Secured and access controlled peer-to-peer resource sharing method and apparatus

US 7,120,691 B2
Filed: 03/15/2002
Issued: 10/10/2006
Est. Priority Date: 03/15/2002
Status: Expired due to Fees

First Claim

Patent Images

1. In a peer-to-peer network a method of securely conducting a resource search initiated by a first client, the resource search included with a search request having a credentials signal indicative of the first client, the method comprising the steps of:

communicating the search request from the first client to a second client, the second client having a multiplicity of second resources, each of the multiplicity of second resources having at least one corresponding access attribute;

at the second client, selectively searching the multiplicity of second resources in response to comparison of the authentication and authorization data within the credentials signal and the at least one access attribute of each of the multiplicity of second resources;

communicating the search request from the second client to a third client, the third client having a multiplicity of third resources, each of the multiplicity of third resources having at least one corresponding access attribute; and

at the third client, selectively searching the multiplicity of third resources in response to comparison of the credentials signal and the at least one access attribute of each of the multiplicity of third resources,wherein the credentials signal includes an identification signal indicative of the first client,the access attributes of the second and third resources includes an authorization signal indicative of at least one of a plurality of clients, the plurality of clients including the first client,said step of selectively searching the second multiplicity of resources further includes the steps of;

communicating from the second client to an authentication process external to the first, second and third clients the identification signal;

receiving from the authentication process an authenticated signal indicative of the first client in response thereto; and

searching one of the second multiplicity of resources if the authenticated signal substantially matches the authorization signal included with the corresponding access attributes, andsaid step of selectively searching the third multiplicity of resources further includes the steps of;

communicating from the third client to the authorization process the identification signal;

receiving from the authorization process the authenticated signal indicative of the first client in response thereto; and

searching one of the third multiplicity of resources if the authenticated signal substantially matches the authorization signal included with the corresponding access attributes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A peer-to-peer network propagates searches from client to client. Resources within each client are selectively searched in response to authentication and authorization processes. Authentication information may be included in a search request or may be performed by an authentication process external to the client. Authorization is performed by a process external to the client. Only after authentication or authorization may resources of any particular client be accessed. The system allows for secure propagated searches and resource access in a peer-to-peer network environment. The network may further include a server for maintaining a list of clients connected to the peer-to-peer network in order to more efficiently facilitate peer-to-peer communications.

57 Citations

View as Search Results

11 Claims

1. In a peer-to-peer network a method of securely conducting a resource search initiated by a first client, the resource search included with a search request having a credentials signal indicative of the first client, the method comprising the steps of:
- communicating the search request from the first client to a second client, the second client having a multiplicity of second resources, each of the multiplicity of second resources having at least one corresponding access attribute;
  
  at the second client, selectively searching the multiplicity of second resources in response to comparison of the authentication and authorization data within the credentials signal and the at least one access attribute of each of the multiplicity of second resources;
  
  communicating the search request from the second client to a third client, the third client having a multiplicity of third resources, each of the multiplicity of third resources having at least one corresponding access attribute; and
  
  at the third client, selectively searching the multiplicity of third resources in response to comparison of the credentials signal and the at least one access attribute of each of the multiplicity of third resources,wherein the credentials signal includes an identification signal indicative of the first client,the access attributes of the second and third resources includes an authorization signal indicative of at least one of a plurality of clients, the plurality of clients including the first client,said step of selectively searching the second multiplicity of resources further includes the steps of;
  
  communicating from the second client to an authentication process external to the first, second and third clients the identification signal;
  
  receiving from the authentication process an authenticated signal indicative of the first client in response thereto; and
  
  searching one of the second multiplicity of resources if the authenticated signal substantially matches the authorization signal included with the corresponding access attributes, andsaid step of selectively searching the third multiplicity of resources further includes the steps of;
  
  communicating from the third client to the authorization process the identification signal;
  
  receiving from the authorization process the authenticated signal indicative of the first client in response thereto; and
  
  searching one of the third multiplicity of resources if the authenticated signal substantially matches the authorization signal included with the corresponding access attributes.
- View Dependent Claims (2, 3, 4)
- - 2. The method according to claim 1 further comprising the steps:
    - at the second client, storing the identification signal and the received authenticated signal in a cache memory at the second client; and
      
      at the second client searching the cache memory for the identification signal and the received authentication signal prior to said step communicating from the second client to the authentication process, whereinsaid step communicating from the second client to the authentication process is not performed if said step of searching the cache memory finds the identification signal and the received authentication signal stored therein, andsaid step of searching one of the second multiplicity of resources uses the authenticated signal stored in the cache memory, thereby reducing communication between the second client and the authentication process.
  - 3. The method according to claim 1 further comprising the steps:
    - at the third client, storing the identification signal and the received authenticated signal in a cache memory at the third client; and
      
      at the third client searching the cache memory for the identification signal and the received authentication signal prior to said step communicating from the third client to the authentication process, whereinsaid step communicating from the third client to the authentication process is not performed if said step of searching the cache memory finds the identification signal and the received authentication signal stored therein, andsaid step of searching one of the third multiplicity of resources uses the authenticated signal stored in the cache memory, thereby reducing communication between the third client and the authentication process.
  - 4. The method according to claim 1 wherein said step of communicating the search request from the second client to the third client and said step of selectively searching the multiplicity of third resources are not performed if the authentication signal is not received from the authentication process by the second client.

5. In a peer-to-peer network a method of securely conducting a resource search initiated by a first client, the resource search included with a search request having a credentials signal indicative of the first client, the method comprising the steps of:
- communicating the search request from the first client to a second client, the second client having a multiplicity of second resources, each of the multiplicity of second resources having at least one corresponding access attribute;
  
  at the second client, selectively searching the multiplicity of second resources in response to a comparison of authentication and authorization data within the credentials signal and the at least one access attribute of each of the multiplicity of second resources;
  
  communicating the search request from the second client to a third client, the third client having a multiplicity of third resources, each of the multiplicity of third resources having at least one corresponding access attribute; and
  
  at the third client, selectively searching the multiplicity of third resources in response to comparison of the credentials signal and the at least one access attribute of each of the multiplicity of third resources,wherein the credentials signal includes an identification signal indicative of the first client,the access attributes of the second and third resources includes an authorization signal indicative of at least one of a plurality of client classes,said step of selectively searching the second multiplicity of resources further includes the steps of;
  
  communicating from the second client to an authorization process external to the second client the identification signal;
  
  receiving from the authorization process a client class signal indicative which of the plurality of client classes are associated with the identification signal; and
  
  searching one of the second multiplicity of resources if the client class signal substantially matches the authorization signal included with the corresponding access attributes, andsaid step of selectively searching the third multiplicity of resources further includes the steps of;
  
  communicating from the third client to the authorization process external to the third client the identification signal;
  
  receiving from the authorization process the client class signal indicative which of the plurality of client classes are associated with the identification signal; and
  
  searching one of the third multiplicity of resources if client class signal substantially matches the authorization signal included with the corresponding access attributes.
- View Dependent Claims (6, 7)
- - 6. The method according to claim 5 further comprising the steps:
    - at the second client, storing the identification signal and the received client class signal in a cache memory at the second client; and
      
      at the second client searching the cache memory for the identification signal and the received client cache signal prior to said step communicating from the second client to the authorization process, whereinsaid step communicating from the second client to the authorization process is not performed if said step of searching the cache memory finds the identification signal and the received client cache signal stored therein, andsaid step of searching one of the second multiplicity of resources uses the client cache signal stored in the cache memory, thereby reducing communication between the second client and the authorization process.
  - 7. The method according to claim 5 further comprising the steps:
    - at the third client, storing the identification signal and the received client class signal in a cache memory at the third client; and
      
      at the third client searching the cache memory for the identification signal and the received client cache signal prior to said step communicating from the third client to the authorization process, whereinsaid step communicating from the third client to the authorization process is not performed if said step of searching the cache memory finds the identification signal and the received client class signal stored therein, andsaid step of searching one of the third multiplicity of resources uses the client class signal stored in the cache memory, thereby reducing communication between the third client and the authentication process.

8. In a peer-to-peer network a method of securely conducting a resource search initiated by a first client, the resource search included with a search request having a credentials signal indicative of the first client, the method comprising the steps of:
- communicating the search request from the first client to a second client, the second client having a multiplicity of second resources, each of the multiplicity of second resources having at least one corresponding access attribute;
  
  at the second client, selectively searching the multiplicity of second resources in response to a comparison of authentication and authorization data within the credentials signal and the at least one access attribute of each of the multiplicity of second resources;
  
  communicating the search request from the second client to a third client, the third client having a multiplicity of third resources, each of the multiplicity of third resources having at least one corresponding access attribute; and
  
  at the third client, selectively searching the multiplicity of third resources in response to comparison of the credentials signal and the at least one access attribute of each of the multiplicity of third resources,wherein the peer-to-peer network further includes a multiplicity of clients including the first, second and third clients, each of the multiplicity of clients having a unique client address, and a server having a list of client addresses, said method further comprising the steps of;
  
  communicating from the server to the first client a first seed list comprising a first portion of the list of client addresses; and
  
  communicating from the server to the second client a second seed list comprising a second portion of the list of client addresses, the first seed list including a second client address corresponding to the second client and the second seed list including a third client address corresponding to the third client,said step of communicating the search request from the first client to the second client communicates to the second client in response to the second client address included in the first seed list, andsaid step of communicating the search request from the second client to the third client communicates to the third client in response to the third client address included in the second seed list.
- View Dependent Claims (9, 10)
- - 9. The method according to claim 8 wherein each of the multiplicity of clients may be either connect to or disconnect from the peer-to-peer network at any time, and the method further comprising the steps of:
    - at the server, determining which of the multiplicity of clients is connected to the peer-to-peer network;
      
      at the server, generating a list of connected client addresses in response said step of determining; and
      
      at the server, generating the first and second seed lists from the list of connected client addresses.
  - 10. The method according to claim 9 further comprising the steps of:
    - communicating a connection signal from one of the multiplicity of clients to the server in response to the one of the multiplicity of clients connecting to the peer-to-peer network; and
      
      at the server, adding a newly connected client address corresponding to the one of the multiplicity of clients to the list of connected client addresses in response thereto.

11. In a peer-to-peer network a method of securely conducting a resource search initiated by a first client, the resource search included with a search request having a credentials signal indicative of the first client, the method comprising the steps of:
- communicating the search request from the first client to a second client;
  
  communicating the search request from the second client to a third client, the third client having a multiplicity of third resources, each of the multiplicity of third resources having at least one corresponding access attribute; and
  
  at the third client, selectively searching the multiplicity of third resources in response to a comparison of authentication and authorization data within the credentials signal and the at least one access attribute of each of the multiplicity of third resources,wherein the peer-to-peer network further includes a multiplicity of clients including the first, second and third clients, each of the multiplicity of clients having a unique client address, and a server having a list of client addresses, said method further comprising the steps of;
  
  communicating from the server to the first client a first seed list comprising a first portion of the list of client addresses; and
  
  communicating from the server to the second client a second seed list comprising a second portion of the list of client addresses, the first seed list including a second client address corresponding to the second client and the second seed list including a third client address corresponding to the third client,said step of communicating the search request from the first client to the second client communicates to the second client in response to the second client address included in the first seed list, andsaid step of communicating the search request from the second client to the third client communicates to the third client in response to the third client address included in the second seed list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Goodman, Brian D., Subramanian, Ramesh, Sweeney, William C., Rooney, John W.
Primary Examiner(s)
Tran, Philip B.

Application Number

US10/098,976
Publication Number

US 20030177186A1
Time in Patent Office

1,670 Days
Field of Search

709/217, 709223-225, 709/205, 709/229, 709/203, 713/176, 713/201
US Class Current

709/225
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1068   Discovery involving direct ...

H04L 69/329   in the application layer [O...

Secured and access controlled peer-to-peer resource sharing method and apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

57 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Secured and access controlled peer-to-peer resource sharing method and apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links