System and method for regulating access to objects in a content repository

US 7,676,835 B2
Filed: 08/31/2004
Issued: 03/09/2010
Est. Priority Date: 08/31/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for regulating access to content within a content management computing system, the content management system comprising a library server computer, a plurality of resource manager server computers operating independently from the library server computer, and a proxy cache server, the method comprising:

storing content provided to the content management system on a resource manager server within the plurality of resource manager server computers;

storing content access control rules and metadata on the library server for the content provided to the content management system;

caching content provided to clients from the content management system using the proxy cache server, the proxy cache server operating independently from the library server and the resource manager server;

generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the library server using the content access control rules stored for the one or more content items;

providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items;

receiving a request for requested content from a client, the request including a client-provided access control token;

validating, using either of the resource manager server or the proxy cache, the client-provided access control token against the server-generated access control token; and

delivering the requested one or more content items directly from the proxy cache server to the client upon successful validation of the client-provided access control token.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A content management system integrated with a web caching proxy that delivers content according to access control rules. An access control token is generated using a secret key when a user selects a desired object (to be provided only upon token validation, thus the object retrieval and delivery task can be delegated). However, tokens for other content and/or for other users could be generated by a rogue resource manager. If the desired object is already cached, the proxy asks the resource manager to validate the token and then selectively provides the desired object without contacting a library server. Alternately, the proxy itself performs the token validation, but must coordinate with the library server to ensure it has the latest secret key. Finally, the tokens may contain digital signatures generated with a private key and validated with a corresponding public key, so that private keys need not be distributed.

38 Citations

View as Search Results

23 Claims

1. A computer-implemented method for regulating access to content within a content management computing system, the content management system comprising a library server computer, a plurality of resource manager server computers operating independently from the library server computer, and a proxy cache server, the method comprising:
- storing content provided to the content management system on a resource manager server within the plurality of resource manager server computers;
  
  storing content access control rules and metadata on the library server for the content provided to the content management system;
  
  caching content provided to clients from the content management system using the proxy cache server, the proxy cache server operating independently from the library server and the resource manager server;
  
  generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the library server using the content access control rules stored for the one or more content items;
  
  providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items;
  
  receiving a request for requested content from a client, the request including a client-provided access control token;
  
  validating, using either of the resource manager server or the proxy cache, the client-provided access control token against the server-generated access control token; and
  
  delivering the requested one or more content items directly from the proxy cache server to the client upon successful validation of the client-provided access control token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein if the proxy cache server contains the one or more content items then the proxy cache server asks the resource manager server to perform the validation of the client-provided access control token against the system-generated access control token.
  - 3. The method of claim 1, wherein if said proxy cache contains said requested content then said proxy cache performs said validation locally, after synchronizing with said library server.
  - 4. The method of claim 1, wherein the server-generated access control token includes one or more digital signatures generated using a private key owned by the library server and validated with a public key at either of the resource manager server or the proxy server.
  - 5. The method of claim 1, wherein if the proxy cache server does not contain a copy of each item of the one or more content items then the resource manager server delivers uncontained content items to the proxy cache server, which then also stores the uncontained content items.
  - 6. The method of claim 5, wherein the proxy cache server stores only one copy of the one or more content items by using an object ID and a version number.
  - 7. The method of claim 1, wherein the proxy cache server is a first resource manager server that cooperates with a second resource manager server.
  - 8. The method of claim 1, wherein the client-provided access control token access control token includes an expiration time and validating the client-provided access control token includes determining if the client-provided access control token has expired.
  - 9. The method of claim 1, wherein the one or more content items includes at least one of:
    - a text file, an image file, a binary file, and a video file.
  - 10. The method of claim 1, wherein the server-generated access control token includes a message authentication code having a one-way hash and a secret key.

11. A content management system, comprising:
- a library server that stores content access control rules and metadata for the content provided to the content management systema plurality of resource manager servers that store content provided to the content management system; and
  
  a proxy cache server that caches content provided to clients from the content management system, the proxy cache server operating independently from the library server and the resource manager server;
  
  wherein access to content within the content management system is regulated by the content management system performing the steps of;
  
  generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the library server using the content access control rules stored for the one or more content items;
  
  providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items;
  
  receiving a request for requested content from a client, the request including a client-provided access control token;
  
  validating, using either of the resource manager server or the proxy cache, the client-provided access control token against the server-generated access control token; and
  
  delivering the requested one or more content items directly from the proxy cache server to the client upon successful validation of the client-provided access control token.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein if the proxy cache server contains the one or more content items then the proxy cache server asks the resource manager server to perform the validation of the client-provided access control token against the system-generated access control token.
  - 13. The system of claim 11, wherein if said proxy cache contains said requested content then said proxy cache performs said validation locally, after synchronizing with said library server.
  - 14. The system of claim 11, wherein the server-generated access control token includes one or more digital signatures generated using a private key owned by the library server and validated with a public key at either of the resource manager server or the proxy server.
  - 15. The system of claim 11, wherein if the proxy cache server does not contain a copy of each item of the one or more content items then said the resource manager server delivers uncontained content items to said the proxy cache server, which then also stores the uncontained content items.
  - 16. The system of claim 15, wherein the proxy cache server stores only one copy of the one or more content items by using an object ID and a version number.
  - 17. The system of claim 11, wherein the proxy cache server is a first resource manager server that cooperates with a second resource manager server.
  - 18. The system of claim 11, wherein the client-provided access control token access control token includes an expiration time and validating the client-provided access control token includes determining if the client-provided access control token has expired.
  - 19. The system of claim 11, wherein the one or more content items includes at least one of:
    - a text file, an image file, a binary file, and a video file.
  - 20. The system of claim 11, wherein the server-generated access control token includes a message authentication code having a one-way hash and a secret key.

21. A content management system, comprising:
- means for storing content access control rules and metadata for the content provided to the content management system;
  
  means for storing content provided to the content management system; and
  
  means for caching content provided to clients from the content management system, the means for caching content operating independently from the means for storing content access control rules and metadata and the means for storing content;
  
  wherein access to content within the content management system is regulated by the content management system performing the steps of;
  
  generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the means for storing content access control rules and metadata using the content access control rules stored for the one or more content items;
  
  providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items;
  
  receiving a request for requested content from a client, the request including a client-provided access control token;
  
  validating, using either of the means for storing content or the means for caching content, the client-provided access control token against the server-generated access control token; and
  
  delivering the requested one or more content items from the means for caching content to the client upon successful validation of the client-provided access control token.

22. A computer program product comprising a machine-readable medium having computer-executable program instructions thereon for content management, including:
- a first code means for storing content provided to a content management system on a resource manager server within a plurality of resource manager servers;
  
  a second code means for storing content access control rules and metadata on a library server for the content provided to the content management system;
  
  a third code means for caching content provided to clients from the content management system using a proxy cache server, the proxy cache server operating independently from the library server and the resource manager server;
  
  a fourth code means for generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the library server using the content access control rules stored for the one or more content items;
  
  a fifth code means for providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items;
  
  a sixth code means for a request for requested content from a client, the request including a client-provided access control token;
  
  a seventh code means for validating, using either of the resource manager server or the proxy cache, the client-provided access control token against the server-generated access control token; and
  
  an eighth code means for delivering the requested one or more content items directly from the proxy cache server to the client upon successful validation of the client-provided access control token.

23. A computer-implemented business service method enabling enhanced content management and distribution in electronic commerce, comprising:
- storing content provided to a content management system on a resource manager server within a plurality of resource manager server computers;
  
  storing content access control rules and metadata on a library server for the content provided to the content management system;
  
  caching content provided to clients from the content management system using a proxy cache server, the proxy cache server operating independently from the library server and the resource manager server;
  
  generating an access control token used for controlling access to one or more content items and metadata of the one or more content items within the content management system, wherein the access control token is generated exclusively by the library server using the content access control rules stored for the one or more content items;
  
  providing the server-generated access control token to one or more authorized clients to enable the one or more authorized clients to access the one or more content items and the metadata of the one or more content items;
  
  receiving a request for requested content from a client, the request including a client-provided access control token;
  
  validating, using either of the resource manager server or the proxy cache, the client-provided access control token against the server-generated access control token; and
  
  delivering the requested one or more content items directly from the proxy cache server to the client upon successful validation of the client-provided access control token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
International Business Machines Corporation
Inventors
Hsiao, Hui-I, Morris, Huong T., Brannon, Karen W.
Primary Examiner(s)
Simitoski; Michael J

Application Number

US10/931,515
Publication Number

US 20060080546A1
Time in Patent Office

2,016 Days
Field of Search

726/7, 726/10
US Class Current

726/10
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 2209/60   Digital content management,...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3239   involving non-keyed hash fu...

H04L 9/3252   using DSA or related signat...

System and method for regulating access to objects in a content repository

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for regulating access to objects in a content repository

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links