System and method for controlling access to data entities in a computer network

Patent 5941947 Issued on August 24, 1999. Estimated Expiration Date:

August 18, 2015. Estimated Expiration Date is calculated based on simple USPTO term provisions. It does not account for terminal disclaimers, term adjustments, failure to pay maintenance fees, or other factors which might affect the term of a patent.

Abstract Claims Description Full Text

Patent References

Integrating I/O element
Patent #: 4184200
Issued on: 01/15/1980
Inventor: Wagner , et al.

Memory configuration, address interleaving, relocation and access control system
Patent #: 4280176
Issued on: 07/21/1981
Inventor: Tan

Method for the dynamic replication of data under distributed system control to control utilization of resources in a multiprocessing, distributed data base system
Patent #: 4432057
Issued on: 02/14/1984
Inventor: Daniell , et al.

Digital data processing system
Patent #: 4493024
Issued on: 01/08/1985
Inventor: Baxter, II , et al.

Method and apparatus for enhancing security of communications in a packet-switched data communications system
Patent #: 4799153
Issued on: 01/17/1989
Inventor: Hann , et al.

Interactive market management system
Patent #: 4799156
Issued on: 01/17/1989
Inventor: Shavit , et al.

Method of propagating resource information in a computer network
Patent #: 4800488
Issued on: 01/24/1989
Inventor: Agrawal , et al.

Apparatus and method for preventing computer access by unauthorized personnel
Patent #: 4858117
Issued on: 08/15/1989
Inventor: DiChiara , et al.

Data processor having a user interface display with metaphoric objects
Patent #: 4899136
Issued on: 02/06/1990
Inventor: Beard, et al.

Locating resources in computer networks
Patent #: 4914571
Issued on: 04/03/1990
Inventor: Baratz, et al.

More ...

Inventors

Assignee

Microsoft Corporation

Application

No. 516573 filed on 08/18/1995

US Classes:

709/225Computer network access regulating

Examiners

Primary: Ramirez, Ellis B.

Attorney, Agent or Firm

Leydig, Voit & Mayer, Ltd.

International Class

G06F 017/00

Abstract

Access rights of users of a computer network with respect to data entities are specified by a relational database stored on one or more security servers. Application servers on the network that provide user access to the data entities generate queries to the relational database in order to obtain access rights lists of specific users. An access rights cache on each application server caches the access rights lists of the users that are connected to the respective application server, so that user access rights to specific data entities can rapidly be determined. Each user-specific access rights list includes a series of category identifiers plus a series of access rights values. The category identifiers specify categories of data entities to which the user has access, and the access rights values specify privilege levels of the users with respect to the corresponding data entity categories. The privilege levels are converted into specific access capabilities by application programs running on the application servers.

Other References

Operating System Concepts, Fourth Edition, Abraham Silberschatz and Peter B. Galvin, pp. 361-380, 431-457, .COPYRGT.1994
Inside Windows NT, Helen Custer Foreword by David N. Cutler, The Object Manager and Object Security, Chapter Three, pp. 49-81. .COPYRGT.1993
So . . . Just What is this First Class Thing Anyway? (visited Oct. 10, 1995)
Colton, Malcolm, "Replicated Data in a Distributed Environment," IEEE (1993)
Coulouris et al., "Distributed Transactions," Chapter 14 of Distributed Systems Concepts and Design 2^nd Ed., 409-421 (1994)
Cox, John, "Sybase Server to Add Complexity User for Challenge with Data Replication," Communication No. 483 (1993)
Eckerson, Wayne, "Users Give Green Light for Replication," Network World (Jul. 19, 1993)
Edelstein, Herb, "The Challenge of Replication," DBMS vol. 8, No. 4, 68 (Apr. 1995)
Edelstein, Herb, "Microsoft and Sybase are Adding their Unique Touches to SQI Servers," Information Week, No. 528, 62 (1995)
Edelstein, Herb, "Replicating Data," DBMS vol. 6, No. 6, 59 (Jun. 1993)
Gouhle, Michael, "RDBMS Server Choice Gets Tougher," Network World, 52 (May 23, 1994)
Heylighen, Francis, "World-Wide Web: A Distributed Hypermedia Paradigm for Global Networking," Proceedings of the SHARE Europe Spring Conference, 355-368 (1994)
International Telecommunications Union, CCITT Blue Book vol. VIII Data Communication Networks Directory, 3-18 (1989)
King, Adrian, "The User Interface and the Shell," Inside Windows 95, Chapter 5 (1994)
Pallatlo, John, "Sybase Lays Out Blue Print for Client/Server Networks," PC Week, vol. 9, No. 461, 6 (1992)
PR Newswire Association, Inc., "America On-line Publicly Previews World Wide Web Browser," Financial News Section (May 9, 1995)
Quereshi, "The Effect of Workload on the Performance and Availability of Voting Algorithms," IEEE (1995)
Rexford, Jennifer, "Window Consistent Replication for Real-Time Applications," IEEE (1994)
Richman, Dan, "Sybase to Enhance RDBMS," Open System Today, No. 111 (1992)
Terry, Douglas, "Session Guarantees for Weekly Consistent Replicated Data," IEEE (1994)
Wang, Yongdong, "Data Replication in a Distributed Heterogenous Database Environment," IEEE (1994