До питання про можливості патентування в сфері інформаційних технологій

2011-05-28

Андрій ЛІВШИЦ
винахідник, інтердисциплінарний фахівець, володар другої академічної ступеня по прецизійній механіці і другого академічного ступеня по QA і системним ПМП (Технологічний Коледж Сан Франциско, Каліфорнія)

Статья «Возможности патентования в сфере информационных технологий», затрагивает огромный пласт деятельности в современном обществе. И если ещё совсем недавно было возможно как то очень точно охарактеризовать или ограничить тот или иной технологический сектор, то с приходом во все сферы деятельности человечества высоких технологий и их ответвления - информационных технологий, такие классификационные возможности и защитные механизмы существенно изменились и трансформировались в новую систему технических, коммерческих и юридических взаимосвязей.

Практически во всех, даже относительно несложных процессах, их структура становится интегративной и включает в себя технологические приёмы, методы и системы никогда ранее не применявшиеся, и, кроме того, интеграция классических технических решений с новыми возможностями, которые предоставляют информационные технологии, в корне изменяют само понятие, - изобретение.

Этот, возникший на стыках технологий, фактор существенно изменяет отношение к формулированию и защите тех элементов и их сочетаний, которые в таких новых условиях могут быть квалифицированы как интегративные технические решения, соответствующие основным признакам изобретения.

Давайте обратимся к известным критериям идентификации технических решений, которые определяют характер и уровень соответствия указанных технических решений определению требований к техническим решениям, находящимся на уровне изобретений.

Мировая новизна
Все, кто готовил описания технических решений, которые представлялись как потенциальные изобретения конечно помнит как ещё 10 лет тому назад осуществлялся поиск, как долго шёл процесс определения индексов международной классификации изобретений, как определялся индекс универсальной десятичной классификации и как по этим признакам практически вручную медленно шёл процесс.

Не смотря на эти очевидные проблемы в то же время, благодаря тому, что техническое решение было относительно однородным по поставленной цели и по решениям для достижения поставленной цели, уровень новизны технического решения определялся сравнительно легко и точно.

Сегодня анализируя опубликованные описания изобретений, сравнивая их с новым техническим решением, поневоле задаёшь себе один и тот же вопрос, - а что же всё таки в них изобретено, какие составные элементы известных технических решений повлияли или могут повлиять на совокупный конечный результат от использования нового технического решения?

Если допустим все классические элементы новизны эквивалентны, но есть завуалированная трактовка программной составляющей новизны, как определить степень влияния программной составляющей на совокупный результат применения изобретения, как сравнить элементы отличия алгоритмов известных и новых технических решений и как понять существенность выявленных формальных отличий?

Исходя из накопленного опыта, можно сказать, что решить указанные проблемы возможно только с помощью углублённого структурного анализа предложенного и известного технических решений на уровне возможностей аналитического приложения «Космос» к конструкторской программе Solid Works. Для того, кто в совершенстве владеет техникой пользователя этих программ, углублённый сравнительный структурный анализ этих технических решений даёт необходимые ответы.

С другой стороны, информационные технологии в корне изменили качество патентного поиска и в ещё более существенном виде изменили процесс аналитической обработки результатов поиска.

Пример аналитической матрицы для обработки результатов такого поиска приведен в Приложении 1 к настоящей публикации. Для примера выбрано как раз одно из направлений в патентовании информационных технологий в приложении к интернетовским коммерческим предприятиям.

Это приложение показывает, что сейчас уже вопрос о принципиальной возможности патентования в сферах напрямую или косвенно связанных с информационными технологиями не стоит, на этот вопрос практика уже дала вполне определённый ответ в виде тысяч патентов, выданных именно на создание и коммерческую реализацию информационных и интернетовских технологий (кстати, именно благодаря этим технологиям весь процесс по подготовке такого документа занимает несколько часов рабочего времени).

Неочевидность технического решения
Этот критерий в патентовании информационных технологий по простой причине того, что этими технологиями пользуются уже не миллионы, а миллиарды человек, стал в значительной степени не объективным и его применение в оценке тех или других решений на сегодня не имеет каких – то устоявшихся методик и инструкций.

Возможность реализации на базе существующих технологий
Этот критерий в применении к информационным технологиям и созданным на их основе интеллектуальным продуктам в виде патентов, также становится достаточно расплывчатым и во многих конкретных ситуациях достаточно спорным.

В патентах по информационным технологиям возник термин «электронный продукт», но опять же пока ещё не создано чёткое определение свойств этого продукта.

Полезность
Для информационных технологий это в общем коммерческий, а не технический критерий. Полной ясности здесь также нет и принятие решения экспертом патентного ведомства о признании технического решения в области информационных технологий изобретением также достаточно субъективно и не свободно, к сожалению, от влияния пресловутого человеческого эмоционального фактора.

Сочетание четырёх вышеперечисленных критериев и их взаимная интеграция
Представляется, что это сегодня один из вариантов для более уверенного формулирования характера и отличительных признаков потенциального изобретения в области высоких технологий и всех их интернетовских информационных, и не только, ответвлений.

Вот некоторые примеры таких сочетаний:

Функциональная интеграция в одном изобретении технических элементарных решений, каждое из которых обладает локальной новизной, полезностью, реализуемостью и неочевидностью;

Функциональная интеграция в одном изобретении технических элементарных решений, каждое из которых не обладает даже локальной новизной и не является неочевидным, но при наличии полезности и реализуемости, в сочетании обеспечивают полное соответствие четырём перечисленным критериям;

Сочетание, включающее, изменение условий функциональной интеграции элементарных технических решений в связи с интеграцией в их совокупность программ, систем и методов, присущих информационным технологиям;

Сочетание, учитывающее, - Влияние возможностей информационных технологий на быстроту и качество системного поиска при селекции и синтезе элементарных технических решений, в совокупности определяющих новизну и неочевидность интегративных решений;

Сочетание, включающее, применение комплекса цифровых и аналоговых технологий для симуляции новых интегративных процессов, включая анимационные варианты симуляции или функциональной трёхмерной имитации реальных процессов.

Приложение 1
patent search results:
United States Patent 7,363,245
Dedrick, et al. April 22, 2008
________________________________________
Electronic product packaging and distribution for e-Commerce
Abstract
The invention generally relates to packaging and distribution of goods for e-Commerce transactions, and more particularly to extending electronic shopping carts to include rules controlling access and distribution to a cart's goods. One embodiment includes a distribution method, in which an online distribution server, configured to receive incoming connections from a client, is connected to. A list of goods available for electronic and physical distribution to the client is received, and goods from the list are selected. Selected goods are added to an electronic shopping cart, and creation of a distribution package according to contents of electronic shopping cart is requested. Access restrictions for the distribution package are then assigned. Thus, access to the package created from the shopping cart can be restricted to only authorized clients.
________________________________________
Inventors: Dedrick; Rick (Hillsboro, OR), Shine; Laura (Hillsboro, OR), Koski; Jeanne M. (Beaverton, OR)
Assignee: Intel Corporation (Santa Clara, CA)
Appl. No.: 09/540,239
Filed: March 31, 2000
________________________________________
Current U.S. Class: 705/26.8; 709/225
Current International Class: G06Q 30/00 (20060101)
Field of Search: 705/26 709/225
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

5991807
November 1999 Schmidt et al.
6167383
December 2000 Henson
6182142
January 2001 Win et al.
6189146
February 2001 Misra et al.
6446117
September 2002 Gebauer

Foreign Patent Documents

98/37480 Aug., 1998

What is claimed is:

1. A method of using an electronic shopping cart to facilitate defining a distribution package, comprising: connecting to an online distribution server; receiving a list of goods available for electronic and/or physical distribution to a client; selecting goods from the list; adding said selected goods to an electronic shopping cart; requesting creation of a distribution package according to contents of electronic shopping cart; and assigning access restrictions for the distribution package, said restrictions controlling access by the client to the distribution package.

United States Patent 5,991,807
Schmidt, et al. November 23, 1999
________________________________________
System for controlling users access to a distributive network in accordance with constraints present in common access distributive network interface separate from a server
Abstract
A method of managing access to a distributive network provides both time and site access restraints for users or groups of users on a LAN or WAN adapted for accessing the network through a common network access interface system. The method utilizes the LAN server to develop and monitor the constraints, minimizing the utilization of the access interface system. The management parameters for each group or individual having access to the distributive network via the LAN or WAN is entered into the interface box by the administrator as a compact reference, a series of pointers to the larger database of users and groups stored in the existing LAN server directory services. The existing database of users and groups and their relationships exist already in the LAN servers as a normal consequence of LAN operation and a simple, graphical user interface in the preferred embodiment of the invention permits familiar selection of objects of that database and assignment of access constraints.
________________________________________
Inventors: Schmidt; Jonathan (San Antonio, TX), Donzis; Lewis (San Antonio, TX), Donzis; Henry (San Antonio, TX), Murphy; John (San Antonio, TX), Baron; Peter (San Antonio, TX), Savage; Herb (San Antonio, TX)
Assignee: Nortel Networks Corporation (Montreal, CA)
Appl. No.: 08/669,053
Filed: June 24, 1996
________________________________________
Current U.S. Class: 709/225; 726/8
Current International Class: G06F 13/00 (20060101); G06F 013/00 ()
Field of Search: 340/825.31 707/9 380/25 709/225 713/200,201
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

5276901
January 1994 Howell et al.
5315657
May 1994 Abadi et al.
5321841
June 1994 East et al.
5483596
January 1996 Rosenow et al.
5552776
September 1996 Wade et al.
5655077
August 1997 Jones et al.
5671354
September 1997 Ito et al.
5675782
October 1997 Montague et al.
5678041
October 1997 Baker et al.

Primary Examiner: Luu; Le Hien
Attorney, Agent or Firm: Sokoloff; Blakely Taylor & Zafman LLP
________________________________________
Claims
________________________________________

What is claimed is:

1. A method for controlling access to a distributive network by users and user groups utilizing personal computers (PCs) on a local area network (LAN) comprising:

utilizing a server for centralized, common access by the PCs on the LAN;

establishing a database for the server to identify users and user group assignments for the LAN, the database including users and user groups native to normal LAN operation, each user group comprising one or more users;

establishing a common access distributive network interface separate from the server and communicatively coupling the LAN to the distributive network without directly connecting through the server;

programming user and user group control parameters into the database at the server, including constraints for access by users and user groups to the distributive network;

transferring the constraints to the distributive network interface; and

controlling access to the distributive network for a particular user at the distributive network interface without routing the particular user's access through the server and in accordance with the constraints present in the distributive network interface for the particular user or the group to which the particular user is assigned.
United States Patent 5,678,041
Baker, et al. October 14, 1997
________________________________________
System and method for restricting user access rights on the internet based on rating information stored in a relational database
Abstract
A system and method for selectively controlling database access by providing a system and method that allows a network administrator or manager to restrict specific system users from accessing information from certain public or otherwise uncontrolled databases (i.e., the WWW and the Internet). The invention employs a relational database to determine access rights, and this database may be readily updated and modified by an administrator. Within this relational database specific resource identifiers (i.e., URLs) are classified as being in a particular access group. The relational database is arranged so that for each user of the system a request for a particular resource will only be passed on from the local network to a server providing a link to the public/uncontrolled database if the resource identifier is in an access group for which the user has been assigned specific permissions by an administrator. In one preferred embodiment, the invention is implemented as part of a proxy server within the user's local network.
________________________________________
Inventors: Baker; Brenda Sue (Berkeley Heights, NJ), Grosse; Eric (Berkeley Heights, NJ)
Assignee: AT&T (Middletown, NJ)
Appl. No.: 08/519,268
Filed: August 25, 1995
________________________________________

United States Patent 5,113,499
Ankney, et al. May 12, 1992
________________________________________
Telecommunication access management system for a packet switching network
Abstract
A security access management system for a packet switched data communications network has access management apparatus operatively associated with the packet switches at each entry point of the network. The access management apparatus includes an administrative host processor for examining user terminal authorization information in packets received at the associated packet switch for transmission through the network to destination addresses for the packets. A database associated with the administrative host stores information including levels of authorization of the user terminals for the respective entry point of the network for access to specified destinations, as pre-assigned by the network customer. Also included in the access management apparatus is a validation host processor which responds to comparisons between the user terminal authorization information contained in the packet and the pre-assigned level of authorization for the same user terminal, and, if they correspond, to grant access by that user terminal through the associated packet switch to the destination address with which a communication session is requested; or, if they differ, to deny such access. The access management apparatus is located remote from the user terminals using the particular entry point for the network.
________________________________________
Inventors: Ankney; Richard C. (Chantilly, VA), Bonica; Ronald P. (Falls Church, VA), Kay; Douglas E. (Chevy Chase, MD), Pashayan; Patricia A. (Herndon, VA), Spitzer; Roy L. (Vienna, VA)
Assignee: Sprint International Communications Corp. (Reston, VA)
Appl. No.: 07/344,905
Filed: April 28, 1989
________________________________________
Current U.S. Class: 340/5.74; 370/420; 379/93.02; 710/200
Current International Class: H04L 29/00 (20060101); H04L 29/06 (20060101); H04L 12/24 (20060101); G06F 013/14 ()
Field of Search: 364/2MSFile,9MSFile
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

4604686
August 1986 Reiter et al.
4718005
January 1988 Feigenbaum et al.
4799153
January 1989 Hann et al.

Primary Examiner: Luu; Le Hien
Attorney, Agent or Firm: Sokoloff; Blakely Taylor & Zafman LLP
________________________________________

United States Patent 6,167,383
Henson December 26, 2000
________________________________________
Method and apparatus for providing customer configured machines at an internet site
Abstract
A web-based online store includes a configurator, a cart, a checkout, and a database, further in which a user interface of the online store enables a custom configuration of a computer system according to an identification of a user belonging to a prescribed customer set. The configurator is provided for configuring a computer system with options selected according to a prescribed user input, the options and a respective pricing for each option being presented on a configurator web page in accordance with the identification of the user belonging to a prescribed customer set. The cart is provided for temporarily storing the customer configured computer system, the cart including a cart web page. The checkout is provided for presenting payment options and for obtaining payment and delivery information, the checkout including a checkout web page. Lastly, the database is provided for dynamically supplying configuration options to the configurator in accordance with the identification of the user belonging to the prescribed customer set. An online store method and user interface are also disclosed.
________________________________________
Inventors: Henson; Ken (Austin, TX)
Assignee: Dell USA, LP (Round Rock, TX)
Appl. No.: 09/158,564
Filed: September 22, 1998
________________________________________
Current U.S. Class: 705/26.5; 703/13; 705/1.1; 705/26.7; 705/26.8; 709/217; 709/228
Current International Class: G06Q 30/00 (20060101); G06Q 10/00 (20060101); G06F 017/60 ()
Field of Search: 705/26,27,1 709/26,27 364/401,403,221.2,241.9,261.2,281.9 395/500.01,500.34
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

4389706
June 1983 Gomola et al.
4589063
May 1986 Shah et al.
4870591
September 1989 Cicciarelli et al.
5257387
October 1993 Richek et al.
5416842
May 1995 Aziz
5517494
May 1996 Green
5526489
June 1996 Nilakantan et al.
5535276
July 1996 Ganesan
5541927
July 1996 Kristol et al.
5570291
October 1996 Dudle et al.
5598536
January 1997 Slaughter, III et al.
5608900
March 1997 Dockter et al.
5613012
March 1997 Hoffman et al.
5640193
June 1997 Wellner et al.
5708798
January 1998 Lynch et al.
5764886
December 1999 Danielson et al.
5844554
December 1998 Geller et al.
5957695
September 1999 Redford et al.
6003012
December 1999 Nick
6009406
December 1999 Nick

Foreign Patent Documents

2213576 Aug., 1997 CA
0520770 Dec., 1992 EP

United States Patent 6,182,142
Win, et al. January 30, 2001
________________________________________
Distributed access management of information resources
Abstract
Using a method for controlling access to information resources, a single secure sign-on gives the user access to authorized resources, based on the user's role in the organization. The information resources are stored on a protected server. A user of a client or browser logs in to the system. A runtime module on the protected server receives the login request and intercepts all other request by the client to use a resource. The runtime module connects to an access server that can determine whether a particular user is authentic and which resources the user is authorized to access. User information is associated with roles and functional groups of an organization to which the user belongs; the roles are associated with access privileges. The access server connects to a registry server that stores information about users, roles, functional groups, resources, and associations among them. The access server and registry server exchange encrypted information that authorized the user to use the resource. The access server passes encrypted tokens that define the user's roles and authorization rights to the browser or client, which stores the tokens in memory. The user is presented with a customized display showing only those resources that the user may access. Thereafter, the access server can resolve requests to use other resources based on the tokens without contacting the registry server.
________________________________________
Inventors: Win; Teresa (Sunnyvale, CA), Belmonte; Emilio (San Francisco, CA)
Assignee: enCommerce, Inc. (Santa Clara, CA)
Appl. No.: 09/113,609
Filed: July 10, 1998
________________________________________
Current U.S. Class: 709/229; 709/219; 709/227; 726/4
Current International Class: H04L 29/06 (20060101); G06F 21/00 (20060101); G06F 013/00 ()
Field of Search: 709/202,203,217,219,223,225,229,313,227 713/200,201,202
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

5261102
November 1993 Hoffman
5845267
December 1998 Ronen
5918013
June 1999 Mighdoll et al.
5944824
August 1999 He
6014666
January 2000 Helland et al.

Primary Examiner: Vu; Viet D.
Attorney, Agent or Firm: Hickman Palermo Truong & Becker, LLP Palermo; Christopher J. Bingham; Marcel K.
________________________________________
Claims

United States Patent 6,189,146
Misra, et al. February 13, 2001
________________________________________
System and method for software licensing
Abstract
A software licensing system includes a license generator located at a licensing clearinghouse and at least one license server and multiple clients located at a company or entity. When a company wants a software license, it sends a purchase request (and appropriate fee) to the licensing clearinghouse. The license generator at the clearinghouse creates a license pack containing a set of one or more individual software licenses. To prevent the license pack from being copied and installed on multiple license servers, the license generator assigns a unique license pack ID to the license pack and associates the license pack ID with the particular license server in a master license database kept at the licensing clearinghouse. The license generator digitally signs the license pack and encrypts it with the license server's public key. The license server is responsible for distributing the software licenses from the license pack to individual clients. When a client needs a license, the license server determines the client's operating system platform and grants the appropriate license. To prevent an issued license from being copied from one client machine to another, the software license is assigned to a specific client by including a client ID within the license. The software license also has a license ID that is associated with the client ID in a database record kept at the license server. The license server digitally signs the software license and encrypts it using the client's public key. The license is stored locally at the client.
________________________________________
Inventors: Misra; Pradyumna K. (Redmond, WA), Graziadio; Bradley J. (Redmond, WA), Spies; Terence R. (Kirkland, WA)
Assignee: Microsoft Corporation (Redmond, WA)
Appl. No.: 09/040,813
Filed: March 18, 1998
________________________________________
Current U.S. Class: 717/177; 705/59
Current International Class: G06Q 30/00 (20060101); G06F 017/40 ()
Field of Search: 395/712 701/1 380/3,4,30,44,25 717/11
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

4924378
May 1990 Hershey et al.
5138712
August 1992 Corbin
5204897
April 1993 Wyman
5343524
August 1994 Mu et al.
5553143
September 1996 Ross et al.
5671412
September 1997 Christiano
5724425
March 1998 Chang et al.
5745879
April 1998 Wyman
5790677
August 1998 Fox et al.

Primary Examiner: Elmore; Reba I.
Attorney, Agent or Firm: Lee & Hayes, PLLC
________________________________________
Claims
________________________________________

United States Patent 6,446,117
Gebauer September 3, 2002
________________________________________
Apparatus and method for saving session variables on the server side of an on-line data base management system
Abstract
An apparatus for and method of utilizing an internet terminal coupled to the world wide web wherein one or more variables from a first service request may be saved for use with one or more subsequent service requests. The service request is received by a web server from the world wide web, and if it so indicates, one or more variables from the service request are saved within the server. When the server receives a subsequent request which requires access to the saved variables, they are retrieved for execution of the subsequent service request.
________________________________________
Inventors: Gebauer; Niels (New South Wales, AU)
Assignee: Unisys Corporation (Blue Bell, PA)
Appl. No.: 09/189,616
Filed: November 9, 1998
________________________________________
Current U.S. Class: 709/217; 707/999.01; 707/E17.117; 709/203; 709/227; 709/229
Current International Class: G06F 17/30 (20060101); G06F 015/16 ()
Field of Search: 709/200-203,217-219,226,227-229,242 707/10,104,201
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

5386586
January 1995 Papadopoulos
5548724
August 1996 Akizawa et al.
5708780
January 1998 Levergood et al.
5862339
January 1999 Bonnaure et al.
5862348
January 1999 Pedersen
5983273
November 1999 White et al.
6163797
December 2000 Eckley et al.

Primary Examiner: Barot; Bharat
Attorney, Agent or Firm: Johnson; Charles A. Starr; Mark T. Nawrocki, Rooney & Silvertson, P.A.
________________________________________
Parent Case Text
________________________________________

United States Patent 5,675,782
Montague, et al. October 7, 1997
________________________________________
Controlling access to objects on multiple operating systems
Abstract
A method and system for controlling access to entities on a network on which a plurality of servers are installed that use different operating systems. A request is entered by a user at a workstation on the network to set access permissions to an entity on the network in regard to a trustee. In response to the request, various application programming interfaces (APIs) are called to translate the generic request to set permissions on the entity into a format appropriate for the operating system that controls the entity. Assuming that the user has the appropriate rights to set access permissions to the entity as requested, and assuming that the trustee identified by the user is among those who can have rights set to the entity, the request made by the user is granted. Entities include both "containers" and "objects." Entities are either software, such as directories (containers) and files (objects), or hardware, such as printers (objects).
________________________________________
Inventors: Montague; David S. (Bellevue, WA), Misra; Pradyumna K. (Issaquah, WA), Swift; Michael M. (Bellevue, WA)
Assignee: Microsoft Corporation (Redmond, WA)
Appl. No.: 08/465,990
Filed: June 6, 1995
________________________________________
Current U.S. Class: 726/4; 707/999.01; 709/229
Current International Class: G06F 21/00 (20060101); H04L 29/06 (20060101); G06F 017/30 ()
Field of Search: 395/600,448,250,427,609,610,200.17,728,800,186 379/95
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

5263157
November 1993 Janis
5276901
January 1994 Howell et al.
5335346
August 1994 Fabbio
5446903
August 1995 Abraham et al.
5469576
November 1995 Dauerer et al.
5493728
February 1996 Solton et al.
5495521
February 1996 Rangachar
5539906
July 1996 Abraham et al.
5555388
September 1996 Shaughnessy
5559984
September 1996 Nakano et al.

Other References

Novel Inc, "Novel Netware Version 3.11", Novel Incorporated, pp. 192-271 Mar. 1991..

United States Patent 5,671,354
Ito, et al. September 23, 1997
________________________________________
Method of assisting server access by use of user authentication information held in one of servers and a method of assisting management user account for use of servers
Abstract
User authentication information for network of a user and a name of a server to be accessed are sent from a client terminal to a user management equipment realized by one of servers which constitute a network system. The user management equipment sends the network address of that server and user authentication information registered for that server back to the client terminal. Using these pieces of information, the client terminal logs in that server. Each of the servers used by the user notifies the user management equipment of the actual accounts for the user at preferable times. Using the notified information, the user management equipment manages the actual accounts of each user. Each user can know the total of actual accounts for the servers used by accessing only the user management equipment.
________________________________________
Inventors: Ito; Tsutomu (Kanagawa, JP), Hirosawa; Toshio (Machida, JP), Ueoka; Atsushi (Ome, JP), Kokunishi; Motohide (Hachioji, JP), Yamagishi; Tadashi (Yokohama, JP), Nakatsu; Kouichi (Hadano, JP)
Assignee: Hitachi, Ltd. (Tokyo, JP)
Hitachi Computer Engineering Co., Ltd. (Hadano, JP)
Appl. No.: 08/606,099
Filed: February 23, 1996
________________________________________
Foreign Application Priority Data
________________________________________

Feb 28, 1995 [JP] 7-039510

Current U.S. Class: 726/3
Current International Class: H04L 29/06 (20060101); G06F 011/00 ()
Field of Search: 395/187.01,188.01,106 364/222.5 380/23,25,4
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

5073933
December 1991 Rosenthal
5241594
August 1993 Kung
5341477
August 1994 Pitkin
5388211
February 1995 Hornbuckle
5455953
October 1995 Russell
5506961
April 1996 Carlson
5553239
September 1996 Heath

Other References

"NIS and System Management by Name Server, " in SUN System Management Chapter 7, pp. 203-219 (1991)..

Primary Examiner: Beausoliel, Jr.; Robert W.
Assistant Examiner: Le; Dieu-Minh

United States Patent 5,655,077
Jones, et al. August 5, 1997
________________________________________
Method and system for authenticating access to heterogeneous computing services
Abstract
A method and system for authenticating access to heterogeneous computing services is provided. In a preferred embodiment, logon providers are configured into the computer system, which provide secure access to their services by requiring authentication of user identification information using a logon mechanism. According to this embodiment, a user designates a primary logon provider to provide an initial logon user interface. The user enters identification information when this user interface is displayed, for example a user name, a password and a domain. The computer system executes a logon sequence, which first invokes the primary logon provider to collect identification information and to authenticate the user for access to services provided by the primary logon provider. The system then authenticates the collected identification information to provide the user access to operating system computer services. If the system logon authentication procedure is not successful, then the logon sequence displays its own user interface to collect additional identification information. The logon sequence then invokes the logon routines of other logon providers to enable them to authenticate already collected identification information without displaying additional user interfaces. A preferred embodiment enables the system logon sequence to use authentication information stored on a network to authenticate the user for access to local computing services. Also, logon providers can be provided for drivers other than network drivers when a logon mechanism is required to access their computing services. Further, using a primary logon provider, the initial logon user interface displayed to collect identification information can be replaced.
________________________________________
Inventors: Jones; Gregory A. (Seattle, WA), Price; Robert M. (Seattle, WA), Veghte; William L. (Bellevue, WA)
Assignee: Microsoft Corporation (Redmond, WA)
Appl. No.: 08/356,071
Filed: December 13, 1994
________________________________________
Current U.S. Class: 726/8
Current International Class: G06F 21/00 (20060101); G06F 011/00 ()
Field of Search: 395/187.01,186,188.01,481,490,491,200.06,200.09,200.12,200.2,285 380/3,4,23
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

4484306
November 1984 Kulczyckyj et al.
4698757
October 1987 Dill et al.
4799153
January 1989 Hann et al.
4930159
May 1990 Kravitz et al.
5204961
April 1993 Barlow
5241594
August 1993 Kung
5263165
November 1993 Janis
5287461
February 1994 Moore
5335346
August 1994 Fabbio
5359721
October 1994 Kempf et al.
5408653
April 1995 Josten et al.
5414839
May 1995 Joshi
5426427
June 1995 Chinnock et al.
5455953
October 1995 Russell
5499342
March 1996 Kuraihara et al.

Other References

Hauser et al., "Reducing the Proliferation of Passwords in Distributed Systems", IFIP Transactiona A, vol., A-13, pp. 525-531 Sep. 1992..

United States Patent 5,552,776
Wade, et al. September 3, 1996
________________________________________
Enhanced security system for computing devices
Abstract
A security system for controlling access to computing devices. The security system provides selectively programmable access, monitored access, access privilege modifications and recorded access history for a computing device.
________________________________________
Inventors: Wade; Jack (La Jolla, CA), Szaroletta; William K. (Des Moines, IA), Madden; Thomas R. (San Diego, CA)
Assignee: Z-Microsystems (Carlsbad, CA)
Appl. No.: 08/265,517
Filed: June 24, 1994
________________________________________
Related U.S. Patent Documents
________________________________________

Application Number Filing Date Patent Number Issue Date
763915 Sep., 1991

________________________________________
Current U.S. Class: 340/5.74; 340/5.22
Current International Class: G06F 1/00 (20060101); G06F 21/00 (20060101); G06F 007/04 ()
Field of Search: 340/825.31,825.34,825.56,825.3,309.15,309.6,310.08,870.16,870.17 379/95,102 307/139 235/382
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

4750197
June 1988 Denekamp et al.
4823290
April 1989 Fasack et al.
4849614
July 1989 Watanabe et al.
4882564
November 1989 Monroe et al.
4899217
February 1990 MacFadyen et al.
4942606
July 1990 Kaiser et al.
4947163
August 1990 Henderson et al.
5051720
September 1991 Kittirutsunetorn
5111185
May 1992 Kozaki
5144659
April 1992 Jones

Primary Examiner: Peng; John K.
Assistant Examiner: Hill; Andrew
Attorney, Agent or Firm: Loeb & Loeb
________________________________________
Parent Case Text
________________________________________

United States Patent 5,483,596
Rosenow, et al. January 9, 1996
________________________________________
Apparatus and method for controlling access to and interconnection of computer system resources
Abstract
A compact, physically secure, high-performance access controller (16, 18) is electrically connected to each access-managed resource (12, 14) or group of resources (10) in a computer system. Whenever access managed resources attempt to establish communications, their associated access controllers exchange sets of internally generated access authorization codes (106, 112, 120, 132, 202, 208, 216, 270, 272) utilizing protocols characterized by multiple random numbers, resource authorization keys, serial number (48, 72) verification, and session authorization keys. Each new session employs different encryption keys derived from multiple random numbers and multiple hidden algorithms. Tables of authorized requesting and responding resources are maintained in a protected memory (34, 38) in each access controller. An authorization table building procedure is augmented by an optional central access control system (56) that employs a parallel control network (62, 64, 66) to centrally manage the access control tables in an access-controlled system of resources.
________________________________________
Inventors: Rosenow; Peter D. (Edmonds, WA), Trafton; Roger M. (Kirkland, WA)
Assignee: Paralon Technologies, Inc. (Bellevue, WA)
Appl. No.: 08/186,663
Filed: January 24, 1994
________________________________________
Current U.S. Class: 713/167; 380/277; 726/3
Current International Class: G06F 21/00 (20060101); H04L 29/06 (20060101); G06F 1/00 (20060101); H04L 009/00 (); H04L 009/32 ()
Field of Search: 380/4,9,10,20,21,23,24,25,28,44,46,49,50
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

4546213
October 1985 Dick
4679226
July 1987 Muehleisen
4905281
February 1990 Surjaatmadja et al.
4956769
September 1990 Smith
4995112
February 1991 Aoyama
5003595
March 1991 Collins et al.
5018190
May 1991 Walker et al.
5131025
July 1992 Hamasaki
5153918
October 1992 Tuai
5173939
December 1992 Abadi et al.
5204961
April 1993 Barlow
5253295
October 1993 Saada et al.
5297207
March 1994 Degele
5297208
March 1994 Schlafly et al.
5315657
May 1994 Abadi et al.

Other References

"Network World: Network Security Secrets," David J. Stang and Sylvia Moon, IDG Books Worldwide, Inc., San Mateo, California, 1993, pp. 437-459..

Primary Examiner: Gregory; Bernarr E.
Attorney, Agent or Firm: Rives; Stoel
________________________________________
Claims
________________________________________

United States Patent 5,321,841
East, et al. June 14, 1994
________________________________________
System for determining the rights of object access for a server process by combining them with the rights of the client process
Abstract
In a multitasking, multiuser computer system, a server process temporarily impersonates the characteristics of a client process when the client process preforms a remote procedure call on the server process. Each process has an identifier list with a plurality of identifiers that characterize the process. The server process generates a new identifier list which is either the same as the client process's list, or is the union of the server's and the client's lists. Each object in the system can have an access control list which defines the identifiers that a process must have in order to access the object. The operation system has access checking software for enabling a selected process access to a specified object when the identifiers for the process match the list of identifiers in the access control list of the specified object. The server can therefore access all objects accessible to the client while the server is working for the client. The server can restore its original identifier list after completing the services that it performs for the client.
________________________________________
Inventors: East; Jeffrey A. (Aptos, CA), Walker; James J. (Redmond, WA), Jenness; Steven M. (Redmond, WA), Ozur; Mark C. (Redmond, WA), Kelly, Jr.; James W. (Redmond, WA)
Assignee: Digital Equipment Corporation (Maynard, MA)
[*] Notice: The portion of the term of this patent subsequent to February 16, 2010 has been disclaimed.
Appl. No.: 08/011,293
Filed: January 29, 1993
________________________________________
Related U.S. Patent Documents
________________________________________

Application Number Filing Date Patent Number Issue Date
873359 Apr., 1992 5187790
373878 Jun., 1989

________________________________________
Current U.S. Class: 718/107; 710/240; 719/330
Current International Class: G06F 9/46 (20060101); G06F 013/14 ()
Field of Search: 395/650,725 364/DIG.1,DIG.2
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

4135240
January 1979 Ritchie
4455602
June 1984 Baxter, III et al.
4525780
June 1985 Bratt et al.
4584639
April 1986 Hardy
4621321
November 1986 Boebert et al.
4656579
April 1987 Bachman et al.
4701840
October 1987 Boebert et al.
4713753
December 1987 Boebert et al.
4714996
December 1987 Gladney et al.
4800488
January 1989 Agrawal et al.
4809160
February 1989 Mahon et al.
4825354
April 1989 Agrawal et al.
4849877
July 1989 Bishop et al.
4901231
February 1990 Bishop et al.
5057996
October 1991 Cutler et al.
5129083
July 1992 Cutler et al.
5129084
July 1992 Kelly, Jr. et al.
5136712
August 1992 Perazzoli, Jr. et al.
5187790
February 1993 East et al.
5249293
September 1993 Schreiber et al.

Primary Examiner: Lee; Thomas C.
Assistant Examiner: Amsbury; Wayne
Attorney, Agent or Firm: Flehr, Hohbach, Test, Albritton & Herbert
________________________________________
Parent Case Text

United States Patent 5,315,657
Abadi, et al. May 24, 1994
________________________________________
Compound principals in access control lists
Abstract
An access control list for determining the access rights of principals in a distributed system to a system resource is disclosed wherein the access rights of a specified principal are based on the access rights delegated to that principal.
________________________________________
Inventors: Abadi; Martin (Palo Alto, CA), Goldstein; Andrew C. (Hudson, MA), Lampson; Butler W. (Cambridge, MA)
Assignee: Digital Equipment Corporation (Maynard, MA)
Appl. No.: 07/589,923
Filed: September 28, 1990
________________________________________
Current U.S. Class: 726/4; 340/5.74; 370/447; 713/156; 713/159; 713/167
Current International Class: G06F 9/46 (20060101); H04L 009/32 (); G06F 013/14 ()
Field of Search: 380/3,4,23-25,49,50,21,43 364/222.5,286.4,286.5,240.8,246.6,283.3,709.5 340/825.31,825.34
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

4309569
January 1982 Merkle
4405829
September 1983 Rivest et al.
4771459
September 1988 Jansen
4779224
October 1988 Moseley et al.
4825354
April 1989 Agrawal et al.
4858117
August 1989 Di Chiara et al.
4882752
November 1989 Lindman et al.
4887077
December 1989 Irby, III et al.
4919545
April 1990 Yu
4961224
October 1990 Yung et al.
4962449
October 1990 Schlesinger
4984272
January 1991 McIlroy et al.
5012515
April 1991 McVitie

Other References

Schroeder, Birrell & Needham, Experience With Grapevine: The Growth of a Distributed System, 2 ACM Transactions on Computer Systems 3-23 (1984). .
Millerm Neuman, Schiller & Saltzer, Kerberos Authentication and Authorization System, Project Athena Technical Plan (1987). .
European Community Manufactures Association (ECMA), Security in Open Systems-Data Elements and Service Definitions: "Alice in Wonderland" (Jul.

United States Patent 5,276,901
Howell, et al. January 4, 1994
________________________________________
System for controlling group access to objects using group access control folder and group identification as individual user
Abstract
A method and system for controlling access by groups of users to multiple objects stored within a data processing system implemented library wherein each object has an access list associated therewith explicitly listing individual users permitted access to that object. A group identification is established which encompasses all users within the data processing system, a selected subset of users with the data processing system, or a single selected user and his or her designated affinity users or proxies. The group identification is then listed within an associated access list for a particular object and upon an attempted access of the particular object by a user not listed explicitly within the associated access list, a determination is made as to whether or not that user is listed within a group identification which is permitted access. In one embodiment of the present invention selected objects and users each have associated therewith a clearance level and access to a selected object by a particular user listed within a group identification may be denied if that particular user's clearance level does not meet or exceed the clearance level of the selected object.
________________________________________
Inventors: Howell; William E. (North Richland Hills, TX), Reddy; Hari N. (Grapevine, TX), Wang; Diana S. (Trophy Club, TX)
Assignee: International Business Machines Corporation (Armonk, NY)
Appl. No.: 07/807,685
Filed: December 16, 1991
________________________________________
Current U.S. Class: 340/5.2; 340/5.54; 707/783; 707/999.009; 713/167
Current International Class: G06F 1/00 (20060101); G06F 21/00 (20060101); G06F 012/14 ()
Field of Search: 340/825.31,825.34,825.5 380/4,25 395/600,800
________________________________________
References Cited [Referenced By]
________________________________________
U.S. Patent Documents

4104721
August 1978 Marstein et al.
5014345
May 1991 Comroe et al.

Foreign Patent Documents

0398645 Nov., 1990 EP

Other References

C J. Date, An Introduction to Database Systems, vol. II, 1983, pp. 158-159. .
Shien et al., "An N-Grid Model for Group Authorization", Proceedings of the Sixth Annual Computer Security Applications Conference, Dec. 3-7, 1990, pp. 384-392. .
Wilms et al., "A Database Authorization Mechanism Supporting Individual and Group Authorization", Second International Seminar on Distributed Data Sharing Systems, 1982, pp. 273-292..

Primary Examiner: Lee; Thomas C.
Attorney, Agent or Firm: Dillon; Andrew J.
________________________________________
Claims
________________________________________

We claim:

1. A method in a data processing system of controlling access by groups of users to a plurality of objects stored within a data processing system library service wherein each of said plurality of objects within said data processing system library service includes associated therewith an explicit list of individual users permitted access thereto and wherein each individual user has associated therewith an access control folder which includes a listing of privileges for selected ones of said plurality of objects which said individual user is permitted to access, said method comprising the steps of:

establishing a group identification for a selected subset of users within said data processing system and associating a group access control folder with said group identification, said group access control folder including a listing of privileges for selected ones of said plurality of objects which each individual user within said selected subset of users is permitted to access;

inserting a reference to said group access control folder within said access control folder associated with each individual user within said selected subset of users.

джерело: Інтернет-сайт "ВЯПат"

корисний матеріал? Натисніть:

групи: реєстрація прав; світ
теги: винахід; методика; сайт; інтернет; комп'ютерні технології