Data access in a distributed environment

US 7,149,806 B2
Filed: 02/27/2002
Issued: 12/12/2006
Est. Priority Date: 02/27/2002
Status: Active Grant

First Claim

Patent Images

1. A method for providing a first network resource operating on a first network device access to a second network resource operating on a second network device, comprising:

from a third network device, locating a profile using profile data obtained from a client device, the profile containing data for identifying and for accessing the second network resource;

from the third network device, supplying the profile to the second network resource;

at the third network device, receiving temporary credentials for accessing the second network resource and generated according to the profile, the temporary credentials being provided from the second network resource; and

from the third network device, providing the first network resource with the temporary credentials so that the first network resource can provide the second network resource with the temporary credentials to access and interact with the second network resource on behalf of the client device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for providing a first network resource limited access to a second network resource. A method embodying the invention includes receiving profile data. Using the profile data, temporary credentials are then generated for accessing the second network resource. The temporary credentials are then made available to the first network resource. In a preferred embodiment, the temporary credentials are invalidated following a termination event such as the lapse of a set time period or after the second resource has been accessed.

Citations

52 Claims

1. A method for providing a first network resource operating on a first network device access to a second network resource operating on a second network device, comprising:
- from a third network device, locating a profile using profile data obtained from a client device, the profile containing data for identifying and for accessing the second network resource;
  
  from the third network device, supplying the profile to the second network resource;
  
  at the third network device, receiving temporary credentials for accessing the second network resource and generated according to the profile, the temporary credentials being provided from the second network resource; and
  
  from the third network device, providing the first network resource with the temporary credentials so that the first network resource can provide the second network resource with the temporary credentials to access and interact with the second network resource on behalf of the client device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising the act of invalidating the temporary credentials following a termination event.
  - 3. The method of claim 2, wherein the termination event involves the lapse of a set time period.
  - 4. The method of claim 2, wherein the termination event involves the first network resource accessing the second network resource.
  - 5. The method of claim 1 wherein the temporary credentials provide the first network resource with limited access to the second network resource.

6. A method for enabling an application server to access a data service, the application server operating on a first network device and the data service operating on a second network device, the method comprising:
- the application server instructing a client device to provide profile data to an identification service operating on a third network device, the identification service having access to one or more profiles used to access one or more data services including the data service operating on the second network device, the profile data identifying a particular profile;
  
  the identification service locating the particular profile using the profile data received from the client device, the profile containing data for identifying and for accessing the data service;
  
  the identification service providing the profile to the data service;
  
  the data service generating temporary credentials for accessing the data service identified by the particular profile end providing the temporary credentials to the identification service; and
  
  the application server obtaining the temporary credentials from the identification service and providing the data service with the temporary credentials to access and interact with the data service on behalf of the client device.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6, wherein the act of instructing the client device includes providing a user interface that includes instructions to send profile data to the identification service, and sending the interface to the client device.
  - 8. The method of claim 6, wherein the act of instructing the client device comprises redirecting the client device to the identification service.
  - 9. The method of claim 6, further comprising the act of invalidating the temporary credentials following a termination event.
  - 10. The method of claim 6, wherein the act of generating temporary credentials comprises generating temporary credentials that provide limited access to the data service.
  - 11. The method of claim 6, further comprising the application server generating a framed web page having a first frame and a second frame, and providing, for the first frame, content for directing an application, and providing, for the second frame, content for selecting one or more electronic files managed by the data service identified by the particular profile.
  - 12. The method of claim 11, further comprises the client device sending a cookie identifying the particular profile upon opening the framed web page.
  - 13. The method of claim 11, wherein the act of generating an interface includes generating an interface that includes instructions to request a web bug from the identification service, the method further comprising the client device requesting the web bug, the request including a cookie identifying the particular profile.

14. A method for enabling an application server to access a data service, the application server operating on a first network device and the data service operating on a second network device, the method comprising:
- the application server receiving, from a client device, a request to direct an application;
  
  the application server instructing the client device to provide profile data to an identification service operating on a third network device, the identification service having access to one or more profiles for identifying and accessing one or more data services, the profile data identifying a particular profile;
  
  the identification service providing the data service with the particular profile identified by the profile data, the profile containing data for identifying and accessing the data service;
  
  the data service using the profile to generate temporary credentials for accessing the data service and providing the temporary credentials to the identification service; and
  
  the application server obtaining the temporary credentials from the identification service and providing the data service with the temporary credentials to access and interact with the data service on behalf of the client device.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the act of instructing the client device includes generating a user interface that includes instruction to send profile data to the identification service, and sending the interface to the client device.
  - 16. The method of claim 14, wherein the act of instructing the client device comprises redirecting the client device to the identification service.
  - 17. The method of claim 14, further comprising the act of invalidating the temporary credentials following a termination event.
  - 18. The method of claim 14, wherein the act of using the profile to generate temporary credentials comprises generating temporary credentials that provide limited access to the data service.
  - 19. The method of claim 14, further comprising the application server generating a framed web page having a first frame and a second frame, the method further comprising providing, for the first frame, content for directing an application, and providing, for the second frame, content for selecting one or more electronic files managed by the data service identified by the particular profile.
  - 20. The method of claim 19, wherein the act of generating the framed web page includes generating a framed web page that includes instructions to request a web bug from the identification service, and wherein the act instructing the client device includes the client device requesting the web bug upon opening the framed web page, the request including a cookie identifying the particular profile.

21. A computer readable medium having instructions for:
- from a third network device, locating a profile using profile data obtained from a client device, the profile containing data for identifying and for accessing a second network resource operating on a second network device;
  
  from the third network device, supplying the profile to the second network resource;
  
  at the third network device receiving temporary credentials for accessing the second network resource and generated according to the profile, the temporary credentials being provided from the second network resource; and
  
  from the third network device, providing a first network resource operating on a first network device with the temporary credentials so that the first network resource can provide the second network resource with the temporary credentials to access and interact with the second network resource on behalf of the client device.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The medium of claim 21, further having instructions for invalidating the temporary credentials following a termination event.
  - 23. The medium of claim 22, wherein the termination event involves the lapse of a set period of time.
  - 24. The medium of claim 22, wherein the termination event involves the first server accessing the second server.
  - 25. The medium of claim 21, wherein the temporary credentials provide limited access to the second network resource.

26. A computer readable medium having instructions for:
- from a first network device, instructing a client device to provide profile data to an identification service operating on a third network device, the identification service having access to one or more profiles used to access one or more data services, the profile data identifying a particular profile;
  
  from the third network device, locating the particular profile using the profile data obtained from the client device, the profile containing data for identifying and for accessing a data service operating on a second network device;
  
  from the second network device, generating temporary credentials for accessing the data service identified by the particular profile and providing the temporary credentials to the third network device; and
  
  at the first network device, obtaining the temporary credentials from the third network device and providing the data service with the temporary credentials to access and interact with the data service operating on a second network device on behalf of the client device.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The medium of claim 26, wherein the instructions for instructing the client device include instructions for generating a user interface that includes instruction to send profile data to the identification service, and sending the interface to the client device.
  - 28. The medium of claim 26, wherein the instructions for instructing the client device comprise instructions for redirecting the client device to the identification service.
  - 29. The medium of claim 26, wherein the instructions for generating temporary credentials comprise instructions for generating temporary credentials that provide limited access to the data service.
  - 30. The medium of claim 26, having further instructions for generating a framed web page having a first frame and a second frame and providing, for the first frame, content for directing an application, and providing, for the second frame, content for selecting one or more electronic files managed by the accessed data service.
  - 31. The medium of claim 30, wherein the instructions for generating the framed web page include instructions for generating a framed web page that includes instructions to request a web bug from the identification service, the request to include a cookie identifying the particular profile.

32. A computer readable medium having instructions for generating, at a third network device, a profile interface having user accessible controls for creating a profile for locating and accessing a data service operating on a second network device;
- from the third network device, creating a profile according to selections made through the profile interface, the profile containing data for identifying and accessing the data service;
  
  from the third network device, providing a client device with profile data identifying a created profile;
  
  receiving, at a first network device, a request to access an application;
  
  from the first network device, instructing a client device to send profile data;
  
  receiving the profile data at the third network device;
  
  from the third network device, retrieving a profile identified by the profile data;
  
  generating, at the second network device, temporary credentials for accessing a data service identified by the retrieved profile and providing the temporary credentials to the third network device; and
  
  at the first network device, obtaining the temporary credentials from the third network device and providing the data service with the temporary credentials to access and interact with the data service on behalf of the client device.
- View Dependent Claims (33, 34, 35, 36, 37)
- - 33. The medium of claim 32, wherein the instructions for instructing the client device include instructions for generating a user interface that includes instruction to send profile data, and sending the interface to the client device.
  - 34. The medium of claim 32, wherein the instructions for instructing the client device comprise instructions for redirecting the client device.
  - 35. The medium of claim 32, wherein the instructions for generating temporary credentials comprise instructions for generating temporary credentials that provide limited access to the data service.
  - 36. The medium of claim 32, having further instructions for generating a framed web page having a first frame and a second frame, the medium having further instructions for providing, for the first frame, content for directing the application, and providing, for the second frame, content for selecting one or more electronic flies managed by the accessed data service.
  - 37. The medium of claim 36, wherein the instructions for providing a client device with profile data comprise instructions for providing the client device with a cookie, and wherein the instructions for generating the framed web page include instructions for generating a framed web page that includes instructions to request a web bug from the identification service, the request to include the cookie.

38. A system for providing a first network resource operating on a first network device with access to a second network resource operating on a second network device, comprising:
- an identification service operating on a third network device, the identification service in network communication with a credential module, the credential module operating on the second network device and operable to use a profile acquired by the identification service to generate temporary credentials for accessing the second network resource, the identification service being operable to receive profile data from a client device and to acquire a profile identified by the profile data, the credential module and the identification service, together being operable to provide the first network resource with the temporary credentials enabling the first network resource to provide the second network resource with the temporary credentials to access and interact with the second network resource on behalf of the client device.
- View Dependent Claims (39, 40, 41, 42)
- - 39. The system of claim 38, wherein the credential module is further operable to invalidate the temporary credentials following a termination event.
  - 40. The system of claim 39, wherein the termination event involves the lapse of a set time period.
  - 41. The system of claim 39, wherein the termination event involves the first server accessing the second server.
  - 42. The system of claim 38, wherein the credential module is further operable to generate temporary credentials that provide limited access to the second network resource.

43. A system for accessing a data service operating on a second network device comprising:
- an identification service, operating on a third network device, operable to receive profile data from a client device identifying a particular profile and to provide that profile, the profile to contain electronic data used to identify the data service;
  
  a credential module, operating on the second network device, operable to obtain the profile from the identification service, generate temporary credentials, and map those credentials to the data service identified by the profile and to provide the temporary credentials to the identification service; and
  
  an application server, operating on a first network device, operable to serve an interface containing instructions to send profile data to the identification service, to obtain the temporary credentials from the identification service, and to provide the data service with the temporary credentials to access and interact with the data service on behalf of the client device.
- View Dependent Claims (44, 45, 46, 47)
- - 44. The system of claim 43, wherein the credential module is further operable to invalidate the temporary credentials following a termination event.
  - 45. The system of claim 43, further comprising:
    - an application content provider in communication with the application server and operable to generate content for directing an application; and
      
      a data content provider in communication with the application server and operable to generate content for selecting electronic files managed by the accessed data service.
  - 46. The system of claim 45, wherein the application server is operable to create the interface in the form of a framed web page having a first frame for displaying the content generated by the application content provider and a second frame for displaying the content generated by the data content provider, the framed web page also including instructions to request a web bug from the identification service, the request to include the profile data.
  - 47. The system of claim 45, further comprising a web browser operable to request and display the interface in the form of the framed web page and to request the web bug providing the profile data to the identification service.

48. A system for accessing a data service operating on a second network device, the system comprising:
- an identification service operating on a third network device and operable to generate a profile interface having user accessible controls for creating a profile containing electronic data used to identify the data service, to create a profile using selections made through the profile interface, to issue instructions to store profile data used to access the created profile, to receive, from a client device, profile data identifying a particular profile, and to provide that profile;
  
  a credential module operable to obtain the profile from the identification service, generate temporary credentials, and map those credentials to the data service identified by the profile and to provide the temporary credentials to the identification service; and
  
  an application server operating on a first network device and operable to serve an application interface that includes instructions to send profile data to the identification service, to obtain the temporary credentials from the identification service, and to provide the data service with the temporary credentials to access and interact with the data service on behalf of the client device.
- View Dependent Claims (49, 50, 51, 52)
- - 49. The system of claim 48, wherein the credential module is further operable to invalidate the temporary credentials following a termination event.
  - 50. The system of claim 48, further comprising:
    - an application content provider in communication with the application server and operable to generate application content for directing an application; and
      
      a data content provider in communication with the application server and operable to generate data content for selecting electronic files, managed by the accessed data service.
  - 51. The system of claim 50, wherein the application server is operable to create the application interface in the form of a framed web page having a first frame for displaying the content generated by the application content provider and a second frame for displaying the content generated by the data content provider, the framed web page also including instructions to request a web bug from the identification service, the request to include the profile data.
  - 52. The system of claim 48, further comprising a browser operable to request and display the profile and application interfaces.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Sandfort, Patrick O'Neil, Perkins, Gregory Eugene, Simpson, Shell Sterling
Primary Examiner(s)
Jaroenchonwanit, Bunjob
Assistant Examiner(s)
Chankong, Dohm

Application Number

US10/085,971
Publication Number

US 20030163566A1
Time in Patent Office

1,749 Days
Field of Search

709/225, 709/229, 709/232, 713/200
US Class Current

709/229
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/102   Entity profiles

Data access in a distributed environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

Data access in a distributed environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links