Full group privileges access system providing user access...

Data processing: database and file management or data structures – Database design – Data structure types

Reexamination Certificate

Rate now

  [ 0.00 ] – not rated yet Voters 0   Comments 0

Details

C707S793000, C707S793000, C709S229000, C713S152000, C713S152000

Reexamination Certificate

active

06192361

ABSTRACT:

TECHNICAL FIELD OF THE INVENTION
The present invention relates in general to the field of telecommunications switching systems. More particularly, the present invention is related to a Full Group Privileges Access System for a Telecommunications Switch Management System for use with telecommunications switching systems.
BACKGROUND OF THE INVENTION
Conventional telecommunications switching systems employ centralized switching facilities which result in undesirable lengthy switching paths. Therefore, it is desirable to implement distributed telecommunications switching systems which do not require centralized switching facilities. However, elaborate management systems normally are required in order to provide users and operators with the ability to control, configure and monitor the various switches and other components which make up a typical distributed telecommunications switching system. For example, an operator or user must be able to control, configure and monitor a distributed switching system's individual application cards, as well as the communication busses which interconnect those application cards.
Conventional distributed telecommunications switching systems use dedicated Operational Support Systems (“OSSs”) and relatively complex and cryptic command-driven user interface systems in order to provide users with the ability to control, configure and monitor distributed switching systems. These dedicated OSSs are cumbersome to develop, maintain, upgrade and expand upon. Additionally, the command-driven user interfaces are relatively cryptic, cumbersome, non-intuitive and difficult for users to learn and use.
Additionally, conventional distributed telecommunications switching systems typically use security systems to prevent unauthorized users from accessing, configuring or monitoring the distributed switching systems. These conventional security systems are generally file-based systems, in that they protect the switching system from unauthorized access by providing each user access to only certain designated files. Such file-based security systems are relatively inflexible, non-intuitive, and difficult to use and to administer. In addition, these file-based systems typically are not well-suited to the implementation of so-called security user groups, which provide additional security system flexibility by allowing administrators to create an arbitrary number of user groups, the members of which each have specified levels of access to the system.
Therefore, a need has arisen for a command-based security system for telecommunications switching systems wherein users are authorized to use certain commands, as opposed to being authorized to access certain files. Because each command typically requires access to multiple files, such command-based security systems are more flexible and are easier to use and administer than are conventional file-based security systems. In addition, such command-based security systems are especially well-suited to the implementation of user groups.
SUMMARY OF THE INVENTION
In accordance with the present invention, a full group privileges access security mechanism for a telecommunications switching system is provided which substantially eliminates or reduces the disadvantages and problems associated with prior security systems for telecommunications switching systems.
The full group privileges access mechanism of the present invention provides security protection for a telecommunications switching system which is accessible by users using a computer. The full group privileges access mechanism of the present invention contains storage files which store information related to authorized users, a system manager building block which is in communication with the computer, a system security manager client building block which is in communication with the system manager building block, and a system security manager server building block which is in communication with the system security manager client building block. The system manager building block in combination with the system security manager client building block and the system security manager server building block are in communication with the storage files which contain information related to the authorized users. The system manager building block in combination with the system security manager client building block and the system security manager server building block can access the storage file information related to the authorized users in order to determine whether, and to what extent, users can access the telecommunications switching system. Additionally, the system manager building block in combination with the system security manager client building block and the system security manager server building block can also access the storage file information in order to modify the files related to the authorized users as a way of controlling whether, and to what extent, users can access the telecommunications switching system. The system manager building block provides communication between the computer and the system security manager client building block. The system security manager client building block provides communication between the system manager building block and the system security manager server building block.
In another aspect of the invention, the storage files store information related to the authorization level of each authorized user, and the minimum authorization level for each function and command provided by the telecommunications switching system. A user cannot access a function or execute a command unless the user has an authorization level at least as high as the minimum authorization level for that function or command. In still another aspect of the invention, the storage files store information related to user groups which have authorized users as members, and information related to the user groups which are authorized to access each function and execute each instruction provided by the telecommunications switching system. A user cannot access a function or execute a command unless the user is a member of at least one user group which is authorized to access that function or execute that command.
In another aspect of the invention, the storage files containing information related to authorized users are maintained at least in part in a runtime library. In still another aspect of the invention, the full group privileges access mechanism of the present invention generates records of unauthorized attempts to access the telecommunications switching system. In yet another aspect of the invention, the full group privileges access mechanism of the present invention supports multiple user groups wherein the members of the respective user groups have varying degrees of access to the telecommunications switching system, as compared to members of other user groups.
In another aspect of the invention, the system manager building block communicates with the computer using the Internet inter-ORB (Object Request Broker) protocol (“IIOP”) or the Hypertext Transport Protocol (“HTTP”). In still another aspect of the invention, the various building blocks of the full group privileges access mechanism can communicate with one another by sending and receiving messages. In yet another aspect of the invention, the various building blocks of the full group privileges access mechanism can be designed using the well-known Common Object Request Broker Architecture (“CORBA”), and can communicate with one another using the CORBA communications protocol.
A technical advantage of the full group privileges access mechanism of the present invention is its ability to provide a command-based security system. Another technical advantage of the full group privileges access mechanism of the present invention is its ability to support numerous different authorization levels and user groups, in order to provide a security system with improved flexibility and the ability to be customized. Still another technical advantage of the full group privileges access mechanism of the present invention is its d

LandOfFree

Say what you really think

Search LandOfFree.com for the USA inventors and patents. Rate them and share your experience with other people.

Rating

Full group privileges access system providing user access... does not yet have a rating. At this time, there are no reviews or comments for this patent.

If you have personal experience with Full group privileges access system providing user access..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Full group privileges access system providing user access... will most certainly appreciate the feedback.

Rate now

     

Profile ID: LFUS-PAI-O-2581006

  Search
All data on this website is collected from public sources. Our data reflects the most accurate information available at the time of publication.