Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-08-09
2004-02-03
Smithers, Matthew (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06687832
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to systems for controlling topology views which display a network structure of a management-object network, and particularly relates to a system for controlling topology views which controls creating, modifying, referring of a topology view with respect to each layer of hierarchy when control of a network is divided into a plurality of layers.
2. Description of the Related Art
An information-communication network is formed by connecting together various network elements such as switch devices, transit devices, bridges, computers, etc. Such a network typically includes a plurality of networks having different operation styles such as wide-area networks operated by a plurality of communication-service providers and small intra-networks operated by single corporations. Such networks are connected in a hierarchical fashion to form the entire network.
A network-management operator accesses a network of a given layer so as to attend to operation management of a relevant network domain. This needs to be done layer by layer. Because of this, network operators are urging for such an enhancement of a network-management system that network-management operators can perform more efficiently the operation management of each network having a different operation style at a different layer, thereby enhancing quality of communication services provided to the network users.
An international effort for standardization has been made with an aim of achieving an efficient network-operation management. This effort is coordinated by such an organization as ITU-T or OSI involving not only a large number of network-operation providers but also vendors manufacturing network-element devices such as switches.
The present invention relates to a system for controlling topology views for the purpose of providing a visual display of a link structure of network elements in a network having a hierarchical structure and for the purpose of providing secure and efficient control of the network.
When accessing a topology view in network management, each network-management operator is given an access authorization with respect to a given network layer, so that a network-management operator can only access a topology view to which an appropriate access right is granted. Because of this configuration, a network-management system of each network is provided with different topology views that are configured according to different access authorizations given to network-management operators.
Where a plurality of network-management operators are supposed to be given different topology views according to different access authorizations, a simplicity of a process of creating a topology view may be given priority. For example, a topology view created for a network-management operator having the highest access right may be provided to all the relevant network-management operators. As an example of another endeavor, Japanese Patent Laid-open Application No. 5-225032 teaches a directory system which is equipped with a function to customize individual topology views.
When a network-management system needs to be provided with different topology views according to different access authorizations, each one of these topology views has to be created one by one no matter how large the total number of the topology views is. Further, it is painstakingly difficult to keep consistency between the topology views when these topology views are separately created and controlled by different network-management operators.
In the system where a topology view for a network-management operator having the highest access right is provided to all the network-management operators having different access authorizations in consideration of a need for a simplicity of topologi-view creation, it is impossible to prevent illegal access to a topology view without a proper authorization. This results in security breach regarding control of topology data.
Accordingly, there is a need for a system for controlling topology views which can easily create a topology view of a given layer while insuring security regarding control of topology-view data by displaying a topology view of a given layer according to a proper access authorization of a given network-management operator.
SUMMARY OF THE INVENTION
Accordingly, it is a general object of the present invention to provide a system for controlling topology views which can satisfy the need described above.
It is another and more specific object of the present invention to provide a system for controlling topology views which can easily create a topology view of a given layer while insuring security regarding control of topology-view data by displaying a topology view of a given layer according to a proper access authorization of a given network-management operator.
In order to achieve the above objects according to the present invention, a system for controlling topology views for operators in network management includes a data-storage unit which stores data of a base topology view, a security-management unit which controls access-authorization information with respect to each of the operators, said access-authorization information for a given operator defining network elements accessible by the given operator, and a topology-view-management unit which generates data of a dependent topology view by making a partial copy of the data of the base topology view only with respect to the network elements accessible by the given operator, thereby providing the dependent topology view to be presented to the given operator.
In the system as described above, the base-topology-view data is provided in the data-storage unit, and the dependent-topology-view data is generated for the given operator by copying only the accessible elements of the base-topology view in accordance with the access-authorization information. Therefore, there is no need to prepare a large number of topology views in advance for different network-management operators having different access authorizations, and proper security is insured because of use of access authorization information.
Further, since all the dependent topology view are created from the single base topology view by making a partial copy thereof, consistency between the views can be easily maintained.
REFERENCES:
patent: 5537099 (1996-07-01), Liang
patent: 5758083 (1998-05-01), Singh et al.
patent: 6438591 (2002-08-01), Fehskens et al.
patent: 64-5246 (1989-01-01), None
patent: 5-225032 (1993-09-01), None
patent: 9-293052 (1997-11-01), None
Abe Hiroaki
Aihana Takeshi
Harada Asuro
Hayashi Naoki
Kajitani Yuki
Fujitsu Limited
Katten Muchin Zavis & Rosenman
Smithers Matthew
LandOfFree
Control of topology views in network management does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Control of topology views in network management, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Control of topology views in network management will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3294625