Electrical computers and digital processing systems: memory – Storage accessing and control – Hierarchical memories
Patent
1995-08-18
1998-04-21
An, Meng-Ai T.
Electrical computers and digital processing systems: memory
Storage accessing and control
Hierarchical memories
39580028, 3958003, 39520033, 39520049, 39520055, 39520059, 711163, G06F 1500
Patent
active
057427593
ABSTRACT:
Embodiments of the present invention provide an improved method and system for securely controlling access to resources in a distributed computer system. One embodiment of the present invention stores and binds a group identification to a target object and then uses membership checking to determine whether a client object which requests access to the target object is a member of a group with access rights to the target object. In this way, the present invention avoids performing costly cryptographic operations in order to verify access rights of requesting objects, as was common in some prior art systems.
A second embodiment of the present invention stores and binds a group identification to a target object reference and then passes the target object reference to client objects in the system. Since the target object reference includes a group identification entry, a first client object is able to determine which other clients in the system are members of the identified group. This determination allows the first client object to pass the target object reference to the other members of the group without first communicating with the server for the target object. In this way, the present invention avoids the costly transaction costs of communicating with the server for the target object.
REFERENCES:
patent: 4919545 (1990-04-01), Yu
patent: 5138712 (1992-08-01), Corbin
patent: 5204897 (1993-04-01), Wyman
patent: 5261102 (1993-11-01), Hoffman
patent: 5263165 (1993-11-01), Janis
patent: 5412717 (1995-05-01), Fischer
patent: 5421011 (1995-05-01), Camillone et al.
patent: 5455953 (1995-10-01), Russell
patent: 5475753 (1995-12-01), Barbara et al.
patent: 5481715 (1996-01-01), Hamilton et al.
patent: 5491752 (1996-02-01), Kaufman et al.
patent: 5539906 (1996-07-01), Abraham et al.
patent: 5572673 (1996-11-01), Shurts
patent: 5577252 (1996-11-01), Nelson et al.
"Object-Oriented Software Construction", by Bertrand Meyer, Prentice Hall 1988.
"Authentication in Distributed systems: Theory and Practice", by Butler Lampson et al., Digital Equipment Corporation, ACM Transactions on Computer Systems, vol. 10, No. 4, Nov. 1992, pp. 265-310.
"Remote: a System Supporting Practical Authorization in Large Heterogeneous Distributed Systems", by J. G. Fletcher and D.M. Nessett, Internetworking: Research and Experience, vol. 4, pp. 159-172, 1993.
"Resource Access Control In a Network Operating System", by J.E. Donnelley and J.G. Fletcher, Lawerence Livermore Laboratory, UCRL-84319, Rev. 1, 1980, pp. 1-11.
"Identifier Protection in a Distributed Operating System", by D.M. Nessett, Lawerence Livermore Laboratory, UCRL-86143, 1981, pp. 1-6.
"A Secure Identity-Based Capability System", by Li Gong, University of Cambridge Computer Laboratory, 1989, pp. 56-63.
Nessett Danny M.
Tock Theron D.
An Meng-Ai T.
Crean Timothy J.
Inouye Patrick J. S.
Sun Microsystems Inc.
LandOfFree
Method and system for facilitating access control to system reso does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for facilitating access control to system reso, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for facilitating access control to system reso will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2067276