System and method for providing distributed access control to secured documents
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-015/16
G06F-015/173
G06F-007/04
출원번호
UP-0076181
(2002-02-12)
등록번호
US-7783765
(2010-09-13)
발명자
/ 주소
Hildebrand, Hal S.
Vainstein, Klimenty
대리인 / 주소
Sterne Kessler Goldstein & Fox PLLC
인용정보
피인용 횟수 :
30인용 특허 :
249
초록▼
A system and method for providing distributed access control are disclosed. A number of local servers are employed to operate largely on behalf of a central server responsible for centralized access control management. Such a distributed fashion ensures the dependability, reliability and scalability
A system and method for providing distributed access control are disclosed. A number of local servers are employed to operate largely on behalf of a central server responsible for centralized access control management. Such a distributed fashion ensures the dependability, reliability and scalability of the access control management undertaking by the central server. According to one embodiment, a distributed access control system that restricts access to secured items can include at least a central server having a server module that provides overall access control, and a plurality of local servers. Each of the local servers can include a local module that provides local access control. The access control, performed by the central server or the local servers, operates to permit or deny access requests to the secured items by requestors.
대표청구항▼
We claim: 1. A method for providing access to a secured document, the method comprising: requesting authentication of a user having credential information to a first server at a first location having a first instance of the secured document stored therein; in response to determining that the user i
We claim: 1. A method for providing access to a secured document, the method comprising: requesting authentication of a user having credential information to a first server at a first location having a first instance of the secured document stored therein; in response to determining that the user is authenticated to the first server, requesting that a connection be established that allows the user to access the first instance of the secured document at the first server; and upon receiving a request from the user to access a second instance of the secured document at a second server at a second location: requesting authentication of the user to the second server; determining whether access to the secured document is permitted from the second location via the second server; in response to determining that the user is authenticated to the second server and that access to the secured document is permitted from the second location, requesting disconnection of the user from the first server; and requesting that a connection be established that allows the user to access the second instance of the secured document at the second server. 2. The method as recited in claim 1, wherein the requesting authentication of a user having credential information comprises authenticating both the credential information and a client machine at the first location. 3. The method as recited in claim 1, further comprising enabling the user to use the first and the second servers as access points to gain access to the secured document. 4. The method as recited in claim 3, wherein: in response to receiving a request from the user for access to the first instance of the secured document at the first location, causing the first server to interact over a network with the user, and in response to receiving the request from the user for access to the second instance of the secured document at the second location, causing the second server to interact over a network with the user using a second client machine at the second location. 5. The method as recited in claim 1, further comprising: authenticating the credential information to the first server with respect to a previous request for access; subsequently receiving the request for access via the second server; and authenticating the credential information to the second server with respect to the request for access. 6. The method as recited in claim 5, wherein the disconnecting the user from the first server comprises: upon receiving the request for access via the second server, identifying a first local module previously supporting a connection from the first server; reconfiguring the first local module at the first server to remove support for access to the secured document at the first server; identifying a second local module to support access to the secured document at the second server; and reconfiguring the second local module at the second server to add support for access to the secured document at the second server. 7. The method as recited in claim 6, wherein: in response to receiving the request from the user for access to the secured document at the first location, the first server interacts over a network with the user using a first client machine at the first location, and in response to receiving the request from the user for access to the secured document at the second location, the second server interacts over a network with the user using a second client machine at the second location. 8. The method as recited in claim 7, wherein the authenticating the credential information to the second server further comprises: upon receiving the request for access to access the secured document via the second server, determining permitted locations from which the secured document is permitted to be accessed from; determining whether the second location is one of the permitted locations; and bypassing the disconnecting the user from the first server in response to the determining that the second location is not one of the permitted locations. 9. The method as recited in claim 5, wherein the authenticating the credential information to the first server occurs in response to receiving a request for access to the secured document at the first location, and wherein the receiving the request for access via the second server occurs in response to receiving a request a request for access to the secured document at the second location. 10. An article of manufacture including a computer-readable medium having instructions stored thereon, that, in response to execution by a computing device, cause the computing device to perform operations comprising: requesting authentication of a user having credential information at a first server having a first instance of a secured document stored therein; in response to determining that the user is authenticated to the first server, requesting that a connection be established that allows the user to access the first instance of the secured document at the first server; and upon receiving a request from the user to access a second instance of the secured document at a second server from a second location: requesting authentication of the user to the second server; determining whether access to the second instance of the secured document is permitted from the second location via the second server; in response to determining that the user is authenticated to the second server and that access to the secured document is permitted from the second location, requesting disconnection of the user from the first server; and requesting that a connection be established that allows the user to access the second instance of the secured document at the second server. 11. The article of manufacture as recited in claim 10, wherein: in response to receiving the request from the user for access to the secured document at the first location, causing the first server to interact over a network with the user, and in response to receiving the request from the user for access to the secured document at the second location, causing the second server to interact over a network with the user using a second client machine at the second location. 12. The article of manufacture as recited in claim 10, the operations further comprising: authenticating the credential information to the first server with respect to a previous request for access; subsequently receiving the request for access via the second server; and authenticating the credential information to the second server with respect to the request for access. 13. The article of manufacture as recited in claim 12, wherein the disconnecting the user from the first server comprises: upon receiving the request for access via the second server, identifying a first local module previously supporting access to the secured document at the first server; reconfiguring the first local module at the first server to remove support for access to the secured document at the first server; identifying a second local module to support access to the secured document at the second server; and reconfiguring the second local module at the second server to add support for access to the secured document at the second server. 14. The article of manufacture as recited in claim 13, wherein: in response to receiving a request for access to the secured document at the first location, the first server interacts over a network with the user using a first client machine at the first location, and in response to receiving a request for access to the secured document at the second location, the second server interacts over a network with the user server using a second client machine at the second location. 15. The article of manufacture as recited in claim 14, wherein the authenticating the credential information to the second server further comprises: upon receiving the request for access to the secured document via the second server, determining permitted locations from which the secured document is permitted to be accessed from; determining whether the second location is one of the permitted locations; and bypassing the disconnecting the user from the first server in response to the determination that the second location is not one of the permitted locations. 16. The article of manufacture as recited in claim 13, the operations further comprising: determining, prior to the reconfiguring of either the first local module at the first server or the second local module at the second server, whether the user having the credential information is permitted to access the secured document from the second location via the second server. 17. The article of manufacture as recited in claim 13, the operations further comprising: determining, prior to the reconfiguring the first local module at the first server and the second local module at the second server, whether the user having the credential information is permitted to access to the secured document from the second location via the second server. 18. The article of manufacture as recited in claim 12, wherein authenticating the credential information comprises authenticating both the credential information and a client machine. 19. A system for controlling access to a secured document, comprising: an access control device configured to: request authentication of a user having credential information by a first server having a first instance of the secured document stored therein; in response to determining that the user is authenticated by the first server, request that a connection be established that allows the user to access the first instance of the secured document at the first server; and upon receiving a request from the user for access to a second instance of the secured document stored at a second server; request authentication of the user by the second server; determine whether the second server permits access to the second instance of the secured document; in response to determining that the user is authenticated to the second server and that the second server permits access to the second instance of the secured document, request that the user be disconnected from the first server; and request that a connection be established that allows the user to access the secured document at the second server. 20. The system as recited in claim 19, wherein the access control device is further configured to authenticate both the credential information and a client machine. 21. The system as recited in claim 19, wherein the first and the second servers are access points to gain access to the secured document. 22. The system as recited in claim 19, wherein the access control device is further configured to: authenticate the credential information to the first server with respect to a pervious request for access; subsequently receive the request for access via the second server; and authenticate the credential information to the second server with respect to the request for access. 23. The system as recited in claim 22, wherein the access control device is further configured to: identify a first local module previously supporting the client machine at the first server upon receiving the request for access to the secured document via the second server; reconfigure the first local module at the first server to remove support for access to the secured document at the first server; identify a second local module to support access to the secured document at the second server; and reconfigure the second local module at the second server to add support for access to the secured document at the second server. 24. The system as recited in claim 23, wherein the access control device is further configured to determine, prior to reconfiguring the first local module at the first server and the second local module at the second server, whether access to the secured document is permitted from the second location via the second server.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (249)
Edward M. Scheidt ; Ersin L. Domangue, Access control and authorization system.
Just, Michael K.; Van Oorschot, Paul, Apparatus and method for reducing transmission bandwidth and storage requirements in a cryptographic security system.
Bahl, Paramvir; Venkatachary, Srinivasan; Balachandran, Anand, Authentication methods and systems for accessing networks, authentication methods and systems for accessing the internet.
Peinado,Marcus, Binding a digital license to a portable device or the like in a digital rights management (DRM) system and checking out/checking in the digital license to/from the portable device or the like.
Brownlie,Michael; Hillier,Stephen; Van Oorschot,Paul C., Computer network security system and method having unilateral enforceable security policy provision.
Reed Drummond Shattuck ; Heymann Peter Earnshaw ; Mushero Steven Mark ; Jones Kevin Benard ; Oberlander Jeffrey Todd ; Banay Dan, Computer-based communication system and method using metadata defining a control structure.
Reed Drummond Shattuck ; Heymann Peter Earnshaw ; Mushero Steven Mark ; Jones Kevin Benard ; Oberlander Jeffrey Todd, Computer-based communication system and method using metadata defining a control-structure.
Ehrsam William F. (Kingston NY) Elander Robert C. (Saugerties NY) Matyas Stephen M. (Poughkeepsie NY) Meyer Carl H. W. (Kingston NY) Sahulka Richard J. (Woodstock NY) Tuchman Walter L. (Woodstock NY), Cryptographic file security for multiple domain networks.
Yoshino, Kenji; Ishibashi, Yoshihito; Akishita, Toru; Shirai, Taizo; Ito, Takeshi; Hayashi, Shigekazu, Data processing device, data storage device, data processing method, and program providing medium for storing content protected under high security management.
Hecht Matthew S. (Potomac MD) Johri Abhai (Gaithersburg MD) Wei Tsung T. (Gaithersburg MD) Steves Douglas H. (Austin TX), Distributed security auditing subsystem for an operating system.
Austin Paul R. ; Kibler Wendell L. ; Kulbida Christopher ; Haehn Steven E. ; Bunker Keith G., Document server for processing a distribution job in a document processing system.
Downs Edgar ; Gruse George Gregory ; Hurtado Marco M. ; Lehman Christopher T. ; Milsted Kenneth Louis ; Lotspiech Jeffrey B., Electronic content delivery system.
Kuroda, Yasutsugu; Kamada, Jun; Iwase, Shoko; Noda, Bintatsu; Ono, Etsuo, Electronic data storage apparatus with key management function and electronic data storage method.
Elmer Thomas I. (Sunnyvale CA) Nguyen Tuan T. (Milpitas CA) Lin Rung-Pan (San Jose CA), Encryption of streams of addressed information to be used for program code protection.
Shimbo Atsushi,JPX ; Takahashi Toshinari,JPX ; Tomoda Ichiro,JPX ; Murota Masao,JPX, File editing system and shared file editing system with file content secrecy, file version management, and asynchronous.
Kumar,Sanjay; Thomas,Stanton L.; Deshpande,Gaurav M.; Murty,Venkataesh V., Fulfillment management system for managing ATP data in a distributed supply chain environment.
Bonn, David Wayne; Marvais, Nick Takaski, Generalized network security policy templates for implementing similar network security policies across multiple networks.
Pensak David A. ; Cristy John J. ; Singles Steven J., Information security architecture for encrypting documents for remote access while maintaining access control.
Law,Gary K.; Deitz,David L.; Schleiss,Trevor Duncan; Naidoo,Julian, Integrated electronic signatures for approval of process control and safety system software objects.
Phillips,Robert S.; Davis,Scott H.; Dietterich,Daniel J.; Nyman,Scott E.; Porter,David, Internet-based shared file service with native PC client access and semantics and distributed access control.
John E. Parsons, Jr. ; Bradley J. Graziadio ; Oshoma Momoh, Maintaining a first session on a first computing device and subsequently connecting to the first session via different computing devices and adapting the first session to conform to the different com.
McLaughlin Michael D. (San Jose CA) Signa John C. (Sunnyvale CA) Greicar Richard K. (Moss Beach CA) Taylor John M. (London GB2), Method and apparatus for display calibration and control.
Batten-Carew Mark,CAX ; Buchler Marek,CAX ; Hiller Stephen William,CAX ; Otway Josanne Mary,CAX, Method and apparatus for processing administration of a secured community.
Basani, Vijay R.; Mangiapudi, Krishna; Murach, Lynne M.; Karge, Leroy R.; Revsin, Vitaly S.; Bestavros, Azer; Crovella, Mark E.; LaRosa, Domenic J., Method and apparatus for reliable and scalable distribution of data files in distributed networks.
Sames, David L.; Whitmore, Brent S.; Niebuhr, Brian S.; Tally, Gregg W., Method and apparatus for securely and dynamically modifying security policy configurations in a distributed system.
DeMello, Marco A.; Keely, Leroy B.; Byrum, Frank D.; Yaacovi, Yoram; Hughes, Kathryn E., Method and system for binding enhanced software features to a persona.
Hauser Ralf,CHX ; Janson Philippe,CHX ; Molva Refik,FRX ; Tsudik Gene,CHX ; Van Herreweghen Elsie,CHX, Method and system for changing an authorization password or key in a distributed communication network.
Halter Bernard J. (Longmont CO) Bracco Alphonse M. (Reston VA) Johnson Donald B. (Manassas VA) Le An V. (Manassas VA) Matyas Stephen M. (Manassas VA) Prymak ; deceased Rostislaw (late of Dumfries VA , Method and system for multimedia access control enablement.
Krueger, Scott; Goodman, Daniel, Method and system for seamless integration of preprocessing and postprocessing functions with an existing application program.
Chan, Shannon; Jensenworth, Gregory; Goertzel, Mario C.; Shah, Bharat; Swift, Michael M.; Ward, Richard B., Method and system for secure running of untrusted content.
Lambert Howard Shelton,GBX ; Orchard James Ronald Lewis,GBX, Method for controlling access to electronically provided services and system for implementing such method.
Skarbo Rune A. ; Clitheroe Cameron J. ; Lawless Christopher C. ; Kukkal Puneet ; Hochman Stephen D., Method for web based storage and retrieval of documents.
Richard Patrick,CAX ; Csinger Andrew,CAX ; Knipe Bruce,CAX ; Woodward Bruce,CAX, Method of and apparatus for providing secure distributed directory services and public key infrastructure.
Hochberg,Avishai Haim; Marek,Toby Lyn; Cannon,David Maxwell; Martin,Howard Newton; Warren, Jr.,Donald Paul; Haye,Mark Alan, Method, system, and program for retention management and protection of stored objects.
Arlein,Robert M.; Jai,Ben; Jakobsson,Bjorn Markus; Monrose,Fabian; Reiter,Michael Kendrick, Methods and apparatus for providing privacy-preserving global customization.
Vahalia Uresh K. ; Gupta Uday ; Porat Betti ; Tzelnic Percy, Network file server sharing local caches of file access information in data processors assigned to respective file systems.
Davies John W. (Shoreview MN) McClintock John H. (Tigard OR), Object lock management system with improved local lock management and global deadlock detection in a parallel data proce.
Schmuck Frank B. ; Zlotek Anthony J. ; Shmueli Boaz,ILX ; Mandler Benjamin,ILX ; Yehudai Zvi Yosef,ILX ; Kish William A., Parallel file system with method using tokens for locking modes.
Matyas, Jr., Stephen Michael; Peyravian, Mohammad; Roginsky, Allen Leonid; Zunic, Nevenko, Secure data storage and retrieval with key management and user authentication.
Rose Anthony M. (66 Drumalbyn Road Bellevue Hill ; Sydney AUX 2023), Securing a computer against undesired write operations to or read operations from a mass storage device.
Davis, Mark C.; Hind, John R.; Peters, Marcia L.; Topol, Brad B., Selective data encryption using style sheet processing for decryption by a group clerk.
William J. Bolosky ; John R. Douceur ; Scott M. Cutshall ; Richard F. Rashid ; Nathan P. Myhrvold ; David A. Goebel, Single instance store for file systems.
Johnson Donavon W. (Georgetown TX) Neuman Grover H. (Austin TX) Sauer Charles H. (Austin TX) Shaheen-Gouda Amal A. (Austin TX) Smith Todd A. (Austin TX), System and method for accessing remote files in a distributed networking environment.
Barlow, Doug; Dillaway, Blair; Fox, Barbara; Lipscomb, Terry; Spies, Terrence, System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer.
Rusnak David J. ; Zientara John T., System and method for controlling access rights to and security of digital content in a distributed information system, e.g., Internet.
Carman David W. ; Balenson David M. ; Tajalli Homayoon ; Walker Stephen T., System and method for controlling access to a user secret using a key recovery field.
Viets, Richard R.; Motes, David G.; Greve, Paula Budig; Herberg, Wayne W., System and method for controlling access to documents stored on an internal network.
Lipner Steven B. (Oakton VA) Balenson David M. (Olney MD) Ellison Carl M. (Baltimore MD) Walker Stephen T. (Glenwood MD), System and method for data recovery.
Olsen, Theis; Bundesen, Rune Windfeld; Hougaard, Claes Christian; Nordly, Trygve Thor, System and method for ensuring secure transfer of a document from a client of a network to a printer.
Dennis, Michael W.; Freed, Michele L.; Plastina, Daniel; Flo, Eric R.; Kays, Jr., David E.; Corrington, Robert E., System and method for implementing group policy.
Michael W. Dennis ; Michele L. Freed ; Daniel Plastina ; Eric R. Flo ; David E. Kays, Jr. ; Robert E. Corrington, System and method for implementing group policy.
Sakurai Hiroshi (Tokyo JPX) Ikeda Nobuyuki (Tokyo JPX) Watabe Akehiro (Tokyo JPX), System and method for processing document information using password protected icons that represent document content.
Premkumar Thomas Devanbu ; Stuart Gerald Stubblebine, System and method for providing assurance to a host that a piece of software possesses a particular property.
Dixon Peggy PakFan ; Shi Danling ; Verburg Richard Lee ; Wood Donald Edwin, System and method for transferring a session from one application server to another without losing existing resources.
McDonnal William D. (Tigard OR) Lohstroh Shawn (Beaverton OR) Grawrock David (Aloha OR), System for automatic decryption of file data on a per-use basis and automatic re-encryption within context of multi-thre.
Riedel,Erik; Karamanolis,Christos; Kallahalla,Mahesh; Swaminathan,Ram, System for ensuring data privacy and user differentiation in a distributed file system.
Hahn Samuel S. ; LeGault Kenn ; Wheeler Maxon ; Degenhardt Jon R., System for organizing document icons with suggestions, folders, drawers, and cabinets.
Donaghey, Robert J.; Carielli, Sandra E.; Helinek, Pamela, System for selecting and disseminating active policies to peer device and discarding policy that is not being requested.
Krishnaswamy, Sridhar; Elliott, Isaac K.; Reynolds, Tim E.; Forgy, Glen A.; Solbrig, Erin M., System, method and article of manufacture for a communication system architecture including video conferencing.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter Karl L. ; Shear Victor H. ; Spahn Francis J. ; Van Wie David M., Systems and methods for the secure transaction management and electronic rights protection.
Davis Mark Charles ; Gray Steve D. ; Kuehr-McLaren David Gerard ; Morrison Ian A. ; Shoriak Timothy G., Systems, methods and computer program products for authenticating client requests with client certificate information.
Bly Sara A. (Mountain View CA) Hodges Jeffrey D. (Newark CA) Kupfer Michael D. (Mountain View CA) Lewis Brian T. (Palo Alto CA) Tallan Michael L. (Mountain View CA) Tom Stephen B. (San Francisco CA), Updating local copy of shared data in a collaborative system.
Okamoto Toshio,JPX ; Shimbo Atsushi,JPX ; Ishiyama Masahiro,JPX, User identification data management scheme for networking computer systems using wide area network.
Huang, Weiqing; Supramaniam, Senthilvasan; Vainstein, Klimenty, Method and system for implementing changes to security policies in a distributed security system.
Garcia, Denis Jacques Paul; Ouye, Michael Michio; Rossmann, Alain; Crocker, Steven Toye; Gilbertson, Eric; Huang, Weiqing; Humpich, Serge; Vainstein, Klimenty; Ryan, Nicholas Michael, Methods and systems for providing access control to secured data.
Garcia, Denis Jacques Paul; Ouye, Michael Michio; Rossmann, Alain; Crocker, Steven Toye; Gilbertson, Eric; Huang, Weiqing; Humpich, Serge; Vainstein, Klimenty; Ryan, Nicholas Michael, Methods and systems for providing access control to secured data.
Garcia, Denis Jacques Paul; Ouye, Michael Michio; Rossmann, Alain; Crocker, Steven Toye; Gilbertson, Eric; Huang, Weiqing; Humpich, Serge; Vainstein, Klimenty; Ryan, Nicholas Michael, Methods and systems for providing access control to secured data.
Garcia, Denis Jacques Paul; Ouye, Michael Michio; Rossmann, Alain; Crocker, Steven Toye; Gilbertson, Eric; Huang, Weiqing; Humpich, Serge; Vainstein, Klimenty; Ryan, Nicholas Michael, Methods and systems for providing access control to secured data.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.