- requesting that a secondary permit be provided to the client in the event that the transferred permit contains valid verification data;
  
  verifying at the client that the secondary permit includes secondary verification data indicating that the NSP'"'"'s authority to provide network services has not been revoked; and
  
  in the event that the NSP'"'"'s authority has been revoked, preventing the distributed application from accessing the network services of the NSP.
14. A method as define in claim 13, wherein the secondary verification data comprises a unique digital signature created by the vendor of the distributed application executing at the client.
15. A method as defined in claim 14, wherein the digital signature included in the secondary verification data is created using a private encryption key owned by the vendor of the distributed application executing at the client.
16. A method as defined in claim 13, wherein the secondary permit is provided to the client by the NSP, and wherein the NSP receives the permit via a direct communications link to the vendor of the distributed application executing at the client.
17. A method as defined in claim 13, wherein the secondary permit is provided to the client by the vendor of the distributed application executing at the client via a direct communications link.
18. A method as defined in claim 13, wherein the client requests the secondary permit by forwarding a unique request permit packet to the vendor of the distributed application executing at the client.
19. A method as defined in claim 1, wherein the permit is provided to the client by the NSP, and wherein the NSP receives the permit via a direct communications link to the vendor of the distributed application executing at the client.
20. A method as defined in claim 1, wherein the permit is provided to the client by the vendor of the distributed application executing at the client via a direct communications link.
21. A method as defined in claim 1, wherein the client requests the permit by forwarding a unique request permit packet to the vendor of the distributed application executing at the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Mohammed, Sohail B., Olson, Kipley J.
Primary Examiner(s)
Hayes, Gail
Assistant Examiner(s)
Revak, Christopher A.

Application Number

US09/061,573
Time in Patent Office

1,461 Days
Field of Search

713/150, 713/165, 713/167, 713/176, 713/200, 713/201, 713/193, 705/51, 705/52, 705/59, 705/55, 705/54, 705/57, 709/217, 709/218, 709/219, 709/225, 709/226, 709/229, 709/227, 709/228, 709/328, 709/230, 709/329, 463/1, 463/40, 463/41, 463/42
US Class Current

726/5
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

System and method for regulating a network service provider's ability to host distributed applications in a distributed processing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for regulating a network service provider's ability to host distributed applications in a distributed processing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links