WO2001033340A3 - Method and system for restricting access to user resources - Google Patents

Method and system for restricting access to user resources Download PDF

Info

Publication number
WO2001033340A3
WO2001033340A3 PCT/US2000/041426 US0041426W WO0133340A3 WO 2001033340 A3 WO2001033340 A3 WO 2001033340A3 US 0041426 W US0041426 W US 0041426W WO 0133340 A3 WO0133340 A3 WO 0133340A3
Authority
WO
WIPO (PCT)
Prior art keywords
site
client
acl
message
code
Prior art date
Application number
PCT/US2000/041426
Other languages
French (fr)
Other versions
WO2001033340A2 (en
Inventor
Ralph W Brown
Robert Keller
Milo S Medin
David Temkin
Original Assignee
At Home Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US09/427,778 external-priority patent/US6732179B1/en
Priority claimed from US09/428,235 external-priority patent/US6678733B1/en
Application filed by At Home Corp filed Critical At Home Corp
Priority to AU22996/01A priority Critical patent/AU2299601A/en
Publication of WO2001033340A2 publication Critical patent/WO2001033340A2/en
Publication of WO2001033340A3 publication Critical patent/WO2001033340A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

A user's set top box (STB), or other client, executes a shell and has an application programming interface (API) by which certain features of the client can be controlled. The client is in communication with a walled garden proxy server (WGPS), which controls access to walled garden. The walled garden contains links to one or more servers providing network-based services. The client sends a request to the WGPS to access a service provided by a site in the garden. To provide the service, the site sends the client a message containing code calling a function in the API. The WGPS traps the message from the site and looks up the site in a table to determine the access control list (ACL) for the site. The ACL is a bit-map that specifies which functions of the client's API can be invoked by code from the site. The WGPS includes the ACL in the header of the hypertext transport protocol (HTTP) message to the client. The Shell receives the message and extracts the ACL. The shell uses the ACL to determine whether the code has permission to execute any called functions in the API. If the code lacks permission, the shell stops execution and sends a message to the site indicating that the site lacks permission. Otherwise, the shell allows the code to call the function.
PCT/US2000/041426 1999-10-26 2000-10-23 Method and system for restricting access to user resources WO2001033340A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU22996/01A AU2299601A (en) 1999-10-26 2000-10-23 Method and system for restricting access to user resources

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US09/427,778 US6732179B1 (en) 1997-03-05 1999-10-26 Method and system for restricting access to user resources
US09/428,235 US6678733B1 (en) 1999-10-26 1999-10-26 Method and system for authorizing and authenticating users
US09/428,235 1999-10-26
US09/427,778 1999-10-26

Publications (2)

Publication Number Publication Date
WO2001033340A2 WO2001033340A2 (en) 2001-05-10
WO2001033340A3 true WO2001033340A3 (en) 2002-07-11

Family

ID=27027509

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/US2000/041426 WO2001033340A2 (en) 1999-10-26 2000-10-23 Method and system for restricting access to user resources
PCT/US2000/041487 WO2001035565A2 (en) 1999-10-26 2000-10-23 Method and system for authorizing and authenticating users

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/US2000/041487 WO2001035565A2 (en) 1999-10-26 2000-10-23 Method and system for authorizing and authenticating users

Country Status (2)

Country Link
AU (2) AU2299601A (en)
WO (2) WO2001033340A2 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030070170A1 (en) * 2001-09-07 2003-04-10 Eric Lennon Method and apparatus providing an improved electronic program guide in a cable television system
EP1418758B1 (en) 2002-10-29 2010-03-31 Volkswagen AG Method and apparatus for exchanging information and computer program thereof and corresponding computer-readable storage medium
WO2004053730A2 (en) * 2002-12-11 2004-06-24 Koninklijke Philips Electronics N.V. Method of and system for presenting a document, media player, information carrier and computer program product
US7437754B2 (en) 2004-04-30 2008-10-14 Oracle International Corporation Web object access authorization protocol based on an HTTP validation model
CN1901448B (en) * 2005-07-21 2010-12-01 华为技术有限公司 Access identification system in communication network and realizing method
US9967257B2 (en) * 2016-03-16 2018-05-08 Sprint Communications Company L.P. Software defined network (SDN) application integrity
CN105846863B (en) * 2016-05-31 2019-07-05 青岛海信电器股份有限公司 A kind of operating method and equipment based on bluetooth
CN108259413B (en) * 2016-12-28 2021-06-01 华为技术有限公司 Method for obtaining certificate and authenticating and network equipment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586260A (en) * 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
EP0828208A2 (en) * 1996-08-23 1998-03-11 Hewlett-Packard Company Application certification for an international cryptography framework
WO1998044404A1 (en) * 1997-04-01 1998-10-08 Sun Microsystems, Inc. Method and apparatus for providing security for servers executing application programs received via a network
US6101607A (en) * 1998-04-24 2000-08-08 International Business Machines Corporation Limit access to program function

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2138302C (en) * 1994-12-15 1999-05-25 Michael S. Fortinsky Provision of secure access to external resources from a distributed computing environment
CA2176775C (en) * 1995-06-06 1999-08-03 Brenda Sue Baker System and method for database access administration

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5586260A (en) * 1993-02-12 1996-12-17 Digital Equipment Corporation Method and apparatus for authenticating a client to a server in computer systems which support different security mechanisms
EP0828208A2 (en) * 1996-08-23 1998-03-11 Hewlett-Packard Company Application certification for an international cryptography framework
WO1998044404A1 (en) * 1997-04-01 1998-10-08 Sun Microsystems, Inc. Method and apparatus for providing security for servers executing application programs received via a network
US6101607A (en) * 1998-04-24 2000-08-08 International Business Machines Corporation Limit access to program function

Also Published As

Publication number Publication date
WO2001035565A2 (en) 2001-05-17
AU2299601A (en) 2001-05-14
AU2616701A (en) 2001-06-06
WO2001033340A2 (en) 2001-05-10
WO2001035565A3 (en) 2002-02-14

Similar Documents

Publication Publication Date Title
US8082318B2 (en) Controlling service requests transmitted from a client to a server
US7032002B1 (en) Service broker for processing data from a data network
WO2001086395A3 (en) Remote method invocation with secure messaging in a distributed computing environment
EP1170909A2 (en) Quality of service definition for data streams
US20030101266A1 (en) External trusted party call processing in SIP environments
CN103699367B (en) HTTP application programming interfaces call method and device
WO2001099377A3 (en) Access control in client-server systems
EP1043906A3 (en) Method and system facilitating web based provisioning of two-way mobile communications devices
EP1435163B1 (en) Event related communications
CN101237333A (en) An universal service platform for supporting multiple services based on multi-network fusion
WO2003038578A8 (en) User access control to distributed resources on a data communications network
DE60020831D1 (en) REMOTE CONTROL FROM ONE DEVICE
CN1939035A (en) Method and apparatus for communicating data between computer devices
US8949966B2 (en) Method and system for protecting a service access link
WO2001033340A3 (en) Method and system for restricting access to user resources
WO2001072008A3 (en) System and method for providing enhanced user-service interaction in an integrated telecommunications network
US7512949B2 (en) Status hub used by autonomic application servers
WO2001090883A3 (en) Remote function invocation with messaging in a distributed computing environment
Cisco 1 - Introduction
WO2003030465A8 (en) The implementation method and system of the personal number service that syncretizes the phone network user and ip network user
JP2004005398A (en) Computer network for providing service and method of providing service with computer network
Thai et al. The use of software agents as proxies
Sicker et al. A federated model for secure web-based videoconferencing
CN114363417A (en) Optimization design method for service interface concurrent call between systems
WO2000074405A1 (en) A short message gateway

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AU CA JP

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AU CA JP

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP