Access control in client-server systems

US 7,890,640 B2
Filed: 06/25/2001
Issued: 02/15/2011
Est. Priority Date: 06/23/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of operating a telecommunications network shared by two or more organizations, the network including at least a server and a plurality of client terminals, the method comprising the steps of:

the two or more organizations making requests to the server via client terminals,each request to the server for an organization being initiated via a proxy communications object on one of the client terminals, the proxy object enabling comparison of the contents of the request with a definition of the rights and privileges of an organization to use the network, and, responsive to the comparison step, enabling or blocking forwarding of the request to the server; and

the server transmitting to each of the plurality of client terminals at least a first component of the proxy communications object, the first proxy communications object component comprising the definition of the rights and privileges of the organization corresponding to the client terminal;

the first proxy communications object component being adapted to perform a comparison of security information contained in the request with the definition of the rights and privileges of the organization and to cooperate with a second component of the proxy communications object adapted to retrieve the security information from the request and to enable or block forwarding of the request to the server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A control system methodology uses object-oriented software to integrate multiple control systems into a common object model. Object-oriented techniques are used to construct distributed Java-based applications in a multi-vendor open system environment for use in controlling and monitoring systems of varying size and configuration. The system provides both a browser client (101) (running on a Java-enabled browser) and a server client (121). The present invention has multiple stations: a Web BAS Server (110), a Network Processor (NP) (111), and a Field Controller (FC) (112). The NP and FC are preferably Java Virtual Machines implemented in a plug-in Java Modular Environment. Information is brought into a common object model and made available throughout the system. A custom programming language based on Java is provided for object creation, with access to objects controlled through a multi-level security protocol. Data flow is governed by a real-time information synchronization manager.

29 Citations

View as Search Results

21 Claims

1. A method of operating a telecommunications network shared by two or more organizations, the network including at least a server and a plurality of client terminals, the method comprising the steps of:
- the two or more organizations making requests to the server via client terminals,each request to the server for an organization being initiated via a proxy communications object on one of the client terminals, the proxy object enabling comparison of the contents of the request with a definition of the rights and privileges of an organization to use the network, and, responsive to the comparison step, enabling or blocking forwarding of the request to the server; and
  
  the server transmitting to each of the plurality of client terminals at least a first component of the proxy communications object, the first proxy communications object component comprising the definition of the rights and privileges of the organization corresponding to the client terminal;
  
  the first proxy communications object component being adapted to perform a comparison of security information contained in the request with the definition of the rights and privileges of the organization and to cooperate with a second component of the proxy communications object adapted to retrieve the security information from the request and to enable or block forwarding of the request to the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein each request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource.
  - 3. The method according to claim 1, wherein communications between the server and each client terminal are defined by a common object model protocol.
  - 4. The method according to claim 1, wherein each client terminal only has read only access to the definition of the rights and privileges included within the transmitted first proxy object component.
  - 5. The method according to claim 1, further comprising the step of:
    - the first proxy object component inheriting the definition of the rights and privileges for an organization from a second object.
  - 6. The method according to claim 1, further comprising the step of:
    - the server transmitting a further proxy communications object to each client terminal, the second proxy communications object comprising a further definition of the rights and privileges of an organization to use the network.
  - 7. A method according to claim 1, wherein the first proxy communications object component comprising the definition of the rights and privileges of the organization corresponding to the client provides the definition of the rights and privileges only of the organization corresponding to the client.
  - 8. The method according to claim 1, wherein the network has at least one base network providing radio communications to user terminals and an operations and maintenance network comprising the server.

9. A telecommunications network for shared use by at least two organizations, the network comprising at least one server and a plurality of client terminals, the server being adapted to distribute at least a first component of a proxy communications object to each of the client terminals, the first distributed proxy communications object component comprising a definition of the rights and privileges of an organization to use the network,each client terminal being adapted so that when the organization initiates a request to the server via a proxy communications object on each client terminal, the proxy object enables comparison of the contents of the request with a definition of the rights and privileges of the organization to use the network, and, responsive to the comparison step, enabling or blocking forwarding of the request to the server,the first proxy communications object component being adapted to perform a comparison of security information contained in the request with the definition of the rights and privileges of the organization and to cooperate with a second component of the proxy communications object adapted to retrieve the security information from the request and to enable or block forwarding of the request to the server.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A network according to claim 9, wherein the request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource.
  - 11. The network in accordance with claim 9, wherein the communications between the server and each client terminal are defined by a common object model protocol.
  - 12. The network according to claim 9, wherein the first distributed proxy object component is stored on each client terminal and each client terminal is adapted to access the distributed proxy communications object component before completing set-up of a communication with the server.
  - 13. The network according to claim 9, wherein each client terminal only has read only access to the first distributed proxy communications object component.
  - 14. The network according to claim 9, wherein the first distributed proxy communications object component is adapted to inherit the rights and privileges from a second object.
  - 15. The network according to claim 9, each client terminal further comprising a second proxy communications object component adapted to enable forwarding of the request to the server in response to the comparison.
  - 16. A telecommunications network according to claim 9, wherein the first distributed proxy communications object component comprises a definition of the rights and privileges only of the organization to use the network.

17. An external client user device for communication with a server on a telecommunication network for shared use by at least two organizations, the external client user device being a terminal containing memory for storing a proxy communications object comprising a definition of the rights and privileges of the user to use the network, a request to the server being initiated via the proxy communications object before communication with the server and the proxy communications object being adapted to enable comparison of the contents of the request and the definition of the rights and privileges of the user and, responsive to the comparison, enabling or blocking forwarding of the request to the server,the proxy communications object comprising a first proxy communications object component comprising the definition of the rights and privileges of the user to use the network, and a second proxy communications object component,the first proxy communications object component being adapted to perform a comparison of security information contained in the request with the definition of the rights and privileges of the user and to cooperate with the second component of the proxy communications object adapted to retrieve the security information from the request and to enable or block forwarding of the request to the server.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The client user device according to claim 17, wherein the request relates to modification of a management object maintained at a network resource, each organization having a global right to access the network resource.
  - 19. The client user device according to claim 17, wherein the terminal is adapted to communicate with the server using a common object model protocol.
  - 20. The client user device according to claim 17, wherein the terminal only has read only access to the proxy communications object.
  - 21. A client user device according to claim 17, wherein the proxy communications object comprises a definition of rights and privileges of only the user to use the network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Nortel Networks Limited (Nortel Networks Corporation)
Inventors
Ribot, Stephan
Primary Examiner(s)
Ismail, Shawki S

Application Number

US10/312,004
Publication Number

US 20030187993A1
Time in Patent Office

3,522 Days
Field of Search

709223-224, 709/227, 709/229, 709/225, 707/9
US Class Current

709/229
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2145   Inheriting rights or proper...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/166   at the transport layer

H04L 67/01   Protocols

H04L 9/40   Network security protocols

Access control in client-server systems

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Access control in client-server systems

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links