Content management system and methodology employing non-transferable access tokens to control data access
First Claim
1. A computer program product for organizing information in a content management system, the computer program product including a plurality of computer executable instructions stored on a computer readable medium, wherein the instructions, when executed by the content management system, cause the system to perform the steps of:
- receiving, by the system, a request from a client user for an object stored in the system;
generating, by the system, a unique object identifier associated with the requested object;
generating, by the system, a non-transferable access token comprising information associated with object access privileges to which the client user is entitled and unique information associated with the client user, wherein the unique information associated with the client user comprises at least one username and at least one password, the unique information used to permit only the client user to utilize the non-transferable access token, the non-transferable access token being coded with information unique to the client user such that when submitted to the system by a user other than the client user, the system denies access to the requested object;
receiving, by an object server associated with the system, an encrypted connection from a web browser associated with the client user;
receiving, over the encrypted connection, non-transferable authentication information corresponding to the at least one username and the at least one password;
decrypting at least a portion of the non-transferable access token, the portion representing the unique information associated with the client user;
determining whether the at least one username and the at least one password match the decrypted portion of the non-transferable access token resulting in a transfer determination;
validating the non-transferable access token with a library server associated with the system if the transfer determination shows that the non-transferable access token has not been transferred, the validating step resulting in a token validation; and
granting the client user access to the requested object based upon the token validation.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is provided for accessing information in a content management system including a library server for generating non-transferable access tokens and an object server for storing objects to which access may be requested by a client user. Enhanced security is achieved by generating non-transferable access tokens which can be used by a particular client user to access a particular data object in the object server. However, should the token be transferred to a user other then the client user for which the token was generated, the system will not permit access to the object.
176 Citations
16 Claims
-
1. A computer program product for organizing information in a content management system, the computer program product including a plurality of computer executable instructions stored on a computer readable medium, wherein the instructions, when executed by the content management system, cause the system to perform the steps of:
-
receiving, by the system, a request from a client user for an object stored in the system; generating, by the system, a unique object identifier associated with the requested object; generating, by the system, a non-transferable access token comprising information associated with object access privileges to which the client user is entitled and unique information associated with the client user, wherein the unique information associated with the client user comprises at least one username and at least one password, the unique information used to permit only the client user to utilize the non-transferable access token, the non-transferable access token being coded with information unique to the client user such that when submitted to the system by a user other than the client user, the system denies access to the requested object; receiving, by an object server associated with the system, an encrypted connection from a web browser associated with the client user; receiving, over the encrypted connection, non-transferable authentication information corresponding to the at least one username and the at least one password; decrypting at least a portion of the non-transferable access token, the portion representing the unique information associated with the client user; determining whether the at least one username and the at least one password match the decrypted portion of the non-transferable access token resulting in a transfer determination; validating the non-transferable access token with a library server associated with the system if the transfer determination shows that the non-transferable access token has not been transferred, the validating step resulting in a token validation; and granting the client user access to the requested object based upon the token validation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of organizing information in a content management system, the method comprising the steps of:
-
receiving, by the system, a request from a client user for an object stored in the system; generating, by the system, a unique object identifier associated with the requested object; generating, by the system, a non-transferable access token comprising information associated with object access privileges to which the client user is entitled and unique information associated with the client user, wherein the unique information associated with the client user comprises at least one username and at least one password, the unique information used to permit only the client user to utilize the non-transferable access token, the non-transferable access token being coded with information unique to the client user such that when submitted to the system by a user other than the client user, the system denies access to the requested object; receiving, by an object server associated with the system, an encrypted connection from a web browser associated with the client user; receiving, over the encrypted connection, non-transferable authentication information corresponding to the at least one username and the at least one password; decrypting at least a portion of the non-transferable access token, the portion representing the unique information associated with the client user; determining whether the at least one username and the at least one password match the decrypted portion of the non-transferable access token resulting in a transfer determination; validating the non-transferable access token with a library server associated with the system if the transfer determination shows that the non-transferable access token has not been transferred, the validating step resulting in a token validation; and granting the client user access to the requested object based upon the token validation. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification