Secured and access controlled peer-to-peer resource sharing
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/173
G06F-015/16
출원번호
US-0534441
(2006-09-22)
등록번호
US-7475139
(2009-01-06)
발명자
/ 주소
Goodman,Brian D.
Rooney,John W.
Subramanian,Ramesh
Sweeney,William C.
출원인 / 주소
International Business Machines Corporation
대리인 / 주소
Campbell,John E.
인용정보
피인용 횟수 :
5인용 특허 :
14
초록▼
A peer-to-peer network propagates searches from client to client. Resources within each client are selectively searched in response to authentication and authorization processes. Authentication information may be included in a search request or may be performed by an authentication process external
A peer-to-peer network propagates searches from client to client. Resources within each client are selectively searched in response to authentication and authorization processes. Authentication information may be included in a search request or may be performed by an authentication process external to the client. Authorization is performed by a process external to the client. Only after authentication or authorization may resources of any particular client be accessed. The system allows for secure propagated searches and resource access in a peer-to-peer network environment. The network may further include a server for maintaining a list of clients connected to the peer-to-peer network in order to more efficiently facilitate peer-to-peer communications.
대표청구항▼
What is claimed is: 1. In a peer-to-peer network comprising a plurality of clients, each of the clients being unaware of resources residing at other of the clients, a method of securely conducting a resource search initiated by a first client, the resource search included with a search request havi
What is claimed is: 1. In a peer-to-peer network comprising a plurality of clients, each of the clients being unaware of resources residing at other of the clients, a method of securely conducting a resource search initiated by a first client, the resource search included with a search request having a credentials signal indicative of the first client, the method comprising the steps of: communicating the search request from the first client to a second client, the second client having a multiplicity of second resources, each of the multiplicity of second resources having at least one corresponding access attribute, the at least one corresponding access attribute being indicative of a set of clients authorized to access a corresponding resource in the multiplicity of second resources; and at the second client, selectively searching a set of second resources in the multiplicity of second resources that the first client is authorized to access in response to a comparison of authentication data and authorization data within the credentials signal and the at least one corresponding access attribute of each of the multiplicity of second resources, the authorization data being indicative of at least one resource type that the first client is authorized to access within the multiplicity of second resources. 2. The method of claim 1, further comprising: communicating the search request from the second client to a third client, the third client having a multiplicity of third resources, each of the multiplicity of third resources having at least one corresponding access attribute, the at least one corresponding access attribute being indicative of a set of clients authorized to access a corresponding resource in the multiplicity of third resources; and at the third client, selectively searching a set of third resources in the multiplicity of third resources that the first client is authorized to access in response to comparison of authentication data and authorization data within the credentials signal and the at least one access attribute of each of the multiplicity of third resources, the authorization data being indicative of at least one resource type that the first client is authorized to access within the multiplicity of third resources. 3. The method according to claim 2, further comprising the steps of: at the third client, determining a matching resource in response to the step of selectively searching the multiplicity of third resources; and communicating a matching signal indicative of the matching resource from the third client to the first client. 4. The method according to claim 2, wherein the credentials signal includes an identification signal indicative of the first client, the access attributes of the second and third resources includes an authorization signal indicative of at least one of a plurality of clients, the plurality of clients including the first client, the step of selectively searching the second multiplicity of resources searches one of the second multiplicity of resources if the identification signal substantially matches the authorization signal included with the corresponding access attributes, and the step of selectively searching the third multiplicity of resources searches one of the third multiplicity of resources if the identification signal substantially matches the authorization signal included with the corresponding access attributes. 5. The method of claim 2, wherein the search request is communicated from the second client to a third client in response to an external server verifying the identity of the first client based on the authentication information. 6. The method of claim 2, wherein selectively searching a set of third resources in the multiplicity of third resources comprises: communicating, from the third client, at least authorization information associated with the first client that is included within the credentials signal to an external server; and receiving, at the third client in response to the communicating the at least authorization information, at least an authorization signal from the external server including access control information associated with the first client, the access control information being indicative of a set of resource types in the multiplicity of third resources that the first client is authorized to access. 7. The method of claim 6, wherein selectively searching a set of third resources in the multiplicity of third resources further comprises selectively searching a set of resources in the multiplicity of third resources that are associated with a resource type substantially matching at least one resource type that the first client is authorized to access as indicated by the authorization signal. 8. The method of claim 1, further comprising the steps of: communicating, from the second client, authentication and authorization information associated with the first client that is included within the credentials signal to an external server; and receiving, at the second client in response to the communicating the authentication and authorization information, an authentication signal from the, external server verifying the identity of the first client and an authorization signal from the external server including access control information associated with the first client, the access control information being indicative of a set of resource types in the multiplicity of second resources that the first client is authorized to access. 9. The method of claim 8, wherein the selectively searching at the second client the multiplicity of second resources comprises selectively searching a set of resources in the multiplicity of second resources that are associated with a resource type substantially matching at least one resource type that the first client is authorized to access as indicated by the authorization signal. 10. A client included in a peer-to-peer network having a multiplicity of clients, each of the clients being unaware of resources residing at other of the clients, the client comprising: a peer-to-peer network dispatcher for receiving a resource search request from a second client of the multiplicity of clients, the search request initiating from an initiating client of the multiplicity of clients, the search request including a credentials signal having an identification signal indicative of the initiating client, wherein the credentials signal includes authentication data and authorization data, the authorization data being indicative of at least one resource type that the second client is authorized to access; a memory for storing a plurality of resources, each of the plurality of resources having at least one corresponding access attribute, the at least one corresponding access attribute being indicative of a set of clients authorized to access a corresponding resource in the plurality of resources; and a search engine for selectively searching at least one set of resources in the plurality of resources that the second client is authorized to access in response to a comparison of the authentication and authorization data within the credentials signal and the at least one access attribute of each of the plurality of resources. 11. The client according to claim 10, wherein the peer-to-peer network dispatcher communicates the identification signal to an authentication process external to the client and receives an authenticated signal if the identification signal is authenticated by the authentication process, and the search engine does not search any of the plurality of resources if the authenticated signal is not received from the authentication process. 12. The client according to claim 11, wherein the peer-to-peer network dispatcher communicates the resource search request to a third client of the multiplicity of clients if the authenticated signal is received from the authentication process, or does not communicate the resource search request to the third client if the authenticated signal is not received from the authentication process. 13. The client according to claim 10, wherein the access attribute is indicative of a class of clients permitted to access to the corresponding resource, the peer-to-peer network dispatcher communicates the identification signal to an authorization process external to the client and receives a client class signal in response thereto, and the search engine selectively searches the at least one of the plurality of resources in response to a comparison of the client class signal and the at least one access attribute of each of the plurality of resources. 14. The client according to claim 10, wherein the peer-to-peer network further includes a server and each of the multiplicity of clients has a unique client address, the client further comprises a seed list receiver for receiving and storing a seed list of client address from the server, and the peer-to-peer network search dispatcher forwards the resource search request to client addresses of the seed list. 15. In a peer-to-peer network comprising a plurality of clients, each of the clients being unaware of resources residing at other of the clients, a method of securely conducting a resource search initiated by a first client, the resource search included with a search request having a credentials signal indicative of the first client, the method comprising the steps of: communicating the search request from the first client to a second client; communicating the search request from the second client to a third client, the third client having a multiplicity of third resources, each of the multiplicity of third resources having at least one corresponding access attribute, the at least one corresponding access being indicative of a set of clients authorized to access a corresponding resource in plurality of resources; and at the third client, selectively searching a set of resources in the multiplicity of third resources that the first client is authorized to access in response to a comparison of authentication and authorization data within the credentials signal and the at least one access attribute of each of the multiplicity of third resources, the authorization data being indicative of at least one resource type that the first client is authorized to access within the multiplicity of third resources.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (14)
Nieten Joseph Lee, Apparatus and method for data transfers through software agents using client-to-server and peer-to-peer transfers.
Kisor Greg, Method and system including a central computer that assigns tasks to idle workstations using availability schedules and computational capabilities.
Kouznetsov,Victor; Vigue,Charles L.; Fallenstedt,Martin; Melchione,Daniel, System and method for automatic selection of service provider for efficient use of bandwidth and resources in a peer-to-peer network environment.
Traversat,Bernard A.; Gong,Li; Yeager,William J.; Abdelaziz,Mohamed M.; Duigou,Michael J.; Pouyoul,Eric; Hugly,Jean Christophe; Joy,William N.; Clary,Michael J., System using peer discovery and peer membership protocols for accessing peer-to-peer platform resources on a network.
Almoustafa, Ahmed M.; Goodman, Brian Gerard; Greco, Paul Merrill; Jaquette, Glen Alan; Jesionowski, Leonard George; Palazzolo, Aaron S.; Taylor, Michael L.; Tran, An Thien, Validation of encryption key.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.