Resource authorization

US 7,107,610 B2
Filed: 05/11/2001
Issued: 09/12/2006
Est. Priority Date: 05/11/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving a resource request from a first requestor, the resource request including credentials and identifying information regarding an operation to be performed with respect to a resource;

mapping the resource request to a resource identifier;

translating the resource request to a resource inquiry request, the resource inquiry request including a resource authorization parameter representing a permission level necessary for a client to perform the operation, the permission level from the group consisting of owner level, editor level, reviewer level and none level;

searching a resource data structure for a resource node based on the resource identifier; and

determining whether the first requestor is authorized to perform the operation with respect to the resource based on whether the credentials in the resource request match the resource authorization parameter associated with the resource node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Resource authorization includes receiving a resource request from a first requester. The resource request includes credentials and identifies an operation to be performed with respect to a resource. The resource request is mapped to a resource identifier, and the resource data structure is searched for a resource node based on the resource identifier. A determination is made whether the first requester is authorized to perform the operation with respect to the resource based on whether the credentials in the resource request match a resource authorization level associated with the resource node.

Citations

29 Claims

1. A method comprising:
- receiving a resource request from a first requestor, the resource request including credentials and identifying information regarding an operation to be performed with respect to a resource;
  
  mapping the resource request to a resource identifier;
  
  translating the resource request to a resource inquiry request, the resource inquiry request including a resource authorization parameter representing a permission level necessary for a client to perform the operation, the permission level from the group consisting of owner level, editor level, reviewer level and none level;
  
  searching a resource data structure for a resource node based on the resource identifier; and
  
  determining whether the first requestor is authorized to perform the operation with respect to the resource based on whether the credentials in the resource request match the resource authorization parameter associated with the resource node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 wherein searching includes searching resource nodes each of which represents a resource and includes a resource identifier.
  - 3. The method of claim 1 wherein searching includes searching a directed graph structure.
  - 4. The method of claim 1 wherein receiving a resource request includes receiving a digital certificate conforming to a simplified public key infrastructure.
  - 5. The method of claim 1 wherein mapping includes mapping the resource request to the resource identifier and the resource authorization parameter, wherein the resource authorization parameter of the owner level authorizes complete access to the resource.
  - 6. The method of claim 1 wherein mapping includes mapping the resource request to the resource identifier and the resource authorization parameter, wherein the resource authorization parameter of the editor level authorizes read/write access to the resource.
  - 7. The method of claim 1 wherein mapping includes mapping the resource request to the resource identifier and the resource authorization parameter, wherein the resource authorization parameter of the reviewer level authorizes read only access to the resource.
  - 8. The method of claim 1 wherein mapping includes mapping the resource request to the resource identifier and the resource authorization parameter, wherein the resource authorization parameter of the none level denies all access to the resource.
  - 9. The method of claim 1 including delegating the credentials of a child node to a parent node in the resource data structure.
  - 10. The method of claim 9 in which the resource request is handled based on the delegated credentials.
  - 11. The method of claim 1 wherein the resource request originates from a client computer directed to a server computer over a network.

12. An apparatus comprising:
- a memory for storing a resource data structure having resource nodes each of which represents a respective resource and which has a respective resource identifier, a resource authorization credential, and a resource authorization level from the group consisting of owner level, editor level, reviewer level and none level; and
  
  a processor configured to;
  
  receive a resource request from a first requestor, the resource request including credentials and identifying information representing an operation to be performed with respect to a resource;
  
  map the resource request to a resource identifier;
  
  search the resource data structure for a resource node based on the resource identifier; and
  
  determine whether the first requestor is authorized to perform the operation with respect to the resource based on whether the credentials in the resource request match the resource authorization credential and the resource authorization level associated with the resource node.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The apparatus of claim 12 wherein the resource data structure comprises a directed graph structure.
  - 14. The apparatus of claim 12 wherein the credentials include a digital certificate conforming to a simplified public key infrastructure.
  - 15. The apparatus of claim 12 wherein the resource authorization level of the owner level authorizes complete access to the resource.
  - 16. The apparatus of claim 12 wherein the resource authorization level of the editor level authorizes read/write access to the resource.
  - 17. The apparatus of claim 12 wherein the resource authorization level of the reviewer level authorizes read only access to the resource.
  - 18. The apparatus of claim 12 wherein the resource authorization level of the none level denies all access to the resource.
  - 19. The apparatus of claim 12 wherein the resource data structure includes the delegation of a resource authorization level from a child node to a parent node.

20. A system comprising:
- a first computer associated with a first requestor configured to generate resource requests with credentials;
  
  a second computer including memory storing a resource data structure with resource nodes each of which represents a respective resource and which has a respective resource identifier, a resource authorization parameter, and a resource authorization level, and the second computer configured to;
  
  receive a resource request from a first requestor, the resource request including credentials and identifying information representing an operation to be performed with respect to a resource;
  
  map the resource request to a resource identifier;
  
  translate the resource request to a resource inquiry request to include the resource authorization parameter, the resource authorization parameter representing a permission level necessary for a client to perform the operation, the permission level from the group consisting of owner level, editor level, reviewer level, and none level;
  
  search the resource data structure for a resource node based on the resource identifier; and
  
  determine whether the first requestor is authorized to perform the operation with respect to the resource based on whether the credentials in the resource request match the resource authorization parameter associated with the resource node; and
  
  a network over which the first and second computers communicate.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The system of claim 20 wherein the resource data structure comprises a directed graph data structure.
  - 22. The system of claim 20 wherein the credentials include a digital certificate conforming to a simplified public key infrastructure.
  - 23. The system of claim 20 including the delegation of the credentials from a child node to a parent node.
  - 24. The system of claim 20 including the delegation of credentials associated with the first requester to a second requester wherein the second requester can request resources using the credentials from the first requester as if it were the first requester.

25. An article comprising a computer readable medium that stores computer executable instructions for causing a computer system to:
- map a resource request to a resource identifier, in response to receiving the resource request from a first requestor, the resource request including credentials and identifying information representing an operation to be performed with respect to a resource;
  
  translate the resource request to a resource inquiry request, the resource inquiry request including a resource authorization parameter representing the permission level necessary for a client to perform the operation, the permission level from the group consisting of owner level, editor level, reviewer level, and none level;
  
  search a resource data structure for a resource node based on the resource identifier; and
  
  determine whether the first requestor is authorized to perform the operation with respect to the resource based on whether the credentials in the resource request match the resource authorization parameter associated with the resource node.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The article of claim 25 including instructions for causing the computer system to have a directed graph data structure with resource nodes representing resources including a resource identifier and a resource authorization level.
  - 27. The article of claim 25 including instructions for causing the computer system to have digital certificates conforming to a simplified public key infrastructure.
  - 28. The article of claim 25 including instructions for causing the computer system to delegate the credentials of a child node to a parent node.
  - 29. The article of claim 25 including instructions for causing the computer system to delegate the credentials associated with the first requester to a second requestor to allow the second requestor to request resources using the credentials from the first requestor as if it were the first requestor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Lortz, Victor B.
Primary Examiner(s)
Arani, Taghi T.

Application Number

US09/854,437
Publication Number

US 20020169986A1
Time in Patent Office

1,950 Days
Field of Search

713/155, 713/175, 713/182, 713/200, 713/201, 713/150, 713/156, 709/226, 709/229, 709/223, 726/1, 726/24
US Class Current

726/4
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/105   Multiple levels of security

Resource authorization

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Resource authorization

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links