WO2000060454A3 - Apparatus, methods and computer program product for secure distributed data processing - Google Patents

Apparatus, methods and computer program product for secure distributed data processing Download PDF

Info

Publication number
WO2000060454A3
WO2000060454A3 PCT/US2000/008280 US0008280W WO0060454A3 WO 2000060454 A3 WO2000060454 A3 WO 2000060454A3 US 0008280 W US0008280 W US 0008280W WO 0060454 A3 WO0060454 A3 WO 0060454A3
Authority
WO
WIPO (PCT)
Prior art keywords
service
user
security identification
specific
client
Prior art date
Application number
PCT/US2000/008280
Other languages
French (fr)
Other versions
WO2000060454A8 (en
WO2000060454A9 (en
WO2000060454A2 (en
Inventor
Vincent A George
Timothy A Lowery
Original Assignee
Powerware Corp
Vincent A George
Timothy A Lowery
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Powerware Corp, Vincent A George, Timothy A Lowery filed Critical Powerware Corp
Priority to AU40405/00A priority Critical patent/AU4040500A/en
Publication of WO2000060454A2 publication Critical patent/WO2000060454A2/en
Publication of WO2000060454A3 publication Critical patent/WO2000060454A3/en
Publication of WO2000060454A8 publication Critical patent/WO2000060454A8/en
Publication of WO2000060454A9 publication Critical patent/WO2000060454A9/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates

Abstract

A user-specific Service Access Manager object is instantiated at a computer in response to a request for access for a user at a client, e.g., an object or other process resident at a second computer. The Service Access Manager object includes a first security identification, e.g., a Security Certificate object, which is specific to the user. A reference for the Service Access Manager object is returned to the client. A service request method call requesting a service is performed to the Service Access Manager object from the client. A user-specific Service object is instantiated at the computer if the first security identification identifies a user authorized to invoke a constructor method of the Service object's class, the Service object including a second security identification specific to the user identified in the first security identification. A reference for the user-specific Service object is returned to the client, which may then perform an operation request method call to the Service object, the operation request method call requesting an operation by the Service object. The operation is conditionally performed based on whether the user identified in the second security identification is authorized to invoke the operation request method. Responses to the service request and operation request methods calls preferably are conditioned upon validation calls to a Security Manager object that checks a security identification and a required method invocation right against an access control list. Related systems and computer program products are discussed.
PCT/US2000/008280 1999-04-02 2000-03-28 Apparatus, methods and computer program product for secure distributed data processing WO2000060454A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU40405/00A AU4040500A (en) 1999-04-02 2000-03-28 Apparatus, methods and computer program products for secure distributed data processing using user-specific service access managers and propagated security identifications

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US28552399A 1999-04-02 1999-04-02
US09/285,523 1999-04-02

Publications (4)

Publication Number Publication Date
WO2000060454A2 WO2000060454A2 (en) 2000-10-12
WO2000060454A3 true WO2000060454A3 (en) 2001-02-08
WO2000060454A8 WO2000060454A8 (en) 2001-03-22
WO2000060454A9 WO2000060454A9 (en) 2001-12-06

Family

ID=23094613

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/008280 WO2000060454A2 (en) 1999-04-02 2000-03-28 Apparatus, methods and computer program product for secure distributed data processing

Country Status (2)

Country Link
AU (1) AU4040500A (en)
WO (1) WO2000060454A2 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7197764B2 (en) * 2001-06-29 2007-03-27 Bea Systems Inc. System for and methods of administration of access control to numerous resources and objects
US7441264B2 (en) 2002-06-24 2008-10-21 International Business Machines Corporation Security objects controlling access to resources
GB2405561B (en) * 2003-08-28 2006-07-26 Motorola Inc Computer network security system and method for preventing unauthorised access of computer network resources
US8266702B2 (en) 2006-10-31 2012-09-11 Microsoft Corporation Analyzing access control configurations
EP2658204A1 (en) * 2012-04-27 2013-10-30 ABB Research Ltd. Access control in an industrial control system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0456920A2 (en) * 1989-05-15 1991-11-21 International Business Machines Corporation Remote authentication and authorisation in a distributed data processing system
US5706349A (en) * 1995-03-06 1998-01-06 International Business Machines Corporation Authenticating remote users in a distributed environment
US5875296A (en) * 1997-01-28 1999-02-23 International Business Machines Corporation Distributed file system web server user authentication with cookies

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0456920A2 (en) * 1989-05-15 1991-11-21 International Business Machines Corporation Remote authentication and authorisation in a distributed data processing system
US5706349A (en) * 1995-03-06 1998-01-06 International Business Machines Corporation Authenticating remote users in a distributed environment
US5875296A (en) * 1997-01-28 1999-02-23 International Business Machines Corporation Distributed file system web server user authentication with cookies

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
GITTLER F., HOPKINS A. C.: "THE DCE SECURITY SERVICE", HEWLETT-PACKARD JOURNAL, HEWLETT-PACKARD CO., PALO ALTO, CA, US, vol. 46, no. 6, 1 December 1995 (1995-12-01), pages 41 - 48, XP000581124 *

Also Published As

Publication number Publication date
AU4040500A (en) 2000-10-23
WO2000060454A8 (en) 2001-03-22
WO2000060454A9 (en) 2001-12-06
WO2000060454A2 (en) 2000-10-12

Similar Documents

Publication Publication Date Title
US6141758A (en) Method and system for maintaining client server security associations in a distributed computing system
AU2001274856A1 (en) Evidence-based security policy manager
DE60007724T2 (en) CHIP CARD USER INTERFACE FOR A TRUSTED COMPUTER PLATFORM
WO2004042490A3 (en) System and method of automated licensing of an appliance or an application
EP1389752A3 (en) System and method for privilege delegation and control
WO2004008683A3 (en) Automated network security system and method
TW200513924A (en) Method and system for automatic adjustment of entitlements in a distributed data processing system
EP0816968A3 (en) Mechanism for locating objects in a secure fashion
EP0932096A3 (en) Apparatus, method and computer program product for controlling access to a target device across a bus
CA2384416A1 (en) System and method for processing tokenless biometric electronic transmissions using an electronic rule module clearinghouse
ATE347131T1 (en) METHOD FOR CHECKING A USER'S ACCESS
EP0752636A3 (en) NIS+ password update protocol
EP0762289A3 (en) Method and system for securely controlling access to system resources in a distributed system
ATE253744T1 (en) METHOD AND DEVICE FOR SECURE PROCESSING OF CRYPTOGRAPHIC KEYS
GB2424102A (en) An internet protocol compatible access authentication system
WO2004015542A3 (en) Method for controlling access to informational objects
CA2228014A1 (en) Method and apparatus for operating resources under control of a security module or other secure processor
GB9815825D0 (en) An apparatus, method and computer program product for client/server computing with improved corresponedence between transaction identifiers
EP1388777A3 (en) System and method for cryptographic control of system configurations
CA2533262A1 (en) Resource access control
JPH09212365A (en) System, method, and product for information handling including integration of object security service approval in decentralized computing environment
WO2017161569A1 (en) Access control method, apparatus and system
WO2000060454A8 (en) Apparatus, methods and computer program product for secure distributed data processing
EP1321901A3 (en) Method for controlling access rights to an object
GB9800830D0 (en) An apparatus,method and computer program product for client/server computing w ith intelligent location of transaction objects

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CU CZ CZ DE DE DK DK EE EE ES FI FI GB GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ CZ DE DE DK DK DM DZ EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: C1

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ CZ DE DE DK DK DM DZ EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: C1

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

CFP Corrected version of a pamphlet front page
CR1 Correction of entry in section i

Free format text: PAT. BUL. 41/2000 UNDER (81) ADD "AG, CR, DM, DZ, GD, MA"; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

AK Designated states

Kind code of ref document: C2

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ CZ DE DE DK DK DM DZ EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: C2

Designated state(s): GH GM KE LS MW SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

COP Corrected version of pamphlet

Free format text: PAGES 1/8-8/8, DRAWINGS, REPLACED BY NEW PAGES 1/9-9/9; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

DPE2 Request for preliminary examination filed before expiration of 19th month from priority date (pct application filed from 20040101)