Access control in client-server systems
First Claim
1. A method of operating a telecommunications network shared by two or more organizations, the network including at least a server and a plurality of client terminals, the method comprising the steps of:
- the two or more organizations making requests to the server via client terminals,each request to the server for an organization being initiated via a proxy communications object on one of the client terminals, the proxy object enabling comparison of the contents of the request with a definition of the rights and privileges of an organization to use the network, and, responsive to the comparison step, enabling or blocking forwarding of the request to the server; and
the server transmitting to each of the plurality of client terminals at least a first component of the proxy communications object, the first proxy communications object component comprising the definition of the rights and privileges of the organization corresponding to the client terminal;
the first proxy communications object component being adapted to perform a comparison of security information contained in the request with the definition of the rights and privileges of the organization and to cooperate with a second component of the proxy communications object adapted to retrieve the security information from the request and to enable or block forwarding of the request to the server.
3 Assignments
0 Petitions
Accused Products
Abstract
A control system methodology uses object-oriented software to integrate multiple control systems into a common object model. Object-oriented techniques are used to construct distributed Java-based applications in a multi-vendor open system environment for use in controlling and monitoring systems of varying size and configuration. The system provides both a browser client (101) (running on a Java-enabled browser) and a server client (121). The present invention has multiple stations: a Web BAS Server (110), a Network Processor (NP) (111), and a Field Controller (FC) (112). The NP and FC are preferably Java Virtual Machines implemented in a plug-in Java Modular Environment. Information is brought into a common object model and made available throughout the system. A custom programming language based on Java is provided for object creation, with access to objects controlled through a multi-level security protocol. Data flow is governed by a real-time information synchronization manager.
29 Citations
21 Claims
-
1. A method of operating a telecommunications network shared by two or more organizations, the network including at least a server and a plurality of client terminals, the method comprising the steps of:
-
the two or more organizations making requests to the server via client terminals, each request to the server for an organization being initiated via a proxy communications object on one of the client terminals, the proxy object enabling comparison of the contents of the request with a definition of the rights and privileges of an organization to use the network, and, responsive to the comparison step, enabling or blocking forwarding of the request to the server; and
the server transmitting to each of the plurality of client terminals at least a first component of the proxy communications object, the first proxy communications object component comprising the definition of the rights and privileges of the organization corresponding to the client terminal;
the first proxy communications object component being adapted to perform a comparison of security information contained in the request with the definition of the rights and privileges of the organization and to cooperate with a second component of the proxy communications object adapted to retrieve the security information from the request and to enable or block forwarding of the request to the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A telecommunications network for shared use by at least two organizations, the network comprising at least one server and a plurality of client terminals, the server being adapted to distribute at least a first component of a proxy communications object to each of the client terminals, the first distributed proxy communications object component comprising a definition of the rights and privileges of an organization to use the network,
each client terminal being adapted so that when the organization initiates a request to the server via a proxy communications object on each client terminal, the proxy object enables comparison of the contents of the request with a definition of the rights and privileges of the organization to use the network, and, responsive to the comparison step, enabling or blocking forwarding of the request to the server, the first proxy communications object component being adapted to perform a comparison of security information contained in the request with the definition of the rights and privileges of the organization and to cooperate with a second component of the proxy communications object adapted to retrieve the security information from the request and to enable or block forwarding of the request to the server.
-
17. An external client user device for communication with a server on a telecommunication network for shared use by at least two organizations, the external client user device being a terminal containing memory for storing a proxy communications object comprising a definition of the rights and privileges of the user to use the network, a request to the server being initiated via the proxy communications object before communication with the server and the proxy communications object being adapted to enable comparison of the contents of the request and the definition of the rights and privileges of the user and, responsive to the comparison, enabling or blocking forwarding of the request to the server,
the proxy communications object comprising a first proxy communications object component comprising the definition of the rights and privileges of the user to use the network, and a second proxy communications object component, the first proxy communications object component being adapted to perform a comparison of security information contained in the request with the definition of the rights and privileges of the user and to cooperate with the second component of the proxy communications object adapted to retrieve the security information from the request and to enable or block forwarding of the request to the server.
Specification