Method and apparatus for community management in remote system servicing

US 6,584,454 B1
Filed: 12/31/1999
Issued: 06/24/2003
Est. Priority Date: 12/31/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for allowing access to a protected software application by a remote system user via a network, comprising the steps of:

storing a community management database at a central facility, said community management database comprising, for each one of a plurality of protected software applications, a respective rule for defining a community of members entitled to access the respective protected software application, and further comprising information for a plurality of variables, each variable of said plurality belonging to one of the following categories;

remote system information variables, remote system site variables, remote system variables, and remote system contract variables, each of said rules being a function of one or more of said variables;

said remote system user sending a request for access to a particular protected software application, said request being sent to a server that can provide access to said particular protected software application via said network;

said remote system user sending a user identification and a password to said server via said network;

said server in turn sending said user identification and said password to said central facility;

said central facility determining whether said password is authentic;

said central facility determining whether said remote system user is authorized to access said particular protected software application; and

allowing said remote system user to access said particular protected software application if a number of conditions are met, said conditions including at least the following;

said password is authentic and said remote system user is authorized to access said particular protected software application, wherein said step of determining whether said remote system user is authorized comprises the following steps;

retrieving a particular rule corresponding to said particular protected software application from said community management database;

retrieving information for one or more variables from said community management database, said information being related to said user identification; and

determining whether said retrieved variable information satisfies said retrieved rule, access being not authorized if said retrieved variable information does not satisfy said retrieved rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for delivery of protected software applications to remote systems from a central service facility wherein delivery is managed on the basis of the community membership of the remote system user. Business rules are utilized to determine whether a particular authenticated user seeking access to a protected software application from a particular remote site should be authorized. A multiplicity of web servers are programmed to allow selective access to one or more resident software applications by remote system users via a network. Access is managed by a central policy server based on user and system information and community definitions stored in a database. The policy server communicates with each web server via an agency module incorporated in the web server. The agency module intercepts requests for access from remote system users and then interfaces with the policy server. If the remote system user has input an authentic identification code, the policy server then applies the business rules to determine whether the requesting remote system user is authorized to access the protected software being requested.

383 Citations

27 Claims

1. A method for allowing access to a protected software application by a remote system user via a network, comprising the steps of:
- storing a community management database at a central facility, said community management database comprising, for each one of a plurality of protected software applications, a respective rule for defining a community of members entitled to access the respective protected software application, and further comprising information for a plurality of variables, each variable of said plurality belonging to one of the following categories;
  
  remote system information variables, remote system site variables, remote system variables, and remote system contract variables, each of said rules being a function of one or more of said variables;
  
  said remote system user sending a request for access to a particular protected software application, said request being sent to a server that can provide access to said particular protected software application via said network;
  
  said remote system user sending a user identification and a password to said server via said network;
  
  said server in turn sending said user identification and said password to said central facility;
  
  said central facility determining whether said password is authentic;
  
  said central facility determining whether said remote system user is authorized to access said particular protected software application; and
  
  allowing said remote system user to access said particular protected software application if a number of conditions are met, said conditions including at least the following;
  
  said password is authentic and said remote system user is authorized to access said particular protected software application, wherein said step of determining whether said remote system user is authorized comprises the following steps;
  
  retrieving a particular rule corresponding to said particular protected software application from said community management database;
  
  retrieving information for one or more variables from said community management database, said information being related to said user identification; and
  
  determining whether said retrieved variable information satisfies said retrieved rule, access being not authorized if said retrieved variable information does not satisfy said retrieved rule.
- View Dependent Claims (2, 3, 4)
- - 2. The method as recited in claim 1, wherein said central facility authenticates said password sent by said remote system user by matching said password with a password retrieved from said community management database.
  - 3. The method as recited in claim 1, wherein said community management database stores passwords for each person authorized to access software applications from said remote medical diagnostic system via said network.
  - 4. The method as recited in claim 1, wherein said remote system user sends said request for access and user identification data by interacting with a web browser at said remote medical diagnostic system.

5. A system comprising:
- a network;
  
  a web server connected to said network and comprising an agency module programmed to enable access to a particular protected software application in response to an authorization;
  
  a remote system having a web browser for sending to said web server via said network a request for access to said particular protected software application, a user identification, and a password;
  
  a community management database comprising, for each one of a plurality of protected software applications, a respective rule for defining a community of members entitled to access the respective protected software application, and further comprising information for a plurality of variables, each variable of said plurality belonging to one of the following categories;
  
  remote system information variables, remote system site variables, remote system variables, and remote system contract variables, each of said rules being a function of one or more of said variables; and
  
  a policy server which communicates with said community management database and with said agency module, said policy server being programmed to perform the following steps;
  
  determining whether said password is authentic;
  
  determining whether said remote system user is authorized to access said particular protected software application; and
  
  sending said authorization to said agency module if a number of conditions are met, said conditions including at least the following;
  
  said password is authentic and said remote system user is authorized to access said particular protected software application, wherein said step of determining whether said remote system user is authorized comprises the following steps;
  
  retrieving a particular rule corresponding to said particular protected software application from said community management database;
  
  retrieving information for one or more variables from said community management database, said information being related to said user identification; and
  
  determining whether said retrieved variable information satisfies said retrieved rule, access being not authorized if said retrieved variable information does not satisfy said retrieved rule.
- View Dependent Claims (6, 7)
- - 6. The system as recited in claim 5, wherein said step of determining whether said password is authentic comprises the following steps:
7. The system as recited in claim 5, further comprising a firewall between said web server and said policy server.

8. A method for providing software applications to a multiplicity of remote systems via networks, comprising the steps of:
- constructing an electronically accessible community management database comprising information sufficient for a processor to determine whether a particular system user identified by a user code in said database belongs to a community having access rights to a particular software application identified by an application code in said database;
  
  detecting the application code of a first software application being requested by a particular remote system user;
  
  receiving the user code of said particular remote system user via a network;
  
  checking said community management database to determine whether said particular remote system user is a member of a community having access rights to said first software application;
  
  denying said particular remote system user access to said first software application if said particular remote system user is not a member of a community having access rights to said first software application;
  
  checking said community management database to determine whether said user code is authentic;
  
  granting said particular remote system user access to said first software application if said user code is authentic and if said particular remote system user is a member of a community having access rights to said first software application;
  
  storing in said remote system a first network address whereat said first software application can be accessed;
  
  requesting access to said first software application by interacting with a web browser at said remote system; and
  
  addressing said request for access to said first network address.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method as recited in claim 8, further comprising the steps of:
10. The method as recited in claim 9, further comprising the steps of:
- storing in said remote system a second network address whereat a second software application can be accessed;
  
  checking said community management database to determine whether said user code is authentic;
  
  if said user code is authentic, delivering an authenticity tag to said remote system for storage in said log-in cache in said web browser;
  
  requesting access to said second software application by interacting with said web browser; and
  
  automatically sending said user code and said authenticity tag to said second network address along with said request for access to said second software application.
11. The method as recited in claim 8, further comprising the step of sending a list of software applications to said web browser if said particular remote system user is not a member of a community having access rights to said first software application, said list identifying all software applications to which said particular remote system user has access rights.
12. The method as recited in claim 8, further comprising the steps of:
- personalizing said first software application if said particular remote system user is granted access; and
  
  delivering said personalized first software application to said web browser.

13. A system comprising:
- a community management database comprising a set of application codes for identifying protected software applications, a respective rule for each one of said protected software applications for defining a community of members entitled to access the respective protected software application, and information for a plurality of variables, each variable of said plurality belonging to one of the following categories;
  
  remote system information variables, remote system site variables, remote system variables, and remote system contract variables, each of said rules being a function of one or more of said variables; and
  
  a policy server programmed to perform the following steps;
  
  receiving a user code of a requesting remote system user;
  
  detecting an application code of a first protected software application being requested by said requesting remote system user;
  
  accessing said community management database to determine whether said requesting remote system user belongs to a community having access rights to said first protected software application; and
  
  issuing a signal representing authorization if a number of conditions are met, said conditions including at least the following;
  
  said user code is authentic and said remote system user is authorized to access said first protected software application, wherein said step of determining whether said remote system user is authorized comprises the following steps;
  
  retrieving a particular rule corresponding to said first protected software application from said community management database;
  
  retrieving information for one or more variables from said community management database, said information being related to said user code; and
  
  determining whether said retrieved variable information satisfies said retrieved rule, access being not authorized if said retrieved variable information does not satisfy said retrieved rule.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system as recited in claim 13, further comprising:
15. The system as recited in claim 14, wherein said policy server is programmed to issue a signal representing an instruction to said first web server to deny access to said first protected software application if said remote system user does not have access rights to said first protected software application, and said first web server is programmed to deliver a list of allowed applications to said remote system in response to said instruction to deny access.
16. The system as recited in claim 14, wherein said first web server is programmed with an agency module for handling communications with said policy server.
17. The system as recited in claim 16, wherein said requesting means and said logging-in means of said remote system are incorporated in a web browser, and wherein each of said web browser, said agency module and said policy server comprise a respective log-in cache, and said policy server is programmed to generate an authenticity tag in response to authentication of said user code, said authenticity tag being stored in each of said log-in caches along with said user code.
18. The system as recited in claim 17, further comprising a second web server accessible via said network, programmed to allow selective access to a second protected software application, and comprising a log-in cache, wherein said remote system comprises means for automatically sending said user code and said authenticity tag to said second web server along with said request for access to said second protected software application, said second web server being further programmed to send said user code and said authenticity tag to said policy server, and said policy server being further programmed to verify said user code and said authenticity tag received from said second web server.
19. The system as recited in claim 14, wherein said means for accessing said first web server via said network comprises a network address hard-coded in said remote system.
20. The system as recited in claim 14, further comprising a firewall between said first web server and said policy server.

21. A system comprising:
- a network;
  
  a web server accessible via said network and programmed to provide selective access to a protected software application;
  
  a remote system comprising means for accessing said web server via said network, means for requesting access to said protected software application, and means for logging in a user code of a remote system user requesting access to said protected software application;
  
  a community management database comprising a set of business rules for defining communities of remote system users, a set of user codes for identifying remote system users, and a set of application codes for identifying protected software applications to which various communities of remote system users have access rights; and
  
  a policy server programmed to perform the following steps;
  
  receiving said user code of said requesting remote system user;
  
  detecting an application code of said protected software application being requested by said requesting remote system user;
  
  accessing said community management database to determine whether said requesting remote system user belongs to a community having access rights to said requested protected software application; and
  
  issuing a signal representing the results of said determination, wherein said policy server is programmed to issue a signal representing an instruction to said web server to grant access to said protected software application if said user code is authentic and said remote system user has access rights to said protected software application, and said web server is programmed to perform the steps of;
  
  personalizing said software application if said requesting remote system user is granted access; and
  
  delivering said personalized software application to said remote system.

22. A system comprising:
- a network;
  
  first and second web servers accessible via said network and programmed to provide selective access to first and second protected software applications, respectively;
  
  a remote system comprising a web browser for requesting access to said first and second protected software applications and logging in a user code of a remote system user, a community management database comprising, for each of said first and second protected software applications, a respective rule for defining a community of members entitled to access the respective protected software application, and further comprising information for a plurality of variables, each variable of said plurality belonging to one of the following categories;
  
  remote system information variables, remote system site variables, remote system variables, and remote system contract variables, each of said rules being a function of one or more of said variables; and
  
  a computer programmed to manage access to either of said first and second protected software applications by said remote system user in accordance with said respective rule in said community management database by applying said respective rule to variable information associated with said user code in said community management database.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The system as recited in claim 22, wherein said computer is programmed to issue a signal representing an instruction to said web server to grant access to a requested one of said first and second protected software applications if said remote system user is a member of a community having access rights to said requested one of said first and second protected software applications.
  - 24. The system as recited in claim 22, wherein said computer is programmed to issue a signal representing an instruction to said web server to deny access to a requested one of said first and second protected software applications if said remote system user is not a member of a community having access rights to said requested one of said first and second protected software applications.
  - 25. The system as recited in claim 22, further comprising a firewall between said first and second web servers and said computer.
  - 26. The system as recited in claim 22, wherein said remote system comprises a medical diagnostic system, said first protected software application comprises records of service provided to said medical diagnostic system that are accessible to a community of authorized service personnel and not accessible to a community that includes persons not authorized to service said medical diagnostic system.
  - 27. The system as recited in claim 22, wherein said remote system comprises a medical diagnostic system, said first protected software application comprises tools used in servicing said medical diagnostic system that are accessible to a community of authorized service personnel and not accessible to a community that includes persons not authorized to service said medical diagnostic system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
General Electric Company
Original Assignee
GE Medical Technology Services, Inc. (General Electric Company)
Inventors
Zettel, Hubert A., Palliyal, Sunil Melepatt, Kelly, Michael E., Mehring, David T., Singh, Karamjeet, Lamoureux, Thomas L., Hummel, Henry John Jr., Ploetz, Lawrence E.
Primary Examiner(s)
Trammell, James P.
Assistant Examiner(s)
Winter, John M.

Application Number

US09/477,041
Time in Patent Office

1,271 Days
Field of Search

705/59
US Class Current

705/59
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 41/0893   Assignment of logical group...

H04L 41/5096   wherein the managed service...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/105   Multiple levels of security

H04L 67/025   for remote control or remot...

Method and apparatus for community management in remote system servicing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

383 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for community management in remote system servicing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

383 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links