Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security

Patent 5649099 Issued on July 15, 1997. Estimated Expiration Date:

July 15, 2014. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.

Abstract Claims Description Full Text

Patent References

Secure user authentication from personal computer Patent #: 5210795
Issued on: 05/11/1993
Inventor: Lipner, et al.

Inventors

Assignee

Xerox Corporation

Application

No. 071649 filed on 06/04/1993

US Classes:

709/229, Network resources access controlling711/163, Access limiting711/164, With password or key719/330REMOTE PROCEDURE CALL (RPC)

Examiners

Primary: Barry, Esq., Lance Leonard
Assistant: Luu, Le Hien

Attorney, Agent or Firm

Silverman; Alexander E.

International Class

G06F 013/00

Abstract

A method in which access control programs (ACPs) permit controlled delegation of access rights from clients to untrusted intermediaries. ACPs are programs that encode arbitrary specifications of delegated access rights. In the method, a client creates an ACP and associates it with a request to a server, the request being made through one or more intermediaries. When processing a request received from an intermediary, the server executes the access control program to determine whether or not to grant the request.

Other References

Eichin and Rochlis, "With Microscope and Tweezers: An Analysis of the Internet Virus of Nov. 1988", 1989, pp. 326-343
J. E. Donnelley et al. "Resource Access Control in a Network Operating System," Univ. of CA, Lawrence Livermore Lab. pp. 115-125
R. M. Needham et al. "Using Encryption for Authentication in Large Networks of Computers," Communications of the ACM, Dec. 1978, vol. 21, No. 12 pp. 993-999
D. E. R. Denning "Cryptography and Data Security," (excerpts) '82, pp. 7-16, 56-58, 101-126, 129-133, 161-179, 187-190, 191-329
Russel Sandberg et al. "Design and Implementation of the Sun Network Filesystem," USENIX Association Summer Conference Proc. Portland, 1985, Jun. 11-14,1985, pp. 119-130
A. S. Tanenbaum "Using Sparse Capabilities in a Distributed Operating System," The 6th Intl. Conf. on Distributed Computing Systems, Cambridge, Mass., May 19-23, 1986, pp. 558-563
Richard Stallman "GNU Emacs Manual," Fifth Edition, Emacs Ver. 18, Oct. 1986
Xerox, "Authentication Protocol," Xerox System Integration Standard, May 1986
James Gosling "SUNDEW: A Distributed and Extensible Window Sys.," USENIX, '86 Winter USNIX TECH. CONF., Colorado pp. 98-103
J. G. Steiner "Kerberos: An Authentication Service for Open Network Syst." USENIX Winter Conf. Feb. 9-12, '88, TX, pp. 191-202
B.N. Bershad "Watchdogs: Extending the UNIX File System," USENIX Winter Conference Feb. 9-12, 1988, Texas pp. 267-275
J.W. Stamos et al. "Remote Evaluation," ACM Trans. on Programming Languages and Systems, vol. 12, No. 4, Oct. 1990 pp. 537-565
K. R. Sollins "Cascaded Authentication," Proceedings 1988 IEEE Symposium on Security and Privacy Apr. 18-21, '88, CA pp. 156-163
J. H. Howard et al. "Scale and Performance in a Distributed File System," ACM Transactions on Computer Systems, vol. 6, No. 1, Feb. 1988, pp. 51-81
M. Satyanarayanan "Integrating Security in a Large Distributed System," ACM Transactions on Computer Systems, vol. 7, No. 3, Aug. 1989, pp. 247-280
Morrie Gasser et al. "An Architecture for Practical Delegation in a Distributed System," CH2884-5/90/0000/0020$01.00 .COPYRGT. 1990 IEEE pp. 20-30
J. K. Ousterhout "Tel: An Embeddable Command Language," USENIX Association of the Winter 1990 USENIX Conference, Jan. 22-26, 1990, Washington, D.C., USA pp. 133-146
SunOS™ Reference Manual, Sun Microsystems, (excerpts) Comm. Commands, Misc. Ref. Man. Pages, Chapt. 1, 4, 8 and 1