Electrical computers and digital processing systems: multicomput – Computer network managing – Computer network access regulating
Reexamination Certificate
1998-01-23
2001-02-20
Vu, Viet D. (Department: 2154)
Electrical computers and digital processing systems: multicomput
Computer network managing
Computer network access regulating
C709S202000, C709S219000, C709S241000
Reexamination Certificate
active
06192405
ABSTRACT:
TECHNICAL FIELD
The present invention relates generally to managing access in computer systems, and will be specifically disclosed as a method and apparatus for accessing a resource through a distributed directory.
BACKGROUND OF THE INVENTION
The virtual explosion of technical advances in microelectronics, digital computers and software have changed the face of modern society. In fact, these technological advances have become so important and pervasive that this explosion is sometimes referred to as “the information revolution.” Through telephone lines, cables, satellite communications and the like, information and resources are ever increasingly being accessed and shared. For instance, computers are often connected to one another to form a network, such as a local area network (“LAN”) or a wide area network (“WAN”), wherein the computers communicate between one another and share resources. While increased interconnectivity is a desirable and powerful utilization of the technological explosion, it also poses a challenge with respect to security. This is particularly true when measured against the ever increasing ability and creativity of saboteurs, hackers and agents attempting to access sensitive information.
Particularly with computer networks, but also with other computer configurations, a variety of different resources can be accessed and used. For example, a given computer may require access to a database, an electronic mail (“e-mail”) system, a management system, and other programs or resources. Very often, however, each computer resource has its own unique security system that operates independent of the other resources. Building on the prior example, the database may have its own password system, while the e-mail and management service would have a different password system. As such, someone needing access to each of these computer resources would be required to remember passwords corresponding to each of the resources. Moreover, when that user wanted to access a resource, the user would be required to perform the steps of whatever authentication routine is required of that resource, thus wasting time and energy.
Therefore, there is a need for a method and apparatus where multiple computer resources can be secured and accessed without the attendant problems in the prior art.
SUMMARY OF THE INVENTION
Accordingly, an object of the invention is to provide an improved method and apparatus for managing access to resources in a computer system.
Another object of the invention is to provide a method and apparatus for centralized access control to resources through a management service.
Additional objectives, advantages and novel features of the invention will be set forth in the description that follows and, in part, will become apparent to those skilled in the art upon examining or practicing the invention. The objects and advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out in the appended claims.
One aspect of the present invention is a method in a computer system. A requester requests information from an independent data store. The request is received by a broker. The broker accesses a distributed directory and determines whether a first object representing the requester has rights to access at least a portion of the data store. If such rights exist, the requester is allowed to access the data store.
Another aspect of the invention is a computer system having a management service with a plurality of objects and an access control mechanism. A first object in the management service represents a requester. The first object has rights in the management service controlled by the access control mechanism. A resource has a security system. A second object in the management service represents the resource and access to the second object is controlled by the access control mechanism. A broker has access to the management service and the resource. The broker is operative to determine whether the first object has rights to access the second object, and if such rights exist to allow the requester to access at least a portion of the information in the resource.
Still other aspects of the present invention will become apparent to those skilled in the art from the following description of a preferred embodiment, which is by way of illustration, one of the best modes contemplated for carrying out the invention. As will be realized, the invention is capable of other different and obvious aspects, all without departing from the invention. Accordingly, the drawings and descriptions are illustrative in nature and not restrictive.
REFERENCES:
patent: 5603031 (1997-02-01), White et al.
patent: 5649194 (1997-07-01), Miller et al.
patent: 5913025 (1999-06-01), Higley et al.
patent: 5922074 (1999-07-01), Richard et al.
patent: 5933826 (1999-08-01), Ferguson
patent: 5944824 (1999-08-01), He
patent: 6014686 (2000-01-01), Elnozahy et al.
Novell, Inc.Novell Improves Decision-Making, Responsiveness and Competitiveness for Networked Enterprises.,Jul. 30, 1997.
Novell, Inc.Novell's Guide to NetWare 4.1 Networks,Table of Contents and Chapters 3 and 13, J. Hughes et al. 1996.
Informs-Electronic Forms Automation V 4.1-Designer, Table of Contents, Chapter 13, Appendices D & I, 1995.
Dinsmore & Shohl LLP
Novell Inc.
Vu Viet D.
LandOfFree
Method and apparatus for acquiring authorized access to... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for acquiring authorized access to..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for acquiring authorized access to... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2606670