Method of using electronic tickets containing privileges for improved security

US 6,505,232 B1
Filed: 10/23/2001
Issued: 01/07/2003
Est. Priority Date: 06/03/1996
Status: Expired due to Term

First Claim

Patent Images

1. In server coupled to a client, the client having an authorized user, wherein the server provides the client with a plurality of on-line services including a log-in service and at least one other service, the server including a user database, a method of controlling access by the client to the plurality of on-line services, the method comprising the steps of:

storing in the user database a set of user data corresponding to the authorized user;

receiving at the log-in service a first access request for initiating access to the server by the client;

generating at the log-in service and transmitting to the client from the log-in service an information packet from the set of user data, the information packet indicating access privileges of the authorized user in relation to the plurality of on-line services;

receiving at the at least one other service a second access request for requesting use of the at least one other service by the client, the second access request including a copy of the information packet; and

regulating access by the client to the at least one other service by using the copy of the information packet and without requiring the at least one other service to access the user database.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server system provides a client system with a number of on-line services including a log-in service. Once the server receives a request from the user for initiating access to the server, the log-in service accesses a user database for information including access privileges of the authorized user in relation to the other services available on the server. The server then generates an information packet containing this information, and transmits the information packet to the client. The client than transmits a second request to the server, requesting use of another service offered by the server. The information packet provided by the server in response to the log-in request is transmitted along with the second request to the server. The server then regulates access by the client to this other service by using the information packet transmitted back to the server from the client. Thus, access to the user database is minimized.

Citations

35 Claims

1. In server coupled to a client, the client having an authorized user, wherein the server provides the client with a plurality of on-line services including a log-in service and at least one other service, the server including a user database, a method of controlling access by the client to the plurality of on-line services, the method comprising the steps of:
- storing in the user database a set of user data corresponding to the authorized user;
  
  receiving at the log-in service a first access request for initiating access to the server by the client;
  
  generating at the log-in service and transmitting to the client from the log-in service an information packet from the set of user data, the information packet indicating access privileges of the authorized user in relation to the plurality of on-line services;
  
  receiving at the at least one other service a second access request for requesting use of the at least one other service by the client, the second access request including a copy of the information packet; and
  
  regulating access by the client to the at least one other service by using the copy of the information packet and without requiring the at least one other service to access the user database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method according to claim 1, wherein the log-in service and the user database reside in a common security zone.
  - 3. A method according to claim 2, wherein the log-in service is the only service to reside in the common security zone with the user database.
  - 4. A method according to claim 2, wherein the common security zone is a first security zone, wherein the at least one other service resides in a second security zone different than the first security zone.
  - 5. A method according to claim 1, wherein the user database contains data indicating whether the user is authorized to access the user database.
  - 6. A method according to claim 1, wherein the information packet contains data representing a name identifying the user.
  - 7. A method according to claim 1, wherein the information packet contains data representing an e-mail address of the user.
  - 8. A method according to claim 1, wherein the plurality of on-line services comprise Internet services.
  - 9. A method according to claim 1, wherein the at least one other service comprises a proxy service by which the server functions as a proxy on behalf of the client for purposes of accessing a second server.

10. A computer program product for implementing, in server coupled to a client, the client having an authorized user, wherein the server provides the client with a plurality of on-line services including a log-in service and at least one other service, the server including a user database, a method of controlling access by the client to the plurality of on-line services, the computer program product comprising a computer-readable medium carrying computer-executable instructions for causing the server to perform acts of the method, said acts comprising:
- storing in the user database a set of user data corresponding to the authorized user;
  
  receiving at the log-in service a first access request for initiating access to the server by the client;
  
  generating at the log-in service and transmitting to the client from the log-in service an information packet from the set of user data, the information packet indicating access privileges of the authorized user in relation to the plurality of on-line services;
  
  receiving at the at least one other service a second access request for requesting use of the at least one other service by the client, the second access request including a copy of the information packet; and
  
  regulating access by the client to the at least one other service by using the copy of the information packet and without requiring the at least one other service to access the user database.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. A computer program product according to claim 10, wherein the log-in service and the user database reside in a common security zone.
  - 12. A computer program product according to claim 11, wherein the log-in service is the only service to reside in the common security zone with the user database.
  - 13. A computer program product according to claim 11, wherein the common security zone is a first security zone, wherein the at least one other service resides in a second security zone different than the first security zone.
  - 14. A computer program product according to claim 10, wherein the at least one other service comprises a proxy service by which the server functions as a proxy on behalf of the client for purposes of accessing a second server.
  - 15. A computer program product according to claim 10, wherein:

16. In a networked computer system that includes a server system having a plurality of remote servers and a plurality of proxy servers, and a plurality of client systems, all of which are logically interconnected so that the client systems can access informational content stored at the one or more remote servers, and wherein at least one client system comprises a graphical user interface by which the network can be accessed and browsed using a display, a method of increasing security of user database information retained by the server system by reducing the number of direct accesses of such user database information when accessing requested services provided by the server system, comprising steps for:
- at one of the servers of the server system, determining the validity of a log-in request received from a client system;
  
  as part of a log-in service, obtaining at the server which received the log-in request, access to a user database and preparing an information packet that includes access privileges in relation to other services available in the server system;
  
  downloading to the client system the prepared information packet; and
  
  thereafter, for any other service for which access is requested by the client system, the server at which said any other service request is received regulating access to the requested service based on a copy of the information packet submitted with the client system request, whereby access to the user database is limited to the initial log-in service.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A method as recited in claim 16, wherein the information packet includes at least one of (i) a user name, (ii) a user email address, and (iii) a user preference.
  - 18. A method as recited in claim 17, wherein the user preferences include any filtering requested by a user with respect to viewing Web sites.
  - 19. A method as recited in claim 16, wherein the other services available in the server system comprise at least one of an email service and a proxy service.
  - 20. A method as recited in claim 16, wherein the log-in service and the user database reside in a common security zone that is separate from one or more other security zones containing other services available in the server system.

21. In a networked computer system that includes a server system having a plurality of remote servers and a plurality of proxy servers, and a plurality of client systems, all of which are logically interconnected so that the client systems can access informational content stored at the one or more remote servers, and wherein at least one client system comprises a graphical user interface by which the network can be accessed and browsed using a display, a computer program product for implementing a method of increasing security of user database information retained by the server system by reducing the number of direct accesses of such user database information when accessing requested services provided by the server system, comprising a computer readable medium for storing executable instructions for implementing the method, and wherein the method is comprised of steps for:
- at one of the servers of the server system, determining the validity of a log-in request received from a client system;
  
  as part of a log-in service, obtaining at the server which received the log-in request, access to a user database and preparing an information packet that includes access privileges in relation to other services available in the server system;
  
  downloading to the client system the prepared information packet; and
  
  thereafter, for any other service for which access is requested by the client system, the server at which said any other service request is received regulating access to the requested service based on a copy of the information packet submitted with the client system request, whereby access to the user database is limited to the initial log-in service.
- View Dependent Claims (22, 23, 24, 25)
- - 22. A computer program product as recited in claim 21, wherein the information packet includes at least one of (i) a user name, (ii) a user email address, and (iii) a user preference.
  - 23. A computer program product as recited in claim 22, wherein the user preferences include any filtering requested by a user with respect to viewing Web sites.
  - 24. A computer program product as recited in claim 21, wherein the other services available in the server system comprise at least one of an email service and a proxy service.
  - 25. A computer program product as recited in claim 21, wherein the log-in service and the user database reside in a common security zone that is separate from one or more other security zones containing other services available in the server system.

26. In a networked computer system that includes a server system having a plurality of remote servers, and a plurality of client systems, all of which are logically interconnected so that the client systems can access informational content stored at the one or more remote servers, and wherein at least one client system comprises a graphical user interface by which the network can be accessed and browsed using a display, a method of increasing security of user database information retained by the server system by reducing the number of direct accesses of such user database information when accessing requested services provided by the server system, comprising acts of:
- receiving at one of the servers of the server system a log-in request from a client system;
  
  as part of a log-in service, retrieving user information from a user database and generating an information packet from the user information that includes access privileges in relation to other services available in the server system;
  
  sending the information packet to the client system; and
  
  thereafter, for any other service for which access is requested by the client system, the server at which said any other service request is received resorting to the information packet rather than the user database to regulate access to the requested service, so as to limit direct access to the user database to the initial log-in service.
- View Dependent Claims (27, 28, 29, 30)
- - 27. A method as recited in claim 26, wherein the information packet includes at least one of (i) a user name, (ii) a user email address, and (iii) a user preference.
  - 28. A method as recited in claim 27, wherein the user preferences include any filtering requested by a user with respect to viewing Web sites.
  - 29. A method as recited in claim 26, wherein the other services available in the server system comprise at least one of an email service and a proxy service.
  - 30. A method as recited in claim 26, wherein the log-in service and the user database reside in a common security zone that is separate from one or more other security zones containing other services available in the server system.

31. In a networked computer system that includes a server system having a plurality of remote servers, and a plurality of client systems, all of which are logically interconnected so that the client systems can access informational content stored at the one or more remote servers, and wherein at least one client system comprises a graphical user interface by which the network can be accessed and browsed using a display, a computer program product for implementing a method of increasing security of user database information retained by the server system by reducing the number of direct accesses of such user database information when accessing requested services provided by the server system, comprising a computer readable medium for storing executable instructions for implementing the method, and wherein the method comprises acts of:
- receiving at one of the servers of the server system a log-in request from a client system;
  
  as part of a log-in service, retrieving user information from a user database and generating an information packet from the user information that includes access privileges in relation to other services available in the server system;
  
  sending the information packet to the client system; and
  
  thereafter, for any other service for which access is requested by the client system, the server at which said any other service request is received resorting to the information packet rather than the user database to regulate access to the requested service, so as to limit direct access to the user database to the initial log-in service.
- View Dependent Claims (32, 33, 34, 35)
- - 32. A computer program product as recited in claim 31, wherein the information packet includes at least one of (i) a user name, (ii) a user email address, and (iii) a user preference.
  - 33. A computer program product as recited in claim 32, wherein the user preferences include any filtering requested by a user with respect to viewing Web sites.
  - 34. A computer program product as recited in claim 31, wherein the other services available in the server system comprise at least one of an email service and a proxy service.
  - 35. A computer program product as recited in claim 31, wherein the log-in service and the user database reside in a common security zone that is separate from one or more other security zones containing other services available in the server system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rovi Technologies Corporation (Adeia Inc.)
Original Assignee
WebTV Networks Inc. (Microsoft Corporation)
Inventors
Leak, Bruce A., Mighdoll, Lee S., Goldman, Phillip Y., Perlman, Stephen G.
Primary Examiner(s)
Barot, Bharat

Application Number

US10/035,386
Time in Patent Office

441 Days
Field of Search

709/200-203, 709/217-219, 709/227-229, 707/9-10, 707/103-104, 707/200-201, 713/200-202
US Class Current

709/203
CPC Class Codes

G06F 16/9577   Optimising the visualizatio...

G06F 8/65   Updates security arrangemen...

H04L 51/00   User-to-user messaging in p...

H04L 51/066   Format adaptation, e.g. for...

H04L 51/224   providing notification on i...

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

H04M 2242/22   Automatic class or number i...

H04M 3/42059   Making use of the calling p...

H04N 19/40   using video transcoding, i....

H04N 19/46   Embedding additional inform...

H04N 21/235   Processing of additional da...

H04N 21/2356   by altering the spatial res...

H04N 21/2541   Rights Management protectin...

H04N 21/25808   Management of client data t...

H04N 21/25875   involving end-user authenti...

H04N 21/25891   being end-user preferences ...

H04N 21/2662   Controlling the complexity ...

H04N 21/4331   Caching operations, e.g. of...

H04N 21/435   Processing of additional da...

H04N 21/4622 : Retrieving content or addit...

H04N 21/47 : End-user applications

H04N 21/478 : Supplemental services, e.g....

H04N 21/4782 : Web browsing , e.g. WebTV

H04N 21/4786 : e-mailing message switching...

H04N 21/812 : involving advertisement dat...

H04N 21/8166 : involving executable data, ...

H04N 5/602 : for digital sound signals

H04N 7/088 : the inserted signal being d...

Y10S 707/99939 : Privileged access

Y10S 707/99945 : Object-oriented database st...

View All

Method of using electronic tickets containing privileges for improved security

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Method of using electronic tickets containing privileges for improved security

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links