System and method for regulating a network service provider's ability to host distributed applications in a distributed processing environment
First Claim
1. In a distributed processing system that includes at least one network service provider (NSP) that is capable of providing network services to a plurality of remotely connected clients, including the ability to host use of a distributed application by the remotely connected clients, a method for regulating access to the distributed application via an NSP, the method comprising the following steps:
- initiating, via a transport service provider (TSP) configured as a first driver, remote communications access to one of the NSPs by a client;
requesting access to the network services of the NSP on behalf of the distributed application executing at the client;
verifying, by a distributed application interface configured as a second driver, that the NSP is authorized to provide network services to the distributed application through the use of a permit created and issued by the vendor of the distributed application for which authorization is being granted; and
allowing the distributed application to access the network services of the NSP only if the NSP is authorized to provide network services to the distributed application executing at the requesting client at the time the request is made, wherein the second driver is configured to provide a defined application program interface between the distributed application and the TSP communication services provided by the first driver so that the distributed application can be hosted by a variety of NSPs, regardless of the communications protocol used by such NSPs, and the authority of the NSPs to host the distributed application can be verified, without having to alter or customize the distributed application for any particular NSP.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed to a novel system and method for regulating a network service provider'"'"'s ability to provide network services to a distributed application executing on a network connected computer, which is dependent upon whether the NSP possesses a valid permit. The permit is a data structure created by a vendor or distributor of a distributed application. The vendor can selectively issue a permit to the NSP (or NSPs) for which authorization is being granted. When the distributed application is being executed at a client computer, and the services of a particular NSP are requested, an application running at the client first requests that the NSP provide the client with a valid permit. If the permit is valid and authentic, and the identity of the NSP is confirmed, then the application executing at the client will permit the distributed application to utilize the network services of the selected NSP.
-
Citations
21 Claims
-
1. In a distributed processing system that includes at least one network service provider (NSP) that is capable of providing network services to a plurality of remotely connected clients, including the ability to host use of a distributed application by the remotely connected clients, a method for regulating access to the distributed application via an NSP, the method comprising the following steps:
-
initiating, via a transport service provider (TSP) configured as a first driver, remote communications access to one of the NSPs by a client;
requesting access to the network services of the NSP on behalf of the distributed application executing at the client;
verifying, by a distributed application interface configured as a second driver, that the NSP is authorized to provide network services to the distributed application through the use of a permit created and issued by the vendor of the distributed application for which authorization is being granted; and
allowing the distributed application to access the network services of the NSP only if the NSP is authorized to provide network services to the distributed application executing at the requesting client at the time the request is made, wherein the second driver is configured to provide a defined application program interface between the distributed application and the TSP communication services provided by the first driver so that the distributed application can be hosted by a variety of NSPs, regardless of the communications protocol used by such NSPs, and the authority of the NSPs to host the distributed application can be verified, without having to alter or customize the distributed application for any particular NSP. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
(a) a version number of the distributed application for which authorization is being granted;
(b) a release number of the distributed application for which authorization is being granted;
(c) an application identifier code that identifies the distributed application for which authorization is being granted;
(d) a permit effective date;
(e) a permit expiration date;
(f) a public certificate containing a public key owned by the NSP to which the permit is to be issued; and
(g) a digital signature generated so as to be unique to the contents of the permit.
-
-
10. A method as defined in claim 9 wherein the digital signature is created by using a private encryption key owned by the vendor of the distributed application for which the permit is created.
-
11. A method as defined in claim 1 further comprising the steps of:
-
(a) verifying at the client the identity if the NSP that transfers the permit; and
(b) allowing the distributed application to access the network services of the NSP only if the identity of the NSP is confirmed.
-
-
12. A method as defined in claim 11, wherein the identity of the NSP is verified by utilizing a public decryption key contained within the permit to verify the authenticity of a digital signature appended to a communications module executing at the client to facilitate remote communications with the NSP.
-
13. A method as defined in claim 1, further comprising the steps of:
-
requesting that a secondary permit be provided to the client in the event that the transferred permit contains valid verification data;
verifying at the client that the secondary permit includes secondary verification data indicating that the NSP'"'"'s authority to provide network services has not been revoked; and
in the event that the NSP'"'"'s authority has been revoked, preventing the distributed application from accessing the network services of the NSP.
-
-
14. A method as define in claim 13, wherein the secondary verification data comprises a unique digital signature created by the vendor of the distributed application executing at the client.
-
15. A method as defined in claim 14, wherein the digital signature included in the secondary verification data is created using a private encryption key owned by the vendor of the distributed application executing at the client.
-
16. A method as defined in claim 13, wherein the secondary permit is provided to the client by the NSP, and wherein the NSP receives the permit via a direct communications link to the vendor of the distributed application executing at the client.
-
17. A method as defined in claim 13, wherein the secondary permit is provided to the client by the vendor of the distributed application executing at the client via a direct communications link.
-
18. A method as defined in claim 13, wherein the client requests the secondary permit by forwarding a unique request permit packet to the vendor of the distributed application executing at the client.
-
19. A method as defined in claim 1, wherein the permit is provided to the client by the NSP, and wherein the NSP receives the permit via a direct communications link to the vendor of the distributed application executing at the client.
-
20. A method as defined in claim 1, wherein the permit is provided to the client by the vendor of the distributed application executing at the client via a direct communications link.
-
21. A method as defined in claim 1, wherein the client requests the permit by forwarding a unique request permit packet to the vendor of the distributed application executing at the client.
Specification