Method and system for authorization and access to protected resources

US 7,260,831 B1
Filed: 04/25/2002
Issued: 08/21/2007
Est. Priority Date: 04/25/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for enhancing the capabilities of a CORBA Resource Access Decision Facility comprising:

populating a cache only with permissive resource access decisions obtained from the CORBA Resource Access Decision Facility;

when a permissive resource access decision is present in the cache, retrieving the permissive access decision from the cache and not requesting an access decision from the CORBA Resource Access Decision Facility; and

requesting a permissive resource access decision from the CORBA Resource Access Decision Facility only when the access decision is not present in the cache;

wherein the action of requesting an access decision from the CORBA Resource Access Decision Facility comprises;

requesting a permissive access decision from the CORBA Resource Access Decision Facility only when the permissive access decision is not present in the cache; and

requesting an access decision which comprises restraints or overrides from the CORBA Resource Access Decision Facility without first checking the cache.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure addresses an enhancement to a resource access decision facility, preferably a CORBA RAD, that allows additional query capabilities and faster resource access. Resource access decisions obtained from RAD are placed in a cache. An application can retrieve access decisions directly from the cache rather than requesting the decisions from RAD. If an access decision is not available in the cache, the access decision is requested from RAD. The preferred embodiments of the present disclosure allow the retrieval of lists of roles that have access to a particular resource and resources to which a particular role has access. The cache can be populated either prior to or during the mainstream execution of a program. In another embodiment, a backup version of the data in the cache can be stored in a storage medium external to the cache for near immediate restart after a crash or shutdown.

Citations

21 Claims

1. A method for enhancing the capabilities of a CORBA Resource Access Decision Facility comprising:
- populating a cache only with permissive resource access decisions obtained from the CORBA Resource Access Decision Facility;
  
  when a permissive resource access decision is present in the cache, retrieving the permissive access decision from the cache and not requesting an access decision from the CORBA Resource Access Decision Facility; and
  
  requesting a permissive resource access decision from the CORBA Resource Access Decision Facility only when the access decision is not present in the cache;
  
  wherein the action of requesting an access decision from the CORBA Resource Access Decision Facility comprises;
  
  requesting a permissive access decision from the CORBA Resource Access Decision Facility only when the permissive access decision is not present in the cache; and
  
  requesting an access decision which comprises restraints or overrides from the CORBA Resource Access Decision Facility without first checking the cache.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising retrieving from the cache, through the invocation of a single method, a list of roles that have access to a specified resource.
  - 3. The method of claim 1 further comprising retrieving from the cache, through the invocation of a single method, a list of resources to which a specified role has access.
  - 4. The method of claim 1 wherein the cache is populated prior to the mainstream execution of a computer program that uses the cache.
  - 5. The method of claim 1 wherein the cache is populated during the mainstream execution of a computer program that uses the cache.
  - 6. The method of claim 1 wherein a single cache is accessed by more than one computer program.
  - 7. The method of claim 1 wherein a copy of the data in the cache is stored in a storage medium separate from the cache.

8. A computer program for enhancing the capabilities of the CORBA Resource Access Decision Facility comprising:
- computer code that populates a cache only with permissive resource access decisions obtained from the CORBA Resource Access Decision Facility;
  
  when a permissive access decision is present in the cache, computer code that retrieves the access decision from the cache without and does not request an access decision from the CORBA Resource Access Decision Facility;
  
  computer code that requests a permissive resource access decision from the CORBA Resource Access Decision Facility only when the access decision is not present in the cache; and
  
  wherein the computer code that requests an access decision from the CORBA Resource Access Decision Facility comprises;
  
  computer code that requests a permissive access decision from the CORBA Resource Access Decision Facility only when the permissive access decision is not present in the cache; and
  
  computer code that request an access decision which comprises restraints or overrides from the CORBA Resource Access Decision Facility without first checking the cache.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program of claim 8 further comprising computer code that retrieves from the cache, through the invocation of a single method, a list of roles that have access to a specified resource.
  - 10. The computer program of claim 8 further comprising computer code that retrieves from the cache, through the invocation of a single method, a list of resources to which a specified role has access.
  - 11. The computer program of claim 8 further comprising computer code that populates the cache prior to the mainstream execution of the computer program.
  - 12. The computer program of claim 8 further comprising computer code that populates the cache during the mainstream execution of the computer program.
  - 13. The computer program of claim 8 wherein the cache can be accessed by other programs.
  - 14. The computer program of claim 8 wherein a copy of the data in the cache is stored in a storage medium separate from the cache.

15. A computer system comprising:
- a cache populated only with permissive resource access decisions obtained from a CORBA Resource Access Decision Facility; and
  
  computer code that retrieves a permissive access decision from the cache when the access decision is present in the cache and only requests an access decision from the CORBA Resource Access Decision Facility when the access decision is not present in the cache;
  
  wherein the computer code that retrieves an access decision from the cache when the access decision is present in the cache and only requests an access decision from the CORBA Resource Access Decision Facility when the access decision is not present in the cache comprises;
  
  computer code that evaluates whether an access decision is a permissive access decision or whether the access decision comprises constraints or overrides;
  
  computer code that retrieves a permissive access decision from the cache and requests a permissive access decision from the CORBA Resource Access Decision Facility when the permissive access decision is not present in the cache; and
  
  computer code that requests an access decision which comprises restraints or overrides from the CORBA Resource Access Decision Facility without first checking the cache.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer system of claim 15 further comprising computer code that retrieves from the cache, through the invocation of a single method, a list of roles that have access to a specified resource.
  - 17. The computer system of claim 15 further comprising computer code that retrieves from the cache, through the invocation of a single method, a list of resources to which a specified role has access.
  - 18. The computer system of claim 15 further comprising computer code that populates the cache prior to the mainstream execution of the computer program.
  - 19. The computer system of claim 15 further comprising computer code that populates the cache during the mainstream execution of the computer program.
  - 20. The computer system of claim 15 wherein the cache can be accessed by other programs.
  - 21. The computer system of claim 15 wherein a copy of the data in the cache is stored in a storage medium separate from the cache.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Nguyen, Hieu, Carter, Jennifer, Mwaura, James, Beznosov, Konstantin
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
HOMAYOUNMEHR, FARID

Application Number

US10/132,838
Time in Patent Office

1,944 Days
Field of Search

709/203, 709/237, 726/1, 726/2
US Class Current

726/2
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 9/468 Specific access rights for ...

Method and system for authorization and access to protected resources

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authorization and access to protected resources

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links