Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
1999-11-12
2004-10-05
Smithers, Matthew (Department: 2137)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S158000, C713S175000, C713S184000, C713S152000
Reexamination Certificate
active
06801998
ABSTRACT:
CROSS REFERENCE TO RELATED APPLICATIONS
N/A
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OF DEVELOPMENT
N/A
BACKGROUND OF THE INVENTION
The present invention relates to computer network security techniques and more particularly to a method and system for granting an applicant the right of access to a computer resource without disclosing intelligible information to the applicant regarding the group having access to the resource.
In computer systems and networks, including client-server systems, the need to control access to various services and resources is well understood and most systems employ techniques for assuring that applicants seeking to use available resources and services are authorized to use the same. Security precautions are taken within most computer networks to maintain the integrity of data within the network and to assure that the privacy of sensitive information is maintained. By way of example, it may be desirable to allow only individuals possessing sufficient rights to access and/or modify particular files, access certain directories, create and/or view directory structures, read specific web pages, etc. There are advantages and disadvantages associated with the use of different techniques for controlling access to available computer resources. In some computer systems, group membership lists are employed to determine whether an applicant that requests a service, or access to a computer resource, has the right of access to the respective service or resource. Each such list may include the identification of one or more members that have access to the specified service or resource. Upon receipt of a request from a user or process (collectively referred to herein as an applicant) associated with a client of a client/server system, the recipient of the request (typically a server) determines whether the applicant is a member of a group having the right to perform the requested operation. If the applicant has the right to perform the specified operation, the operation proceeds. If the applicant is not authorized, i.e. is not a member of the group having a right of access, access to the resource is denied or the operation is aborted, as applicable.
Servers which maintain group membership lists can be prone to denial of service attacks from malicious users. More particularly, a malicious user may repetitively request that a target server delete a file under one or more user names though the malicious user knows that insufficient access rights exist. The server, in such a circumstance, in response to each request, verifies that the user is authorized to obtain access to the resource. This verification may involve the comparison of the user to a group membership list maintained on a different membership server. As a consequence, the target server must forward an inquiry message to the membership server and await a response from that server. This process utilizes server and network resources and can introduce considerable latency in the determination of whether the user is authorized to obtain the requested service. Alternatively, the target server may maintain group membership lists and may compare the user identifier to the members listed on the group membership lists for groups having the right of access to the specified resource. The analysis of each request and the denial of service in response to each request from the malicious user also utilizes server resources. In either event, the intentional repetitive forwarding of requests to a server which will be denied service by a malicious user can utilize significant server bandwidth and can degrade or disrupt server operation.
Some systems are designed in a manner to avoid the need for the target server to make the determination of whether the applicant has sufficient rights to obtain access to the relevant service or resource. More particularly, in some systems the applicant associated with a client forwards a request for service to a target server, and the target server, in response, requires that the applicant prove membership in a group having sufficient rights to obtain the requested service. Typically, the request from the target server to the applicant or client, in such a circumstance, includes an identification of one or more groups including members authorized to obtain the requested service. Upon submission of proof of membership in one of the specified groups, the applicant is provided access to the resource or the specified operation is performed. The proof may be in the form of a certificate signed by a trusted party certifying membership in one of the specified groups having the right of access to the resource or via a similar message from the client to the server.
In systems in which security is a significant concern, it may be desirable not to provide the applicant with intelligible information regarding the identification of groups having access to specific resources since such information may be employed by a malicious user in an attempt to attack the system. For example, if a user transmits a request to a server to delete a file, in response, the server may forward a request to the user to prove membership in the “Admin”group. Such may provide the user with the knowledge that if he can impersonate any member of the “Admin”group, he will be able to perform the specified deletion and possibly other deletion operations.
Rather than providing descriptive information in response to a request for service, the server may respond by requesting proof of membership in a group bearing a name which does not include descriptive content regarding group membership (i.e. “Group 251, Subgroup 75”). However, if different users attempt to delete a file and they receive a request for proof of membership in the same group in response, information may be deduced regarding the group having access rights. Similarly, if an applicant requests service from different servers and requests for proof of membership in the same group are received in response, such may also provide the applicant with information which can be used by a malicious user in determining how to circumvent security mechanisms within the system.
Cryptographic techniques such as public key cryptography and symmetric key cryptography techniques are well known and have been applied to provide secure transmission of information from one user or computer within a network to another user or computer within the network. Additionally, cryptography techniques have been applied to provide a means for digitally signing messages to verify the authenticity of the sender of a message. Such techniques are well known and explained, for example, in a book published by Prentice Hall and titled Network Security, Private Communication in a Public World authored by Charlie Kaufman, Radia Perlman and Mike Speciner. Heretofore, however, cryptography techniques have not been applied to the problems discussed above.
For the reasons set forth above, it is desirable to provide a system and method for requiring an applicant for a resource in a client-server system to prove membership within a group having the right of access to the resource without providing to the applicant intelligible information regarding group membership.
BRIEF SUMMARY OF THE INVENTION
A method and system is disclosed which permits an applicant associated with a client to obtain access to a service or resource available from or through an application server. In a preferred embodiment, the applicant is required to prove membership within a group having the requisite privileges to obtain access to the service or resource without receipt of intelligible information from the application server regarding the identification of the group or groups having access privileges. In response to a request for service provided by the applicant to the application server, the application server transmits an encrypted message to the client which includes an identification of the group or groups having a right of access to the service requested by the client. In a preferred embodiment, the group identification is combined
Anderson Anne H.
Elley Yassir K.
Hanna Stephen R.
Mullan Sean J.
Perlman Radia J.
Fields Courtney D.
Foley & Hoag LLP
Smithers Matthew
Sun Microsystems Inc.
LandOfFree
Method and apparatus for presenting anonymous group names does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for presenting anonymous group names, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for presenting anonymous group names will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3301396