WO2001033340A3 - Method and system for restricting access to user resources - Google Patents
Method and system for restricting access to user resources Download PDFInfo
- Publication number
- WO2001033340A3 WO2001033340A3 PCT/US2000/041426 US0041426W WO0133340A3 WO 2001033340 A3 WO2001033340 A3 WO 2001033340A3 US 0041426 W US0041426 W US 0041426W WO 0133340 A3 WO0133340 A3 WO 0133340A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- site
- client
- acl
- message
- code
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
A user's set top box (STB), or other client, executes a shell and has an application programming interface (API) by which certain features of the client can be controlled. The client is in communication with a walled garden proxy server (WGPS), which controls access to walled garden. The walled garden contains links to one or more servers providing network-based services. The client sends a request to the WGPS to access a service provided by a site in the garden. To provide the service, the site sends the client a message containing code calling a function in the API. The WGPS traps the message from the site and looks up the site in a table to determine the access control list (ACL) for the site. The ACL is a bit-map that specifies which functions of the client's API can be invoked by code from the site. The WGPS includes the ACL in the header of the hypertext transport protocol (HTTP) message to the client. The Shell receives the message and extracts the ACL. The shell uses the ACL to determine whether the code has permission to execute any called functions in the API. If the code lacks permission, the shell stops execution and sends a message to the site indicating that the site lacks permission. Otherwise, the shell allows the code to call the function.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU22996/01A AU2299601A (en) | 1999-10-26 | 2000-10-23 | Method and system for restricting access to user resources |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/427,778 US6732179B1 (en) | 1997-03-05 | 1999-10-26 | Method and system for restricting access to user resources |
US09/428,235 US6678733B1 (en) | 1999-10-26 | 1999-10-26 | Method and system for authorizing and authenticating users |
US09/428,235 | 1999-10-26 | ||
US09/427,778 | 1999-10-26 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2001033340A2 WO2001033340A2 (en) | 2001-05-10 |
WO2001033340A3 true WO2001033340A3 (en) | 2002-07-11 |
Family
ID=27027509
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/041426 WO2001033340A2 (en) | 1999-10-26 | 2000-10-23 | Method and system for restricting access to user resources |
PCT/US2000/041487 WO2001035565A2 (en) | 1999-10-26 | 2000-10-23 | Method and system for authorizing and authenticating users |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2000/041487 WO2001035565A2 (en) | 1999-10-26 | 2000-10-23 | Method and system for authorizing and authenticating users |
Country Status (2)
Country | Link |
---|---|
AU (2) | AU2299601A (en) |
WO (2) | WO2001033340A2 (en) |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030070170A1 (en) * | 2001-09-07 | 2003-04-10 | Eric Lennon | Method and apparatus providing an improved electronic program guide in a cable television system |
EP1418758B1 (en) | 2002-10-29 | 2010-03-31 | Volkswagen AG | Method and apparatus for exchanging information and computer program thereof and corresponding computer-readable storage medium |
WO2004053730A2 (en) * | 2002-12-11 | 2004-06-24 | Koninklijke Philips Electronics N.V. | Method of and system for presenting a document, media player, information carrier and computer program product |
US7437754B2 (en) | 2004-04-30 | 2008-10-14 | Oracle International Corporation | Web object access authorization protocol based on an HTTP validation model |
CN1901448B (en) * | 2005-07-21 | 2010-12-01 | 华为技术有限公司 | Access identification system in communication network and realizing method |
US9967257B2 (en) * | 2016-03-16 | 2018-05-08 | Sprint Communications Company L.P. | Software defined network (SDN) application integrity |
CN105846863B (en) * | 2016-05-31 | 2019-07-05 | 青岛海信电器股份有限公司 | A kind of operating method and equipment based on bluetooth |
CN108259413B (en) * | 2016-12-28 | 2021-06-01 | 华为技术有限公司 | Method for obtaining certificate and authenticating and network equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5586260A (en) * | 1993-02-12 | 1996-12-17 | Digital Equipment Corporation | Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms |
EP0828208A2 (en) * | 1996-08-23 | 1998-03-11 | Hewlett-Packard Company | Application certification for an international cryptography framework |
WO1998044404A1 (en) * | 1997-04-01 | 1998-10-08 | Sun Microsystems, Inc. | Method and apparatus for providing security for servers executing application programs received via a network |
US6101607A (en) * | 1998-04-24 | 2000-08-08 | International Business Machines Corporation | Limit access to program function |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2138302C (en) * | 1994-12-15 | 1999-05-25 | Michael S. Fortinsky | Provision of secure access to external resources from a distributed computing environment |
CA2176775C (en) * | 1995-06-06 | 1999-08-03 | Brenda Sue Baker | System and method for database access administration |
-
2000
- 2000-10-23 WO PCT/US2000/041426 patent/WO2001033340A2/en active Application Filing
- 2000-10-23 WO PCT/US2000/041487 patent/WO2001035565A2/en active Application Filing
- 2000-10-23 AU AU22996/01A patent/AU2299601A/en not_active Abandoned
- 2000-10-23 AU AU26167/01A patent/AU2616701A/en not_active Abandoned
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5586260A (en) * | 1993-02-12 | 1996-12-17 | Digital Equipment Corporation | Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms |
EP0828208A2 (en) * | 1996-08-23 | 1998-03-11 | Hewlett-Packard Company | Application certification for an international cryptography framework |
WO1998044404A1 (en) * | 1997-04-01 | 1998-10-08 | Sun Microsystems, Inc. | Method and apparatus for providing security for servers executing application programs received via a network |
US6101607A (en) * | 1998-04-24 | 2000-08-08 | International Business Machines Corporation | Limit access to program function |
Also Published As
Publication number | Publication date |
---|---|
WO2001035565A2 (en) | 2001-05-17 |
AU2299601A (en) | 2001-05-14 |
AU2616701A (en) | 2001-06-06 |
WO2001033340A2 (en) | 2001-05-10 |
WO2001035565A3 (en) | 2002-02-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8082318B2 (en) | Controlling service requests transmitted from a client to a server | |
US7032002B1 (en) | Service broker for processing data from a data network | |
WO2001086395A3 (en) | Remote method invocation with secure messaging in a distributed computing environment | |
EP1170909A2 (en) | Quality of service definition for data streams | |
US20030101266A1 (en) | External trusted party call processing in SIP environments | |
CN103699367B (en) | HTTP application programming interfaces call method and device | |
WO2001099377A3 (en) | Access control in client-server systems | |
EP1043906A3 (en) | Method and system facilitating web based provisioning of two-way mobile communications devices | |
EP1435163B1 (en) | Event related communications | |
CN101237333A (en) | An universal service platform for supporting multiple services based on multi-network fusion | |
WO2003038578A8 (en) | User access control to distributed resources on a data communications network | |
DE60020831D1 (en) | REMOTE CONTROL FROM ONE DEVICE | |
CN1939035A (en) | Method and apparatus for communicating data between computer devices | |
US8949966B2 (en) | Method and system for protecting a service access link | |
WO2001033340A3 (en) | Method and system for restricting access to user resources | |
WO2001072008A3 (en) | System and method for providing enhanced user-service interaction in an integrated telecommunications network | |
US7512949B2 (en) | Status hub used by autonomic application servers | |
WO2001090883A3 (en) | Remote function invocation with messaging in a distributed computing environment | |
Cisco | 1 - Introduction | |
WO2003030465A8 (en) | The implementation method and system of the personal number service that syncretizes the phone network user and ip network user | |
JP2004005398A (en) | Computer network for providing service and method of providing service with computer network | |
Thai et al. | The use of software agents as proxies | |
Sicker et al. | A federated model for secure web-based videoconferencing | |
CN114363417A (en) | Optimization design method for service interface concurrent call between systems | |
WO2000074405A1 (en) | A short message gateway |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AU CA JP |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
AK | Designated states |
Kind code of ref document: A3 Designated state(s): AU CA JP |
|
AL | Designated countries for regional patents |
Kind code of ref document: A3 Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |