WO2001099377A3 - Access control in client-server systems - Google Patents

Access control in client-server systems Download PDF

Info

Publication number
WO2001099377A3
WO2001099377A3 PCT/EP2001/007168 EP0107168W WO0199377A3 WO 2001099377 A3 WO2001099377 A3 WO 2001099377A3 EP 0107168 W EP0107168 W EP 0107168W WO 0199377 A3 WO0199377 A3 WO 0199377A3
Authority
WO
WIPO (PCT)
Prior art keywords
client
server
request
organization
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2001/007168
Other languages
French (fr)
Other versions
WO2001099377A2 (en
Inventor
Stephan Ribot
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nortel Networks France SAS
Original Assignee
Matra Nortel Communications SAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Matra Nortel Communications SAS filed Critical Matra Nortel Communications SAS
Priority to AU2001279684A priority Critical patent/AU2001279684A1/en
Priority to US10/312,004 priority patent/US7890640B2/en
Priority to EP01957882A priority patent/EP1302055A2/en
Publication of WO2001099377A2 publication Critical patent/WO2001099377A2/en
Publication of WO2001099377A3 publication Critical patent/WO2001099377A3/en
Anticipated expiration legal-status Critical
Priority to US12/978,961 priority patent/US8065425B2/en
Priority to US13/281,053 priority patent/US8935398B2/en
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Databases & Information Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

A telecommunications network and a method of operating the same are described which is a shared by two or more orgnaizations, the network including at least a server and a client. The server is adapted to transmit to the client a proxy communications object comprising a definition of the rights and privileges of an organization to use the network. When the organization initiates a request to the server it does so via the proxy object on the client. The proxy object enables a comparison of the contents of request and the definition of the rights and privileges and enables forwarding of the request to the server only when the request and the rights and privileges granted to the requesting organization are consistent with each other. The request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource. By this means unwanted accesses to the server may be prevented at the client.
PCT/EP2001/007168 2000-06-23 2001-06-25 Access control in client-server systems Ceased WO2001099377A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
AU2001279684A AU2001279684A1 (en) 2000-06-23 2001-06-25 Radio telecommunications system and method of operating the same with distributed communication objects
US10/312,004 US7890640B2 (en) 2000-06-23 2001-06-25 Access control in client-server systems
EP01957882A EP1302055A2 (en) 2000-06-23 2001-06-25 Access control in client-server systems
US12/978,961 US8065425B2 (en) 2000-06-23 2010-12-27 Access control in client-server systems
US13/281,053 US8935398B2 (en) 2000-06-23 2011-10-25 Access control in client-server systems

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP00401808.1 2000-06-23
EP00401808A EP1168752A1 (en) 2000-06-23 2000-06-23 Access control in client-sever systems

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US10312004 A-371-Of-International 2001-06-25
US12/978,961 Continuation US8065425B2 (en) 2000-06-23 2010-12-27 Access control in client-server systems

Publications (2)

Publication Number Publication Date
WO2001099377A2 WO2001099377A2 (en) 2001-12-27
WO2001099377A3 true WO2001099377A3 (en) 2002-05-30

Family

ID=8173740

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2001/007168 Ceased WO2001099377A2 (en) 2000-06-23 2001-06-25 Access control in client-server systems

Country Status (4)

Country Link
US (3) US7890640B2 (en)
EP (2) EP1168752A1 (en)
AU (1) AU2001279684A1 (en)
WO (1) WO2001099377A2 (en)

Families Citing this family (41)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1265414B1 (en) * 2001-06-06 2003-08-27 Alcatel Method for deploying a service and a method for configuring a network element in a communication network
US9237514B2 (en) * 2003-02-28 2016-01-12 Apple Inc. System and method for filtering access points presented to a user and locking onto an access point
US7246356B1 (en) 2003-01-29 2007-07-17 Adobe Systems Incorporated Method and system for facilitating comunications between an interactive multimedia client and an interactive multimedia communication server
US7617278B1 (en) 2003-01-29 2009-11-10 Adobe Systems Incorporated Client controllable server-side playlists
US7272658B1 (en) 2003-02-13 2007-09-18 Adobe Systems Incorporated Real-time priority-based media communication
US9197668B2 (en) * 2003-02-28 2015-11-24 Novell, Inc. Access control to files based on source information
US20080109679A1 (en) * 2003-02-28 2008-05-08 Michael Wright Administration of protection of data accessible by a mobile device
US7848834B2 (en) * 2003-03-28 2010-12-07 Gm Global Technology Operations, Inc. Computerized system for network-based management of engineering projects
US7287256B1 (en) 2003-03-28 2007-10-23 Adobe Systems Incorporated Shared persistent objects
US20040243828A1 (en) * 2003-05-30 2004-12-02 Aguilera Marcos K. Method and system for securing block-based storage with capability data
US7319741B1 (en) * 2003-10-24 2008-01-15 Excel Switching Corporation Media resource card with dynamically allocated resource points
US20070198583A1 (en) * 2003-12-25 2007-08-23 H & T Corporation Safety test support system,method,and program
US9621539B2 (en) * 2004-01-30 2017-04-11 William H. Shawn Method and apparatus for securing the privacy of a computer network
US20090119755A1 (en) * 2004-02-04 2009-05-07 Kodimer Marianne L System and method for role based access control of a document processing device
US7478421B2 (en) * 2004-02-04 2009-01-13 Toshiba Corporation System and method for role based access control of a document processing device
US7720864B1 (en) * 2004-03-25 2010-05-18 Symantec Operating Corporation Expiration of access tokens for quiescing a distributed system
JP2006338587A (en) * 2005-06-06 2006-12-14 Hitachi Ltd Access control server, user terminal, and information access control method
US7945615B1 (en) * 2005-10-31 2011-05-17 Adobe Systems Incorporated Distributed shared persistent objects
US8161159B1 (en) * 2005-10-31 2012-04-17 Adobe Systems Incorporated Network configuration with smart edge servers
US20080033972A1 (en) * 2006-08-04 2008-02-07 Jianwen Yin Common Information Model for Web Service for Management with Aspect and Dynamic Patterns for Real-Time System Management
US9455969B1 (en) 2007-06-18 2016-09-27 Amazon Technologies, Inc. Providing enhanced access to remote services
US8312154B1 (en) * 2007-06-18 2012-11-13 Amazon Technologies, Inc. Providing enhanced access to remote services
US8051287B2 (en) * 2008-10-15 2011-11-01 Adobe Systems Incorporated Imparting real-time priority-based network communications in an encrypted communication session
US8166191B1 (en) 2009-08-17 2012-04-24 Adobe Systems Incorporated Hint based media content streaming
US8412841B1 (en) 2009-08-17 2013-04-02 Adobe Systems Incorporated Media content streaming using stream message fragments
US9027092B2 (en) * 2009-10-23 2015-05-05 Novell, Inc. Techniques for securing data access
US8479268B2 (en) * 2009-12-15 2013-07-02 International Business Machines Corporation Securing asynchronous client server transactions
CN101895551A (en) * 2010-07-22 2010-11-24 北京天融信科技有限公司 Resource access control method and system
US8260931B2 (en) * 2010-10-02 2012-09-04 Synopsys, Inc. Secure provisioning of resources in cloud infrastructure
US9489250B2 (en) * 2011-09-05 2016-11-08 Infosys Limited System and method for managing a network infrastructure using a mobile device
US8699962B2 (en) * 2011-12-15 2014-04-15 Proximetry, Inc. Systems and methods for preparing a telecommunication network for providing services
US8971850B2 (en) * 2012-06-14 2015-03-03 Motorola Solutions, Inc. Systems and methods for authenticating mobile devices at an incident via collaboration
US9779257B2 (en) 2012-12-19 2017-10-03 Microsoft Technology Licensing, Llc Orchestrated interaction in access control evaluation
US10152530B1 (en) 2013-07-24 2018-12-11 Symantec Corporation Determining a recommended control point for a file system
US10237252B2 (en) * 2013-09-20 2019-03-19 Oracle International Corporation Automatic creation and management of credentials in a distributed environment
US9887937B2 (en) * 2014-07-15 2018-02-06 Cohesity, Inc. Distributed fair allocation of shared resources to constituents of a cluster
CN104333553A (en) * 2014-11-11 2015-02-04 安徽四创电子股份有限公司 Mass data authority control strategy based on combination of blacklist and whitelist
US20160246813A1 (en) * 2015-02-25 2016-08-25 International Business Machines Corporation System and method for machine information life cycle
US11157643B2 (en) 2018-09-27 2021-10-26 The Toronto-Dominion Bank Systems and methods for delegating access to a protected resource
US11363028B2 (en) * 2018-09-27 2022-06-14 The Toronto-Dominion Bank Systems and methods for delegating access to a protected resource
US12081979B2 (en) * 2020-11-05 2024-09-03 Visa International Service Association One-time wireless authentication of an Internet-of-Things device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998050853A1 (en) * 1997-05-08 1998-11-12 Pinnacle Technology, Inc. Network desktop management security system and method
EP0913966A2 (en) * 1997-10-31 1999-05-06 Sun Microsystems, Inc. Distributed system and method for controlling acces to network resources
WO1999057863A1 (en) * 1998-05-05 1999-11-11 International Business Machines Corporation Client-server system for maintaining a user desktop consistent with server application user access permissions
WO1999060487A1 (en) * 1998-05-15 1999-11-25 Tridium, Inc. System and methods for object-oriented control of diverse electromechanical systems using a computer network

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08123681A (en) * 1994-10-26 1996-05-17 Canon Inc Management system and terminal device
GB2305270A (en) * 1995-09-15 1997-04-02 Ibm Bridge for a client-server environment
GB2305271A (en) * 1995-09-15 1997-04-02 Ibm Proxy object recovery in an object-oriented environment
US6408336B1 (en) * 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US5999978A (en) * 1997-10-31 1999-12-07 Sun Microsystems, Inc. Distributed system and method for controlling access to network resources and event notifications
US6085191A (en) * 1997-10-31 2000-07-04 Sun Microsystems, Inc. System and method for providing database access control in a secure distributed network
US6038563A (en) * 1997-10-31 2000-03-14 Sun Microsystems, Inc. System and method for restricting database access to managed object information using a permissions table that specifies access rights corresponding to user access rights to the managed objects
US6202066B1 (en) * 1997-11-19 2001-03-13 The United States Of America As Represented By The Secretary Of Commerce Implementation of role/group permission association using object access type
US6175869B1 (en) * 1998-04-08 2001-01-16 Lucent Technologies Inc. Client-side techniques for web server allocation
US6539021B1 (en) * 1998-10-02 2003-03-25 Nortel Networks Limited Role based management independent of the hardware topology
US6158010A (en) * 1998-10-28 2000-12-05 Crosslogix, Inc. System and method for maintaining security in a distributed computer network
US6714219B2 (en) * 1998-12-31 2004-03-30 Microsoft Corporation Drag and drop creation and editing of a page incorporating scripts
EP1018689A3 (en) * 1999-01-08 2001-01-24 Lucent Technologies Inc. Methods and apparatus for enabling shared web-based interaction in stateful servers
US6430576B1 (en) * 1999-05-10 2002-08-06 Patrick Gates Distributing and synchronizing objects
JP3690720B2 (en) * 1999-09-14 2005-08-31 インターナショナル・ビジネス・マシーンズ・コーポレーション Client server system, object pooling method, and storage medium
US6880005B1 (en) * 2000-03-31 2005-04-12 Intel Corporation Managing policy rules in a network
US20020026592A1 (en) * 2000-06-16 2002-02-28 Vdg, Inc. Method for automatic permission management in role-based access control systems
US7467212B2 (en) * 2000-12-28 2008-12-16 Intel Corporation Control of access control lists based on social networks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998050853A1 (en) * 1997-05-08 1998-11-12 Pinnacle Technology, Inc. Network desktop management security system and method
EP0913966A2 (en) * 1997-10-31 1999-05-06 Sun Microsystems, Inc. Distributed system and method for controlling acces to network resources
WO1999057863A1 (en) * 1998-05-05 1999-11-11 International Business Machines Corporation Client-server system for maintaining a user desktop consistent with server application user access permissions
WO1999060487A1 (en) * 1998-05-15 1999-11-25 Tridium, Inc. System and methods for object-oriented control of diverse electromechanical systems using a computer network

Also Published As

Publication number Publication date
US8065425B2 (en) 2011-11-22
US20120079124A1 (en) 2012-03-29
EP1302055A2 (en) 2003-04-16
US20030187993A1 (en) 2003-10-02
WO2001099377A2 (en) 2001-12-27
AU2001279684A1 (en) 2002-01-02
US8935398B2 (en) 2015-01-13
US7890640B2 (en) 2011-02-15
US20110106957A1 (en) 2011-05-05
EP1168752A1 (en) 2002-01-02

Similar Documents

Publication Publication Date Title
WO2001099377A3 (en) Access control in client-server systems
US10547585B2 (en) Content delivery network (CDN) content server request handling mechanism with metadata framework support
Milojicic et al. MASIF the OMG mobile agent system interoperability facility
WO2003038578A3 (en) User access control to distributed resources on a data communications network
US8831993B2 (en) Techniques for sharing virtual machine (VM) resources
US7200681B1 (en) Edge side components and application programming environment for building and delivering highly distributed heterogenous component-based web applications
US7734823B2 (en) Edge side components and application programming environment for building and delivering highly distributed heterogenous component-based web applications
CA2244381A1 (en) A method and apparatus for dynamic data transfer
WO2001086394A3 (en) Method and apparatus to obtain service capability credentials
ATE399425T1 (en) MAINTAINING AUTHENTICATION STATE FOR RESOURCES ACCESSED IN A STATELESS ENVIRONMENT
JPH11338839A5 (en)
WO2003012578A3 (en) Virtual file-sharing network
EP0991242A3 (en) Method and apparatus for caching credentials in proxy servers for wireless user agents
AU2001240383A1 (en) Secure network resource access system
WO2003013586A8 (en) Access control system
EP0798906A3 (en) System and method for secure peer-to-peer communication
WO2001054378A3 (en) Improved method and system of state management for data communications
WO2003063023A3 (en) Method and system for distributing multimedia object
US6651174B1 (en) Firewall port switching
EP1115049A3 (en) Secure data transmission over a client-server network
Fysarakis et al. Policy-based access control for DPWS-enabled ubiquitous devices
US7694131B2 (en) Using rich pointers to reference tokens
Lubke et al. Applications for mobile agents in peer-to-peer-networks
JP5545127B2 (en) Message exchange system, message exchange method, and message exchange program
KR20000051051A (en) System and method for managing of active database

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2001957882

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 10312004

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 2001957882

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 2001957882

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP