Method, system, and article of manufacture for implementing security features at a portal server

US 7,260,617 B2
Filed: 03/04/2002
Issued: 08/21/2007
Est. Priority Date: 03/04/2002
Status: Active Grant

First Claim

Patent Images

1. A method for implementing security features at a portal server, comprising:

receiving a first request from a client;

in response to receiving the first request, authenticating the client;

consulting a database to determine access privileges of the authenticated client for interactions with a plurality of applications, wherein the applications are located at backend servers;

generating code containing selectable interactions with the applications, wherein any authentication for the selectable interactions is performed within the portal server sending the code to the client;

responsive to sending the code to the client, receiving a second request from the client, wherein the second request contains a selection of at least one of the selectable interactions;

determining from the selection a set of backend servers to process the second request;

forwarding the second request to the set of backend servers;

receiving results corresponding to the second request from applications executing on the backend servers; and

sending the results to the client, wherein sending the results to the client further comprises;

(i) generating further selectable interactions for at least two different applications selected from the applications located at the backend servers, wherein the backend servers are located outside the portal server; and

(ii) sending the further selectable interactions with the results to the client, wherein the further selectable interactions for the at least two different applications located outside the portal server and the results are allowed to be displayed in a single Web page at the client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided is a method, system, and an article of manufacture for implementing security at a portal server. The portal server provides a client with access to backend applications, where the backend applications are stored at backend servers separate from the portal server. Associated with each backend application are privileges and other security features. The privileges and the security features are stored at a database in the portal server. The portal server receives a request from a client and constructs a list of allowable interactions for a plurality of the backend applications, by consulting the database. The portal server sends a page containing the list of allowable interactions to the client. The client selects an interaction and requests the portal server for a result of the interaction. The portal server requests a backend server to provide the result, and returns the result to the client, along with a set of new allowable interactions for the client to select.

60 Citations

View as Search Results

47 Claims

1. A method for implementing security features at a portal server, comprising:
- receiving a first request from a client;
  
  in response to receiving the first request, authenticating the client;
  
  consulting a database to determine access privileges of the authenticated client for interactions with a plurality of applications, wherein the applications are located at backend servers;
  
  generating code containing selectable interactions with the applications, wherein any authentication for the selectable interactions is performed within the portal server sending the code to the client;
  
  responsive to sending the code to the client, receiving a second request from the client, wherein the second request contains a selection of at least one of the selectable interactions;
  
  determining from the selection a set of backend servers to process the second request;
  
  forwarding the second request to the set of backend servers;
  
  receiving results corresponding to the second request from applications executing on the backend servers; and
  
  sending the results to the client, wherein sending the results to the client further comprises;
  
  (i) generating further selectable interactions for at least two different applications selected from the applications located at the backend servers, wherein the backend servers are located outside the portal server; and
  
  (ii) sending the further selectable interactions with the results to the client, wherein the further selectable interactions for the at least two different applications located outside the portal server and the results are allowed to be displayed in a single Web page at the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the portal server is a Web server and the portal server comprises a portal application.
  - 3. The method of claim 1, wherein the database comprises a plurality of generic objects, wherein each generic object contains the access privileges related to a user for the elements of the plurality of applications.
  - 4. The method of claim 3, wherein the access privileges indicate write access.
  - 5. The method of claim 3, wherein the database is in the form of a table.
  - 6. The method of claim 1 wherein the code is in a form that can be rendered into a Web page.
  - 7. The method of claim 6, wherein the form of the code is comprised of active code, wherein the active code can be executed on the client.
  - 8. The method of claim 1, wherein the selectable interactions correspond to operations within the applications and resources related to the applications, and wherein the applications, the operations within the applications, and the resources related to the applications are displayed on a single Web page.
  - 9. The method of claim 1, wherein the selectable interactions correspond to resources related to the applications.
  - 10. The method of claim 9, wherein the resources are selected from the group consisting of multimedia content, objects, files, attributes of objects, program elements, database objects, table entries.
  - 11. The method of claim 1, wherein a selected backend application has a plurality of secure data objects having different security attributes, wherein each of the secure data objects corresponds to different interactions with the selected backend application, whereina generic objects database is located in the portal server, wherein for each backend application the generic objects database includes a set of generic objects and associated security attributes for each potential user, wherein the set of generic objects correspond to the secure data objects, and wherein the generic objects stores at least those parts of the corresponding secure data objects that are needed for accessing and manipulating the secure data objects.

12. A method at a backend system for securely making available a backend application, comprising:
- creating data structures corresponding to interactions with the backend application;
  
  associating privileges for each of the data structures, wherein the privileges are fully checked at a portal application separately hosted from the backend application;
  
  receiving, at the backend application, a request from the portal application for reading the data structures; and
  
  sending, from the backend application, the data structures to the portal application, wherein the interactions are operations that can be performed on the backend application and on resources related to the backend application, and wherein the backend application, the operations that can be performed on the backend application, and the resources related to the backend application are displayed on a single Web page on a client, wherein the portal application is included in a portal server, wherein the backend application is included in a backend server located outside the portal server, and wherein selectable interactions for at least two different backend applications located outside the portal server and results corresponding to at least one earlier operation are allowed to be displayed on the single Web page on the client.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, further comprising:
    - receiving a request for an interaction with the backend application from the portal application;
      
      processing the request without checking for the privileges; and
      
      sending the results of processing the request to the portal application.
  - 14. The method of claim 12, wherein the data structures are data objects.
  - 15. The method of claim 12, wherein a representation of the data structure is from the group consisting of a relational database, an XML document and a class.
  - 16. The method of claim 12, wherein the interactions relate to resources associated with the backend application.
  - 17. The method of claim 12, wherein a selected backend application has a plurality of secure data objects having different security attributes, wherein each of the secure data objects corresponds to different interactions with the selected backend application, whereina generic objects database is located in the portal server, wherein for each backend application the generic objects database includes a set of generic objects and associated security attributes for each potential user, wherein the set of generic objects correspond to the secure data objects, and wherein the generic objects stores at least those parts of the corresponding secure data objects that are needed for accessing and manipulating the secure data objects.

18. A method for accessing a group of applications at a client computer comprising:
- authenticating with a portal server;
  
  receiving a list of backend applications and interactions that can be performed with the backend applications from a portal application located in the portal server, wherein the backend applications are stored at backend servers that are different from the portal server;
  
  selecting an interaction; and
  
  receiving results based on the selection of the interaction without authenticating with the backend servers, wherein receiving the results further comprises receiving a set of further interactions selectable by the client computer, wherein the portal server performs all necessary authentications of the client computer, and wherein the backend servers avoid any authentication of the client computer, wherein the backend applications are stored at the backend servers located outside the portal server, and wherein selectable interactions for at least two different backend applications located outside the portal server and results corresponding to at least one earlier operation are allowed to be displayed on a single Web page on the client computer.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein authenticating, receiving the list, selecting, and receiving results are at a Web browser.
  - 20. The method of claim 18, wherein a selected backend application has a plurality of secure data objects having different security attributes, wherein each of the secure data objects corresponds to different interactions with the selected backend application, whereina generic objects database is located in the portal server, wherein for each backend application the generic objects database includes a set of generic objects and associated security attributes for each potential user, wherein the set of generic objects correspond to the secure data objects, and wherein the generic objects stores at least those parts of the corresponding secure data objects that are needed for accessing and manipulating the secure data objects.

21. A system for implementing security features, comprising:
- a portal server;
  
  means for receiving a first request from a client at the portal server;
  
  means for authenticating the client, in response to receiving the first request;
  
  means for consulting a database to determine access privileges of the authenticated client for interactions with a plurality of applications, wherein the applications are located at backend servers;
  
  means for generating code containing selectable interactions with the applications, wherein any authentication for the selectable interactions is performed within the portal server;
  
  means for sending the code to the client;
  
  means for receiving a second request from the client in response to sending the code to the client, wherein the second request contains a selection of at least one of the selectable interactions;
  
  means for determining from the selection a set of backend servers to process the second request;
  
  means for forwarding the second request to the set of backend servers;
  
  means for receiving results corresponding to the second request from applications executing on the backend servers; and
  
  means for sending the results to the client, wherein the means for sending the results to the client further performs;
  
  (i) generating further selectable interactions for at least two different applications selected from the applications located at the backend servers, wherein the backend servers are located outside the portal server; and
  
  (ii) sending the further selectable interactions with the results to the client, wherein the further selectable interactions for the at least two different applications located outside the portal server and the results are allowed to be displayed in a single Web page at the client.
- View Dependent Claims (22, 23)
- - 22. The system of claim 21, wherein the database comprises a plurality of generic objects, wherein each generic object contains the access privileges related to a user for the elements of the plurality of applications, wherein the database is in the form of a table, wherein the selectable interactions correspond to operations within the applications and resources related to the applications, and wherein the applications, the operations within the applications, and the resources related to the applications are displayed on a single Web page.
  - 23. The system of claim 21, wherein a selected backend application has a plurality of secure data objects having different security attributes, wherein each of the secure data objects corresponds to different interactions with the selected backend application, whereina generic objects database is located in the portal server, wherein for each backend application the generic objects database includes a set of generic objects and associated security attributes for each potential user, wherein the set of generic objects correspond to the secure data objects, and wherein the generic objects stores at least those parts of the corresponding secure data objects that are needed for accessing and manipulating the secure data objects.

24. A system for securely making available a backend application, comprising:
- a backend system hosting the backend application;
  
  means for creating data structures at the backend system corresponding to interactions with the backend application;
  
  means for associating privileges for each of the data structures, wherein the privileges are fully checked at a portal application separately hosted from the backend application;
  
  means for receiving, at the backend application, a request from the portal application for reading the data structures; and
  
  means for sending, from the backend application, the data structures to the portal application;
  
  means for receiving a request for an interaction with the backend application from the portal application;
  
  means for processing the request without checking for the privileges; and
  
  means for sending the results of processing the request to the portal application, wherein the interaction is an operation that can be performed on the backend application and on resources related to the backend application, wherein the backend application, operations that can be performed on the backend application, and resources related to the backend application are displayed on a single Web page on a client, wherein the portal application is included in a portal server, wherein the backend server hosting the backend application is located outside the portal server, and wherein selectable interactions for at least two different backend applications located outside the portal server and results corresponding to at least one earlier operation are allowed to be displayed on the single Web page on the client.
- View Dependent Claims (25)
- - 25. The system of claim 24, wherein a selected backend application has a plurality of secure data objects having different security attributes, wherein each of the secure data objects corresponds to different interactions with the selected backend application, wherein a generic objects database is located in the portal server, wherein for each backend application the generic objects database includes a set of generic objects and associated security attributes for each potential user, wherein the set of generic objects correspond to the secure data objects, and wherein the generic objects stores at least those parts of the corresponding secure data objects that are needed for accessing and manipulating the secure data objects.

26. A system for accessing a group of applications comprising:
- a client computer;
  
  means for authenticating with a portal server from the client computer;
  
  means for receiving a list of backend applications and interactions that can be performed with the backend applications from a portal application located in the portal server, wherein the backend applications are stored at backend servers that are different from the portal server;
  
  means for selecting an interaction; and
  
  means for receiving results based on the selection of the interaction without authenticating with the backend servers, wherein the means for receiving the results further performs receiving a set of further interactions selectable by the client computer, wherein the portal server performs all necessary authentications of the client computer, and wherein the backend servers avoid any authentication of the client computer, wherein the backend applications are stored in the backend servers located outside the portal server, and wherein selectable interactions for at least two different backend applications located outside the portal server and results corresponding to at least one earlier operation are allowed to be displayed on a single Web page on the client computer.
- View Dependent Claims (27)
- - 27. The system of claim 26, wherein a selected backend application has a plurality of secure data objects having different security attributes, wherein each of the secure data objects corresponds to different interactions with the selected backend application, whereina generic objects database is located in the portal server, wherein for each backend application the generic objects database includes a set of generic objects and associated security attributes for each potential user, wherein the set of generic objects correspond to the secure data objects, and wherein the generic objects stores at least those parts of the corresponding secure data objects that are needed for accessing and manipulating the secure data objects.

28. A computer readable storage medium, including code for implementing security features at a portal server, wherein the code when executed by a processor causes operations, the operations comprising:
- receiving a first request from a client;
  
  in response to receiving the first request, authenticating the client;
  
  consulting a database to determine access privileges of the authenticated client for interactions with a plurality of applications, wherein the applications are located at backend servers;
  
  generating code containing selectable interactions with the applications, wherein any authentication for the selectable interactions is performed within the portal server;
  
  sending the code to the client;
  
  responsive to sending the code to the client, receiving a second request from the client, wherein the second request contains a selection of at least one of the selectable interactions;
  
  determining from the selection a set of backend servers to process the second request;
  
  forwarding the second request to the set of backend servers;
  
  receiving results corresponding to the second request from applications executing on the backend servers; and
  
  sending the results to the client, wherein sending the results to the client further comprises;
  
  (i) generating further selectable interactions for at least two different applications selected from the applications located at the backend servers, wherein the backend servers are located outside the portal server; and
  
  (ii) sending the further selectable interactions with the results to the client, wherein the further selectable interactions for the at least two different applications located outside the portal server and the results are allowed to be displayed in a single Web page at the client.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 29. The computer readable storage medium of claim 28, wherein the portal server is a Web server and the portal server comprises a portal application.
  - 30. The computer readable storage medium of claim 28, wherein the database comprises a plurality of generic objects, wherein each generic object contains the access privileges related to a user for the elements of the plurality of applications.
  - 31. The computer readable storage medium of claim 30, wherein the access privileges indicate write access.
  - 32. The computer readable storage medium of claim 30, wherein the database is in the form of a table.
  - 33. The computer readable storage medium of claim 28, wherein the code is in a form that can be rendered into a Web page.
  - 34. The computer readable storage medium of claim 33, wherein the form of the code is comprised of active code, wherein the active code can be executed on the client.
  - 35. The computer readable storage medium of claim 28, wherein the selectable interactions correspond to operations within the applications and resources related to the applications, and wherein the applications, the operations within the applications, and the resources related to the applications are displayed on a single Web page.
  - 36. The computer readable storage medium of claim 28, wherein the selectable interactions correspond to resources related to the applications.
  - 37. The computer readable storage medium of claim 36, wherein the resources are selected from the group consisting of multimedia content, objects, files, attributes of objects, program elements, database objects, table entries.
  - 38. The computer readable storage medium of claim 28, wherein a selected backend application has a plurality of secure data objects having different security attributes, wherein each of the secure data objects corresponds to different interactions with the selected backend application, wherein a generic objects database is located in the portal server, wherein for each backend application the generic objects database includes a set of generic objects and associated security attributes for each potential user, wherein the set of generic objects correspond to the secure data objects, and wherein the generic objects stores at least those parts of the corresponding secure data objects that are needed for accessing and manipulating the secure data objects.

39. A computer readable storage medium, including code for securely making available a backend application at a backend system, wherein the code when executed by a processor causes operations, the operations comprising:
- creating data structures corresponding to interactions with the backend application;
  
  associating privileges for each of the data structures, wherein the privileges are fully checked at a portal application separately hosted from the backend application;
  
  receiving, at the backend application, a request from the portal application for reading the data structures; and
  
  sending, from the backend application, the data structures to the portal application, wherein the interactions are operations that can be performed on the backend application and on resources related to the backend application, and wherein the backend application, the operations that can be performed on the backend application, and the resources related to the backend application are displayed on a single Web page on a client, wherein the portal application is included in a portal server, wherein the backend application is included in a backend server located outside the portal server, and wherein selectable interactions for at least two different backend applications located outside the portal server and results corresponding to at least one earlier operation are allowed to be displayed on the single Web page on the client.
- View Dependent Claims (40, 41, 42, 43, 44, 47)
- - 40. The computer readable storage medium of claim 39, further comprising:
    - receiving a request for an interaction with the backend application from the portal application;
      
      processing the request without checking for the privileges; and
      
      sending the results of processing the request to the portal application.
  - 41. The computer readable storage medium of claim 39, wherein the data structures are data objects.
  - 42. The computer readable storage medium of claim 39, wherein a representation of the data structure is from the group consisting of a relational database, an XML document and a class.
  - 43. The computer readable storage medium of claim 39, wherein the interactions relate to resources associated with the backend application.
  - 44. The computer readable storage medium of claim 39, wherein a selected backend application has a plurality of secure data objects having different security attributes, wherein each of the secure data objects corresponds to different interactions with the selected backend application, wherein a generic objects database is located in the portal server, wherein for each backend application the generic objects database includes a set of generic objects and associated security attributes for each potential user, wherein the set of generic objects correspond to the secure data objects, and wherein the generic objects stores at least those parts of the corresponding secure data objects that are needed for accessing and manipulating the secure data objects.
  - 47. The computer readable storage medium of claim 44, wherein a selected backend application has a plurality of secure data objects having different security attributes, wherein each of the secure data objects corresponds to different interactions with the selected backend application, wherein a generic objects database is located in the portal server, wherein for each backend application the generic objects database includes a set of generic objects and associated security attributes for each potential user, wherein the set of generic objects correspond to the secure data objects, and wherein the generic objects stores at least those parts of the corresponding secure data objects that are needed for accessing and manipulating the secure data objects.

45. A computer readable storage medium, including code for accessing a group of applications at a client computer, wherein the code when executed by a processor causes operations, the operations comprising:
- authenticating with a portal server;
  
  receiving a list of backend applications and interactions that can be performed with the backend applications from a portal application located in the portal server, wherein the backend applications are stored at backend servers that are different from the portal server;
  
  selecting an interaction; and
  
  receiving results based on the selection of the interaction without authenticating with the backend servers, wherein receiving the results further comprises receiving a set of further interactions selectable by the client computer, wherein the portal server performs all necessary authentications of the client computer, and wherein the backend servers avoid any authentication of the client computer, wherein the backend applications are stored at the backend servers located outside the portal server, and wherein selectable interactions for at least two different backend applications located outside the portal server and results corresponding to at least one earlier operation are allowed to be displayed on a single Web page on the client computer.
- View Dependent Claims (46)
- - 46. The computer readable storage medium of claim 45, wherein authenticating, receiving the list, selecting, and receiving results are at a Web browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Meka, Sekhar, Ho, Phyllis Leigh, Bazinet, Allan Arthur Loring, Wang, Mandy L.
Primary Examiner(s)
Vaughn, Jr.; William C
Assistant Examiner(s)
MANIWANG, JOSEPH R

Application Number

US10/090,556
Publication Number

US 20030167298A1
Time in Patent Office

1,996 Days
Field of Search

709217-219, 709/223, 709/225, 709227-229, 709/249, 713200-202
US Class Current

709/219
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

H04L 63/101 Access control lists [ACL]

Method, system, and article of manufacture for implementing security features at a portal server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system, and article of manufacture for implementing security features at a portal server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links