Extranet access management apparatus and method

US 7,451,149 B2
Filed: 11/08/2004
Issued: 11/11/2008
Est. Priority Date: 11/14/2003
Status: Expired due to Fees

First Claim

Patent Images

1. An apparatus for managing access for an extranet, comprising:

a plurality of domain web server, to which a plurality of users are subscribed,an authentication and authorization (AA) server for managing access authentication and authorization for the domain web server,an authority information storing module for storing authentication information and authorization information of the users, anda user web browser interconnected with the AA server and the domain web server,wherein the AA server comprises;

an AA module for authenticating the users and setting Role values in an AA cookie of the authenticated user;

an access control list (ACL) cache control module for synchronizing ACL caches of the respective domain web server with the AA server;

an encryption module for encrypting the AA cookies to be given to each user; and

a schema provider and user provider for providing an operation system independent of the authority information storing module,wherein the domain web server comprises;

an ACL cache which is delivered from the AA server;

an AA module for checking, by using the ACL cache, whether the user has authority to access a requested resource;

a decryption module for decrypting the encrypted AA cookies; and

a module for processing a resource request from the user web browser,wherein the domain web server is configured to extract the Role values from the AA cookie of the user, extracts an access control entry (ACE) of the requested resource from the ACL cache, and grant an access authority to the user if the ACE of the requested resource exists in the extracted Role values.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Managing access to an extranet for an extended service provider (xSP) includes decentralizing the role of access management by using cached access control list (ACL) information, and synchronizing decentralized access management roles using an authentication and authorization (AA) server. Insufficiency of session management is overcome by adopting authentication/authorization based on a web browser cookie.

23 Citations

View as Search Results

4 Claims

1. An apparatus for managing access for an extranet, comprising:
- a plurality of domain web server, to which a plurality of users are subscribed,an authentication and authorization (AA) server for managing access authentication and authorization for the domain web server,an authority information storing module for storing authentication information and authorization information of the users, anda user web browser interconnected with the AA server and the domain web server,wherein the AA server comprises;
  
  an AA module for authenticating the users and setting Role values in an AA cookie of the authenticated user;
  
  an access control list (ACL) cache control module for synchronizing ACL caches of the respective domain web server with the AA server;
  
  an encryption module for encrypting the AA cookies to be given to each user; and
  
  a schema provider and user provider for providing an operation system independent of the authority information storing module,wherein the domain web server comprises;
  
  an ACL cache which is delivered from the AA server;
  
  an AA module for checking, by using the ACL cache, whether the user has authority to access a requested resource;
  
  a decryption module for decrypting the encrypted AA cookies; and
  
  a module for processing a resource request from the user web browser,wherein the domain web server is configured to extract the Role values from the AA cookie of the user, extracts an access control entry (ACE) of the requested resource from the ACL cache, and grant an access authority to the user if the ACE of the requested resource exists in the extracted Role values.
- View Dependent Claims (2, 3, 4)
- - 2. A method of managing access for an extranet, performed in the apparatus which comprises the elements in claim 1, the method comprising the steps of:
    - an ACL initialization operation comprising;
      
      an AA module of a domain web server requesting the ACL cache control module of the AA server to synchronize an ACL; and
      
      the ACL cache control module referring the ACL from the authority information storing module and delivering the referred ACL data to the AA module of the domain web server;
      
      an authorizing operation in authentication comprising;
      
      a user web browser accessing the domain web server;
      
      the AA module of the domain web server confirming access authority of the user web browser;
      
      the user web browser requesting the authentication from an AA module of the AA server;
      
      the AA module of the AA server referring a schema provider to the authority;
      
      the schema provider referring an authority information storing module to a site and delivering the referred result to a user provider; and
      
      the user provider referring the authority information storing module to the user authority to make authentication, setting Role values in an AA cookie of the authenticated user, and transmitting the AA cookie to the user web browser; and
      
      an authority referring operation comprising;
      
      a user web browser requesting a page (URL) access from the domain web server;
      
      the AA module of the domain web server checking whether the user has an authority to access the requested page by comparing the Role values in the AA cookie and ACEs of the ACL cache; and
      
      the resource request processing module processing the requested page (URL) and responses to the user web browser by sending a processed result.
  - 3. The method of claim 2, further comprising a user authority changing step comprising:
    - if the user web browser requests the service enlisting or quitting, the resource request processing module of the domain web server requesting the AA module of the AA server to enlisting/quitting,the AA module of the AA server changing the user authority information and sending the information to the user provider,the user provider updating the user information by sending the changed information to the authority information storing module,the AA module of the AA server reporting to the resource request processing module that the user information was changed, such that the user is informed that the enlisting/quitting process is completed.
  - 4. The method of claim 2, further comprising:
    - an ACL synchronization operation comprising;
      
      a supervisor instructing the ACL cache control module of the AA server to change the authority; and
      
      the ACL cache control module requesting the authority information storing module to change the ACL, and the ACL cache of the domain web server to synchronize the ACL cache.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nets Co., Ltd.
Original Assignee
Nets Co., Ltd.
Inventors
Lee, Se Hyun, Moon, Sung Kwang, Ryu, Young Jun
Primary Examiner(s)
Ali; Mohammad
Assistant Examiner(s)
Ruiz; Angelica

Application Number

US10/578,634
Publication Number

US 20070124482A1
Time in Patent Office

1,464 Days
Field of Search

707 1-206
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/168   above the transport layer

Y10S 707/99939   Privileged access

Extranet access management apparatus and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Extranet access management apparatus and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links