WO2001099377A2 - Access control in client-server systems - Google Patents

Access control in client-server systems Download PDF

Info

Publication number
WO2001099377A2
WO2001099377A2 PCT/EP2001/007168 EP0107168W WO0199377A2 WO 2001099377 A2 WO2001099377 A2 WO 2001099377A2 EP 0107168 W EP0107168 W EP 0107168W WO 0199377 A2 WO0199377 A2 WO 0199377A2
Authority
WO
WIPO (PCT)
Prior art keywords
network
client
server
proxy
organization
Prior art date
Application number
PCT/EP2001/007168
Other languages
French (fr)
Other versions
WO2001099377A3 (en
Inventor
Stephan Ribot
Original Assignee
Nortel Networks France
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nortel Networks France filed Critical Nortel Networks France
Priority to US10/312,004 priority Critical patent/US7890640B2/en
Priority to EP01957882A priority patent/EP1302055A2/en
Priority to AU2001279684A priority patent/AU2001279684A1/en
Publication of WO2001099377A2 publication Critical patent/WO2001099377A2/en
Publication of WO2001099377A3 publication Critical patent/WO2001099377A3/en
Priority to US12/978,961 priority patent/US8065425B2/en
Priority to US13/281,053 priority patent/US8935398B2/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols

Definitions

  • the present invention relates to server -client networks in which a client terminal communicates with a remote server in accordance with role based access control operating in response to roles and access privileges.
  • the present invention may find advantageous application in trunked wireless telecommunication networks as well as satellite systems, particularly, cellular telephone and data systems, cordless public telephone systems, personal communications services (PCS), public mobile radio (PMR), Metropolitan Area Networks (MAN) which are used by at least two organizations with different access privileges.
  • PCS personal communications services
  • PMR public mobile radio
  • MAN Metropolitan Area Networks
  • a server application running on a server computer provides services or functions to a remote client.
  • Security features control access of clients to particular services or functions on the server.
  • the access privileges may be limited to individual users or to groups of users. It is often desirable to provide some capability for a user to change the membership of a user group or to change some of the functions the group may be able to access.
  • a distributed network will have some centralized control unit which will supervise the access privileges and also maintain access codes such as ID's and passwords. To make such changes a remote terminal of a user will access the centralized control unit and request changes.
  • the server which operates the control unit function will perform authorization checks every time the client makes ' a request to determine if the user making the request is authorized to alter the access privileges. This repetitive authorization takes up time and blocks transmission bandwidth on the network.
  • telecommunications systems which have an air interface which is operated in a trunked manner, that is the communication channels of the air interface are a shared resource among several users. No channel is permanently dedicated to a user, but each channel is assigned temporarily to a user for the duration of a transmission.
  • Such systems usually comprise a network of elements, e.g. switches, base station radio transceivers, base station controllers and databases, connected together by landlines.
  • Representative networks are a GSM cellular telephone network as described in "The GSM System for Mobile
  • CDMA Systems Engineering Handbook Artech House, 1998, a cellular data network such as the GPRS system described in “Wideband CDMA for Third generation Mobile Communications”, Artech House 1998 , a PMR network as supplied by Matra Nortel under the system name MC9600, a cordless public access system (e.g. Bi-Bop) as described in “Cordless Telecommunications Worldwide", Springer, 1997, the terrestrial part of a satellite transmission system as described in “Satellite Communications Systems", Wiley, 1998.
  • GPRS Global System for Mobile Communications
  • PMR network as supplied by Matra Nortel under the system name MC9600
  • a cordless public access system e.g. Bi-Bop
  • Bi-Bop cordless public access system
  • the network may be divided logically (and usually physically) into a traffic part which carries user messages and the control signals required therefor and an operations and maintenance part (an Operations and Maintenance network) which controls the operation of the network, e.g. recovering billing information, reporting traffic densities, reporting outages or failures.
  • an Operations and Maintenance network which controls the operation of the network, e.g. recovering billing information, reporting traffic densities, reporting outages or failures. Due to the expense, complexity and level of disturbance caused by multiple installations particularly in urban areas, it is advantageous to provide a landline network which may be shared by several organizations rather than each organization installing their own network hardware. Such a system has been proposed by Bell Atlantic which allows different operators to provide personal communications services using the same network. Five different access possibilities are provided depending on the installed state of the relevant operator's network.
  • a "D" interface (external Data interface) is provided for the PCS provider to access a centralized database in the Bell Atlantic system.
  • This access may be used for customer location updates, customer authentication, customer service profile access, etc.
  • an access manager function is provided to manage these services.
  • This access manager may be described in other systems by other names and may be either centralized or distributed provided the customer profiles remain consistent. It may be composed of several units with specific functions such as an authentication center, a home location register, a customer profile database, for example. It is desirable to provide individual user organizations with some degree of control over their own use of the main shared network. For instance an organization may wish to define user groups and to modify these from time to time, e.g.
  • a user group may be defined as a "role”.
  • a network access manager function e.g. by a centralized or distributed function which will be called a mediation device.
  • Requests from user organizations can be sent to the mediation device via the operations and management network (OMN), e.g. an external terminal at the user organization's premises obtains access to the OMN (e.g. via the Internet or other more secure means) and sends a request to the mediation device. This request is processed and if approved the changes are made and the network updated accordingly.
  • OSN operations and management network
  • a mediation device requires authentication and authorization checks.
  • authentication is meant that a check is made as to the identity of the user accessing the network. This may be achieved by several different means, entering passwords or personal identity numbers (PIN), insertion of a device into a suitable reader, e.g. a smart card, fingerprint analysis, retina analysis being just a few examples.
  • PIN personal identity numbers
  • Authorization means the ability to restrict access to certain data or services to certain users only. For instance, access control lists (ACL) may be used to associate an authorized user set with a resource. The setting up and maintenance of authorization schemes is very time consuming.
  • EP 913 966 describes an access control scheme for a distributed client-server network.
  • Access control objects, group objects, rule objects and management objects are provided.
  • the rule objects specify a set of group objects, a set of management objects and access rights by users which belong to a group.
  • Access control servers process access requests. Each access control server controls access to a distinct subset of the management objects in accordance with access rights specified in an access control database.
  • Each access request is sent for processing to one or more of the access control servers for granting denying or partially granting the access requested in accordance with the access rights specified in the access control database.
  • use of a single access server can result in overloading.
  • the revised system makes use of several servers and results in access requests being transmitted through the network before the access rights for the request are confirmed or denied.
  • WO 98/50583 and WO 99/57863 relate to a network desktop management security system which allows or denies access to specific resources, such as a computer program or a file.
  • WO 99/57863 also relates to a network system in which a user request for a network resource such as an application can be accepted or denied.
  • the present invention provides a method of operating a telecommunications network shared by two or more organizations, the network including at least a server and a client, comprising the steps of: the organization initiating a request to the server via a proxy communications object on the client; the proxy object enabling comparison of the contents of the request with a definition of the rights and privileges of an organization to use the network, and, responsive to the comparison step, enabling forwarding of the request to the server, further comprising the step of: the server transmitting to the client at least a first component of the proxy communications object, the first proxy communications object component comprising the definition of the rights and privileges.
  • the request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource.
  • the request is only forwarded when the request and definition of the rights and privileges granted to the requesting organization are consistent with each other.
  • the proxy controls individual requests to a network resource for which the organization is authorized to use.
  • the proxy examines the content of the request to determine if the modification goes beyond the rules and privileges possessed by the organization.
  • a second proxy component may carry out the comparison and the first component enables transmission of the request based on a response from the second component.
  • Communications between the server and the client are preferably defined by a common object model protocol.
  • the client preferably only has read only access to the rights and privileges included within the communications proxy object or one of its components.
  • the proxy object or one of its components preferably inherits the definition of the rights and privileges for an organization from a second object.
  • the second object is preferably a data object.
  • the method may also include the step of transmitting a further proxy communications object to the client, the second proxy communications object comprising a further definition of the rights and privileges of an organization to use the network.
  • the network has at least one base network providing radio communications to user terminals and an operations and maintenance network comprising the server.
  • the present invention also provides a telecommunications network for shared use by at least two organizations, the network having at least one server and one client, the server being adapted to distribute at least a first component of a proxy communications object to the client, the first distributed proxy communications object component comprising a definition of the rights and privileges of an organization to use the network.
  • Communications between the server and the client are preferably defined by a common object model protocol.
  • the distributed proxy component is preferably stored on the client and the client is adapted to access the distributed proxy communications object component before completing set-up of a communication with the server.
  • the client only has read only access to the distributed proxy communications object component.
  • the distributed proxy communications object component is adapted to inherit the rights and privileges from a second object.
  • the distributed proxy communications object component is adapted to enable comparison of the contents of the request and the definition of the rights and privileges of the user.
  • the request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource.
  • a second client proxy communications object component is preferably adapted to enable forwarding of the request to the server in response to the comparison.
  • the request is forwarded only when comparison step determines that the request and the rights and privileges are consistent.
  • the present invention also provides a network element for use in a telecommunications network for shared use by at least two organizations, the network comprising at least a server and a client, the network element being adapted to distribute a communications proxy object via the network to a client, the distributed communications proxy object comprising a definition of the rights and privileges of an organization to the network.
  • the element is typically a server.
  • the network element is preferably adapted to distribute the communications proxy object as defined by a common object model protocol.
  • the present invention also provides an external client user device for communication with server on a telecommunication network for shared use by at least two organizations, the external client user device storing a proxy communications object comprising a definition of the rights and privileges of the user to use the network, and the external client user device being adapted to access the proxy communications object before communication with the server and the proxy communications object being adapted to enable comparison of the contents of the request and the definition of the rights and privileges of the user and responsive to the comparison, enabling forwarding of the request to the server.
  • the request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource. Preferably forwarding is only carried out when the contents of the request and the rights and privileges are consistent.
  • the proxy communications object may comprise two components, one comprising the definition of the rights and privileges and one for setting up communications with a remote server.
  • the client user device may be adapted to communicate with the server using a common object model protocol.
  • the client user device Preferably, the client user device only has read only access to the proxy communications object.
  • Fig. 1 is a schematic representation of a network in accordance with an embodiment of the present invention.
  • Fig. 2 is a general representation of an N-tier network architecture which may be used with the present invention.
  • Fig. 3 is a schematic representation of how a secure protocol may be implemented between a server and a client.
  • Fig. 4 is a schematic representation of a generalized client server communication path which can be used with the present invention.
  • Fig. 5 is a representation of the transmission of a distributed object from a server application to a client in accordance with an embodiment of the present invention.
  • Fig. 6 is a representation of how a client accesses an application running on a remote server in accordance with an embodiment of the present invention.
  • Fig. 7 is a schematic representation of an alternative message path in accordance with an embodiment of the present invention using a concentrator.
  • Fig. 8 is a representation of the transmission of a distributed object component from a server application to a client in accordance with another embodiment of the present invention.
  • Fig. 9 is a representation of how a client accesses an application running on a remote server in accordance with another embodiment of the present invention.
  • Operation equivalent, for a distributed object, to a method of an object in object oriented programming.
  • the present invention will be described with reference to certain embodiments and with reference to certain drawings but the present invention is not limited thereto but only by the claims.
  • the present invention will mainly be described with reference to public mobile radio systems but the present invention is not limited thereto.
  • the present invention may be applied to a distributed network in which a remote terminal accesses a server application in order to change access privileges in a role-based access control system.
  • the present invention may be advantageously used in wireless local area networks (LAN) or Metropolitan Access
  • the network 1 is a system of private radio communications. It includes at least one base transceiver station (BTS) 2 having a radio coverage area within at least one base network (BN) 4 which provides radio telecommunication services to one or more organizations 6, 8 who share the facilities of the base network 4.
  • BTS base transceiver station
  • BN base network
  • the radio telecommunications services provided across the air interface between the BTS 2 and user radio terminal 5, are at least partly trunked.
  • a mediation device 10 e.g.
  • an application running on a server 11 is provided for controlling and managing changes to customer profiles, a communications network 12 linking the mediation device via the server 11 with an external data terminal 14 which may be located at an organization's premises.
  • Customer profiles may be recorded in the network as management objects in the network, which contain management information and resource control variables.
  • the present invention relates to methods and apparatus for restricting access to management objects.
  • the mediation device 10 maintains the management objects. Management objects are sometimes called “managed object instances" (MOl's). Objects are often described as either "object instances" and "object classes”.
  • an object is in fact an object instance as implemented as every object is an instance of a respective object class, however as the present invention makes use of a common object model an object is, within this context, an abstract object instance which is implemented as a concrete instance at a specific device.
  • Communications network 12 is part of the operations and maintenance network (OMN) 16 of network 1. Communications on OMN 16 may be made in any suitable protocol, e.g. X25.
  • the OMN 16 allows supervision of network 1 on every technical, tactical and operational aspect.
  • the MD 10 (mediation device) component of the OMN 16, is provided on the principal data server 11. It has to ensure the integrity of the system by verifying the commands given by the operators and to limit the diffusion of the information to only authorized persons.
  • the MD 10 can be connected via the server 11 and OMN 16 to a plurality of operations and maintenance centers (OMC) 22, each OMC 22 managing one BN 4 and thus the MD 10 allows the simultaneous supervision of the infrastructure of a plurality of different BN 4.
  • OMC operations and maintenance centers
  • Communications between the external terminal 14 and the mediation device 10 are preferably secure, e.g. via the Secure Socket Layer protocol, and may be carried out via an intermediate network 18 such as the Internet or via a more secure dedicated communications line.
  • the organization may make request via external data terminal 14 to update or change the organization's profile as determined by the mediation device 10.
  • the present invention makes use of Common Object Model (COM) technology to organize the OMN 16.
  • COM Common Object Model
  • Some principles of COM are described in the article by S. Ga i and P. Picuri entitled “The object revolution, how COM technology is changing the way we do business", Computing and Control Engineering Journal, vol. 6, no. 3, June 1995, pages 108 to 112.
  • the present invention will be described with reference to a specific COM scheme called the CORB A standard, but the present invention is not limited thereto.
  • COM Distributed Component Object Model
  • object oriented programming objects may be broadly categorized as classes, methods or data. Brief details of methods, classes and inheritance as used in object oriented programming are described in Computing and Control Engineering Journal, vol. 4, no. 1, February 1993, "The object oriented paradigm: means for revolutionizing software development", by Barker et al., pages 10 to 14.
  • n-tier networks The application of the CORBA standard to large size, n-tier networks is described in "Enterprise CORBA", Slama et al, Prentice Hall, 1999.
  • a generalized N- tier architecture is shown in Fig. 2, in which one or more client terminals 14 may access the OMN 16 via a network 18, e.g. LAN, WAN or the Internet using CORBA compliant software.
  • the OMN 16 includes a variety of components, e.g. the mediation device 10, a customer management application 15 and a database application 19 all of which are CORBA compliant.
  • Certain components of the network 1 such as a tactical management application 17 may access network 1 via an external terminal 14.
  • the CORBA standard may be used in accordance with the present invention to allow supervision services on different types of external terminals and the opening of a • normalized interface of the whole of the supervision services allowing organizations to develop, monitor and change their own applications.
  • the services are distributed in such a way as to protect the partitioned construction of the given data and to optimize the network resources between a server and its clients.
  • the communication protocol used between the MD 10 and other network elements of OMN 16 respects the CORBA standard.
  • the interfaces are described in a normalized format called IDL (Interface Definition Language). Communications between the client terminal 14 and the server 11 may be secure by using SSL as part of the protocol stacks of client and server as shown schematically in Fig. 3.
  • data integrity is maintained for transmissions between terminal 14 and MD 10, i.e. maintaining the correctness of the content of any message between source and target.
  • Data integrity may be achieved by the use of suitable routines which detect tampering, e.g. check sum may be added to each message.
  • a Message Authentication Code may be added to each message.
  • the MAC is generated by applying a hash function to the message content.
  • the hash code may be encrypted by the sender and decrypted by the receiver.
  • the MAC must correspond to the hashed version of the received message.
  • non- repudiation is provided for communications between client terminal 14 and MD 10, i.e. prevention of denial by the client that a particular message was sent or request made.
  • objects are generated and distributed by the MD 10 to ensure not only the allocation of services, but also the limitation of the range of those services to the domains of utilization authorized by the organization's profile.
  • the organization's profile is a management data object in accordance with the present invention.
  • an organization has global access to its own management objects.
  • the objects distributed by the MD10 act as a filter to filter out invalid requests at the client's location.
  • the requests are determined by the content of the request. The requests may be invalid because of human error, because an organization's terminal software does not operate correctly, or because of a malicious attempt to damage another organization.
  • An access control decision function is the procedure (or set of procedures) that applies the access control rules to each access request so as to determine whether the requested access to a management object should be granted or denied.
  • An access control enforcement function is the procedure (or set of procedures) for enforcing the decisions made by the ACDF. Both of these objects are located on the client equipment. In particular, the ACEF controls access denial and prevents forwarding of the access request to the appropriate network management objects.
  • An advantage of the present invention is to do the whole of the security and access controls during the authentication and authorization of the client organization.
  • a set of objects containing the authorized privileges and credentials is distributed and from this time on no further attention need be paid to it.
  • the regular distribution of updates to the objects maintains the consistency of the data.
  • a profile is associated with each organization using network 1 and is a management object.
  • the profile defines the organization's privileges in a set of credentials. These credentials include the authorized exploitation functions, and the geographical extent of these functions, e.g. how many of the BN 4 on which the functions can be used, as well as the rights of sub-groups of the organization, e.g. specific user groups or roles. For example, let us assume there is one organization, a hospital. The privileges of this organizations will be defined by a geographical area and by a set of users.
  • the base network 4 is defined by an JD code, BN_JD of three digits, e.g. 750.
  • the hospital has several fleets of ambulances, each fleet being defined by a code, e.g.
  • a three digit code Fleet D One fleet is wholly owned by the hospital and has the code number 100, another fleet is run by a charitable organization and has the fleet code 101. Within each of the fleets there are users, each defined by a UserJD, such as a three digit code for each user, for instance 100, 101 ION. A subscriber address is made up of a concatenation of these three codes, e.g. BN_ID FleetJQD
  • User_ID An example would be 750100100.
  • a talk group object identified by a three digit code TKG_TD is defined as the association between a set of subscriber addresses and a geographical coverage.
  • a talk group would include the association of a coverage area identified by a code COV D and defined by a set of radio cell coverages and the relevant user group defined by a set of subscriber addresses.
  • This latter set is defined using subscriber addresses referencing subscribers that belong to the same fleet in the same base network and can be defined by the end addresses of the subscribers, for example 750100100 to 750100200 or by a list of addresses.
  • the COVJD 10 only includes the coverage area defined by BTS 2.
  • a talk group 1 includes the association between CONJOD 10 and the subscriber addresses 750100100 to 750100200. Talk groups, fleet JD's, user JJD's etc. all belong to the security aspects associated with network 1 as well as defining which parts of the network 1 may be used by any organisation.
  • the hospital may wish to change the user groups in the talk group or change the geographical area reachable by that talk group. Such a change may affect the resource allocation of network 1. Hence, any such change must be approved by the operating system of network 1. Also, it should only be possible for any such change to be made by the relevant hospital and not by another organization.
  • Objects distributed by the MD 10 in accordance with the present invention play an active role in security. They not only define all the services (i.e. operations) which are available to any organization but also define specific attributes of an organization and/or a base network which restrict the area of utilization of the offered services. Each organization is limited to the domains defined by the distributed object. Servers in OM ⁇ 16 are exempted from controlling, at every request, the rights of the requesting organizations, as the distributed objects act as a toastfilter" to prevent invalid requests at their source, i.e. at the organization's external terminal 14. With reference to network 1, an organization can make certain requests to MD
  • Delete a communication object e.g. delete a user group.
  • Any of these operations can be carried out on any of the base networks BN 4 of the network 1 and by any organization making use of a network 1.
  • the MD 10 distributes a managing communications object (which will be called CommMgr hereinafter) in order to provide services for a client organization.
  • CommMgr possesses the four operations (for distributed objects an operation is equivalent to a method in normal object oriented programming) corresponding to the four type of requests mentioned above.
  • CommMgr is distributed to remote client terminals where it functions as a proxy. With the aid of this proxy, a client organization will be able to activate the services related to the requests, that is can set up a communication pathway to MD 10 through the network and make a change request.
  • distribution of such an object would still oblige each accessed server of OMN 16 receiving the request to systematically verify the domains of application of the following services: • Verifying that the client organization has the right to work on the BN concerned,
  • the distributed object CommMgr in accordance with the present invention inherits from a second object whose only function is to limit the range of operations of the distributed object CommMgr.
  • This second object does not define any operation (or method), but contains the reference of an organization and or of a BN 4, which specifies the domain of application of the operations, i.e. it is a data object.
  • This second object is resident in server 11 or could be provided on another node of the OMN 16, e.g. in database server 19.
  • Each proxy (CommMgr) distributed by the MD 10 defines exactly the domain of application of offered services. These data cannot be modified by the client organization as the client's terminals have read-only access to the attributes defining the client's profile.
  • the receiving server of the OMN 16 after authentication, will generate the proxy to be sent to that client organization in function of the services and domains to which the organization has rights.
  • This proxy is now available at the client organization's external terminal.
  • the next request from the client's terminal will access the proxy which enables a comparison of the request and the authorization credentials in the proxy.
  • the proxy can enable forwarding of the request. For example, if the request and the privileges do not match, the request is aborted and/or any other suitable action is taken to prevent the request being made.
  • the proxy enables forwarding of the request to the server 16.
  • ACDF which is the procedure (or set of procedures) that applies the access control rules to each access request so as to determine whether the requested access to a management object should be granted or denied
  • ADF access control enforcement function
  • AMF access control enforcement function
  • a client terminal can access a remote server 11, e.g. via networks 16, 18.
  • a CORBA compliant application such as MD 10 running on server 11 has a CORBA interface (the T connection) so that it can be accessed from the client terminal 14.
  • the application MDIO may access other nodes of the network, e.g. a database server 19 where specific data may be stored, e.g. user profiles.
  • a client of network 1 who asks to be connected to MD 10 and who has the right (as defined by the profile) to manage the communications on BN 4 (the one managed by the MD 10) for the organizations 6 and 8.
  • the client terminal 14 contacts the server 11 using conventional communication software.
  • the MD 10 will distribute two versions of the object CommMgr to this client, CommMgr 25 and
  • CommMgr 26 (Fig. 5).
  • the first version, CommMgr 25, will possess (by inheritance from the second object 27) the attributes corresponding to BN 4 and to the organization
  • This object 25 will allow the client to manage the communication of organization 6 (and only of this organization) on the BN 4 (also solely).
  • CommMgr 26 will possess the attributes corresponding to BN 4 and to organization 8.
  • the client's terminal 14 When the client wishes to make a request to MD 10, the client's terminal 14 will execute an application 28.
  • the application 28 will access each of the proxies
  • CommMgr 25 or CommMgr 26 in turn to carry out the request (Fig. 6).
  • proxies will enable a comparison of the request and their list of access privileges and coverage areas. Depending upon the results of this comparison, a proxy can enable forwarding of the request. For example, if the request does not match the coverage areas and privileges, the proxy fails to complete the request. If the two match then the proxy will enable forwarding of the request.
  • the client has no other possibility to make any other types of requests, i.e. cannot make an invalid request.
  • the second object 27 is updated, i.e. the one defining these rights and privileges and MD10 is re-instantiated to inherit the new definitions.
  • CommMgr 25 and/or 26 is then redistributed to the relevant client including the updated privileges and/or geographical areas.
  • the present invention also includes use of the property that the distributed object CommMgr may inherit from a plurality of second objects.
  • the principle of limitation of range of a service by inheritance of properties can be extended in accordance with the present invention as desired. It allows to carry out a control at the source, i.e. at the client's premises external to OMN 16. By restricting the client to choose an object on which an operation is activated, the client is forced to make a choice between the domains authorized by the client's profile. Furthermore, the domains can have campscrossed" ranges and be represented in the form of matrixes.
  • This embodiment provides a proxy object CommMgr 25 comprising two proxy object components 33, 34. At least one of the components 33, 34 is distributed from the server 11 to the client 14, namely that component 34 which contains a definition of the rights and privileges of an organisation (Fig. 8).
  • the other component which is mainly a communications object may be locally installed on the client terminal 14 or may also be distributed by the server 14.
  • the client's terminal 14 will execute an application 28.
  • the application 28 will access proxy component 33 of CommMgr 25 to carry out the request (Fig. 9).
  • This proxy component 33 retrieves information relevant to the issue of security by examination of the contents of the request and transmits this data, either in clear or encrypted form to proxy component 34.
  • Proxy component 34 is adapted to perform a comparison of the security information contained in the request and the list of access privileges and coverage areas it contains. It does this in accordance with rules which it contains. The request is forwarded dependent upon the comparison. For example, if the request does not match the coverage areas and privileges, the proxy component transmits a "communication fails" message to proxy component 33 which then fails to complete the request. If the two match then the proxy component 34 sends a "communication accepted" message to component 33 which on receipt enables forwarding of the request. Note that an organization has a global access right to the management object which is to be modified by the request. The comparison made by the proxy relates to whether the intended modification goes beyond that allowed for the specific organization.
  • the advantage of this embodiment is that if the rights and privileges of an organization change, only the one proxy component 34 needs to be re-distributed. This will generally be of much smaller size than the communications proxy component 33, which may include complete communications software. Hence, traffic on the network is reduced.
  • the proxy component 34 may inherit the rights and privileges from the second object 27, i.e. the one defining these rights and privileges.
  • a CORBA object is defined as an abstract entity having an identity, an interface and an implementation.
  • the present invention includes more complex architectures especially those designed to be scaleable.
  • the present invention includes the use of an intermediate concentrator (Fig. 7).
  • the proxy CommMgr 25 or 26 accesses a concentrator object 30 located on a suitable node of the network 16 or 18, such as a server 31.
  • the concentrator object 30 in turn uses a further proxy 32 to access MD 10 on server 11.
  • the applications running on server 31 such as the concentrator object 30 need not re-authenticate the client, nor require delegation of any privileges or access codes from proxy 25 or 26.

Abstract

A telecommunications network and a method of operating the same are described which is a shared by two or more orgnaizations, the network including at least a server and a client. The server is adapted to transmit to the client a proxy communications object comprising a definition of the rights and privileges of an organization to use the network. When the organization initiates a request to the server it does so via the proxy object on the client. The proxy object enables a comparison of the contents of request and the definition of the rights and privileges and enables forwarding of the request to the server only when the request and the rights and privileges granted to the requesting organization are consistent with each other. The request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource. By this means unwanted accesses to the server may be prevented at the client.

Description

RADIO TELECOMMUNICATIONS SYSTEM AND METHOD OF
OPERATING THE SAME WITH DISTRIBUTED COMMUNICATION
OBJECTS
The present invention relates to server -client networks in which a client terminal communicates with a remote server in accordance with role based access control operating in response to roles and access privileges. The present invention may find advantageous application in trunked wireless telecommunication networks as well as satellite systems, particularly, cellular telephone and data systems, cordless public telephone systems, personal communications services (PCS), public mobile radio (PMR), Metropolitan Area Networks (MAN) which are used by at least two organizations with different access privileges.
TECHNICAL BACKGROUND
In many distributed networks a server application running on a server computer provides services or functions to a remote client. Security features control access of clients to particular services or functions on the server. The access privileges may be limited to individual users or to groups of users. It is often desirable to provide some capability for a user to change the membership of a user group or to change some of the functions the group may be able to access. Generally, a distributed network will have some centralized control unit which will supervise the access privileges and also maintain access codes such as ID's and passwords. To make such changes a remote terminal of a user will access the centralized control unit and request changes. Conventionally, the server which operates the control unit function will perform authorization checks every time the client makes' a request to determine if the user making the request is authorized to alter the access privileges. This repetitive authorization takes up time and blocks transmission bandwidth on the network.
As one example of a distributed network, there are many telecommunications systems which have an air interface which is operated in a trunked manner, that is the communication channels of the air interface are a shared resource among several users. No channel is permanently dedicated to a user, but each channel is assigned temporarily to a user for the duration of a transmission. Such systems usually comprise a network of elements, e.g. switches, base station radio transceivers, base station controllers and databases, connected together by landlines. Representative networks are a GSM cellular telephone network as described in "The GSM System for Mobile
Communications", Cell & Sighs, 1992, or a CDMA cellular system as described in
"CDMA Systems Engineering Handbook", Artech House, 1998, a cellular data network such as the GPRS system described in "Wideband CDMA for Third generation Mobile Communications", Artech House 1998 , a PMR network as supplied by Matra Nortel under the system name MC9600, a cordless public access system (e.g. Bi-Bop) as described in "Cordless Telecommunications Worldwide", Springer, 1997, the terrestrial part of a satellite transmission system as described in "Satellite Communications Systems", Wiley, 1998.
The network may be divided logically (and usually physically) into a traffic part which carries user messages and the control signals required therefor and an operations and maintenance part (an Operations and Maintenance network) which controls the operation of the network, e.g. recovering billing information, reporting traffic densities, reporting outages or failures. Due to the expense, complexity and level of disturbance caused by multiple installations particularly in urban areas, it is advantageous to provide a landline network which may be shared by several organizations rather than each organization installing their own network hardware. Such a system has been proposed by Bell Atlantic which allows different operators to provide personal communications services using the same network. Five different access possibilities are provided depending on the installed state of the relevant operator's network. In the system a "D" interface (external Data interface) is provided for the PCS provider to access a centralized database in the Bell Atlantic system. This access may be used for customer location updates, customer authentication, customer service profile access, etc. To manage these services an access manager function is provided. This access manager may be described in other systems by other names and may be either centralized or distributed provided the customer profiles remain consistent. It may be composed of several units with specific functions such as an authentication center, a home location register, a customer profile database, for example. It is desirable to provide individual user organizations with some degree of control over their own use of the main shared network. For instance an organization may wish to define user groups and to modify these from time to time, e.g. add a new member to a group, delete a member or a whole group, change the geographical range of access of a user group. A user group may be defined as a "role". To prevent one user organization monopolizing the scarce resources of a network such changes must be coordinated with or controlled by a network access manager function, e.g. by a centralized or distributed function which will be called a mediation device. Requests from user organizations can be sent to the mediation device via the operations and management network (OMN), e.g. an external terminal at the user organization's premises obtains access to the OMN (e.g. via the Internet or other more secure means) and sends a request to the mediation device. This request is processed and if approved the changes are made and the network updated accordingly.
Where several organizations share a network, e.g. a fleet of hospital ambulances, the police force, a cellular telephone operator, it is important that security is maintained and that cross-access between the organizations is not possible. Also, one organization should not be able to manipulate, influence or change the customer profiles of another organization. Conventionally, access to a mediation device requires authentication and authorization checks. By authentication is meant that a check is made as to the identity of the user accessing the network. This may be achieved by several different means, entering passwords or personal identity numbers (PIN), insertion of a device into a suitable reader, e.g. a smart card, fingerprint analysis, retina analysis being just a few examples. Authorization means the ability to restrict access to certain data or services to certain users only. For instance, access control lists (ACL) may be used to associate an authorized user set with a resource. The setting up and maintenance of authorization schemes is very time consuming.
EP 913 966 describes an access control scheme for a distributed client-server network. Access control objects, group objects, rule objects and management objects are provided. The rule objects specify a set of group objects, a set of management objects and access rights by users which belong to a group. Access control servers process access requests. Each access control server controls access to a distinct subset of the management objects in accordance with access rights specified in an access control database. Each access request is sent for processing to one or more of the access control servers for granting denying or partially granting the access requested in accordance with the access rights specified in the access control database. As explained in this document use of a single access server can result in overloading. The revised system makes use of several servers and results in access requests being transmitted through the network before the access rights for the request are confirmed or denied.
This results in a traffic load on the network of access requests some of which are subsequently denied.
WO 98/50583 and WO 99/57863 relate to a network desktop management security system which allows or denies access to specific resources, such as a computer program or a file.
WO 99/57863 also relates to a network system in which a user request for a network resource such as an application can be accepted or denied.
It is an object of the present invention to reduce the time necessary to set up and maintain an authorization system in a telecommunications network, especially a trunked radio telecommunications network which may be shared by two or more independent organizations. It is a further object of the present invention to reduce the amount of unnecessary signaling in a telecommunications network, especially a trunked radio telecommunications network which may be shared by two or more independent organizations.
SUMMARY OF THE INVENTION
The present invention provides a method of operating a telecommunications network shared by two or more organizations, the network including at least a server and a client, comprising the steps of: the organization initiating a request to the server via a proxy communications object on the client; the proxy object enabling comparison of the contents of the request with a definition of the rights and privileges of an organization to use the network, and, responsive to the comparison step, enabling forwarding of the request to the server, further comprising the step of: the server transmitting to the client at least a first component of the proxy communications object, the first proxy communications object component comprising the definition of the rights and privileges. The request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource. Preferably, the request is only forwarded when the request and definition of the rights and privileges granted to the requesting organization are consistent with each other. Hence, the proxy controls individual requests to a network resource for which the organization is authorized to use. However, the proxy examines the content of the request to determine if the modification goes beyond the rules and privileges possessed by the organization. A second proxy component may carry out the comparison and the first component enables transmission of the request based on a response from the second component. Communications between the server and the client are preferably defined by a common object model protocol. The client preferably only has read only access to the rights and privileges included within the communications proxy object or one of its components. The proxy object or one of its components preferably inherits the definition of the rights and privileges for an organization from a second object. The second object is preferably a data object. The method may also include the step of transmitting a further proxy communications object to the client, the second proxy communications object comprising a further definition of the rights and privileges of an organization to use the network. Preferably, the network has at least one base network providing radio communications to user terminals and an operations and maintenance network comprising the server.
The present invention also provides a telecommunications network for shared use by at least two organizations, the network having at least one server and one client, the server being adapted to distribute at least a first component of a proxy communications object to the client, the first distributed proxy communications object component comprising a definition of the rights and privileges of an organization to use the network. Communications between the server and the client are preferably defined by a common object model protocol. The distributed proxy component is preferably stored on the client and the client is adapted to access the distributed proxy communications object component before completing set-up of a communication with the server. Preferably, the client only has read only access to the distributed proxy communications object component. Preferably, the distributed proxy communications object component is adapted to inherit the rights and privileges from a second object. Preferably, the distributed proxy communications object component is adapted to enable comparison of the contents of the request and the definition of the rights and privileges of the user. The request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource. A second client proxy communications object component is preferably adapted to enable forwarding of the request to the server in response to the comparison. Preferably, the request is forwarded only when comparison step determines that the request and the rights and privileges are consistent.
The present invention also provides a network element for use in a telecommunications network for shared use by at least two organizations, the network comprising at least a server and a client, the network element being adapted to distribute a communications proxy object via the network to a client, the distributed communications proxy object comprising a definition of the rights and privileges of an organization to the network. The element is typically a server. The network element is preferably adapted to distribute the communications proxy object as defined by a common object model protocol.
The present invention also provides an external client user device for communication with server on a telecommunication network for shared use by at least two organizations, the external client user device storing a proxy communications object comprising a definition of the rights and privileges of the user to use the network, and the external client user device being adapted to access the proxy communications object before communication with the server and the proxy communications object being adapted to enable comparison of the contents of the request and the definition of the rights and privileges of the user and responsive to the comparison, enabling forwarding of the request to the server. The request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource. Preferably forwarding is only carried out when the contents of the request and the rights and privileges are consistent. The proxy communications object may comprise two components, one comprising the definition of the rights and privileges and one for setting up communications with a remote server. The client user device may be adapted to communicate with the server using a common object model protocol. Preferably, the client user device only has read only access to the proxy communications object.
The dependent claims define independent embodiments of the invention. The present invention will now be described with reference to the following drawings. BRIEF DESCRIPTIONS OF THE DRAWINGS
Fig. 1 is a schematic representation of a network in accordance with an embodiment of the present invention. Fig. 2 is a general representation of an N-tier network architecture which may be used with the present invention.
Fig. 3 is a schematic representation of how a secure protocol may be implemented between a server and a client.
Fig. 4 is a schematic representation of a generalized client server communication path which can be used with the present invention.
Fig. 5 is a representation of the transmission of a distributed object from a server application to a client in accordance with an embodiment of the present invention.
Fig. 6 is a representation of how a client accesses an application running on a remote server in accordance with an embodiment of the present invention. Fig. 7 is a schematic representation of an alternative message path in accordance with an embodiment of the present invention using a concentrator.
Fig. 8 is a representation of the transmission of a distributed object component from a server application to a client in accordance with another embodiment of the present invention. Fig. 9 is a representation of how a client accesses an application running on a remote server in accordance with another embodiment of the present invention.
DEFINITIONS
Operation: equivalent, for a distributed object, to a method of an object in object oriented programming.
Organization: entity using radio terminals for accessing trunked resources of a network in accordance with the present invention. These resources may be dedicated or shared. An organization may have rights of exploitation and utilization of the partitioned or non-partitioned services of the network.
DESCRIPTION OF THE ILLUSTRATIVE EMBODIMENTS
The present invention will be described with reference to certain embodiments and with reference to certain drawings but the present invention is not limited thereto but only by the claims. In particular the present invention will mainly be described with reference to public mobile radio systems but the present invention is not limited thereto. The present invention may be applied to a distributed network in which a remote terminal accesses a server application in order to change access privileges in a role-based access control system. For instance, the present invention may be advantageously used in wireless local area networks (LAN) or Metropolitan Access
Network, (MAN), in the terrestrial part of a satellite communications network, in cellular telephone or data networks, in cordless public telephone or data networks. A schematic representative network 1 in accordance with an embodiment of the present invention is shown in Fig. 1. The network 1 is a system of private radio communications. It includes at least one base transceiver station (BTS) 2 having a radio coverage area within at least one base network (BN) 4 which provides radio telecommunication services to one or more organizations 6, 8 who share the facilities of the base network 4. The radio telecommunications services provided across the air interface between the BTS 2 and user radio terminal 5, are at least partly trunked. A mediation device 10, e.g. an application running on a server 11, is provided for controlling and managing changes to customer profiles, a communications network 12 linking the mediation device via the server 11 with an external data terminal 14 which may be located at an organization's premises. Customer profiles may be recorded in the network as management objects in the network, which contain management information and resource control variables. The present invention relates to methods and apparatus for restricting access to management objects. The mediation device 10 maintains the management objects. Management objects are sometimes called "managed object instances" (MOl's). Objects are often described as either "object instances" and "object classes". In the terminology of the present invention, an object is in fact an object instance as implemented as every object is an instance of a respective object class, however as the present invention makes use of a common object model an object is, within this context, an abstract object instance which is implemented as a concrete instance at a specific device.
Communications network 12 is part of the operations and maintenance network (OMN) 16 of network 1. Communications on OMN 16 may be made in any suitable protocol, e.g. X25. The OMN 16 allows supervision of network 1 on every technical, tactical and operational aspect. The MD 10 (mediation device) component of the OMN 16, is provided on the principal data server 11. It has to ensure the integrity of the system by verifying the commands given by the operators and to limit the diffusion of the information to only authorized persons. The MD 10 can be connected via the server 11 and OMN 16 to a plurality of operations and maintenance centers (OMC) 22, each OMC 22 managing one BN 4 and thus the MD 10 allows the simultaneous supervision of the infrastructure of a plurality of different BN 4. Communications between the external terminal 14 and the mediation device 10 are preferably secure, e.g. via the Secure Socket Layer protocol, and may be carried out via an intermediate network 18 such as the Internet or via a more secure dedicated communications line. The organization may make request via external data terminal 14 to update or change the organization's profile as determined by the mediation device 10.
The present invention makes use of Common Object Model (COM) technology to organize the OMN 16. Some principles of COM are described in the article by S. Ga i and P. Picuri entitled "The object revolution, how COM technology is changing the way we do business", Computing and Control Engineering Journal, vol. 6, no. 3, June 1995, pages 108 to 112. In particular the present invention will be described with reference to a specific COM scheme called the CORB A standard, but the present invention is not limited thereto. For instance, alternative COM technologies may be used such as DCOM as described in "Comparison between CORB A andDCOM: architectures for distributed computing", Thompson et al., 0-8186-8551-4/98, IEEE 1998 or "Reliability and availability issues in Distributed Component Object Model (DCOM), 0-7803-4290-9/97, IEEE, 1997. COM makes use of certain aspects of object oriented programming. In object oriented programming objects may be broadly categorized as classes, methods or data. Brief details of methods, classes and inheritance as used in object oriented programming are described in Computing and Control Engineering Journal, vol. 4, no. 1, February 1993, "The object oriented paradigm: means for revolutionizing software development", by Barker et al., pages 10 to 14.
The application of the CORBA standard to large size, n-tier networks is described in "Enterprise CORBA", Slama et al, Prentice Hall, 1999. A generalized N- tier architecture is shown in Fig. 2, in which one or more client terminals 14 may access the OMN 16 via a network 18, e.g. LAN, WAN or the Internet using CORBA compliant software. The OMN 16 includes a variety of components, e.g. the mediation device 10, a customer management application 15 and a database application 19 all of which are CORBA compliant. Certain components of the network 1 such as a tactical management application 17 may access network 1 via an external terminal 14.
The CORBA standard may be used in accordance with the present invention to allow supervision services on different types of external terminals and the opening of a normalized interface of the whole of the supervision services allowing organizations to develop, monitor and change their own applications. The services are distributed in such a way as to protect the partitioned construction of the given data and to optimize the network resources between a server and its clients. The communication protocol used between the MD 10 and other network elements of OMN 16 respects the CORBA standard. The interfaces are described in a normalized format called IDL (Interface Definition Language). Communications between the client terminal 14 and the server 11 may be secure by using SSL as part of the protocol stacks of client and server as shown schematically in Fig. 3. Preferably data integrity is maintained for transmissions between terminal 14 and MD 10, i.e. maintaining the correctness of the content of any message between source and target. Data integrity may be achieved by the use of suitable routines which detect tampering, e.g. check sum may be added to each message. For instance a Message Authentication Code (MAC) may be added to each message. The MAC is generated by applying a hash function to the message content. The hash code may be encrypted by the sender and decrypted by the receiver. The MAC must correspond to the hashed version of the received message. Preferably, non- repudiation is provided for communications between client terminal 14 and MD 10, i.e. prevention of denial by the client that a particular message was sent or request made.
In accordance with an embodiment of the present invention objects are generated and distributed by the MD 10 to ensure not only the allocation of services, but also the limitation of the range of those services to the domains of utilization authorized by the organization's profile. The organization's profile is a management data object in accordance with the present invention. Generally, an organization has global access to its own management objects. The objects distributed by the MD10 act as a filter to filter out invalid requests at the client's location. The requests are determined by the content of the request. The requests may be invalid because of human error, because an organization's terminal software does not operate correctly, or because of a malicious attempt to damage another organization. An access control decision function (ACDF) is the procedure (or set of procedures) that applies the access control rules to each access request so as to determine whether the requested access to a management object should be granted or denied. An access control enforcement function (ACEF) is the procedure (or set of procedures) for enforcing the decisions made by the ACDF. Both of these objects are located on the client equipment. In particular, the ACEF controls access denial and prevents forwarding of the access request to the appropriate network management objects.
An advantage of the present invention is to do the whole of the security and access controls during the authentication and authorization of the client organization. Thus, a set of objects containing the authorized privileges and credentials is distributed and from this time on no further attention need be paid to it. This reduces maintenance time for authorizations as the client organization is prevented from requesting the activation of services outside the domains authorized by the profile which can be retrieved locally to the client's terminal, i.e. without access to the mediation device 10 or in fact any other server of OMN 16. At the same time the regular distribution of updates to the objects maintains the consistency of the data.
A profile is associated with each organization using network 1 and is a management object. The profile defines the organization's privileges in a set of credentials. These credentials include the authorized exploitation functions, and the geographical extent of these functions, e.g. how many of the BN 4 on which the functions can be used, as well as the rights of sub-groups of the organization, e.g. specific user groups or roles. For example, let us assume there is one organization, a hospital. The privileges of this organizations will be defined by a geographical area and by a set of users. The base network 4 is defined by an JD code, BN_JD of three digits, e.g. 750. The hospital has several fleets of ambulances, each fleet being defined by a code, e.g. a three digit code Fleet D. One fleet is wholly owned by the hospital and has the code number 100, another fleet is run by a charitable organization and has the fleet code 101. Within each of the fleets there are users, each defined by a UserJD, such as a three digit code for each user, for instance 100, 101 ION. A subscriber address is made up of a concatenation of these three codes, e.g. BN_ID FleetJQD
User_ID. An example would be 750100100.
As an example, a talk group object identified by a three digit code TKG_TD is defined as the association between a set of subscriber addresses and a geographical coverage. For instance, such a talk group would include the association of a coverage area identified by a code COV D and defined by a set of radio cell coverages and the relevant user group defined by a set of subscriber addresses. This latter set is defined using subscriber addresses referencing subscribers that belong to the same fleet in the same base network and can be defined by the end addresses of the subscribers, for example 750100100 to 750100200 or by a list of addresses. Let us say that the COVJD = 10 only includes the coverage area defined by BTS 2. A talk group 1 includes the association between CONJOD 10 and the subscriber addresses 750100100 to 750100200. Talk groups, fleet JD's, user JJD's etc. all belong to the security aspects associated with network 1 as well as defining which parts of the network 1 may be used by any organisation.
The hospital may wish to change the user groups in the talk group or change the geographical area reachable by that talk group. Such a change may affect the resource allocation of network 1. Hence, any such change must be approved by the operating system of network 1. Also, it should only be possible for any such change to be made by the relevant hospital and not by another organization.
Objects distributed by the MD 10 in accordance with the present invention play an active role in security. They not only define all the services (i.e. operations) which are available to any organization but also define specific attributes of an organization and/or a base network which restrict the area of utilization of the offered services. Each organization is limited to the domains defined by the distributed object. Servers in OMΝ 16 are exempted from controlling, at every request, the rights of the requesting organizations, as the distributed objects act as a „filter" to prevent invalid requests at their source, i.e. at the organization's external terminal 14. With reference to network 1, an organization can make certain requests to MD
10: • Create a new communication object, that is create a new relationship between members of the organization and the services offered, e.g. a new user group.
• Modify an existing communication object, e.g. add another member to a user group.
» Delete a communication object, e.g. delete a user group. ® List all attributes of a communication object, e.g. all members and their rights and privileges.
Any of these operations can be carried out on any of the base networks BN 4 of the network 1 and by any organization making use of a network 1.
In accordance with an embodiment of the present invention, the MD 10 distributes a managing communications object (which will be called CommMgr hereinafter) in order to provide services for a client organization. CommMgr possesses the four operations (for distributed objects an operation is equivalent to a method in normal object oriented programming) corresponding to the four type of requests mentioned above. CommMgr is distributed to remote client terminals where it functions as a proxy. With the aid of this proxy, a client organization will be able to activate the services related to the requests, that is can set up a communication pathway to MD 10 through the network and make a change request. However, distribution of such an object would still oblige each accessed server of OMN 16 receiving the request to systematically verify the domains of application of the following services: • Verifying that the client organization has the right to work on the BN concerned,
* Verifying that the specific client making the request has the rights in view of the organization for which the request is made
In order to palliate these inconveniences, the distributed object CommMgr in accordance with the present invention inherits from a second object whose only function is to limit the range of operations of the distributed object CommMgr. This second object does not define any operation (or method), but contains the reference of an organization and or of a BN 4, which specifies the domain of application of the operations, i.e. it is a data object. This second object is resident in server 11 or could be provided on another node of the OMN 16, e.g. in database server 19. Each proxy (CommMgr) distributed by the MD 10 defines exactly the domain of application of offered services. These data cannot be modified by the client organization as the client's terminals have read-only access to the attributes defining the client's profile. So, at the time the client organization requests a first connection, the receiving server of the OMN 16, after authentication, will generate the proxy to be sent to that client organization in function of the services and domains to which the organization has rights. This proxy is now available at the client organization's external terminal. The next request from the client's terminal will access the proxy which enables a comparison of the request and the authorization credentials in the proxy. Depending upon the comparison, the proxy can enable forwarding of the request. For example, if the request and the privileges do not match, the request is aborted and/or any other suitable action is taken to prevent the request being made. On the other hand if the authorization credentials are consistent with the request, the proxy enables forwarding of the request to the server 16. Afterwards, it will not be necessary to verify the rights of the client organization as the fact that the client organization is in possession of a proxy which has allowed the request to proceed to the server will be sufficient for proving the rights of the client organization. The skilled person will appreciate that the access control decision function
(ACDF) (which is the procedure (or set of procedures) that applies the access control rules to each access request so as to determine whether the requested access to a management object should be granted or denied) is implemented by the proxy in accordance with the present invention. The access control enforcement function (ACEF) (which is the procedure (or set of procedures) for enforcing the decisions made by the ACDF) is also performed by the proxy.
An embodiment of the present invention will now be described with reference to Figs. 4 to 6. A general architecture is shown in Fig. 4. A client terminal can access a remote server 11, e.g. via networks 16, 18. A CORBA compliant application such as MD 10 running on server 11 has a CORBA interface (the T connection) so that it can be accessed from the client terminal 14. The application MDIO may access other nodes of the network, e.g. a database server 19 where specific data may be stored, e.g. user profiles. Let us consider the case of a client of network 1 who asks to be connected to MD 10 and who has the right (as defined by the profile) to manage the communications on BN 4 (the one managed by the MD 10) for the organizations 6 and 8. Firstly, the client terminal 14 contacts the server 11 using conventional communication software. After verification of the rights of the client, the MD 10 will distribute two versions of the object CommMgr to this client, CommMgr 25 and
CommMgr 26 (Fig. 5). The first version, CommMgr 25, will possess (by inheritance from the second object 27) the attributes corresponding to BN 4 and to the organization
6. This object 25 will allow the client to manage the communication of organization 6 (and only of this organization) on the BN 4 (also solely). The second distributed object
CommMgr 26 will possess the attributes corresponding to BN 4 and to organization 8.
When the client wishes to make a request to MD 10, the client's terminal 14 will execute an application 28. The application 28 will access each of the proxies
CommMgr 25 or CommMgr 26 in turn to carry out the request (Fig. 6). These proxies will enable a comparison of the request and their list of access privileges and coverage areas. Depending upon the results of this comparison, a proxy can enable forwarding of the request. For example, if the request does not match the coverage areas and privileges, the proxy fails to complete the request. If the two match then the proxy will enable forwarding of the request. As these are the only two distributed objects which include an operation for making a request to the MD 10, the client has no other possibility to make any other types of requests, i.e. cannot make an invalid request. In this way, by activation of the operations of either ComrnMgr 25 or CommMgr 26, the client will be able to manipulate the communications and allocations of organization 6 or those of organization 8, as defined with respect to BN 4. On the other hand, the client will never be able to activate an operation in the name of another organization for which he has no rights, or on another BN, as he does not possess any proxy from which to activate such operations.
If the rights and privileges of an organization change, the second object 27 is updated, i.e. the one defining these rights and privileges and MD10 is re-instantiated to inherit the new definitions. CommMgr 25 and/or 26 is then redistributed to the relevant client including the updated privileges and/or geographical areas. The present invention also includes use of the property that the distributed object CommMgr may inherit from a plurality of second objects.
The principle of limitation of range of a service by inheritance of properties can be extended in accordance with the present invention as desired. It allows to carry out a control at the source, i.e. at the client's premises external to OMN 16. By restricting the client to choose an object on which an operation is activated, the client is forced to make a choice between the domains authorized by the client's profile. Furthermore, the domains can have „crossed" ranges and be represented in the form of matrixes.
A further embodiment of the present invention will be described with reference to Figs. 8 and 9. This embodiment provides a proxy object CommMgr 25 comprising two proxy object components 33, 34. At least one of the components 33, 34 is distributed from the server 11 to the client 14, namely that component 34 which contains a definition of the rights and privileges of an organisation (Fig. 8). The other component which is mainly a communications object may be locally installed on the client terminal 14 or may also be distributed by the server 14. When an organization wishes to make a request to the server 11, the client's terminal 14 will execute an application 28. The application 28 will access proxy component 33 of CommMgr 25 to carry out the request (Fig. 9). This proxy component 33 retrieves information relevant to the issue of security by examination of the contents of the request and transmits this data, either in clear or encrypted form to proxy component 34. Proxy component 34 is adapted to perform a comparison of the security information contained in the request and the list of access privileges and coverage areas it contains. It does this in accordance with rules which it contains. The request is forwarded dependent upon the comparison. For example, if the request does not match the coverage areas and privileges, the proxy component transmits a "communication fails" message to proxy component 33 which then fails to complete the request. If the two match then the proxy component 34 sends a "communication accepted" message to component 33 which on receipt enables forwarding of the request. Note that an organization has a global access right to the management object which is to be modified by the request. The comparison made by the proxy relates to whether the intended modification goes beyond that allowed for the specific organization.
The advantage of this embodiment is that if the rights and privileges of an organization change, only the one proxy component 34 needs to be re-distributed. This will generally be of much smaller size than the communications proxy component 33, which may include complete communications software. Hence, traffic on the network is reduced. The proxy component 34 may inherit the rights and privileges from the second object 27, i.e. the one defining these rights and privileges.
It will be understood by the skilled person that reference to a "distributed object", "method", "operation", "data object" in accordance with the CORBA standard refers in principle to abstract concepts used only for design purposes. A CORBA object is defined as an abstract entity having an identity, an interface and an implementation.
In reality the objects of the invention will be implemented in an object oriented language such as Sun Microsystems' Java or similar. Hence, they refer to real objects in any concrete implementation. It should be understood that reference to "objects",
"operations" and "methods" may be seen as abstract for the convenience of describing the present invention within the terms of a standard such as CORBA but that these objects, methods and operations are implemented in accordance with the present invention in a concrete programming language.
While the invention has been shown and described with reference to preferred embodiments, it will be understood by those skilled in the art that various changes or modifications in form and detail may be made without departing from the scope and spirit of this invention. For instance, although reference has been made to a client terminal 14 access a server 11 directly, the present invention includes more complex architectures especially those designed to be scaleable. For instance the present invention includes the use of an intermediate concentrator (Fig. 7). In this case the proxy CommMgr 25 or 26 accesses a concentrator object 30 located on a suitable node of the network 16 or 18, such as a server 31. The concentrator object 30 in turn uses a further proxy 32 to access MD 10 on server 11. As the authentication of the client has been carried out by proxy 25, 26 at the client's terminal or system, the applications running on server 31 such as the concentrator object 30 need not re-authenticate the client, nor require delegation of any privileges or access codes from proxy 25 or 26.

Claims

Claims
1. A method of operating a telecommunications network shared by two or more organizations, the network including at least a server and a client, comprising the steps of: the organization initiating a request to the server via a proxy communications object on the client; the proxy object enabling comparison of the contents of the request with a definition of the rights and privileges of an organization to use the network, and, responsive to the comparison step, enabling forwarding of the request to the server, further comprising the step of: the server transmitting to the client at least a first component of the proxy communications object, the first proxy communications object component comprising the definition of the rights and privileges.
2. A method according to claim 1, wherein the request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource.
3. The method in accordance with claim 1 or 2, wherein communications between the server and the client are defined by a common object model protocol.
4. The method according to any of claims 1 to 3, wherein the client only has read only access to the definition of the rights and privileges included within the transmitted proxy object component.
5. The method according to any of the previous claims, further comprising the step of the proxy object component inheriting the definition of the rights and privileges for an organization from a second object.
6. The method according to any of the previous claims, further comprising the step of transmitting a further proxy communications object to the client, the second proxy communications object comprising a further definition of the rights and privileges of an organization to use the network.
7. The method according to any previous claim wherein the network has at least one base network providing radio communications to user terminals and an operations and maintenance network comprising the server.
8. A telecommunications network for shared use by at least two organizations, the network having at least one server and one client equipment, the server being adapted to distribute at least a first component of a proxy communications object to the client equipment, the first distributed proxy communications object component comprising a definition of the rights and privileges of an organization to use the network, the client equipment being adapted so that when the organization initiates a request to the server via a proxy communications object on the client; the proxy object enables comparison of the contents of the request with a definition of the rights and privileges of the organization to use the network, and, responsive to the comparison step, enabling forwarding of the request to the server.
9. A network according to claim 8, wherein the request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource.
10. The network in accordance with claim 8 or 9, wherein the communications between the server and the client equipment are defined by a common object model protocol.
11. The network according to any of claims 8 to 10, wherein the first distributed proxy object component is stored on the client equipment and the client equipment is adapted to access the distributed proxy communications object component before completing set-up of a communication with the server.
12. The network according to any of claims 8 to 11, wherein the client equipment only has read only access to the first distributed proxy communications object component.
13. The network according to any of the claims 8 to 12, wherein the first distributed proxy communications object component is adapted to inherit the rights and privileges from a second object.
14. The network according to any of claims 8 to 13, the client equipment further comprising a second proxy communications object component adapted to enable forwarding of the request to the server in response to the comparison.
5 .A network element for use in a telecommunications network for shared use by at least two organizations, the network comprising at least a server and a client, the network element being adapted to distribute a communications proxy object via the network to a client, the distributed communications proxy object comprising a definition of the rights and privileges of an organization to the network.
16 -The network element in accordance with claim 15, wherein the network element is adapted to distribute the communications proxy object as defined by a common object model protocol.
17 . An external client user device for communication with server on a telecommunication network for shared use by at least two organizations, the external client user device storing a proxy communications object comprising a definition of the rights and privileges of the user to use the network, and the external client user device being adapted to access the proxy communications object before communication with the server and the proxy communications object being adapted to enable comparison of the contents of the request and the definition of the rights and privileges of the user and, responsive to the comparison, enabling forwarding of the request to the server .
18 . The client user device according to claim 18, wherein the request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource.
19. The client user device according to claim 18 or 19, wherein the client user device is adapted to communicate with the server using a common object model protocol.
. The client user device according to any of claims 18 or 20, wherein the client user device only has read only access to the proxy communications object.
PCT/EP2001/007168 2000-06-23 2001-06-25 Access control in client-server systems WO2001099377A2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US10/312,004 US7890640B2 (en) 2000-06-23 2001-06-25 Access control in client-server systems
EP01957882A EP1302055A2 (en) 2000-06-23 2001-06-25 Access control in client-server systems
AU2001279684A AU2001279684A1 (en) 2000-06-23 2001-06-25 Radio telecommunications system and method of operating the same with distributed communication objects
US12/978,961 US8065425B2 (en) 2000-06-23 2010-12-27 Access control in client-server systems
US13/281,053 US8935398B2 (en) 2000-06-23 2011-10-25 Access control in client-server systems

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP00401808A EP1168752A1 (en) 2000-06-23 2000-06-23 Access control in client-sever systems
EP00401808.1 2000-06-23

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US10312004 A-371-Of-International 2001-06-25
US12/978,961 Continuation US8065425B2 (en) 2000-06-23 2010-12-27 Access control in client-server systems

Publications (2)

Publication Number Publication Date
WO2001099377A2 true WO2001099377A2 (en) 2001-12-27
WO2001099377A3 WO2001099377A3 (en) 2002-05-30

Family

ID=8173740

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2001/007168 WO2001099377A2 (en) 2000-06-23 2001-06-25 Access control in client-server systems

Country Status (4)

Country Link
US (3) US7890640B2 (en)
EP (2) EP1168752A1 (en)
AU (1) AU2001279684A1 (en)
WO (1) WO2001099377A2 (en)

Families Citing this family (40)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1265414B1 (en) * 2001-06-06 2003-08-27 Alcatel Method for deploying a service and a method for configuring a network element in a communication network
US9237514B2 (en) * 2003-02-28 2016-01-12 Apple Inc. System and method for filtering access points presented to a user and locking onto an access point
US7617278B1 (en) 2003-01-29 2009-11-10 Adobe Systems Incorporated Client controllable server-side playlists
US7246356B1 (en) 2003-01-29 2007-07-17 Adobe Systems Incorporated Method and system for facilitating comunications between an interactive multimedia client and an interactive multimedia communication server
US7272658B1 (en) * 2003-02-13 2007-09-18 Adobe Systems Incorporated Real-time priority-based media communication
US9197668B2 (en) * 2003-02-28 2015-11-24 Novell, Inc. Access control to files based on source information
US20080109679A1 (en) * 2003-02-28 2008-05-08 Michael Wright Administration of protection of data accessible by a mobile device
US7848834B2 (en) * 2003-03-28 2010-12-07 Gm Global Technology Operations, Inc. Computerized system for network-based management of engineering projects
US7287256B1 (en) 2003-03-28 2007-10-23 Adobe Systems Incorporated Shared persistent objects
US20040243828A1 (en) * 2003-05-30 2004-12-02 Aguilera Marcos K. Method and system for securing block-based storage with capability data
US7319741B1 (en) * 2003-10-24 2008-01-15 Excel Switching Corporation Media resource card with dynamically allocated resource points
US20070198583A1 (en) * 2003-12-25 2007-08-23 H & T Corporation Safety test support system,method,and program
US9621539B2 (en) * 2004-01-30 2017-04-11 William H. Shawn Method and apparatus for securing the privacy of a computer network
US7478421B2 (en) * 2004-02-04 2009-01-13 Toshiba Corporation System and method for role based access control of a document processing device
US20090119755A1 (en) * 2004-02-04 2009-05-07 Kodimer Marianne L System and method for role based access control of a document processing device
US7720864B1 (en) * 2004-03-25 2010-05-18 Symantec Operating Corporation Expiration of access tokens for quiescing a distributed system
JP2006338587A (en) * 2005-06-06 2006-12-14 Hitachi Ltd Access control server, user terminal, and information access control method
US7945615B1 (en) * 2005-10-31 2011-05-17 Adobe Systems Incorporated Distributed shared persistent objects
US8161159B1 (en) * 2005-10-31 2012-04-17 Adobe Systems Incorporated Network configuration with smart edge servers
US20080033972A1 (en) * 2006-08-04 2008-02-07 Jianwen Yin Common Information Model for Web Service for Management with Aspect and Dynamic Patterns for Real-Time System Management
US8312154B1 (en) * 2007-06-18 2012-11-13 Amazon Technologies, Inc. Providing enhanced access to remote services
US9455969B1 (en) 2007-06-18 2016-09-27 Amazon Technologies, Inc. Providing enhanced access to remote services
US8051287B2 (en) 2008-10-15 2011-11-01 Adobe Systems Incorporated Imparting real-time priority-based network communications in an encrypted communication session
US8412841B1 (en) 2009-08-17 2013-04-02 Adobe Systems Incorporated Media content streaming using stream message fragments
US8166191B1 (en) 2009-08-17 2012-04-24 Adobe Systems Incorporated Hint based media content streaming
US9027092B2 (en) * 2009-10-23 2015-05-05 Novell, Inc. Techniques for securing data access
US8479268B2 (en) * 2009-12-15 2013-07-02 International Business Machines Corporation Securing asynchronous client server transactions
CN101895551A (en) * 2010-07-22 2010-11-24 北京天融信科技有限公司 Resource access control method and system
US8260931B2 (en) * 2010-10-02 2012-09-04 Synopsys, Inc. Secure provisioning of resources in cloud infrastructure
US9489250B2 (en) * 2011-09-05 2016-11-08 Infosys Limited System and method for managing a network infrastructure using a mobile device
US8699962B2 (en) * 2011-12-15 2014-04-15 Proximetry, Inc. Systems and methods for preparing a telecommunication network for providing services
US8971850B2 (en) 2012-06-14 2015-03-03 Motorola Solutions, Inc. Systems and methods for authenticating mobile devices at an incident via collaboration
US9779257B2 (en) 2012-12-19 2017-10-03 Microsoft Technology Licensing, Llc Orchestrated interaction in access control evaluation
US10152530B1 (en) 2013-07-24 2018-12-11 Symantec Corporation Determining a recommended control point for a file system
US10237252B2 (en) * 2013-09-20 2019-03-19 Oracle International Corporation Automatic creation and management of credentials in a distributed environment
US9887937B2 (en) * 2014-07-15 2018-02-06 Cohesity, Inc. Distributed fair allocation of shared resources to constituents of a cluster
CN104333553A (en) * 2014-11-11 2015-02-04 安徽四创电子股份有限公司 Mass data authority control strategy based on combination of blacklist and whitelist
US20160246813A1 (en) * 2015-02-25 2016-08-25 International Business Machines Corporation System and method for machine information life cycle
US11363028B2 (en) * 2018-09-27 2022-06-14 The Toronto-Dominion Bank Systems and methods for delegating access to a protected resource
US11157643B2 (en) 2018-09-27 2021-10-26 The Toronto-Dominion Bank Systems and methods for delegating access to a protected resource

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998050853A1 (en) * 1997-05-08 1998-11-12 Pinnacle Technology, Inc. Network desktop management security system and method
EP0913966A2 (en) * 1997-10-31 1999-05-06 Sun Microsystems, Inc. Distributed system and method for controlling acces to network resources
WO1999057863A1 (en) * 1998-05-05 1999-11-11 International Business Machines Corporation Client-server system for maintaining a user desktop consistent with server application user access permissions
WO1999060487A1 (en) * 1998-05-15 1999-11-25 Tridium, Inc. System and methods for object-oriented control of diverse electromechanical systems using a computer network

Family Cites Families (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH08123681A (en) * 1994-10-26 1996-05-17 Canon Inc Management system and terminal device
GB2305271A (en) * 1995-09-15 1997-04-02 Ibm Proxy object recovery in an object-oriented environment
GB2305270A (en) * 1995-09-15 1997-04-02 Ibm Bridge for a client-server environment
US6408336B1 (en) * 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US6085191A (en) * 1997-10-31 2000-07-04 Sun Microsystems, Inc. System and method for providing database access control in a secure distributed network
US5999978A (en) * 1997-10-31 1999-12-07 Sun Microsystems, Inc. Distributed system and method for controlling access to network resources and event notifications
US6038563A (en) * 1997-10-31 2000-03-14 Sun Microsystems, Inc. System and method for restricting database access to managed object information using a permissions table that specifies access rights corresponding to user access rights to the managed objects
US6202066B1 (en) * 1997-11-19 2001-03-13 The United States Of America As Represented By The Secretary Of Commerce Implementation of role/group permission association using object access type
US6175869B1 (en) * 1998-04-08 2001-01-16 Lucent Technologies Inc. Client-side techniques for web server allocation
US6539021B1 (en) * 1998-10-02 2003-03-25 Nortel Networks Limited Role based management independent of the hardware topology
US6158010A (en) * 1998-10-28 2000-12-05 Crosslogix, Inc. System and method for maintaining security in a distributed computer network
US6714219B2 (en) * 1998-12-31 2004-03-30 Microsoft Corporation Drag and drop creation and editing of a page incorporating scripts
EP1018689A3 (en) * 1999-01-08 2001-01-24 Lucent Technologies Inc. Methods and apparatus for enabling shared web-based interaction in stateful servers
US6430576B1 (en) * 1999-05-10 2002-08-06 Patrick Gates Distributing and synchronizing objects
JP3690720B2 (en) * 1999-09-14 2005-08-31 インターナショナル・ビジネス・マシーンズ・コーポレーション Client server system, object pooling method, and storage medium
US6880005B1 (en) * 2000-03-31 2005-04-12 Intel Corporation Managing policy rules in a network
US20020026592A1 (en) * 2000-06-16 2002-02-28 Vdg, Inc. Method for automatic permission management in role-based access control systems
US7467212B2 (en) * 2000-12-28 2008-12-16 Intel Corporation Control of access control lists based on social networks

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998050853A1 (en) * 1997-05-08 1998-11-12 Pinnacle Technology, Inc. Network desktop management security system and method
EP0913966A2 (en) * 1997-10-31 1999-05-06 Sun Microsystems, Inc. Distributed system and method for controlling acces to network resources
WO1999057863A1 (en) * 1998-05-05 1999-11-11 International Business Machines Corporation Client-server system for maintaining a user desktop consistent with server application user access permissions
WO1999060487A1 (en) * 1998-05-15 1999-11-25 Tridium, Inc. System and methods for object-oriented control of diverse electromechanical systems using a computer network

Also Published As

Publication number Publication date
EP1168752A1 (en) 2002-01-02
US8935398B2 (en) 2015-01-13
AU2001279684A1 (en) 2002-01-02
US20110106957A1 (en) 2011-05-05
WO2001099377A3 (en) 2002-05-30
US7890640B2 (en) 2011-02-15
US20030187993A1 (en) 2003-10-02
US8065425B2 (en) 2011-11-22
US20120079124A1 (en) 2012-03-29
EP1302055A2 (en) 2003-04-16

Similar Documents

Publication Publication Date Title
US8065425B2 (en) Access control in client-server systems
US10313355B2 (en) Client side security management for an operations, administration and maintenance system for wireless clients
US7331059B2 (en) Access restriction control device and method
US10749909B2 (en) Method and apparatus for centralized policy programming and distributive policy enforcement
US6389282B1 (en) Operation and maintenance system for a mobile communications network
US8738741B2 (en) Brokering network resources
US6327658B1 (en) Distributed object system and service supply method therein
CN116938558A (en) Computer implemented method for providing access to each node of a network and core network access system
US20050254652A1 (en) Automated network security system and method
US20030130953A1 (en) Systems and methods for monitoring the presence of assets within a system and enforcing policies governing assets
KR20060117319A (en) Method for managing the security of applications with a security module
CN103069767B (en) Consigning authentication method
KR20100060130A (en) System for protecting private information and method thereof
US20100146595A1 (en) Networking computers access control system and method
CN113691539A (en) Enterprise internal unified function authority management method and system
KR20020032892A (en) Integrated Management System And Method For User Password Of Multi UNIX Server
CN116956247B (en) Information processing system based on BIM
Borselius et al. A security architecture for agent-based mobile systems
KR100913976B1 (en) Use of configurations in device with multiple configurations
WO2003060800A2 (en) Systems and methods for monitoring the availability of assets within a system and enforcing policies governing assets
WO2000060466A1 (en) Management agent and system including the same

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 2001957882

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 10312004

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 2001957882

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 2001957882

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: JP