Method for performing group exclusion in hierarchical group structures
First Claim
Patent Images
1. In a distributed computing system having a system resource,(A) in which a plurality of principals are divided into a plurality of groups including a first group which is one subgroup of a second group which includes other subgroups;
- and(B) in which principals derive their membership in the second group through membership in at least one of the subgroups;
a method for denying principal'"'"'s solely in the first group access to the resource comprising the steps of;
(a) receiving a request from a principal for access to the system resource;
(b) determining whether the requesting principal is a member of one of the subgroups not the first group; and
(c) denying the requesting principal access to the resource if the principal is not a member of one of the other subgroups, whereby principal solely in the first group are denied access to the resource.
5 Assignments
0 Petitions
Accused Products
Abstract
A method for denying a first group access to a system resource wherein a second group is selected such that the first group is a subgroup of the second group. Access is granted only to those members of the second group who do not derive their membership in the second group through their membership in the first group.
300 Citations
3 Claims
-
1. In a distributed computing system having a system resource,
(A) in which a plurality of principals are divided into a plurality of groups including a first group which is one subgroup of a second group which includes other subgroups; - and
(B) in which principals derive their membership in the second group through membership in at least one of the subgroups; a method for denying principal'"'"'s solely in the first group access to the resource comprising the steps of; (a) receiving a request from a principal for access to the system resource; (b) determining whether the requesting principal is a member of one of the subgroups not the first group; and (c) denying the requesting principal access to the resource if the principal is not a member of one of the other subgroups, whereby principal solely in the first group are denied access to the resource.
- and
-
2. In a distributed computing system having a system resource,
(A) in which a plurality of principals are divided into a plurality of groups including a first group which is one subgroup of a second group which includes other subgroups; - and
(B) in which principals derive their membership in the second group through membership in at least one of the subgroups; a method for denying principals solely in the first group access to the resource comprising the steps of; (a) receiving a request from a principal for access to the system resource; (b) determining whether the requesting principal derives its membership in the second group solely through its membership in the first group; and (c) granting the requesting principal access to the resource if the principal does not derive its membership in the second group solely through membership in the first group. - View Dependent Claims (3)
- and
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHewlett-Packard Development Company, L.P. (HP Inc.)
-
Original AssigneeDigital Equipment Corporation (HP Inc.)
-
InventorsGasser, Morrie, Kaufman, Charles W., Goldstein, Andrew C.
-
Primary Examiner(s)Gregory, Bernarr E.
-
Application NumberUS07/589,924Time in Patent Office991 DaysField of Search380/3, 380/4, 380/23, 380/25, 380/30, 380/49, 364/222.5, 364/246.9, 364/955.3, 364/240.8, 364/246.6, 364/286.5, 340/825.3, 340/825.31, 340/825.34, 340/825.52US Class Current1/1CPC Class CodesG06F 21/6281 at program execution time, ...H04L 9/3249 using RSA or related signat...H04L 9/3263 involving certificates, e.g...H04L 9/3271 using challenge-responseY10S 707/99939 Privileged access
