Secured and access controlled peer-to-peer resource sharing

US 7,475,139 B2
Filed: 09/22/2006
Issued: 01/06/2009
Est. Priority Date: 03/15/2002
Status: Expired due to Fees

First Claim

Patent Images

1. In a peer-to-peer network comprising a plurality of clients, each of the clients being unaware of resources residing at other of the clients, a method of securely conducting a resource search initiated by a first client, the resource search included with a search request having a credentials signal indicative of the first client, the method comprising the steps of:

communicating the search request from the first client to a second client, the second client having a multiplicity of second resources, each of the multiplicity of second resources having at least one corresponding access attribute, the at least one corresponding access attribute being indicative of a set of clients authorized to access a corresponding resource in the multiplicity of second resources; and

at the second client, selectively searching a set of second resources in the multiplicity of second resources that the first client is authorized to access in response to a comparison of authentication data and authorization data within the credentials signal and the at least one corresponding access attribute of each of the multiplicity of second resources, the authorization data being indicative of at least one resource type that the first client is authorized to access within the multiplicity of second resources.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A peer-to-peer network propagates searches from client to client. Resources within each client are selectively searched in response to authentication and authorization processes. Authentication information may be included in a search request or may be performed by an authentication process external to the client. Authorization is performed by a process external to the client. Only after authentication or authorization may resources of any particular client be accessed. The system allows for secure propagated searches and resource access in a peer-to-peer network environment. The network may further include a server for maintaining a list of clients connected to the peer-to-peer network in order to more efficiently facilitate peer-to-peer communications.

Citations

15 Claims

1. In a peer-to-peer network comprising a plurality of clients, each of the clients being unaware of resources residing at other of the clients, a method of securely conducting a resource search initiated by a first client, the resource search included with a search request having a credentials signal indicative of the first client, the method comprising the steps of:
- communicating the search request from the first client to a second client, the second client having a multiplicity of second resources, each of the multiplicity of second resources having at least one corresponding access attribute, the at least one corresponding access attribute being indicative of a set of clients authorized to access a corresponding resource in the multiplicity of second resources; and
  
  at the second client, selectively searching a set of second resources in the multiplicity of second resources that the first client is authorized to access in response to a comparison of authentication data and authorization data within the credentials signal and the at least one corresponding access attribute of each of the multiplicity of second resources, the authorization data being indicative of at least one resource type that the first client is authorized to access within the multiplicity of second resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - communicating the search request from the second client to a third client, the third client having a multiplicity of third resources, each of the multiplicity of third resources having at least one corresponding access attribute, the at least one corresponding access attribute being indicative of a set of clients authorized to access a corresponding resource in the multiplicity of third resources; and
      
      at the third client, selectively searching a set of third resources in the multiplicity of third resources that the first client is authorized to access in response to comparison of authentication data and authorization data within the credentials signal and the at least one access attribute of each of the multiplicity of third resources, the authorization data being indicative of at least one resource type that the first client is authorized to access within the multiplicity of third resources.
  - 3. The method according to claim 2, further comprising the steps of:
    - at the third client, determining a matching resource in response to the step of selectively searching the multiplicity of third resources; and
      
      communicating a matching signal indicative of the matching resource from the third client to the first client.
  - 4. The method according to claim 2,wherein the credentials signal includes an identification signal indicative of the first client,the access attributes of the second and third resources includes an authorization signal indicative of at least one of a plurality of clients, the plurality of clients including the first client,the step of selectively searching the second multiplicity of resources searches one of the second multiplicity of resources if the identification signal substantially matches the authorization signal included with the corresponding access attributes, andthe step of selectively searching the third multiplicity of resources searches one of the third multiplicity of resources if the identification signal substantially matches the authorization signal included with the corresponding access attributes.
  - 5. The method of claim 2, wherein the search request is communicated from the second client to a third client in response to an external server verifying the identity of the first client based on the authentication information.
  - 6. The method of claim 2, wherein selectively searching a set of third resources in the multiplicity of third resources comprises:
    - communicating, from the third client, at least authorization information associated with the first client that is included within the credentials signal to an external server; and
      
      receiving, at the third client in response to the communicating the at least authorization information, at least an authorization signal from the external server including access control information associated with the first client, the access control information being indicative of a set of resource types in the multiplicity of third resources that the first client is authorized to access.
  - 7. The method of claim 6, wherein selectively searching a set of third resources in the multiplicity of third resources further comprises selectively searching a set of resources in the multiplicity of third resources that are associated with a resource type substantially matching at least one resource type that the first client is authorized to access as indicated by the authorization signal.
  - 8. The method of claim 1, further comprising the steps of:
    - communicating, from the second client, authentication and authorization information associated with the first client that is included within the credentials signal to an external server; and
      
      receiving, at the second client in response to the communicating the authentication and authorization information, an authentication signal from the, external server verifying the identity of the first client and an authorization signal from the external server including access control information associated with the first client, the access control information being indicative of a set of resource types in the multiplicity of second resources that the first client is authorized to access.
  - 9. The method of claim 8, wherein the selectively searching at the second client the multiplicity of second resources comprises selectively searching a set of resources in the multiplicity of second resources that are associated with a resource type substantially matching at least one resource type that the first client is authorized to access as indicated by the authorization signal.

10. A client included in a peer-to-peer network having a multiplicity of clients, each of the clients being unaware of resources residing at other of the clients, the client comprising:
- a peer-to-peer network dispatcher for receiving a resource search request from a second client of the multiplicity of clients, the search request initiating from an initiating client of the multiplicity of clients, the search request including a credentials signal having an identification signal indicative of the initiating client, wherein the credentials signal includes authentication data and authorization data, the authorization data being indicative of at least one resource type that the second client is authorized to access;
  
  a memory for storing a plurality of resources, each of the plurality of resources having at least one corresponding access attribute, the at least one corresponding access attribute being indicative of a set of clients authorized to access a corresponding resource in the plurality of resources; and
  
  a search engine for selectively searching at least one set of resources in the plurality of resources that the second client is authorized to access in response to a comparison of the authentication and authorization data within the credentials signal and the at least one access attribute of each of the plurality of resources.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The client according to claim 10,wherein the peer-to-peer network dispatcher communicates the identification signal to an authentication process external to the client and receives an authenticated signal if the identification signal is authenticated by the authentication process, andthe search engine does not search any of the plurality of resources if the authenticated signal is not received from the authentication process.
  - 12. The client according to claim 11, wherein the peer-to-peer network dispatcher communicates the resource search request to a third client of the multiplicity of clients if the authenticated signal is received from the authentication process, or does not communicate the resource search request to the third client if the authenticated signal is not received from the authentication process.
  - 13. The client according to claim 10,wherein the access attribute is indicative of a class of clients permitted to access to the corresponding resource,the peer-to-peer network dispatcher communicates the identification signal to an authorization process external to the client and receives a client class signal in response thereto, andthe search engine selectively searches the at least one of the plurality of resources in response to a comparison of the client class signal and the at least one access attribute of each of the plurality of resources.
  - 14. The client according to claim 10,wherein the peer-to-peer network further includes a server and each of the multiplicity of clients has a unique client address,the client further comprises a seed list receiver for receiving and storing a seed list of client address from the server, andthe peer-to-peer network search dispatcher forwards the resource search request to client addresses of the seed list.

15. In a peer-to-peer network comprising a plurality of clients, each of the clients being unaware of resources residing at other of the clients, a method of securely conducting a resource search initiated by a first client, the resource search included with a search request having a credentials signal indicative of the first client, the method comprising the steps of:
- communicating the search request from the first client to a second client;
  
  communicating the search request from the second client to a third client, the third client having a multiplicity of third resources, each of the multiplicity of third resources having at least one corresponding access attribute, the at least one corresponding access being indicative of a set of clients authorized to access a corresponding resource in plurality of resources; and
  
  at the third client, selectively searching a set of resources in the multiplicity of third resources that the first client is authorized to access in response to a comparison of authentication and authorization data within the credentials signal and the at least one access attribute of each of the multiplicity of third resources, the authorization data being indicative of at least one resource type that the first client is authorized to access within the multiplicity of third resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Subramanian, Ramesh, Sweeney, William C., Rooney, John W., Goodman, Brian D.
Primary Examiner(s)
Tran; Philip B

Application Number

US11/534,441
Publication Number

US 20070016655A1
Time in Patent Office

837 Days
Field of Search

709223-225, 709/229, 709/203, 709/217, 713/176, 726 3- 5
US Class Current

709/225
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 67/104   Peer-to-peer [P2P] networks

H04L 67/1068   Discovery involving direct ...

H04L 69/329   in the application layer [O...

Secured and access controlled peer-to-peer resource sharing

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Secured and access controlled peer-to-peer resource sharing

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links