Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-10-02
2004-01-20
Sheikh, Ayaz (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C713S164000, C713S165000, C713S188000, C380S241000
Reexamination Certificate
active
06681330
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to multiplatform computer system networks, and more particularly to providing distributed security for unobtrusive access across multiplatform networks.
BACKGROUND OF THE INVENTION
In distributed computer networks, many operating system platforms may be employed on server and client systems within the network. Each different platform utilizes its own administrative rules for user login procedures. Thus, each platform typically has characteristic techniques for assigning user identifiers and passwords to control access to the resources and services of the system. In large, heterogeneous network environments, difficulty exists in providing user access to resources on a platform that is different than the one the user is logged-in to. Thus, the user is restricted from effectively and efficiently utilizing the resources of the network.
In an attempt to overcome such problems, Microsoft's™ Active Directory aspect of the NT-5 platform solves a technical problem that other directories in the past have not solved: distributed security. Other directories are aimed at making certain kinds of data more available. Active Directory is aimed at making distributed computing more available. Active Directory is Microsoft's enabling mechanism for distributed security, Zero Administration Workstation (ZAW), and product suite integration. Through Active Directory, products see a common schema, common definitions for User and user and are able to exploit data of several different “qualities”: volatile, transactional, and “classic”(where classic means low write to read ratio, relatively unchanging, and low ACID (atomicity, consistency, isolation, and durability) property requirements). Unfortunately, such a scheme for distributed security is extremely limited, since it is only operable on NT platform systems and services leaving other platforms and services still unable to provide effective and efficient utilization of resources across platforms.
Another technique, commonly known as global sign-on, provides a global security feature that alters local security administration. Thus, while providing cross-platform access, global sign-on increases administrative overhead by intruding upon local procedures and demanding conformance to the global security requirements.
Accordingly, a need exists for a mechanism to give the heterogeneous network enterprise a common user identity and to integrate the user's (and server's) experience among different platforms, without being intrusive. The present invention addresses such a need.
SUMMARY OF THE INVENTION
The present invention provides aspects for a heterogeneous computer network system with unobtrusive cross-platform user access. In an exemplary system aspect, the system includes a plurality of computer systems coupled in a network, each of the plurality of computer systems operating according to one of a plurality of operating system platforms, each operating system platform having an associated security mechanism. The system further includes an enterprise directory included on at least one system of the plurality of computer systems, the enterprise directory configured for security interception to allow an authorized user access among the services of the plurality of computer systems without affecting the associated security mechanisms of the plurality of operating system platforms.
Through the present invention, local security procedures and policies apply on each platform, thus allowing users to log-on to a single network operating system according to that system's known log-in procedures. A user object is achieved that, when spanning all systems, provides a distributed user context that is useful in unobtrusively achieving access to separate platforms. These and other advantages of the aspects of the present invention will be more fully understood in conjunction with the following detailed description and accompanying drawings.
REFERENCES:
patent: 5684950 (1997-11-01), Dare et al.
patent: 5699513 (1997-12-01), Feigen et al.
patent: 5768504 (1998-06-01), Kells et al.
patent: 5892828 (1999-04-01), Perlman
patent: 5925126 (1999-07-01), Hsieh
patent: 5944824 (1999-08-01), He
patent: 6073242 (2000-06-01), Hardy et al.
patent: 6131120 (2000-10-01), Reid
patent: 6240512 (2001-05-01), Fang et al.
patent: 6243816 (2001-06-01), Fang et al.
patent: 6275941 (2001-08-01), Saito et al.
Microsoft Press; Microsoft Corporation, Microsoft Press Computer Dictionary. 1997, 3rd Edition, p. 220.*
Gubbins, Barry : Protecting Availability in Complex Computer Environments. Candle Corporation; Information Management & Computer Security, vol. 3. 1995. Australia pp. 20-22.*
Greisdoff, Robin : Raxco introduces new cross-platform client/server security division—AXENT(™) technologies. Raxco Inc.; Business Wire, section 1. Aug. 1994 New York. p. 1-3.*
Adhikari, Richard : Unresolved security issues blunt distributed hoopla. Sentry Publishing Inc.; Software Magazine, vol. 15. Feb. 1995 Barrington. p. 44.*
Messmer, Ellen : Axent software provides for single network sign-on. Network World Inc.; Network World. vol. 14. Apr. 1997 Framingham. start p. 12.*
Janah, Monua : Secure network base. CMP Publications; Informationweek. Issue 643. Aug. 1997 Manhasset. pp. 107-109.*
Chen, Anne : Directories on trial: Managers win support for directory infrastructure investments by emphasing ROI, security benefits. ziff-Davis Publishing Company; PC Week. Oct. 1999. pp. 1-4.*
Vacc, John R.: Single Sign-On for the Enterprise; Pomeroy, Ohio. 2002 CRC Press LLC, 17 pages.*
Biggs, Maggie: IBM's simple, secure Sign-on; Framingham. Aug. 11, 1997 InfoWorld Publications, Inc., vol. 19, Issue 32 pp. 1,101-1,103.
Bradford Edward Green
House Daniel Edward
Ha Leynna
International Business Machines - Corporation
Sawyer Law Group LLP
Sheikh Ayaz
LandOfFree
Method and system for a heterogeneous computer network... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for a heterogeneous computer network..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for a heterogeneous computer network... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3245052