Access rights of users of a computer network with respect to data entities are specified by a relational database stored on one or more security servers. Application servers on the network that provide user access to the data entities generate queries to the relational database in order to obtain access rights lists of specific users. An access rights cache on each application server caches the access rights lists of the users that are connected to the respective application server, so that user access rights to specific data entities can rapidly be determined. Each user-specific access rights list includes a series of category identifiers plus a series of access rights values. The category identifiers specify categories of data entities to which the user has access, and the access rights values specify privilege levels of the users with respect to the corresponding data entity categories. The privilege levels are converted into specific access capabilities by application programs... |
Citations|
| US4184200 | Apr 26, 1978 | Jan 15, 1980 | Sperry Rand Corporation | Integrating I/O element | | US4280176 | Dec 26, 1978 | Jul 21, 1981 | International Business Machines Corporation | Memory configuration, address interleaving, relocation and access control system | | US4432057 | Nov 27, 1981 | Feb 14, 1984 | International Business Machines Corporation | Method for the dynamic replication of data under distributed system control to control utilization of resources in a multiprocessing, distributed data base system | | US4493024 | May 22, 1981 | Jan 8, 1985 | Data General Corporation | Digital data processing system | | US4799153 | Sep 17, 1987 | Jan 17, 1989 | Telenet Communications Corporation | Method and apparatus for enhancing security of communications in a packet-switched data communications system | | US4799156 | Oct 1, 1986 | Jan 17, 1989 | Strategic Processing Corporation | Interactive market management system | | US4800488 | Nov 12, 1985 | Jan 24, 1989 | American Telephone and Telegraph Company, AT&T Bell Laboratories | Method of propagating resource information in a computer network | | US4858117 | Aug 7, 1987 | Aug 15, 1989 | Bull HN Information Systems Inc. | Apparatus and method for preventing computer access by unauthorized personnel | | US4899136 | Apr 28, 1986 | Feb 6, 1990 | Xerox Corporation | Data processor having a user interface display with metaphoric objects | | US4914571 | Jun 15, 1987 | Apr 3, 1990 | International Business Machines Corporation | Locating resources in computer networks | | US5079765 | Jan 3, 1990 | Jan 7, 1992 | Canon Kabushiki Kaisha | Network system having a gateway apparatus for momitoring a local area network | | US5113499 | Apr 28, 1989 | May 12, 1992 | Sprint International Communications Corp. | Telecommunication access management system for a packet switching network | | US5140689 | May 23, 1991 | Aug 18, 1992 | Kabushiki Kaisha Toshiba | Data recovery system and method of distributed transaction processing system | | US5151989 | Feb 13, 1987 | Sep 29, 1992 | International Business Machines Corporation | Directory cache management in a distributed data processing system | | US5187790 | Apr 21, 1992 | Feb 16, 1993 | Digital Equipment Corporation | Server impersonation of client processes in an object based computer operating system | | US5247676 | Feb 4, 1992 | Sep 21, 1993 | Digital Equipment Corporation | RPC based computer system using transparent callback and associated method | | US5257369 | Oct 22, 1990 | Oct 26, 1993 | | Apparatus and method for providing decoupling of data exchange details for providing high performance communication between software processes | | US5265250 | Mar 29, 1990 | Nov 23, 1993 | AT&T Bell Laboratories | Apparatus and methods for performing an application-defined operation on data as part of a system-defined operation on the data | | US5291597 | Aug 19, 1991 | Mar 1, 1994 | IBM Corp | Method to provide concurrent execution of distributed application programs by a host computer and an intelligent work station on an SNA network | | US5307490 | Aug 28, 1992 | Apr 26, 1994 | Tandem Computers, Inc. | Method and system for implementing remote procedure calls in a distributed computer system | | US5321841 | Jan 29, 1993 | Jun 14, 1994 | Digital Equipment Corporation | System for determining the rights of object access for a server process by combining them with the rights of the client process | | US5329619 | Oct 30, 1992 | Jul 12, 1994 | Software AG | Cooperative processing interface and communication broker for heterogeneous computing environments | | US5341477 | Aug 6, 1993 | Aug 23, 1994 | Digital Equipment Corporation | Broker for computer network server selection | | US5347632 | Jul 28, 1989 | Sep 13, 1994 | Prodigy Services Company | Reception system for an interactive computer network and method of operation | | US5355497 | Jun 10, 1992 | Oct 11, 1994 | Physiotronics Corporation | File directory structure generator and retrevial tool with document locator module mapping the directory structure of files to a real world hierarchical file structure | | US5367621 | Sep 6, 1991 | Nov 22, 1994 | International Business Machines Corporation | Data processing method to provide a generalized link from a reference point in an on-line book to an arbitrary multimedia object which can be dynamically updated | | US5371852 | Oct 14, 1992 | Dec 6, 1994 | International Business Machines Corporation | Method and apparatus for making a cluster of computers appear as a single host on a network | | US5388255 | Dec 19, 1991 | Feb 7, 1995 | Wang Laboratories, Inc. | System for updating local views from a global database using time stamps to determine when a change has occurred | | US5396626 | Aug 4, 1993 | Mar 7, 1995 | Taligent, Inc. | Object-oriented locator system | | US5423003 | Mar 3, 1994 | Jun 6, 1995 | Geonet Limited L.P. | System for managing network computer applications | | US5434994 | May 23, 1994 | Jul 18, 1995 | International Business Machines Corporation | System and method for maintaining replicated data coherency in a data processing system | | US5444848 | Apr 30, 1992 | Aug 22, 1995 | Bull HN Information Systems Inc. | Distribution of communications connections over multiple service access points by choosing remote and local access points having lowest number of connections | | US5455932 | Oct 20, 1992 | Oct 3, 1995 | Novell, Inc. | Fault tolerant computer system | | US5463625 | Oct 1, 1993 | Oct 31, 1995 | International Business Machines Corporation | High performance machine for switched communications in a heterogeneous data processing network gateway | | US5473599 | Apr 22, 1994 | Dec 5, 1995 | Cisco Systems, Incorporated | Standby router protocol | | US5475819 | Jun 17, 1994 | Dec 12, 1995 | Digital Equipment Corporation | Distributed configuration profile for computing system | | US5481720 | Sep 14, 1994 | Jan 2, 1996 | International Business Machines Corporation | Flexible interface to authentication services in a distributed data processing environment | | US5483652 | Jan 24, 1994 | Jan 9, 1996 | Digital Equipment Corporation | Mechanism for locating without search discrete application resources known by common name only in a distributed network computing environment | | US5490270 | Jun 16, 1994 | Feb 6, 1996 | International Business Machines Corporation | Simultaneous updates to the modification time attribute of a shared file in a cluster having a server and client nodes | | US5491800 | Dec 20, 1993 | Feb 13, 1996 | Taligent, Inc. | Object-oriented remote procedure call networking system | | US5491817 | May 25, 1993 | Feb 13, 1996 | Bell Communications Research Inc. | Linking system and method for accessing directory information about an object in one context when information in another context is known | | US5491820 | Nov 10, 1994 | Feb 13, 1996 | AT&T Corporation | Distributed, intermittently connected, object-oriented database and management system | | US5497463 | Sep 25, 1992 | Mar 5, 1996 | Bull HN Information Systems Inc. | Ally mechanism for interconnecting non-distributed computing environment (DCE) and DCE systems to operate in a network system | | US5499342 | May 1, 1992 | Mar 12, 1996 | Hitachi, Ltd. | System for dynamically switching logical sessions between terminal device and a processor which stops its operation to another working processor under control of communication control processor | | US5500929 | Aug 30, 1993 | Mar 19, 1996 | Taligent, Inc. | System for browsing a network resource book with tabs attached to pages | | US5513314 | Jan 27, 1995 | Apr 30, 1996 | Auspex Systems, Inc. | Fault tolerant NFS server system and mirroring protocol | | US5526491 | Sep 22, 1992 | Jun 11, 1996 | International Business Machines Corporation | System and method for calling selected service procedure remotely by utilizing conditional construct switch statement to determine the selected service procedure in common stub procedure | | US5530852 | Dec 20, 1994 | Jun 25, 1996 | Sun Microsystems, Inc. | Method for extracting profiles and topics from a first file written in a first markup language and generating files in different markup languages containing the profiles and topics for use in accessing data described by the profiles and topics | | US5544313 | May 11, 1994 | Aug 6, 1996 | International Business Machines Corporation | Baton passing optimization scheme for load balancing/configuration planning in a video-on-demand computer system | | US5544327 | Jul 26, 1994 | Aug 6, 1996 | International Business Machines Corporation | Load balancing in video-on-demand servers by allocating buffer to streams with successively larger buffer requirements until the buffer requirements of a stream can not be satisfied | | US5548724 | Mar 21, 1994 | Aug 20, 1996 | Hitachi, Ltd.
Hitachi Computer Engineering Co., Ltd. | File server system and file access control method of the same | | US5548726 | Dec 17, 1993 | Aug 20, 1996 | Taligeni, Inc. | System for activating new service in client server network by reconfiguring the multilayer network protocol stack dynamically within the server node | | US5551508 | Jun 7, 1995 | Sep 3, 1996 | Inter-City Products Corporation (USA) | Condensing unit using cross-flow blower | | US5553239 | Nov 10, 1994 | Sep 3, 1996 | AT&T Corporation | Management facility for server entry and application utilization in a multi-node server configuration | | US5553242 | Nov 3, 1993 | Sep 3, 1996 | Wang Laboratories, Inc. | Client/server connection sharing | | US5559969 | Aug 9, 1994 | Sep 24, 1996 | Unisys Corporation | Method and apparatus for efficiently interfacing variable width data streams to a fixed width memory | | US5564043 | Mar 24, 1994 | Oct 8, 1996 | AT&T Global Information Solutions | Launching computer program upon download of data created by program | | US5572643 | Oct 19, 1995 | Nov 5, 1996 | | Web browser with dynamic display of information objects during linking | | US5581753 | Sep 28, 1994 | Dec 3, 1996 | Xerox Corporation | Method for providing session consistency guarantees | | US5592611 | Mar 14, 1995 | Jan 7, 1997 | Network Integrity, Inc. | Stand-in computer server | | US5596579 | Jun 5, 1995 | Jan 21, 1997 | International Business Machines Corporation | High performance machine for switched communications in a heterogeneous data processing network gateway | | US5596744 | May 20, 1993 | Jan 21, 1997 | Hughes Aircraft Company | Apparatus and method for providing users with transparent integrated access to heterogeneous database management systems | | US5608865 | Mar 14, 1995 | Mar 4, 1997 | Network Integrity, Inc. | Stand-in Computer file server providing fast recovery from computer file server failures | | US5608903 | Dec 15, 1994 | Mar 4, 1997 | Novell, Inc. | Method and apparatus for moving subtrees in a distributed network directory | | US5617568 | Dec 14, 1994 | Apr 1, 1997 | International Business Machines Corporation | System and method for supporting file attributes on a distributed file system without native support therefor | | US5617570 | Nov 3, 1993 | Apr 1, 1997 | Wang Laboratories, Inc. | Server for executing client operation calls, having a dispatcher, worker tasks, dispatcher shared memory area and worker control block with a task memory for each worker task and dispatcher/worker task semaphore communication | | US5619632 | Sep 14, 1994 | Apr 8, 1997 | Xerox Corporation | Displaying node-link structure with region of greater spacings and peripheral branches | | US5650994 | May 16, 1995 | Jul 22, 1997 | Bell Atlantic Network Services, Inc. | Operation support system for service creation and network provisioning for video dial tone networks | | US5666519 | Sep 30, 1996 | Sep 9, 1997 | Digital Equipment Corporation | Method and apparatus for detecting and executing cross-domain calls in a computer system | | US5675723 | May 19, 1995 | Oct 7, 1997 | Compaq Computer Corporation | Multi-server fault tolerance using in-band signalling | | US5675796 | Aug 16, 1996 | Oct 7, 1997 | Microsoft Corporation | Concurrency management component for use by a computer program during the transfer of a message | | US5696895 | Jun 19, 1995 | Dec 9, 1997 | Compaq Computer Corporation | Fault tolerant multiple network servers | | US5774668 | Jun 7, 1995 | Jun 30, 1998 | Microsoft Corporation | System for on-line service in which gateway computer uses service map which includes loading condition of servers broadcasted by application servers for load balancing |
Referenced by|
| US6014666 | Oct 28, 1997 | Jan 11, 2000 | Microsoft Corporation | Declarative and programmatic access control of component-based server applications using roles | | US6122741 | Sep 19, 1997 | Sep 19, 2000 | | Distributed method of and system for maintaining application program security | | US6141754 | Nov 28, 1997 | Oct 31, 2000 | International Business Machines Corporation | Integrated method and system for controlling information access and distribution | | US6178422 | Feb 17, 1998 | Jan 23, 2001 | Hitachi, Ltd. | Information registration method and document information processing apparatus | | US6189029 | Sep 20, 1996 | Feb 13, 2001 | Silicon Graphics, Inc. | Web survey tool builder and result compiler | | US6205476 | May 5, 1998 | Mar 20, 2001 | International Business Machines Corporation | Client--server system with central application management allowing an administrator to configure end user applications by executing them in the context of users and groups | | US6233618 | Mar 31, 1998 | May 15, 2001 | Content Advisor, Inc. | Access control of networked data | | US6240443 | Dec 3, 1998 | May 29, 2001 | NTT Software Corporation | Communication system and communication method | | US6263445 | Jun 30, 1998 | Jul 17, 2001 | EMC Corporation | Method and apparatus for authenticating connections to a storage system coupled to a network | | US6279111 | Jun 12, 1998 | Aug 21, 2001 | Microsoft Corporation | Security model using restricted tokens | | US6292798 | Sep 9, 1998 | Sep 18, 2001 | International Business Machines Corporation | Method and system for controlling access to data resources and protecting computing system resources from unauthorized access | | US6301601 | Jul 12, 1999 | Oct 9, 2001 | Microsoft Corporation | Disabling and enabling transaction committal in transactional application components | | US6308273 | Jun 12, 1998 | Oct 23, 2001 | Microsoft Corporation | Method and system of security location discrimination | | US6308274 | Jun 12, 1998 | Oct 23, 2001 | Microsoft Corporation | Least privilege via restricted tokens | | US6311278 | Jul 1, 1999 | Oct 30, 2001 | Sanctum Ltd. | Method and system for extracting application protocol characteristics | | US6321337 | Sep 9, 1998 | Nov 20, 2001 | Sanctum Ltd. | Method and system for protecting operations of trusted internal networks | | US6334130 | Oct 25, 2000 | Dec 25, 2001 | Hitachi, Ltd. | Information registration method and document information processing apparatus | | US6336133 | May 13, 1998 | Jan 1, 2002 | America Online, Inc. | Regulating users of online forums | | US6339784 | May 13, 1998 | Jan 15, 2002 | America Online, Inc. | Self-policing, rate limiting online forums | | US6351271 | Oct 9, 1998 | Feb 26, 2002 | Interval Research Corporation | Method and apparatus for sending and receiving lightweight messages | | US6385724 | Nov 30, 1998 | May 7, 2002 | Microsoft Corporation | Automatic object caller chain with declarative impersonation and transitive trust | | US6393415 | Mar 31, 1999 | May 21, 2002 | Verizon Laboratories Inc. | Adaptive partitioning techniques in performing query requests and request routing | | US6393468 | Mar 13, 1998 | May 21, 2002 | British Telecommunications Public Limited Company | Data access control | | US6405217 | Sep 21, 1998 | Jun 11, 2002 | Microsoft Corporation | State-based implementation of transactions on a file system | | US6408336 | Mar 4, 1998 | Jun 18, 2002 | | Distributed administration of access to information | | US6430607 | Nov 12, 1998 | Aug 6, 2002 | Microsoft Corporation | System and method for performing remote requests with an on-line service network | | US6438580 | Mar 30, 1998 | Aug 20, 2002 | Electronic Data Systems Corporation | System and method for an interactive knowledgebase | | US6442620 | Aug 17, 1998 | Aug 27, 2002 | Microsoft Corporation | Environment extensibility and automatic services for component applications using contexts, policies and activators | | US6473791 | Aug 17, 1998 | Oct 29, 2002 | Microsoft Corporation | Object load balancing | | US6477531 | Dec 18, 1998 | Nov 5, 2002 | Motive Communications, Inc. | Technical support chain automation with guided self-help capability using active content | | US6487665 | Nov 30, 1998 | Nov 26, 2002 | Microsoft Corporation | Object security boundaries | | US6490583 | Aug 24, 2001 | Dec 3, 2002 | Hitachi, Ltd. | Information registration method and document information processing apparatus | | US6505300 | Jun 12, 1998 | Jan 7, 2003 | Microsoft Corporation | Method and system for secure running of untrusted content | | US6513041 | Dec 1, 2000 | Jan 28, 2003 | Required Technologies, Inc. | Value-instance-connectivity computer-implemented database | | US6519592 | Feb 7, 2002 | Feb 11, 2003 | Verizon Laboratories Inc. | Method for using data from a data query cache | | US6526416 | Jun 30, 1998 | Feb 25, 2003 | Microsoft Corporation | Compensating resource managers | | US6542898 | May 12, 1999 | Apr 1, 2003 | Motive Communications, Inc. | Technical support chain automation with guided self-help capability using active content developed for specific audiences | | US6559863 | Feb 11, 2000 | May 6, 2003 | International Business Machines Corporation | System and methodology for video conferencing and internet chatting in a cocktail party style | | US6574656 | Oct 19, 1999 | Jun 3, 2003 | NEC Corporation | Network system and method for limiting the execution of commands | | US6574736 | Nov 30, 1998 | Jun 3, 2003 | Microsoft Corporation | Composable roles | | US6584569 | Mar 5, 2001 | Jun 24, 2003 | Sanctum Ltd. | System for determining web application vulnerabilities | | US6599324 | Mar 11, 1998 | Jul 29, 2003 | Fujitsu Limited | Document management apparatus and document management program storage medium | | US6604198 | May 3, 2002 | Aug 5, 2003 | Microsoft Corporation | Automatic object caller chain with declarative impersonation and transitive trust | | US6606711 | Oct 29, 2002 | Aug 12, 2003 | Microsoft Corporation | Object security boundaries | | US6615240 | Dec 18, 1998 | Sep 2, 2003 | Motive Communications, Inc. | Technical support chain automation with guided self-help capability and option to escalate to live help | | US6615257 | Dec 18, 1998 | Sep 2, 2003 | Cisco Technology, Inc. | Secure multi-user cable modem configuration editor and viewer | | US6629081 | Dec 22, 1999 | Sep 30, 2003 | Accenture LLP | Account settlement and financing in an e-commerce environment | | US6631425 | Oct 28, 1997 | Oct 7, 2003 | Microsoft Corporation | Just-in-time activation and as-soon-as-possible deactivation or server application components | | US6640211 | Oct 22, 1999 | Oct 28, 2003 | First Genetic Trust Inc. | Genetic profiling and banking system and method | | US6643640 | Feb 7, 2002 | Nov 4, 2003 | Verizon Laboratories Inc. | Method for performing a data query | | US6645077 | Dec 21, 2000 | Nov 11, 2003 | IGT | Gaming terminal data repository and information distribution system | | US6651096 | Apr 20, 1999 | Nov 18, 2003 | Cisco Technology, Inc. | Method and apparatus for organizing, storing and evaluating access control lists | | US6658598 | Feb 17, 2000 | Dec 2, 2003 | Motive Communications, Inc. | Technical support chain automation with guided self-help capability using active content assertions | | US6671724 | Mar 21, 2000 | Dec 30, 2003 | Centrisoft Corporation | Software, systems and methods for managing a distributed network | | US6678696 | Jan 4, 1999 | Jan 13, 2004 | Microsoft Corporation | Transaction processing of distributed objects with declarative transactional attributes | | US6678733 | Oct 26, 1999 | Jan 13, 2004 | At Home Corporation | Method and system for authorizing and authenticating users | | US6694314 | Dec 18, 1998 | Feb 17, 2004 | Motive Communications, Inc. | Technical support chain automation with guided self-help capability via a system-supplied search string | | US6704752 | Oct 12, 1999 | Mar 9, 2004 | Cisco Technology, Inc. | Method and system for executing, tracking and restoring temporary router configuration change using a centralized database | | US6714962 | Mar 16, 2000 | Mar 30, 2004 | Microsoft Corporation | Multi-user server application architecture with single-user object tier | | US6732100 | Mar 31, 2000 | May 4, 2004 | Siebel Systems, Inc. | Database access method and system for user role defined access | | US6732179 | Oct 26, 1999 | May 4, 2004 | At Home Corporation | Method and system for restricting access to user resources | | US6738901 | Dec 15, 1999 | May 18, 2004 | 3M Innovative Properties Company | Smart card controlled internet access | | US6745281 | Jun 28, 2000 | Jun 1, 2004 | NEC Corporation | Fiber channel connection magnetic disk device and fiber channel connection magnetic disk controller | | US6748555 | Sep 9, 1999 | Jun 8, 2004 | Microsoft Corporation | Object-based software management | | US6748592 | Feb 14, 2000 | Jun 8, 2004 | Xoucin, Inc. | Method and apparatus for protectively operating a data/information processing device | | US6766355 | Oct 21, 1998 | Jul 20, 2004 | Sony Corporation
Sony Electronics | Method and apparatus for implementing multi-user grouping nodes in a multimedia player | | US6813769 | Oct 28, 1997 | Nov 2, 2004 | Microsoft Corporation | Server application components with control over state duration | | US6823391 | Oct 4, 2000 | Nov 23, 2004 | Microsoft Corporation | Routing client requests to back-end servers | | US6826618 | Oct 2, 2001 | Nov 30, 2004 | America Online, Inc. | Self-policing, rate limiting online forums | | US6834284 | Aug 12, 1999 | Dec 21, 2004 | International Business Machines Corporation | Process and system for providing name service scoping behavior in java object-oriented environment | | US6883020 | Jun 26, 1997 | Apr 19, 2005 | Hewlett-Packard Development Company, L.P. | Apparatus and method for filtering downloaded network sites | | US6898595 | Mar 12, 2002 | May 24, 2005 | General Electric Company | Searching and matching a set of query strings used for accessing information in a database directory | | US6906721 | Oct 10, 2000 | Jun 14, 2005 | American Megatrends, Inc. | Systems, methods, and computer program products for managing the display of information output by a computer program | | US6907448 | May 23, 2001 | Jun 14, 2005 | Sony Computer Entertainment Inc. | SERVER SYSTEM FOR CLASSIFYING ACCEPTED USERS BASED ON IDENTIFICATION INFORMATION INTO PREDETERMINED GROUPS IN ACCORDANCE WITH A COUNTING RESULT OBTAINED BY COUNTING A NUMBER OF STORED IDENTIFICATION INFORMATION | | US6917980 | Dec 12, 2000 | Jul 12, 2005 | International Business Machines Corporation | Method and apparatus for dynamic modification of internet firewalls using variably-weighted text rules | | US6931530 | Jul 22, 2002 | Aug 16, 2005 | Vormetric, Inc. | Secure network file access controller implementing access control and auditing | | US6934841 | Mar 1, 2004 | Aug 23, 2005 | 3M Innovative Properties Company | Smart card controlled internet access | | US6947985 | Dec 5, 2001 | Sep 20, 2005 | Websense, Inc. | Filtering techniques for managing access to internet sites or other software applications | | US6959362 | May 7, 2003 | Oct 25, 2005 | Microsoft Corporation | Caching based on access rights in connection with a content management server system or the like | | US6973499 | Apr 7, 2000 | Dec 6, 2005 | Intertrust Technologies Corp. | Ticketing and keying for orchestrating distribution of network content | | US6976023 | Apr 23, 2002 | Dec 13, 2005 | International Business Machines Corporation | System and method for managing application specific privileges in a content management system | | US6978292 | Sep 21, 2000 | Dec 20, 2005 | Fujitsu Limited | Communication support method and system | | US6996711 | Feb 28, 2001 | Feb 7, 2006 | Sun Microsystems, Inc. | Certification validation system | | US6999990 | May 12, 1999 | Feb 14, 2006 | Motive, Inc. | Technical support chain automation with guided self-help capability, escalation to live help, and active journaling | | US7024689 | Dec 13, 2002 | Apr 4, 2006 | Intuit, Inc. | Granting access rights to unattended software | | US7032006 | Jan 26, 2001 | Apr 18, 2006 | | Distributed active knowledge and process base allowing system elements to be shared within a collaborative framework | | US7032067 | Dec 17, 2002 | Apr 18, 2006 | Activcard | Security token sharable data and synchronization cache | | US7042851 | Oct 26, 2000 | May 9, 2006 | Lucent Technologies Inc. | Service creation and negotiation in a wireless network | | US7043733 | Jun 14, 2004 | May 9, 2006 | Microsoft Corporation | Server application components with control over state duration | | US7043734 | Feb 15, 2005 | May 9, 2006 | Microsoft Corporation | Component self-deactivation while client holds a returned reference | | US7051027 | Jun 30, 1998 | May 23, 2006 | Fujitsu Limited | Information service system, information service participation management apparatus, information service providing apparatus, and recording medium | | US7054944 | Dec 19, 2001 | May 30, 2006 | Intel Corporation | Access control management system utilizing network and application layer access control lists | | US7062770 | Feb 15, 2005 | Jun 13, 2006 | Microsoft Corporation | Recycling components after self-deactivation | | US7065346 | Feb 25, 2003 | Jun 20, 2006 | Nokia Corporation | Managing the configuration of a shared network node | | US7069234 | Dec 22, 1999 | Jun 27, 2006 | Accenture LLP | Initiating an agreement in an e-commerce environment | | US7072933 | Jan 24, 2000 | Jul 4, 2006 | Microsoft Corporation | Network access control using network address translation | | US7076476 | Mar 2, 1999 | Jul 11, 2006 | Microsoft Corporation | Method and system for integrated service administration via a directory service | | US7076558 | Feb 27, 2002 | Jul 11, 2006 | Microsoft Corporation | User-centric consent management system and method | | US7076784 | Oct 22, 1999 | Jul 11, 2006 | Microsoft Corporation | Software component execution management using context objects for tracking externally-defined intrinsic properties of executing software components within an execution environment | | US7085744 | Dec 8, 2000 | Aug 1, 2006 | International Business Machines Corporation | Method and system for conducting a transaction over a network | | US7085839 | Apr 7, 2000 | Aug 1, 2006 | Intertrust Technologies Corporation | Network content management | | US7089224 | Apr 10, 2003 | Aug 8, 2006 | Registrar Systems LLC | World wide web registration information processing system | | US7103660 | Feb 23, 2001 | Sep 5, 2006 | Sony Corporation | Information processing apparatus, method thereof, network system, record medium, and program | | US7107610 | May 11, 2001 | Sep 12, 2006 | Intel Corporation | Resource authorization | | US7111052 | May 23, 2000 | Sep 19, 2006 | Sprint Communications Company L.P. | Network shell | | US7130892 | Sep 27, 2001 | Oct 31, 2006 | International Business Machines Corporation | Method and system for music distribution | | US7136821 | Apr 18, 2000 | Nov 14, 2006 | Neat Group Corporation | Method and apparatus for the composition and sale of travel-oriented packages | | US7143288 | Oct 16, 2002 | Nov 28, 2006 | Vormetric, Inc. | Secure file system server architecture and methods | | US7149724 | Oct 30, 2000 | Dec 12, 2006 | | System and method for an automated system of record | | US7149849 | Aug 2, 2005 | Dec 12, 2006 | Microsoft Corporation | Caching based on access rights in connection with a content management server system or the like | | US7162036 | Aug 6, 2001 | Jan 9, 2007 | IGT | Digital identification of unique game characteristics | | US7162458 | Oct 30, 2000 | Jan 9, 2007 | Sky Technologies, LLC | System and method for process mining | | US7162528 | Oct 1, 2002 | Jan 9, 2007 | The United States of America as represented by the Secretary of the Navy | Collaborative environment implemented on a distributed computer network and software therefor | | US7185015 | Mar 14, 2003 | Feb 27, 2007 | Websense, Inc. | System and method of monitoring and controlling application files | | US7185092 | May 14, 2001 | Feb 27, 2007 | International Business Machines Corporation | Web site, information communication terminal, robot search engine response system, robot search engine registration method, and storage medium and program transmission apparatus therefor | | US7186181 | Sep 26, 2001 | Mar 6, 2007 | IGT | Wide area program distribution and game information communication system | | US7194442 | Oct 30, 2000 | Mar 20, 2007 | Sky Technologies, LLC | System and method for automated, iterative development negotiations | | US7194464 | Dec 7, 2001 | Mar 20, 2007 | Websense, Inc. | System and method for adapting an internet filter | | US7200595 | Jun 28, 2004 | Apr 3, 2007 | Microsoft Corporation | Systems and methods for fine grained access control of data stored in relational databases | | US7222109 | Oct 30, 2000 | May 22, 2007 | Sky Technologies LLC | System and method for contract authority | | US7225257 | Mar 18, 2002 | May 29, 2007 | Ricoh Company, Ltd.
Ricoh System Kaihatsu Co., Ltd.
Eiji Yoshino | Information-display system, an information-display method, an information-display server, and an information-display program | | US7237265 | Mar 20, 2003 | Jun 26, 2007 | Watchfire Corporation | System for determining web application vulnerabilities | | US7240244 | Jun 8, 2004 | Jul 3, 2007 | Microsoft Corporation | Object-based software management | | US7243097 | Feb 21, 2006 | Jul 10, 2007 | International Business Machines Corporation | Extending relational database systems to automatically enforce privacy policies | | US7243157 | Feb 20, 2004 | Jul 10, 2007 | Microsoft Corporation | Dynamic protocol construction | | US7243271 | Jun 8, 2004 | Jul 10, 2007 | Microsoft Corporation | Wrapped object for observing object events | | US7260635 | Feb 18, 2003 | Aug 21, 2007 | Centrisoft Corporation | Software, systems and methods for managing a distributed network | | US7260636 | Dec 22, 2000 | Aug 21, 2007 | EMC Corporation | Method and apparatus for preventing unauthorized access by a network device | | US7263523 | Nov 24, 1999 | Aug 28, 2007 | Unisys Corporation | Method and apparatus for a web application server to provide for web user validation | | US7263535 | Aug 19, 2002 | Aug 28, 2007 | BellSouth Intellectual Property Corporation | Resource list management system | | US7266681 | Apr 7, 2000 | Sep 4, 2007 | Intertrust Technologies Corp. | Network communications security agent | | US7272550 | Apr 23, 2002 | Sep 18, 2007 | International Business Machines Corporation | System and method for configurable binding of access control lists in a content management system | | US7272625 | Jun 28, 1999 | Sep 18, 2007 | SonicWall, Inc. | Generalized policy server | | US7284265 | Apr 23, 2002 | Oct 16, 2007 | International Business Machines Corporation | System and method for incremental refresh of a compiled access control table in a content management system | | US7289788 | May 26, 2004 | Oct 30, 2007 | Avaya Technology Corp. | Mobile gateway for secure extension of enterprise services to mobile devices | | US7305451 | Aug 4, 2004 | Dec 4, 2007 | Microsoft Corporation | System for providing users an integrated directory service containing content nodes located in different groups of application servers in computer network | | US7308580 | Apr 23, 2002 | Dec 11, 2007 | International Business Machines Corporation | System and method for ensuring security with multiple authentication schemes | | US7308580 | Apr 23, 2002 | Dec 11, 2007 | International Business Machines Corporation | System and method for ensuring security with multiple authentication schemes | | US7308704 | Aug 18, 2003 | Dec 11, 2007 | Sap AG | Data structure for access control | | US7308704 | Aug 18, 2003 | Dec 11, 2007 | Sap AG | Data structure for access control | | US7313822 | Mar 16, 2001 | Dec 25, 2007 | Protegrity Corporation | Application-layer security method and system | | US7318238 | Jan 14, 2002 | Jan 8, 2008 | Microsoft Corporation | Security settings for markup language elements | | US7330898 | Jul 25, 2006 | Feb 12, 2008 | Intertrust Technologies Corp. | Network content management | | US7334124 | Jul 22, 2002 | Feb 19, 2008 | Vormetric, Inc. | Logical access block processing protocol for transparent secure file storage | | US7337224 | Oct 24, 2002 | Feb 26, 2008 | Cisco Technology, Inc. | Method and apparatus providing policy-based determination of network addresses | | US7346696 | Aug 13, 2002 | Mar 18, 2008 | AT&T Deleware Intellectual Property, Inc. | Group access management system | | US7350237 | Aug 18, 2003 | Mar 25, 2008 | SAP AG | Managing access control information | | US7353282 | Nov 25, 2002 | Apr 1, 2008 | Microsoft Corporation | Methods and systems for sharing a network resource with a user without current access | | US7363650 | Sep 13, 2002 | Apr 22, 2008 | BEA Systems, Inc. | System and method for incrementally distributing a security policy in a computer network | | US7367014 | Oct 24, 2002 | Apr 29, 2008 | BEA Systems, Inc. | System and method for XML data representation of portlets | | US7370100 | Dec 10, 2003 | May 6, 2008 | Foundry Networks, Inc. | Method and apparatus for load balancing based on packet header content | | US7382868 | Apr 2, 2003 | Jun 3, 2008 | Verizon Business Global LLC | Telephony services system with instant communications enhancements | | US7389474 | Feb 28, 2003 | Jun 17, 2008 | Microsoft Corporation | Language or script-based character set conversions per-application program | | US7389514 | May 26, 2004 | Jun 17, 2008 | Microsoft Corporation | Software component execution management using context objects for tracking externally-defined intrinsic properties of executing software components within an execution environment | | US7395552 | Oct 20, 2005 | Jul 1, 2008 | SugarCRM, Inc. | Team based row level security system and method | | US7401054 | Mar 4, 2002 | Jul 15, 2008 | Accenture GmbH | Content bank for objects | | US7412434 | Jan 10, 2005 | Aug 12, 2008 | Registrar Systems LLC | World wide web registration information processing system | | US7415478 | Jul 11, 2003 | Aug 19, 2008 | BEA Systems, Inc. | Virtual repository complex content model | | US7421390 | Sep 13, 2002 | Sep 2, 2008 | Sun Microsystems, Inc. | Method and system for voice control of software applications | | US7433896 | Jan 3, 2006 | Oct 7, 2008 | BEA Systems, Inc. | Federated management of content repositories | | US7437431 | Aug 4, 2004 | Oct 14, 2008 | Microsoft Corporation | Method for downloading an icon corresponding to a hierarchical directory structure from a directory service | | US7437754 | Apr 30, 2004 | Oct 14, 2008 | Oracle International Corporation | Web object access authorization protocol based on an HTTP validation model | | US7451477 | Oct 24, 2002 | Nov 11, 2008 | BEA Systems, Inc. | System and method for rule-based entitlements | | US7454609 | Aug 28, 2007 | Nov 18, 2008 | Intertrust Technologies Corp. | Network communications security agent | | US7461066 | Jun 29, 2004 | Dec 2, 2008 | International Business Machines Corporation | Techniques for sharing persistently stored query results between multiple users | | US7467211 | Oct 18, 1999 | Dec 16, 2008 | Cisco Technology Inc. | Remote computer system management through an FTP internet connection | | US7472342 | Oct 24, 2002 | Dec 30, 2008 | BEA Systems, Inc. | System and method for portal page layout | | US7483893 | Aug 4, 2006 | Jan 27, 2009 | BAE Systems, Inc. | System and method for lightweight loading for managing content | | US7483904 | Jul 11, 2003 | Jan 27, 2009 | BEA Systems, Inc. | Virtual repository content model | | US7483982 | Sep 13, 2005 | Jan 27, 2009 | Websense, Inc. | Filtering techniques for managing access to internet sites or other software applications | | US7490135 | Jul 7, 2003 | Feb 10, 2009 | Registrar Systems LLC | Method for providing node targeted content in an addressable network | | US7490333 | Dec 8, 2000 | Feb 10, 2009 | Gemalto SA | Capability-based access control for applications in particular co-operating applications in a chip card | | US7496649 | Feb 20, 2004 | Feb 24, 2009 | Microsoft Corporation | Policy application across multiple nodes | | US7496952 | Mar 28, 2002 | Feb 24, 2009 | International Business Machines Corporation | Methods for authenticating a user's credentials against multiple sets of credentials | | US7500006 | Jun 29, 2005 | Mar 3, 2009 | Intertrust Technologies Corp. | Ticketing and keying for orchestrating distribution of network content | | US7502832 | Aug 4, 2004 | Mar 10, 2009 | Microsoft Corporation | Distributed directory service using junction nodes for providing network users with an integrated hierarchical directory services | | US7506357 | Nov 22, 2000 | Mar 17, 2009 | Bea Systems, Inc. | System and method for maintaining security in a distributed computer network | | US7509497 | Jun 23, 2004 | Mar 24, 2009 | Microsoft Corporation | System and method for providing security to an application | | US7523200 | Jul 2, 2003 | Apr 21, 2009 | International Business Machines Corporation | Dynamic access decision information module | | US7529654 | Jul 12, 2002 | May 5, 2009 | International Business Machines Corporation | System and procedure for controlling and monitoring programs in a computer network | | US7529725 | Jan 10, 2005 | May 5, 2009 | Registrar Systems LLC | World wide web registration information processing system | | US7529754 | May 19, 2005 | May 5, 2009 | Websense, Inc. | System and method of monitoring and controlling application files | | US7530112 | Sep 10, 2003 | May 5, 2009 | Cisco Technology, Inc. | Method and apparatus for providing network security using role-based access control | | US7533157 | Dec 24, 2002 | May 12, 2009 | International Business Machines Corporation | Method for delegation of administrative operations in user enrollment tasks | | US7536392 | Nov 13, 2006 | May 19, 2009 | AT&T Intelllectual Property I, L.P. | Network update manager | | US7562298 | Jul 11, 2003 | Jul 14, 2009 | BEA Systems, Inc. | Virtual content repository browser | | US7565532 | Oct 23, 2006 | Jul 21, 2009 | Vormetric, Inc. | Secure file system server architecture and methods | | US7577092 | Aug 4, 2004 | Aug 18, 2009 | Microsoft Corporation | Directory service for a computer network | | US7580919 | Jun 21, 2000 | Aug 25, 2009 | SonicWALL, Inc. | Query interface to policy server | | US7580953 | Apr 4, 2005 | Aug 25, 2009 | BEA Systems, Inc. | System and method for schema lifecycles in a virtual content repository that integrates a plurality of content repositories | | US7581256 | Oct 6, 2003 | Aug 25, 2009 | IGT | Process verification | | US7587487 | Dec 10, 2003 | Sep 8, 2009 | Foundry Networks, Inc. | Method and apparatus for load balancing based on XML content in a packet | | US7587499 | Sep 14, 2000 | Sep 8, 2009 | | Web-based security and filtering system with proxy chaining | | US7591000 | Feb 14, 2003 | Sep 15, 2009 | Oracle International Corporation | System and method for hierarchical role-based entitlements | | US7593916 | Aug 19, 2004 | Sep 22, 2009 | SAP AG | Managing data administration | | US7594112 | Oct 8, 2004 | Sep 22, 2009 | BEA Systems, Inc. | Delegated administration for a distributed security system | | US7594224 | Oct 8, 2004 | Sep 22, 2009 | BEA Systems, Inc. | Distributed enterprise security system | | US7596805 | Dec 12, 2002 | Sep 29, 2009 | Sony Corporation | Device and method for controlling access to open and non-open network segments | | US7599937 | Apr 3, 2007 | Oct 6, 2009 | Microsoft Corporation | Systems and methods for fine grained access control of data stored in relational databases | | US7603547 | Oct 8, 2004 | Oct 13, 2009 | BEA Systems, Inc. | Security control module | | US7603548 | Oct 8, 2004 | Oct 13, 2009 | BEA Systems, Inc. | Security provider development model | | US7610391 | Jul 10, 2006 | Oct 27, 2009 | Microsoft Corporation | User-centric consent management system and method | | US7613779 | Jun 28, 2004 | Nov 3, 2009 | AOL LLC | Self-policing, rate limiting online forums | | US7613800 | Jul 15, 2008 | Nov 3, 2009 | Sony Computer Entertainment America Inc. | Communication across multiple game applications | | US7614085 | May 1, 2003 | Nov 3, 2009 | Protegrity Corporation | Method for the automatic setting and updating of a security policy | | US7627507 | Aug 10, 1999 | Dec 1, 2009 | FMR LLC | Providing one party access to an account of another party | | US7634423 | Aug 30, 2002 | Dec 15, 2009 | SAS Institute Inc. | Computer-implemented system and method for web activity assessment | | US7644086 | Mar 29, 2005 | Jan 5, 2010 | SAS Institute Inc. | Computer-implemented authorization systems and methods using associations | | US7644432 | Oct 8, 2004 | Jan 5, 2010 | BEA Systems, Inc. | Policy inheritance through nested groups | | US7653930 | Feb 14, 2003 | Jan 26, 2010 | BEA Systems, Inc. | Method for role and resource policy management optimization | | US7657638 | Nov 23, 2004 | Feb 2, 2010 | Microsoft Corporation | Routing client requests to back-end servers | | US7660902 | Nov 20, 2001 | Feb 9, 2010 | RSA Security, Inc. | Dynamic file access control and management | | US7661141 | Jul 7, 2004 | Feb 9, 2010 | Microsoft Corporation | Systems and methods that optimize row level database security | | US7664023 | May 29, 2007 | Feb 16, 2010 | Microsoft Corporation | Dynamic protocol construction | | US7664828 | Feb 20, 2004 | Feb 16, 2010 | Microsoft Corporation | Invalid policy detection | | US7669244 | Oct 21, 2004 | Feb 23, 2010 | Cisco Technology, Inc. | Method and system for generating user group permission lists | | US7673323 | Dec 13, 2001 | Mar 2, 2010 | BEA Systems, Inc. | System and method for maintaining security in a distributed computer network | | US7698274 | Sep 22, 2004 | Apr 13, 2010 | The United States of America as represented by the Administrator of the National Aeronautics and Space Administration (NASA) | Selective access and editing in a database | | US7698346 | Mar 18, 2004 | Apr 13, 2010 | Coral Networks, Inc. | Network operating system and method | | US7711750 | Jul 30, 2004 | May 4, 2010 | Microsoft Corporation | Systems and methods that specify row level database security | | US7711847 | Feb 4, 2003 | May 4, 2010 | Sony Computer Entertainment America Inc. | Managing users in a multi-user network game environment | | US7720858 | Jul 22, 2004 | May 18, 2010 | International Business Machines Corporation | Query conditions-based security | | US7721323 | Nov 23, 2004 | May 18, 2010 | Cisco Technology, Inc. | Method and system for including network security information in a frame | | US7725424 | Nov 4, 2002 | May 25, 2010 | Verizon Laboratories Inc. | Use of generalized term frequency scores in information retrieval systems | | US7730089 | Aug 10, 2001 | Jun 1, 2010 | Punch Networks Corporation | Method and system for providing remote access to the facilities of a server computer | | US7743074 | Apr 5, 2000 | Jun 22, 2010 | Microsoft Corporation | Context aware systems and methods utilizing hierarchical tree structures | | US7743255 | Jun 17, 2005 | Jun 22, 2010 | | Trust model for a database management system supporting multiple authorization domains | | US7747597 | Jun 29, 2005 | Jun 29, 2010 | Microsoft Corporation | Security execution context for a database management system | | US7748027 | Sep 8, 2005 | Jun 29, 2010 | Bea Systems, Inc. | System and method for dynamic data redaction | | US7752205 | Aug 4, 2006 | Jul 6, 2010 | BEA Systems, Inc. | Method and system for interacting with a virtual content repository | | US7752671 | Sep 15, 2005 | Jul 6, 2010 | Promisec Ltd. | Method and device for questioning a plurality of computerized devices | | US7756986 | Jun 30, 1998 | Jul 13, 2010 | EMC Corporation | Method and apparatus for providing data management for a storage system coupled to a network | | US7761404 | Jul 15, 2005 | Jul 20, 2010 | International Business Machines Corporation | System and method for managing application specific privileges in a content management system | | US7761542 | Mar 26, 2001 | Jul 20, 2010 | Fujitsu Limited | Network access control method, network system using the method and apparatuses configuring the system | | US7774835 | Aug 2, 2004 | Aug 10, 2010 | F5 Networks, Inc. | Method and system for extracting application protocol characteristics | | US7783616 | Feb 16, 2006 | Aug 24, 2010 | BEA Systems, Inc. | System and method for managing objects and resources with access rights embedded in nodes within a hierarchical tree structure | | US7783670 | Jan 26, 2006 | Aug 24, 2010 | BEA Systems, Inc. | Client server conversion for representing hierarchical data structures | | US7783710 | May 21, 2006 | Aug 24, 2010 | Venkat Ramaswamy | Systems and methods for spreading messages online | | US7797270 | Jan 18, 2007 | Sep 14, 2010 | Websense, Inc. | System and method of monitoring and controlling application files | | US7797732 | Nov 4, 2005 | Sep 14, 2010 | Topeer Corporation | System and method for creating a secure trusted social network | | US7802263 | Dec 15, 2003 | Sep 21, 2010 | Stragent, LLC | System, method and computer program product for sharing information in a distributed framework | | US7809539 | Dec 6, 2002 | Oct 5, 2010 | SAS Institute Inc. | Method for selecting node variables in a binary decision tree structure | | US7818344 | May 22, 2006 | Oct 19, 2010 | BEA Systems, Inc. | System and method for providing nested types for content management | | US7821926 | Aug 31, 2007 | Oct 26, 2010 | SonicWALL, Inc. | Generalized policy server | | US7822809 | Jul 15, 2008 | Oct 26, 2010 | Sony Computer Entertainment America LLC | Creating an interactive gaming environment | | US7827402 | Dec 1, 2004 | Nov 2, 2010 | Cisco Technology, Inc. | Method and apparatus for ingress filtering using security group information | | US7831047 | Jul 14, 2006 | Nov 9, 2010 | IGT | Digital identification of unique game characteristics | | US7831664 | Aug 21, 2007 | Nov 9, 2010 | AT&T Intellectual Property I, LP | Resource list management system | | US7836490 | Oct 29, 2003 | Nov 16, 2010 | Cisco Technology, Inc. | Method and apparatus for providing network security using security labeling | | US7840573 | Feb 22, 2005 | Nov 23, 2010 | Trusted Computer Solutions | Trusted file relabeler | | US7840635 | Aug 16, 2004 | Nov 23, 2010 | International Business Machines Corporation | Method and system for monitoring performance of processes across multiple environments and servers | | US7840708 | Aug 13, 2007 | Nov 23, 2010 | Cisco Technology, Inc. | Method and system for the assignment of security group information using a proxy | | US7844469 | Jun 4, 2008 | Nov 30, 2010 | Cerner Innovation, Inc. | Genetic profiling and banking system and method | | US7861289 | Jun 19, 2007 | Dec 28, 2010 | Oracle International Corporation | Pagelets in adaptive tags in non-portal reverse proxy | | US7861290 | Jun 19, 2007 | Dec 28, 2010 | Oracle International Corporation | Non-invasive insertion of pagelets | | US7865395 | May 22, 2003 | Jan 4, 2011 | Registrar Systems LLC | Media content notification via communications network | | US7865595 | Dec 16, 2003 | Jan 4, 2011 | International Business Machines Corporation | Processing call requests with respect to objects | | US7865942 | Aug 1, 2006 | Jan 4, 2011 | Sony Corporation | Communication device, communication system and method for managing access authority data | | US7865943 | Jun 19, 2007 | Jan 4, 2011 | Oracle International Corporation | Credential vault encryption | | US7870244 | Jun 25, 2003 | Jan 11, 2011 | International Business Machines Corporation | Monitoring performance of applications in a distributed environment | | US7870255 | Oct 3, 2006 | Jan 11, 2011 | Research In Motion Limited | Access control system and method for wireless application provisioning | | US7873674 | Jan 18, 2006 | Jan 18, 2011 | International Business Machines Corporation | Plural/alternate files registry creation and management | | US7877509 | Jul 15, 2008 | Jan 25, 2011 | Sony Computer Entertainment America LLC | Balancing distribution of participants in a gaming environment | | US7877601 | Nov 30, 2004 | Jan 25, 2011 | Cisco Technology, Inc. | Method and system for including security information with a packet | | US7877796 | Nov 16, 2004 | Jan 25, 2011 | Cisco Technology, Inc. | Method and apparatus for best effort propagation of security group information | | US7882549 | Jan 15, 2009 | Feb 1, 2011 | International Business Machines Corporation | Systems for authenticating a user's credentials against multiple sets of credentials | | US7882555 | May 28, 2003 | Feb 1, 2011 | Kavado, Inc. | Application layer security method and system | | US7886145 | Nov 23, 2004 | Feb 8, 2011 | Cisco Technology, Inc. | Method and system for including security information with a packet | | US7886352 | Jun 19, 2007 | Feb 8, 2011 | Oracle International Corporation | Interstitial pages | | US7890642 | Sep 16, 2004 | Feb 15, 2011 | Websense UK Limited | Device internet resource access filtering system and method | | US7904556 | Mar 5, 2002 | Mar 8, 2011 | Computer Associates Think, Inc. | Method and apparatus for role grouping by shared resource utilization | | US7904953 | Jun 19, 2007 | Mar 8, 2011 | BEA Systems, Inc. | Pagelets | | US7908200 | May 10, 2002 | Mar 15, 2011 | Versata Development Group, Inc. | Method and apparatus for efficiently generating electronic requests for quote | | US7912971 | Feb 27, 2002 | Mar 22, 2011 | Microsoft Corporation | System and method for user-centric authorization to access user-specific information | | US7917537 | May 22, 2006 | Mar 29, 2011 | Oracle International Corporation | System and method for providing link property types for content management | | US7917581 | Aug 6, 2003 | Mar 29, 2011 | Verizon Business Global LLC | Call completion via instant communications client | | US7917745 | Nov 17, 2008 | Mar 29, 2011 | Intertrust Technologies Corporation | Network communications security agent | | US7925693 | Jan 26, 2007 | Apr 12, 2011 | Microsoft Corporation | NAT access control with IPSec | | US7930345 | Jul 19, 2010 | Apr 19, 2011 | Sony Computer Entertainment America LLC | Method for authenticating a user in an interactive gaming environment | | US7953734 | May 16, 2006 | May 31, 2011 | Oracle International Corporation | System and method for providing SPI extensions for content management system | | US7953848 | Apr 23, 2008 | May 31, 2011 | International Business Machines Corporation | Problem determination in distributed enterprise applications | | US7954163 | May 5, 2009 | May 31, 2011 | Cisco Technology, Inc. | Method and apparatus for providing network security using role-based access control | | US7962405 | Mar 27, 2002 | Jun 14, 2011 | First Data Corporation | Merchant activation tracking systems and methods | | US7962549 | Jul 19, 2010 | Jun 14, 2011 | Sony Computer Entertainment America LLC | Method for ladder ranking in a game | | US7970722 | Nov 9, 2009 | Jun 28, 2011 | Aloft Media, LLC | System, method and computer program product for a collaborative decision platform | | US7974925 | Jun 10, 2008 | Jul 5, 2011 | Accenture Global Services Limited | Content bank for objects | | US7979355 | Jun 10, 2008 | Jul 12, 2011 | Accenture Global Services Limited | Content bank for objects | | US7984067 | Feb 26, 2010 | Jul 19, 2011 | Coral Networks, Inc. | Network operating system and method | | US7986678 | Oct 30, 2007 | Jul 26, 2011 | Research In Motion Limited | System and method for implementing local base stations | | US7992189 | Aug 5, 2009 | Aug 2, 2011 | Oracle International Corporation | System and method for hierarchical role-based entitlements | | US7996916 | Jul 15, 2009 | Aug 9, 2011 | IGT | Process verification | | US8000994 | Nov 5, 2009 | Aug 16, 2011 | SAS Institute Inc. | Computer-implemented system and method for web activity assessment | | US8001611 | Oct 18, 2007 | Aug 16, 2011 | International Business Machines Corporation | System and method for ensuring security with multiple authentication schemes | | US8005777 | Jul 27, 2010 | Aug 23, 2011 | Aloft Media, LLC | System, method and computer program product for a collaborative decision platform | | US8010552 | Jan 18, 2007 | Aug 30, 2011 | Websense, Inc. | System and method for adapting an internet filter | | US8010561 | Jul 17, 2008 | Aug 30, 2011 | International Business Machines Corporation | Techniques for sharing persistently stored query results between multiple users | | US8015173 | May 26, 2005 | Sep 6, 2011 | Google Inc. | Techniques for web site integration | | US8015174 | Feb 28, 2007 | Sep 6, 2011 | Websense, Inc. | System and method of controlling access to the internet | | US8020206 | Jul 10, 2006 | Sep 13, 2011 | Websense, Inc. | System and method of analyzing web content | | US8020209 | Jun 1, 2005 | Sep 13, 2011 | Websense, Inc. | System and method of monitoring and controlling application files | | US8024471 | Sep 28, 2004 | Sep 20, 2011 | Websense UK Limited | System, method and apparatus for use in monitoring or controlling internet access | | US8027339 | Sep 29, 2008 | Sep 27, 2011 | NOMADIX, Inc. | System and method for establishing network connection | | US8037004 | Jun 11, 2007 | Oct 11, 2011 | Oracle International Corporation | Computer-implemented methods and systems for identifying and reporting deviations from standards and policies for contracts, agreements and other business documents | | US8037205 | Sep 23, 2008 | Oct 11, 2011 | International Business Machines Corporation | Method, system, and computer program for monitoring performance of applications in a distributed environment | | US8037525 | Jul 16, 2008 | Oct 11, 2011 | International Business Machines Corporation | Access control and entitlement determination for hierarchically organized content | | US8037542 | Jul 1, 2008 | Oct 11, 2011 | Sugarcrm Inc. | Team based row level security system and method | | US8046476 | Jan 29, 2003 | Oct 25, 2011 | Nokia Corporation | Access right control using access control alerts | | US8078740 | Jun 3, 2005 | Dec 13, 2011 | Microsoft Corporation | Running internet applications with low rights | | US8086615 | Jan 27, 2006 | Dec 27, 2011 | Oracle International Corporation | Security data redaction | | US8090851 | Aug 29, 2007 | Jan 3, 2012 | International Business Machines Corporation | Method and system for problem determination in distributed enterprise applications | | US8095533 | Nov 9, 2004 | Jan 10, 2012 | Apple Inc. | Automatic index term augmentation in document retrieval | | US8099779 | Aug 29, 2008 | Jan 17, 2012 | Oracle International Corporation | Federated management of content repositories | | US8103720 | Mar 29, 2010 | Jan 24, 2012 | Microsoft Corporation | Apparatus and computer-readable media for processing HTTP requests | | US8103799 | Oct 8, 2010 | Jan 24, 2012 | At Home Bondholders' Liquidating Trust | Delivering multimedia services | | US8108939 | May 29, 2003 | Jan 31, 2012 | Oracle International Corporation | Method and apparatus to facilitate security-enabled content caching | | US8117547 | Nov 25, 2008 | Feb 14, 2012 | Microsoft Corporation | Environment-interactive context-aware devices and methods | | US8122130 | Dec 1, 2010 | Feb 21, 2012 | Research In Motion Limited | Access control system and method for wireless application provisioning | | US8126750 | Apr 27, 2006 | Feb 28, 2012 | Microsoft Corporation | Consolidating data source queries for multidimensional scorecards | | US8131664 | Sep 30, 2008 | Mar 6, 2012 | International Business Machines Corporation | Row-level security in a relational database management system | | US8131713 | Apr 14, 2010 | Mar 6, 2012 | salesforce.com, inc. | Distributive storage techniques for multi-tenant databases | | US8131802 | Mar 17, 2008 | Mar 6, 2012 | Sony Computer Entertainment America LLC | Systems and methods for seamless host migration | | US8136150 | Nov 2, 2010 | Mar 13, 2012 | Oracle International Corporation | User role mapping in web applications | | US8140703 | Oct 2, 2001 | Mar 20, 2012 | AOL, Inc. | Regulating users of online forums | | US8141147 | Sep 28, 2004 | Mar 20, 2012 | Websense UK Limited | System, method and apparatus for use in monitoring or controlling internet access | | US8150817 | Mar 12, 2009 | Apr 3, 2012 | Websense, Inc. | System and method of monitoring and controlling application files | | US8150820 | Oct 4, 2007 | Apr 3, 2012 | Adobe Systems Incorporated | Mechanism for visible users and groups | | US8156246 | Sep 26, 2011 | Apr 10, 2012 | NOMADIX, Inc. | Systems and methods for providing content and services on a network system | | US8160988 | Jul 27, 2010 | Apr 17, 2012 | Aloft Media, LLC | System, method and computer program product for a collaborative decision platform | | US8166070 | Jul 17, 2008 | Apr 24, 2012 | International Business Machines Corporation | Techniques for sharing persistently stored query results between multiple users | | US8166110 | Sep 30, 2010 | Apr 24, 2012 | AT&T Intellectual Property I, L.P. | Resource list management system | | US8185737 | May 22, 2007 | May 22, 2012 | Microsoft Corporation | Communication across domains | | US8185932 | Jan 25, 2011 | May 22, 2012 | Microsoft Corporation | System and method for user-centric authorization to access user-specific information | | US8190708 | Oct 20, 2000 | May 29, 2012 | NOMADIX, Inc. | Gateway device having an XML interface and associated method | | US8190992 | Apr 21, 2006 | May 29, 2012 | Microsoft Corporation | Grouping and display of logically defined reports | | US8205245 | May 19, 2010 | Jun 19, 2012 | Topeer Corporation | System and method for creating a secure trusted social network | | US8209427 | Oct 8, 2010 | Jun 26, 2012 | At Home Bondholders' Liquidating Trust | Method and system for restricting access to user resources | | US8209705 | Jul 30, 2008 | Jun 26, 2012 | Stragent, LLC | System, method and computer program product for sharing information in a distributed framework | | US8229922 | Apr 8, 2009 | Jul 24, 2012 | salesforce.com, Inc. | Query optimization in a multi-tenant database system | | US8230088 | Nov 10, 2008 | Jul 24, 2012 | Cisco Technology, Inc. | Remote computer system management through an FTP internet connection | | US8234374 | Apr 26, 2004 | Jul 31, 2012 | Microsoft Corporation | Privacy model that grants access rights and provides security to shared content | | US8239212 | Oct 22, 2010 | Aug 7, 2012 | Cerner Innovation, Inc. | Genetic profiling and banking system and method | | US8244759 | Mar 9, 2010 | Aug 14, 2012 | salesforce.com, Inc. | Systems and methods for exporting, publishing, browsing and installing on-demand applications in a multi-tenant database environment | | US8244795 | Feb 24, 2004 | Aug 14, 2012 | Verizon Laboratories Inc.
Verizon Corporate Services Group Inc. | Page aggregation for web sites | | US8244817 | May 13, 2008 | Aug 14, 2012 | Websense U.K. Limited | Method and apparatus for electronic mail filtering | | US8244886 | Sep 2, 2010 | Aug 14, 2012 | NOMADIX, Inc. | Systems and methods for providing content and services on a network system | | USRE41168 | Oct 14, 2004 | Mar 23, 2010 | Content Advisor, Inc. | Controlling client access to networked data based on content subject matter categorization |
Claims1. A method for controlling user access to a plurality of data entities in a computer network, said plurality of data entities stored on a plurality of application servers, said method comprising the steps of: - sending an access rights query from an application server to a security server, said access rights query specifying a user of the network;
- at said security server, accessing a relational database in response to said access rights query to obtain an access rights list for said user, said access rights list specifying access rights of said user with respect to said plurality of data entities;
- sending said access rights list from said security server to said application server;
- at said application server, storing said access rights list in an access rights cache; and
- accessing said cache to determine the access rights of said user with respect to a specific data entity of said plurality of data entities.
2. The method according to claim 1, wherein said access rights list comprises a plurality of category identifiers, each of said category identifiers specifying a data entity category. 3. The method according to claim 2, wherein said access rights list further comprises a plurality of access rights values, each of said access rights values corresponding to a respective one of said category identifiers and specifying access rights of said user with respect to data entities that fall within a respective data entity category. 4. The method according to claim 2, further comprising the step of determining a data entity category in which said specific data entity falls. 5. The method according to claim 4, wherein said step of determining a data entity category comprises accessing a directory structure which is stored on at least one of said plurality of application servers, said directory structure representing an arrangement of said plurality of data entities. 6. The method according to claim 4, wherein said step of determining a data entity category comprises reading a category identifier stored with said specific data entity. 7. The method according to claim 4, wherein said step of determining a data entity category comprises reading a category identifier that is stored on an application server in association with said specific data entity. 8. The method according to claim 2 wherein said step of accessing said cache comprises searching said cache for a specific category identifier, said specific category identifier representing a data entity category in which said specific data entity falls. 9. The method according to claim 2, wherein said step of storing said access rights list in said cache comprises storing said category identifiers in a numerical order within said cache to thereby facilitate searches of said cache. 10. The method according to claim 1, wherein said access rights list comprises a plurality of access rights values, said access rights values specifying generic privilege levels of said user. 11. The method according to claim 10, wherein said step of accessing said cache comprises the steps of reading an access rights value from said cache, and translating said access rights value into a set of specific access capabilities. 12. The method according to claim 11, wherein said step of translating is performed by a service application running on said application server, said service application being associated with said specific data entity. 13. The method according to claim 1, wherein said step of accessing said relational database comprises identifying at least one user group in which said user is a member. 14. The method according to claim 13, wherein said step of accessing said relational database further comprises identifying a plurality of data entity groups to which said user has access rights by virtue of being a member of said at least one user group. 15. The method according to claim 1, wherein said step of storing said access rights list in said cache and said step of accessing said cache to determine the access rights of said user are performed concurrently. 16. The method according to claim 1, wherein said plurality of data entities represents the content of an on-line services network. 17. The method according to claim 1, wherein at least one of said plurality of data entities is a system resource. 18. The method according to claim 1, further comprising the step of forwarding said access rights list from said application server to a different application server when said user connects to said different application server. 19. The method according to claim 1, further comprising the step of, if said user is not authorized to access said specific data entity, preventing said user from seeing a representation of said specific data entity. 20. The method according to claim 19, wherein said step of preventing comprises omitting said representation from a reconstructed directory structure that is shown to said user. 21. A method of determining the access rights of a user of a computer system with respect to a plurality of data entities of the computer system, comprising the steps of: - identifying at least one user group of which said user is a member, said at least one user group being part of a predefined set of user groups; and
- identifying at least one data entity category to which said user has access by virtue of being a member of said at least one user group, said at least one data entity category being part of a predefined set of data entity categories.
22. The method according to claim 21, wherein said steps of identifying at least one user group and identifying at least one data entity category each comprise accessing a relational database stored on a server of a computer network. 23. The method according to claim 21, further comprising the step of identifying at least one data entity that falls within said at least one data entity category. 24. The method according to claim 21, further comprising the steps of: - determining a specific data entity category in which a specific data entity falls; and
- determining whether said at least one data entity category to which said user has access includes said specific data entity category, to thereby determine whether said user has access to said specific data entity.
25. The method according to claim 21, further comprising the step of reading an access rights value that specifies access rights of said user with respect to all data entities that fall within a data entity category of said at least one data entity category. 26. The method according to claim 21, further comprising the step of identifying at least one additional data entity category to which said user has access, said at least one additional data entity category being in addition to data entity categories to which said user has access by virtue of being a member of user group. 27. The method according to claim 21, wherein said step of identifying at least one user group of which said user is a member comprises identifying a plurality of user groups of which said user is a member. 28. The method according to claim 21, wherein each user group of said predefined set of user groups corresponds to a respective set of user access rights with respect to said plurality of data entities. 29. The method according to claim 21, wherein each data entity category of said predefined set of data entity categories contains a respective subgroup of said plurality of data entities. 30. The method according to claim 21, wherein each data entity of said plurality of data entities falls within exactly one data entity category of said predefined set of data entity categories. 31. The method according to claim 21, further comprising the steps of: - generating a list of category identifiers that identifies said at least one data entity category to which said user has access; and
- transmitting said list across a computer network to at least one server.
32. The method according to claim 31, further comprising the step of storing said list in a cache memory of said at least one server. 33. The method according to claim 31, further comprising the step of storing said list in respective cache memories of a plurality of servers. 34. The method according to claim 21, wherein said plurality of data entities represents a content of an on-line services network. 35. The method according to claim 21, wherein said plurality of data entities comprises files of a file system. 36. The method according to claim 21, wherein said plurality of data entities comprises system resources to which access is controlled by an operating system. 37. In a computer network in which different users have different access rights with respect to different data entities, a method of efficiently specifying the access rights of users, comprising the steps of: - assigning each of a plurality of data entities to one of a plurality of categorical groups of data entities, each of said categorical groups containing data entities for which user access rights may be specified collectively; and
- assigning each of a plurality of users to at least one of a plurality of user groups, each of said user groups having a corresponding set of access rights associated therewith with respect to said plurality of categorical groups.
38. The method according to claim 37, wherein said step of assigning each of said plurality of data entities to one of said plurality of categorical groups comprises storing a respective categorical group identifier in association with each of said plurality of data entities. 39. The method according to claim 38, wherein said step of storing comprises storing a categorical group identifier within a data entity directory structure. 40. The method according to claim 37, wherein said step of assigning each of said plurality of users to at least one of said plurality of user groups comprises assigning at least one of said users to multiple of said user groups. 41. The method according to claim 37, wherein each of said data entities is a content object that represents content of an on-line services network. 42. A system for providing user access to data entities in a computer network, comprising: - at least one application server that stores a plurality of data entities, said data entities accessible by a plurality of users through a plurality of application programs, different of said users having different levels of access with respect to at least some of said data entities;
- a database which stores access rights values that specify access rights of said users with respect to said data entities; and
- an access rights cache on said at least one application server, said access rights cache storing access rights lists, said access rights lists obtained from said database in response to requests from said at least one application server, each of said access rights lists comprising a plurality of said access rights values and specifying access rights for a respective one of said plurality of users.
43. The system according to claim 42, wherein said access rights values are stored in said database in association with category identifiers that identify categories of said data entities. 44. The system according to claim 43, wherein each of said lists further comprises a plurality of said category identifiers. 45. The system according to claim 43, wherein said database is implemented on a separate server from said at least one application server. 46. The system according to claim 45, wherein said at least one application server stores at least a subgroup of said category identifiers. 47. The system according to claim 43, wherein said access rights values are stored in said database in further association with group identifiers that identify groups of said users. 48. The system according to claim 42, wherein said at least one application server runs a program module that generates a query of said database when a user connects to said at least one application server, said query causing an access rights list for said user to be obtained from said database and written to said access rights cache. 49. The system according to claim 48, wherein said program module deletes said access rights list from said cache when said user disconnects from said at least one application server. 50. The system according to claim 42, wherein said access rights cache specifies access rights for a variable subset of said plurality of users. 51. The system according to claim 42, wherein each of said access rights lists specifies user access rights with respect to all of said data entities. 52. The system according to claim 42, wherein said at least one application server comprises an application server that runs a directory service application program, said directory service application program providing a directory of said data entities to said users. 53. The system according to claim 42, wherein said access rights values contain privilege level bits which specify general privilege levels, said general privilege levels converted into specific access capabilities by said application programs, different application programs converting like privilege levels into different access capabilities. 54. An access rights list stored on a storage medium of a computer, said access list specifying the access rights of a user of a network with respect to a plurality of data entities of said network, said plurality of data entities subdivided into multiple categorical groups of data entities, said access rights list comprising: - a plurality of group identifiers, each of said group identifiers specifying one of said multiple categorical groups, said plurality of group identifiers specifying a subset of said multiple categorical groups to which said user has access rights; and
- a plurality of access rights values, each of said access rights values specifying access rights with respect to data entities which fall within a respective one of said categorical groups of said subset.
55. The access rights list according to claim 54, wherein said group identifiers are arranged in a numerical order to facilitate searches for individual group identifiers. 56. The access rights list according to claim 54, wherein said plurality of data entities represents content of an on-line services network. 57. The access rights list according to claim 54, stored within an access rights cache of a server. 58. The access rights list according to claim 54, stored within an access rights cache of a gateway computer. 59. A relational database for storing access rights data which specifies access rights of users with respect to a plurality of data entities of a computer network, said plurality of data entities subdivided into a plurality of categories, said database comprising: - a first table that maps users to user groups, at least one of said users being a member of multiple of said user groups;
- a second table which contains, for each of said user groups, a group-based access rights list that specifies group-based access rights of members of a respective user group, said group-based access rights list stored in association with a plurality of category identifiers that identify said categories of data entities; and
- a third table which contains, for a least one of said users, a user-specific access rights list that specifies special rights for a respective user, said user-specific access rights list stored in association with said plurality of category identifiers.
60. The relational database according to claim 59, wherein said special rights are additional rights that are added to said group-based rights of said respective user. 61. The relational database according to claim 59, wherein said special rights are exclusion rights that are subtracted from said group-based rights said respective user. 62. The relational database according to claim 59, wherein said data entities are content objects of an on-line services network. 63. In a computer network in which different users have different access rights with respect to different data entities, a method of specifying the access rights of a user with respect to a plurality of data entities, comprising the steps of: - assigning a category identifier to said plurality of data entities;
- storing said category identifier with or in association with each data entity of said plurality of data entities; and
- storing an access rights value in association with said category identifier and in further association with an account number of said user, said access rights value specifying said access rights of said user with respect to said plurality of data entities.
64. The method according to claim 63, wherein said access rights value comprises a plurality of privilege level bits, each of said privilege level bits corresponding to a respective privilege level which may be assigned to said user. 65. The method according to claim 63, wherein said access rights value specifies a sysop privilege level of said user with respect to said plurality of data entities. 66. The method according to claim 63, wherein said step of storing said category identifier comprises storing said category identifier in association with at least one node of a directory structure, said directory structure providing a directory to at least said plurality of data entities. |
