Data transfer system and method with secure mapping of local system access rights to global identities
First Claim
Patent Images
1. An apparatus for implementing security procedures during a data transfer process comprising:
- means for transferring data from an initiating computer to a remote computer;
an authorization table associated with the initiating computer including at least;
i) a remote computer identifier;
ii) at least one local user identifier corresponding to the remote computer identifier; and
iii) qualifiers authorizing operations;
means for the initiating computer, acting as a local user, to request to establish a communication link to connect to the remote computer, to perform desired operations;
means for determining from at least the authorization table whether the remote computer is associated with the local user;
means for denying the request if the remote computer is determined not to be associated with the local user; and
means for permitting the request if the remote computer is determined to be associated with the local user.
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention relates to a method and apparatus for providing security using an authorization process in connection with data transfers. Keyed certificates are used to authenticate remote computers. An authorization table maps remote computers to allowable local users and corresponding qualifiers. In order to complete a data transfer process, the system of the present invention authenticates the remote computer, determines its authority to act as a designated local user, and determines whether the remote computer, acting as the designated local user, can perform the actions required for the data transfer.
71 Citations
24 Claims
-
1. An apparatus for implementing security procedures during a data transfer process comprising:
-
means for transferring data from an initiating computer to a remote computer; an authorization table associated with the initiating computer including at least; i) a remote computer identifier; ii) at least one local user identifier corresponding to the remote computer identifier; and iii) qualifiers authorizing operations; means for the initiating computer, acting as a local user, to request to establish a communication link to connect to the remote computer, to perform desired operations; means for determining from at least the authorization table whether the remote computer is associated with the local user; means for denying the request if the remote computer is determined not to be associated with the local user; and means for permitting the request if the remote computer is determined to be associated with the local user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for implementing security procedures during a data transfer process comprising the steps of:
-
receiving, over a communications link to a receiving computer, a request from a remote computer for authorization to perform desired operations at the receiving computer under a particular local user identifier; maintaining, in association with the receiving computer, an authorization table including at least a remote computer identifier and a corresponding local user identifier and qualifiers authorizing operations; determining whether the remote computer is associated with the requested local user using the authorization table; terminating the communications link if the requested local user is not associated with the corresponding local user identifier; and maintaining the communications link for the desired operations, if the requested local user is associated with the corresponding local user identifier. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for implementing security procedures during a data transfer process within a computer network which includes at least a central management computer for sending a distribution rule to a distribution agent of a primary computer for use in controlled data transfer between the primary computer distribution agent and a distribution agent of a secondary computer, the system further comprising:
-
means for requesting authentication for the primary computer, acting as a local user to connect to the secondary computer; an authorization table associated with the primary computer including at least; i) a secondary computer identifier; ii) at least one local user identifier corresponding to the secondary computer identifier; and iii) qualifiers authorizing operations; means for the primary computer, acting as a local user to request to establish a communication link to connect to the secondary computer, to perform desired operations; means for determining from at least the authorization table whether the secondary computer is associated with the local user; means for denying the request if the secondary computer is determined not to be associated with the local user; and means for permitting the request if the secondary computer is determined to be associated with the local user. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification