Андрій ЛІВШИЦ винахідник, інтердисциплінарний фахівець, володар другої академічної ступеня по прецизійній механіці і другого академічного ступеня по QA і системним ПМП (Технологічний Коледж Сан Франциско, Каліфорнія)
Статья «Возможности патентования в сфере информационных технологий», затрагивает огромный пласт деятельности в современном обществе. И если ещё совсем недавно было возможно как то очень точно охарактеризовать или ограничить тот или иной технологический сектор, то с приходом во все сферы деятельности человечества высоких технологий и их ответвления - информационных технологий, такие классификационные возможности и защитные механизмы существенно изменились и трансформировались в новую систему технических, коммерческих и юридических взаимосвязей. Практически во всех, даже относительно несложных процессах, их структура становится интегративной и включает в себя технологические приёмы, методы и системы никогда ранее не применявшиеся, и, кроме того, интеграция классических технических решений с новыми возможностями, которые предоставляют информационные технологии, в корне изменяют само понятие, - изобретение. Этот, возникший на стыках технологий, фактор существенно изменяет отношение к формулированию и защите тех элементов и их сочетаний, которые в таких новых условиях могут быть квалифицированы как интегративные технические решения, соответствующие основным признакам изобретения. Давайте обратимся к известным критериям идентификации технических решений, которые определяют характер и уровень соответствия указанных технических решений определению требований к техническим решениям, находящимся на уровне изобретений. Мировая новизна Все, кто готовил описания технических решений, которые представлялись как потенциальные изобретения конечно помнит как ещё 10 лет тому назад осуществлялся поиск, как долго шёл процесс определения индексов международной классификации изобретений, как определялся индекс универсальной десятичной классификации и как по этим признакам практически вручную медленно шёл процесс. Не смотря на эти очевидные проблемы в то же время, благодаря тому, что техническое решение было относительно однородным по поставленной цели и по решениям для достижения поставленной цели, уровень новизны технического решения определялся сравнительно легко и точно. Сегодня анализируя опубликованные описания изобретений, сравнивая их с новым техническим решением, поневоле задаёшь себе один и тот же вопрос, - а что же всё таки в них изобретено, какие составные элементы известных технических решений повлияли или могут повлиять на совокупный конечный результат от использования нового технического решения? Если допустим все классические элементы новизны эквивалентны, но есть завуалированная трактовка программной составляющей новизны, как определить степень влияния программной составляющей на совокупный результат применения изобретения, как сравнить элементы отличия алгоритмов известных и новых технических решений и как понять существенность выявленных формальных отличий? Исходя из накопленного опыта, можно сказать, что решить указанные проблемы возможно только с помощью углублённого структурного анализа предложенного и известного технических решений на уровне возможностей аналитического приложения «Космос» к конструкторской программе Solid Works. Для того, кто в совершенстве владеет техникой пользователя этих программ, углублённый сравнительный структурный анализ этих технических решений даёт необходимые ответы. С другой стороны, информационные технологии в корне изменили качество патентного поиска и в ещё более существенном виде изменили процесс аналитической обработки результатов поиска. Пример аналитической матрицы для обработки результатов такого поиска приведен в Приложении 1 к настоящей публикации. Для примера выбрано как раз одно из направлений в патентовании информационных технологий в приложении к интернетовским коммерческим предприятиям. Это приложение показывает, что сейчас уже вопрос о принципиальной возможности патентования в сферах напрямую или косвенно связанных с информационными технологиями не стоит, на этот вопрос практика уже дала вполне определённый ответ в виде тысяч патентов, выданных именно на создание и коммерческую реализацию информационных и интернетовских технологий (кстати, именно благодаря этим технологиям весь процесс по подготовке такого документа занимает несколько часов рабочего времени). Неочевидность технического решения Этот критерий в патентовании информационных технологий по простой причине того, что этими технологиями пользуются уже не миллионы, а миллиарды человек, стал в значительной степени не объективным и его применение в оценке тех или других решений на сегодня не имеет каких – то устоявшихся методик и инструкций. Возможность реализации на базе существующих технологий Этот критерий в применении к информационным технологиям и созданным на их основе интеллектуальным продуктам в виде патентов, также становится достаточно расплывчатым и во многих конкретных ситуациях достаточно спорным. В патентах по информационным технологиям возник термин «электронный продукт», но опять же пока ещё не создано чёткое определение свойств этого продукта. Полезность Для информационных технологий это в общем коммерческий, а не технический критерий. Полной ясности здесь также нет и принятие решения экспертом патентного ведомства о признании технического решения в области информационных технологий изобретением также достаточно субъективно и не свободно, к сожалению, от влияния пресловутого человеческого эмоционального фактора. Сочетание четырёх вышеперечисленных критериев и их взаимная интеграция Представляется, что это сегодня один из вариантов для более уверенного формулирования характера и отличительных признаков потенциального изобретения в области высоких технологий и всех их интернетовских информационных, и не только, ответвлений. Вот некоторые примеры таких сочетаний: Функциональная интеграция в одном изобретении технических элементарных решений, каждое из которых обладает локальной новизной, полезностью, реализуемостью и неочевидностью; Функциональная интеграция в одном изобретении технических элементарных решений, каждое из которых не обладает даже локальной новизной и не является неочевидным, но при наличии полезности и реализуемости, в сочетании обеспечивают полное соответствие четырём перечисленным критериям; Функциональная интеграция в одном изобретении технических элементарных решений, каждое из которых не обладает даже локальной новизной и не является неочевидным, но при наличии полезности и реализуемости, в сочетании обеспечивают полное соответствие четырём перечисленным критериям в необычном варианте применения; Сочетание, включающее, изменение условий функциональной интеграции элементарных технических решений в связи с интеграцией в их совокупность программ, систем и методов, присущих информационным технологиям; Сочетание, учитывающее, - Влияние возможностей информационных технологий на быстроту и качество системного поиска при селекции и синтезе элементарных технических решений, в совокупности определяющих новизну и неочевидность интегративных решений; Сочетание, включающее, применение комплекса цифровых и аналоговых технологий для симуляции новых интегративных процессов, включая анимационные варианты симуляции или функциональной трёхмерной имитации реальных процессов. Приложение 1 patent search results: United States Patent 7,363,245 Dedrick, et al. April 22, 2008 ________________________________________ Electronic product packaging and distribution for e-Commerce Abstract The invention generally relates to packaging and distribution of goods for e-Commerce transactions, and more particularly to extending electronic shopping carts to include rules controlling access and distribution to a cart's goods. One embodiment includes a distribution method, in which an online distribution server, configured to receive incoming connections from a client, is connected to. A list of goods available for electronic and physical distribution to the client is received, and goods from the list are selected. Selected goods are added to an electronic shopping cart, and creation of a distribution package according to contents of electronic shopping cart is requested. Access restrictions for the distribution package are then assigned. Thus, access to the package created from the shopping cart can be restricted to only authorized clients. ________________________________________ Inventors: Dedrick; Rick (Hillsboro, OR), Shine; Laura (Hillsboro, OR), Koski; Jeanne M. (Beaverton, OR) Assignee: Intel Corporation (Santa Clara, CA) Appl. No.: 09/540,239 Filed: March 31, 2000 ________________________________________ Current U.S. Class: 705/26.8; 709/225 Current International Class: G06Q 30/00 (20060101) Field of Search: 705/26 709/225 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 5991807 November 1999 Schmidt et al. 6167383 December 2000 Henson 6182142 January 2001 Win et al. 6189146 February 2001 Misra et al. 6446117 September 2002 Gebauer Foreign Patent Documents 98/37480 Aug., 1998 What is claimed is: 1. A method of using an electronic shopping cart to facilitate defining a distribution package, comprising: connecting to an online distribution server; receiving a list of goods available for electronic and/or physical distribution to a client; selecting goods from the list; adding said selected goods to an electronic shopping cart; requesting creation of a distribution package according to contents of electronic shopping cart; and assigning access restrictions for the distribution package, said restrictions controlling access by the client to the distribution package. United States Patent 5,991,807 Schmidt, et al. November 23, 1999 ________________________________________ System for controlling users access to a distributive network in accordance with constraints present in common access distributive network interface separate from a server Abstract A method of managing access to a distributive network provides both time and site access restraints for users or groups of users on a LAN or WAN adapted for accessing the network through a common network access interface system. The method utilizes the LAN server to develop and monitor the constraints, minimizing the utilization of the access interface system. The management parameters for each group or individual having access to the distributive network via the LAN or WAN is entered into the interface box by the administrator as a compact reference, a series of pointers to the larger database of users and groups stored in the existing LAN server directory services. The existing database of users and groups and their relationships exist already in the LAN servers as a normal consequence of LAN operation and a simple, graphical user interface in the preferred embodiment of the invention permits familiar selection of objects of that database and assignment of access constraints. ________________________________________ Inventors: Schmidt; Jonathan (San Antonio, TX), Donzis; Lewis (San Antonio, TX), Donzis; Henry (San Antonio, TX), Murphy; John (San Antonio, TX), Baron; Peter (San Antonio, TX), Savage; Herb (San Antonio, TX) Assignee: Nortel Networks Corporation (Montreal, CA) Appl. No.: 08/669,053 Filed: June 24, 1996 ________________________________________ Current U.S. Class: 709/225; 726/8 Current International Class: G06F 13/00 (20060101); G06F 013/00 () Field of Search: 340/825.31 707/9 380/25 709/225 713/200,201 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 5276901 January 1994 Howell et al. 5315657 May 1994 Abadi et al. 5321841 June 1994 East et al. 5483596 January 1996 Rosenow et al. 5552776 September 1996 Wade et al. 5655077 August 1997 Jones et al. 5671354 September 1997 Ito et al. 5675782 October 1997 Montague et al. 5678041 October 1997 Baker et al. Primary Examiner: Luu; Le Hien Attorney, Agent or Firm: Sokoloff; Blakely Taylor & Zafman LLP ________________________________________ Claims ________________________________________ What is claimed is: 1. A method for controlling access to a distributive network by users and user groups utilizing personal computers (PCs) on a local area network (LAN) comprising: utilizing a server for centralized, common access by the PCs on the LAN; establishing a database for the server to identify users and user group assignments for the LAN, the database including users and user groups native to normal LAN operation, each user group comprising one or more users; establishing a common access distributive network interface separate from the server and communicatively coupling the LAN to the distributive network without directly connecting through the server; programming user and user group control parameters into the database at the server, including constraints for access by users and user groups to the distributive network; transferring the constraints to the distributive network interface; and controlling access to the distributive network for a particular user at the distributive network interface without routing the particular user's access through the server and in accordance with the constraints present in the distributive network interface for the particular user or the group to which the particular user is assigned. United States Patent 5,678,041 Baker, et al. October 14, 1997 ________________________________________ System and method for restricting user access rights on the internet based on rating information stored in a relational database Abstract A system and method for selectively controlling database access by providing a system and method that allows a network administrator or manager to restrict specific system users from accessing information from certain public or otherwise uncontrolled databases (i.e., the WWW and the Internet). The invention employs a relational database to determine access rights, and this database may be readily updated and modified by an administrator. Within this relational database specific resource identifiers (i.e., URLs) are classified as being in a particular access group. The relational database is arranged so that for each user of the system a request for a particular resource will only be passed on from the local network to a server providing a link to the public/uncontrolled database if the resource identifier is in an access group for which the user has been assigned specific permissions by an administrator. In one preferred embodiment, the invention is implemented as part of a proxy server within the user's local network. ________________________________________ Inventors: Baker; Brenda Sue (Berkeley Heights, NJ), Grosse; Eric (Berkeley Heights, NJ) Assignee: AT&T (Middletown, NJ) Appl. No.: 08/519,268 Filed: August 25, 1995 ________________________________________ United States Patent 5,113,499 Ankney, et al. May 12, 1992 ________________________________________ Telecommunication access management system for a packet switching network Abstract A security access management system for a packet switched data communications network has access management apparatus operatively associated with the packet switches at each entry point of the network. The access management apparatus includes an administrative host processor for examining user terminal authorization information in packets received at the associated packet switch for transmission through the network to destination addresses for the packets. A database associated with the administrative host stores information including levels of authorization of the user terminals for the respective entry point of the network for access to specified destinations, as pre-assigned by the network customer. Also included in the access management apparatus is a validation host processor which responds to comparisons between the user terminal authorization information contained in the packet and the pre-assigned level of authorization for the same user terminal, and, if they correspond, to grant access by that user terminal through the associated packet switch to the destination address with which a communication session is requested; or, if they differ, to deny such access. The access management apparatus is located remote from the user terminals using the particular entry point for the network. ________________________________________ Inventors: Ankney; Richard C. (Chantilly, VA), Bonica; Ronald P. (Falls Church, VA), Kay; Douglas E. (Chevy Chase, MD), Pashayan; Patricia A. (Herndon, VA), Spitzer; Roy L. (Vienna, VA) Assignee: Sprint International Communications Corp. (Reston, VA) Appl. No.: 07/344,905 Filed: April 28, 1989 ________________________________________ Current U.S. Class: 340/5.74; 370/420; 379/93.02; 710/200 Current International Class: H04L 29/00 (20060101); H04L 29/06 (20060101); H04L 12/24 (20060101); G06F 013/14 () Field of Search: 364/2MSFile,9MSFile ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 4604686 August 1986 Reiter et al. 4718005 January 1988 Feigenbaum et al. 4799153 January 1989 Hann et al. United States Patent 5,991,807 Schmidt, et al. November 23, 1999 ________________________________________ System for controlling users access to a distributive network in accordance with constraints present in common access distributive network interface separate from a server Abstract A method of managing access to a distributive network provides both time and site access restraints for users or groups of users on a LAN or WAN adapted for accessing the network through a common network access interface system. The method utilizes the LAN server to develop and monitor the constraints, minimizing the utilization of the access interface system. The management parameters for each group or individual having access to the distributive network via the LAN or WAN is entered into the interface box by the administrator as a compact reference, a series of pointers to the larger database of users and groups stored in the existing LAN server directory services. The existing database of users and groups and their relationships exist already in the LAN servers as a normal consequence of LAN operation and a simple, graphical user interface in the preferred embodiment of the invention permits familiar selection of objects of that database and assignment of access constraints. ________________________________________ Inventors: Schmidt; Jonathan (San Antonio, TX), Donzis; Lewis (San Antonio, TX), Donzis; Henry (San Antonio, TX), Murphy; John (San Antonio, TX), Baron; Peter (San Antonio, TX), Savage; Herb (San Antonio, TX) Assignee: Nortel Networks Corporation (Montreal, CA) Appl. No.: 08/669,053 Filed: June 24, 1996 ________________________________________ Current U.S. Class: 709/225; 726/8 Current International Class: G06F 13/00 (20060101); G06F 013/00 () Field of Search: 340/825.31 707/9 380/25 709/225 713/200,201 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 5276901 January 1994 Howell et al. 5315657 May 1994 Abadi et al. 5321841 June 1994 East et al. 5483596 January 1996 Rosenow et al. 5552776 September 1996 Wade et al. 5655077 August 1997 Jones et al. 5671354 September 1997 Ito et al. 5675782 October 1997 Montague et al. 5678041 October 1997 Baker et al. Primary Examiner: Luu; Le Hien Attorney, Agent or Firm: Sokoloff; Blakely Taylor & Zafman LLP ________________________________________ United States Patent 6,167,383 Henson December 26, 2000 ________________________________________ Method and apparatus for providing customer configured machines at an internet site Abstract A web-based online store includes a configurator, a cart, a checkout, and a database, further in which a user interface of the online store enables a custom configuration of a computer system according to an identification of a user belonging to a prescribed customer set. The configurator is provided for configuring a computer system with options selected according to a prescribed user input, the options and a respective pricing for each option being presented on a configurator web page in accordance with the identification of the user belonging to a prescribed customer set. The cart is provided for temporarily storing the customer configured computer system, the cart including a cart web page. The checkout is provided for presenting payment options and for obtaining payment and delivery information, the checkout including a checkout web page. Lastly, the database is provided for dynamically supplying configuration options to the configurator in accordance with the identification of the user belonging to the prescribed customer set. An online store method and user interface are also disclosed. ________________________________________ Inventors: Henson; Ken (Austin, TX) Assignee: Dell USA, LP (Round Rock, TX) Appl. No.: 09/158,564 Filed: September 22, 1998 ________________________________________ Current U.S. Class: 705/26.5; 703/13; 705/1.1; 705/26.7; 705/26.8; 709/217; 709/228 Current International Class: G06Q 30/00 (20060101); G06Q 10/00 (20060101); G06F 017/60 () Field of Search: 705/26,27,1 709/26,27 364/401,403,221.2,241.9,261.2,281.9 395/500.01,500.34 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 4389706 June 1983 Gomola et al. 4589063 May 1986 Shah et al. 4870591 September 1989 Cicciarelli et al. 5257387 October 1993 Richek et al. 5416842 May 1995 Aziz 5517494 May 1996 Green 5526489 June 1996 Nilakantan et al. 5535276 July 1996 Ganesan 5541927 July 1996 Kristol et al. 5570291 October 1996 Dudle et al. 5598536 January 1997 Slaughter, III et al. 5608900 March 1997 Dockter et al. 5613012 March 1997 Hoffman et al. 5640193 June 1997 Wellner et al. 5708798 January 1998 Lynch et al. 5764886 December 1999 Danielson et al. 5844554 December 1998 Geller et al. 5957695 September 1999 Redford et al. 6003012 December 1999 Nick 6009406 December 1999 Nick Foreign Patent Documents 2213576 Aug., 1997 CA 0520770 Dec., 1992 EP United States Patent 6,182,142 Win, et al. January 30, 2001 ________________________________________ Distributed access management of information resources Abstract Using a method for controlling access to information resources, a single secure sign-on gives the user access to authorized resources, based on the user's role in the organization. The information resources are stored on a protected server. A user of a client or browser logs in to the system. A runtime module on the protected server receives the login request and intercepts all other request by the client to use a resource. The runtime module connects to an access server that can determine whether a particular user is authentic and which resources the user is authorized to access. User information is associated with roles and functional groups of an organization to which the user belongs; the roles are associated with access privileges. The access server connects to a registry server that stores information about users, roles, functional groups, resources, and associations among them. The access server and registry server exchange encrypted information that authorized the user to use the resource. The access server passes encrypted tokens that define the user's roles and authorization rights to the browser or client, which stores the tokens in memory. The user is presented with a customized display showing only those resources that the user may access. Thereafter, the access server can resolve requests to use other resources based on the tokens without contacting the registry server. ________________________________________ Inventors: Win; Teresa (Sunnyvale, CA), Belmonte; Emilio (San Francisco, CA) Assignee: enCommerce, Inc. (Santa Clara, CA) Appl. No.: 09/113,609 Filed: July 10, 1998 ________________________________________ Current U.S. Class: 709/229; 709/219; 709/227; 726/4 Current International Class: H04L 29/06 (20060101); G06F 21/00 (20060101); G06F 013/00 () Field of Search: 709/202,203,217,219,223,225,229,313,227 713/200,201,202 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 5261102 November 1993 Hoffman 5845267 December 1998 Ronen 5918013 June 1999 Mighdoll et al. 5944824 August 1999 He 6014666 January 2000 Helland et al. Primary Examiner: Vu; Viet D. Attorney, Agent or Firm: Hickman Palermo Truong & Becker, LLP Palermo; Christopher J. Bingham; Marcel K. ________________________________________ Claims United States Patent 6,189,146 Misra, et al. February 13, 2001 ________________________________________ System and method for software licensing Abstract A software licensing system includes a license generator located at a licensing clearinghouse and at least one license server and multiple clients located at a company or entity. When a company wants a software license, it sends a purchase request (and appropriate fee) to the licensing clearinghouse. The license generator at the clearinghouse creates a license pack containing a set of one or more individual software licenses. To prevent the license pack from being copied and installed on multiple license servers, the license generator assigns a unique license pack ID to the license pack and associates the license pack ID with the particular license server in a master license database kept at the licensing clearinghouse. The license generator digitally signs the license pack and encrypts it with the license server's public key. The license server is responsible for distributing the software licenses from the license pack to individual clients. When a client needs a license, the license server determines the client's operating system platform and grants the appropriate license. To prevent an issued license from being copied from one client machine to another, the software license is assigned to a specific client by including a client ID within the license. The software license also has a license ID that is associated with the client ID in a database record kept at the license server. The license server digitally signs the software license and encrypts it using the client's public key. The license is stored locally at the client. ________________________________________ Inventors: Misra; Pradyumna K. (Redmond, WA), Graziadio; Bradley J. (Redmond, WA), Spies; Terence R. (Kirkland, WA) Assignee: Microsoft Corporation (Redmond, WA) Appl. No.: 09/040,813 Filed: March 18, 1998 ________________________________________ Current U.S. Class: 717/177; 705/59 Current International Class: G06Q 30/00 (20060101); G06F 017/40 () Field of Search: 395/712 701/1 380/3,4,30,44,25 717/11 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 4924378 May 1990 Hershey et al. 5138712 August 1992 Corbin 5204897 April 1993 Wyman 5343524 August 1994 Mu et al. 5553143 September 1996 Ross et al. 5671412 September 1997 Christiano 5724425 March 1998 Chang et al. 5745879 April 1998 Wyman 5790677 August 1998 Fox et al. Primary Examiner: Elmore; Reba I. Attorney, Agent or Firm: Lee & Hayes, PLLC ________________________________________ Claims ________________________________________ United States Patent 6,446,117 Gebauer September 3, 2002 ________________________________________ Apparatus and method for saving session variables on the server side of an on-line data base management system Abstract An apparatus for and method of utilizing an internet terminal coupled to the world wide web wherein one or more variables from a first service request may be saved for use with one or more subsequent service requests. The service request is received by a web server from the world wide web, and if it so indicates, one or more variables from the service request are saved within the server. When the server receives a subsequent request which requires access to the saved variables, they are retrieved for execution of the subsequent service request. ________________________________________ Inventors: Gebauer; Niels (New South Wales, AU) Assignee: Unisys Corporation (Blue Bell, PA) Appl. No.: 09/189,616 Filed: November 9, 1998 ________________________________________ Current U.S. Class: 709/217; 707/999.01; 707/E17.117; 709/203; 709/227; 709/229 Current International Class: G06F 17/30 (20060101); G06F 015/16 () Field of Search: 709/200-203,217-219,226,227-229,242 707/10,104,201 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 5386586 January 1995 Papadopoulos 5548724 August 1996 Akizawa et al. 5708780 January 1998 Levergood et al. 5862339 January 1999 Bonnaure et al. 5862348 January 1999 Pedersen 5983273 November 1999 White et al. 6163797 December 2000 Eckley et al. Primary Examiner: Barot; Bharat Attorney, Agent or Firm: Johnson; Charles A. Starr; Mark T. Nawrocki, Rooney & Silvertson, P.A. ________________________________________ Parent Case Text ________________________________________ United States Patent 5,675,782 Montague, et al. October 7, 1997 ________________________________________ Controlling access to objects on multiple operating systems Abstract A method and system for controlling access to entities on a network on which a plurality of servers are installed that use different operating systems. A request is entered by a user at a workstation on the network to set access permissions to an entity on the network in regard to a trustee. In response to the request, various application programming interfaces (APIs) are called to translate the generic request to set permissions on the entity into a format appropriate for the operating system that controls the entity. Assuming that the user has the appropriate rights to set access permissions to the entity as requested, and assuming that the trustee identified by the user is among those who can have rights set to the entity, the request made by the user is granted. Entities include both "containers" and "objects." Entities are either software, such as directories (containers) and files (objects), or hardware, such as printers (objects). ________________________________________ Inventors: Montague; David S. (Bellevue, WA), Misra; Pradyumna K. (Issaquah, WA), Swift; Michael M. (Bellevue, WA) Assignee: Microsoft Corporation (Redmond, WA) Appl. No.: 08/465,990 Filed: June 6, 1995 ________________________________________ Current U.S. Class: 726/4; 707/999.01; 709/229 Current International Class: G06F 21/00 (20060101); H04L 29/06 (20060101); G06F 017/30 () Field of Search: 395/600,448,250,427,609,610,200.17,728,800,186 379/95 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 5263157 November 1993 Janis 5276901 January 1994 Howell et al. 5335346 August 1994 Fabbio 5446903 August 1995 Abraham et al. 5469576 November 1995 Dauerer et al. 5493728 February 1996 Solton et al. 5495521 February 1996 Rangachar 5539906 July 1996 Abraham et al. 5555388 September 1996 Shaughnessy 5559984 September 1996 Nakano et al. Other References Novel Inc, "Novel Netware Version 3.11", Novel Incorporated, pp. 192-271 Mar. 1991.. United States Patent 5,671,354 Ito, et al. September 23, 1997 ________________________________________ Method of assisting server access by use of user authentication information held in one of servers and a method of assisting management user account for use of servers Abstract User authentication information for network of a user and a name of a server to be accessed are sent from a client terminal to a user management equipment realized by one of servers which constitute a network system. The user management equipment sends the network address of that server and user authentication information registered for that server back to the client terminal. Using these pieces of information, the client terminal logs in that server. Each of the servers used by the user notifies the user management equipment of the actual accounts for the user at preferable times. Using the notified information, the user management equipment manages the actual accounts of each user. Each user can know the total of actual accounts for the servers used by accessing only the user management equipment. ________________________________________ Inventors: Ito; Tsutomu (Kanagawa, JP), Hirosawa; Toshio (Machida, JP), Ueoka; Atsushi (Ome, JP), Kokunishi; Motohide (Hachioji, JP), Yamagishi; Tadashi (Yokohama, JP), Nakatsu; Kouichi (Hadano, JP) Assignee: Hitachi, Ltd. (Tokyo, JP) Hitachi Computer Engineering Co., Ltd. (Hadano, JP) Appl. No.: 08/606,099 Filed: February 23, 1996 ________________________________________ Foreign Application Priority Data ________________________________________ Feb 28, 1995 [JP] 7-039510 Current U.S. Class: 726/3 Current International Class: H04L 29/06 (20060101); G06F 011/00 () Field of Search: 395/187.01,188.01,106 364/222.5 380/23,25,4 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 5073933 December 1991 Rosenthal 5241594 August 1993 Kung 5341477 August 1994 Pitkin 5388211 February 1995 Hornbuckle 5455953 October 1995 Russell 5506961 April 1996 Carlson 5553239 September 1996 Heath Other References "NIS and System Management by Name Server, " in SUN System Management Chapter 7, pp. 203-219 (1991).. Primary Examiner: Beausoliel, Jr.; Robert W. Assistant Examiner: Le; Dieu-Minh United States Patent 5,655,077 Jones, et al. August 5, 1997 ________________________________________ Method and system for authenticating access to heterogeneous computing services Abstract A method and system for authenticating access to heterogeneous computing services is provided. In a preferred embodiment, logon providers are configured into the computer system, which provide secure access to their services by requiring authentication of user identification information using a logon mechanism. According to this embodiment, a user designates a primary logon provider to provide an initial logon user interface. The user enters identification information when this user interface is displayed, for example a user name, a password and a domain. The computer system executes a logon sequence, which first invokes the primary logon provider to collect identification information and to authenticate the user for access to services provided by the primary logon provider. The system then authenticates the collected identification information to provide the user access to operating system computer services. If the system logon authentication procedure is not successful, then the logon sequence displays its own user interface to collect additional identification information. The logon sequence then invokes the logon routines of other logon providers to enable them to authenticate already collected identification information without displaying additional user interfaces. A preferred embodiment enables the system logon sequence to use authentication information stored on a network to authenticate the user for access to local computing services. Also, logon providers can be provided for drivers other than network drivers when a logon mechanism is required to access their computing services. Further, using a primary logon provider, the initial logon user interface displayed to collect identification information can be replaced. ________________________________________ Inventors: Jones; Gregory A. (Seattle, WA), Price; Robert M. (Seattle, WA), Veghte; William L. (Bellevue, WA) Assignee: Microsoft Corporation (Redmond, WA) Appl. No.: 08/356,071 Filed: December 13, 1994 ________________________________________ Current U.S. Class: 726/8 Current International Class: G06F 21/00 (20060101); G06F 011/00 () Field of Search: 395/187.01,186,188.01,481,490,491,200.06,200.09,200.12,200.2,285 380/3,4,23 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 4484306 November 1984 Kulczyckyj et al. 4698757 October 1987 Dill et al. 4799153 January 1989 Hann et al. 4930159 May 1990 Kravitz et al. 5204961 April 1993 Barlow 5241594 August 1993 Kung 5263165 November 1993 Janis 5287461 February 1994 Moore 5335346 August 1994 Fabbio 5359721 October 1994 Kempf et al. 5408653 April 1995 Josten et al. 5414839 May 1995 Joshi 5426427 June 1995 Chinnock et al. 5455953 October 1995 Russell 5499342 March 1996 Kuraihara et al. Other References Hauser et al., "Reducing the Proliferation of Passwords in Distributed Systems", IFIP Transactiona A, vol., A-13, pp. 525-531 Sep. 1992.. United States Patent 5,552,776 Wade, et al. September 3, 1996 ________________________________________ Enhanced security system for computing devices Abstract A security system for controlling access to computing devices. The security system provides selectively programmable access, monitored access, access privilege modifications and recorded access history for a computing device. ________________________________________ Inventors: Wade; Jack (La Jolla, CA), Szaroletta; William K. (Des Moines, IA), Madden; Thomas R. (San Diego, CA) Assignee: Z-Microsystems (Carlsbad, CA) Appl. No.: 08/265,517 Filed: June 24, 1994 ________________________________________ Related U.S. Patent Documents ________________________________________ Application Number Filing Date Patent Number Issue Date | 763915 Sep., 1991 | ________________________________________ Current U.S. Class: 340/5.74; 340/5.22 Current International Class: G06F 1/00 (20060101); G06F 21/00 (20060101); G06F 007/04 () Field of Search: 340/825.31,825.34,825.56,825.3,309.15,309.6,310.08,870.16,870.17 379/95,102 307/139 235/382 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 4750197 June 1988 Denekamp et al. 4823290 April 1989 Fasack et al. 4849614 July 1989 Watanabe et al. 4882564 November 1989 Monroe et al. 4899217 February 1990 MacFadyen et al. 4942606 July 1990 Kaiser et al. 4947163 August 1990 Henderson et al. 5051720 September 1991 Kittirutsunetorn 5111185 May 1992 Kozaki 5144659 April 1992 Jones Primary Examiner: Peng; John K. Assistant Examiner: Hill; Andrew Attorney, Agent or Firm: Loeb & Loeb ________________________________________ Parent Case Text ________________________________________ United States Patent 5,483,596 Rosenow, et al. January 9, 1996 ________________________________________ Apparatus and method for controlling access to and interconnection of computer system resources Abstract A compact, physically secure, high-performance access controller (16, 18) is electrically connected to each access-managed resource (12, 14) or group of resources (10) in a computer system. Whenever access managed resources attempt to establish communications, their associated access controllers exchange sets of internally generated access authorization codes (106, 112, 120, 132, 202, 208, 216, 270, 272) utilizing protocols characterized by multiple random numbers, resource authorization keys, serial number (48, 72) verification, and session authorization keys. Each new session employs different encryption keys derived from multiple random numbers and multiple hidden algorithms. Tables of authorized requesting and responding resources are maintained in a protected memory (34, 38) in each access controller. An authorization table building procedure is augmented by an optional central access control system (56) that employs a parallel control network (62, 64, 66) to centrally manage the access control tables in an access-controlled system of resources. ________________________________________ Inventors: Rosenow; Peter D. (Edmonds, WA), Trafton; Roger M. (Kirkland, WA) Assignee: Paralon Technologies, Inc. (Bellevue, WA) Appl. No.: 08/186,663 Filed: January 24, 1994 ________________________________________ Current U.S. Class: 713/167; 380/277; 726/3 Current International Class: G06F 21/00 (20060101); H04L 29/06 (20060101); G06F 1/00 (20060101); H04L 009/00 (); H04L 009/32 () Field of Search: 380/4,9,10,20,21,23,24,25,28,44,46,49,50 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 4546213 October 1985 Dick 4679226 July 1987 Muehleisen 4905281 February 1990 Surjaatmadja et al. 4956769 September 1990 Smith 4995112 February 1991 Aoyama 5003595 March 1991 Collins et al. 5018190 May 1991 Walker et al. 5131025 July 1992 Hamasaki 5153918 October 1992 Tuai 5173939 December 1992 Abadi et al. 5204961 April 1993 Barlow 5253295 October 1993 Saada et al. 5297207 March 1994 Degele 5297208 March 1994 Schlafly et al. 5315657 May 1994 Abadi et al. Other References "Network World: Network Security Secrets," David J. Stang and Sylvia Moon, IDG Books Worldwide, Inc., San Mateo, California, 1993, pp. 437-459.. Primary Examiner: Gregory; Bernarr E. Attorney, Agent or Firm: Rives; Stoel ________________________________________ Claims ________________________________________ United States Patent 5,321,841 East, et al. June 14, 1994 ________________________________________ System for determining the rights of object access for a server process by combining them with the rights of the client process Abstract In a multitasking, multiuser computer system, a server process temporarily impersonates the characteristics of a client process when the client process preforms a remote procedure call on the server process. Each process has an identifier list with a plurality of identifiers that characterize the process. The server process generates a new identifier list which is either the same as the client process's list, or is the union of the server's and the client's lists. Each object in the system can have an access control list which defines the identifiers that a process must have in order to access the object. The operation system has access checking software for enabling a selected process access to a specified object when the identifiers for the process match the list of identifiers in the access control list of the specified object. The server can therefore access all objects accessible to the client while the server is working for the client. The server can restore its original identifier list after completing the services that it performs for the client. ________________________________________ Inventors: East; Jeffrey A. (Aptos, CA), Walker; James J. (Redmond, WA), Jenness; Steven M. (Redmond, WA), Ozur; Mark C. (Redmond, WA), Kelly, Jr.; James W. (Redmond, WA) Assignee: Digital Equipment Corporation (Maynard, MA) [*] Notice: The portion of the term of this patent subsequent to February 16, 2010 has been disclaimed. Appl. No.: 08/011,293 Filed: January 29, 1993 ________________________________________ Related U.S. Patent Documents ________________________________________ Application Number Filing Date Patent Number Issue Date | 873359 Apr., 1992 5187790 | 373878 Jun., 1989 | ________________________________________ Current U.S. Class: 718/107; 710/240; 719/330 Current International Class: G06F 9/46 (20060101); G06F 013/14 () Field of Search: 395/650,725 364/DIG.1,DIG.2 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 4135240 January 1979 Ritchie 4455602 June 1984 Baxter, III et al. 4525780 June 1985 Bratt et al. 4584639 April 1986 Hardy 4621321 November 1986 Boebert et al. 4656579 April 1987 Bachman et al. 4701840 October 1987 Boebert et al. 4713753 December 1987 Boebert et al. 4714996 December 1987 Gladney et al. 4800488 January 1989 Agrawal et al. 4809160 February 1989 Mahon et al. 4825354 April 1989 Agrawal et al. 4849877 July 1989 Bishop et al. 4901231 February 1990 Bishop et al. 5057996 October 1991 Cutler et al. 5129083 July 1992 Cutler et al. 5129084 July 1992 Kelly, Jr. et al. 5136712 August 1992 Perazzoli, Jr. et al. 5187790 February 1993 East et al. 5249293 September 1993 Schreiber et al. Primary Examiner: Lee; Thomas C. Assistant Examiner: Amsbury; Wayne Attorney, Agent or Firm: Flehr, Hohbach, Test, Albritton & Herbert ________________________________________ Parent Case Text United States Patent 5,315,657 Abadi, et al. May 24, 1994 ________________________________________ Compound principals in access control lists Abstract An access control list for determining the access rights of principals in a distributed system to a system resource is disclosed wherein the access rights of a specified principal are based on the access rights delegated to that principal. ________________________________________ Inventors: Abadi; Martin (Palo Alto, CA), Goldstein; Andrew C. (Hudson, MA), Lampson; Butler W. (Cambridge, MA) Assignee: Digital Equipment Corporation (Maynard, MA) Appl. No.: 07/589,923 Filed: September 28, 1990 ________________________________________ Current U.S. Class: 726/4; 340/5.74; 370/447; 713/156; 713/159; 713/167 Current International Class: G06F 9/46 (20060101); H04L 009/32 (); G06F 013/14 () Field of Search: 380/3,4,23-25,49,50,21,43 364/222.5,286.4,286.5,240.8,246.6,283.3,709.5 340/825.31,825.34 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 4309569 January 1982 Merkle 4405829 September 1983 Rivest et al. 4771459 September 1988 Jansen 4779224 October 1988 Moseley et al. 4825354 April 1989 Agrawal et al. 4858117 August 1989 Di Chiara et al. 4882752 November 1989 Lindman et al. 4887077 December 1989 Irby, III et al. 4919545 April 1990 Yu 4961224 October 1990 Yung et al. 4962449 October 1990 Schlesinger 4984272 January 1991 McIlroy et al. 5012515 April 1991 McVitie Other References Schroeder, Birrell & Needham, Experience With Grapevine: The Growth of a Distributed System, 2 ACM Transactions on Computer Systems 3-23 (1984). . Millerm Neuman, Schiller & Saltzer, Kerberos Authentication and Authorization System, Project Athena Technical Plan (1987). . European Community Manufactures Association (ECMA), Security in Open Systems-Data Elements and Service Definitions: "Alice in Wonderland" (Jul. United States Patent 5,276,901 Howell, et al. January 4, 1994 ________________________________________ System for controlling group access to objects using group access control folder and group identification as individual user Abstract A method and system for controlling access by groups of users to multiple objects stored within a data processing system implemented library wherein each object has an access list associated therewith explicitly listing individual users permitted access to that object. A group identification is established which encompasses all users within the data processing system, a selected subset of users with the data processing system, or a single selected user and his or her designated affinity users or proxies. The group identification is then listed within an associated access list for a particular object and upon an attempted access of the particular object by a user not listed explicitly within the associated access list, a determination is made as to whether or not that user is listed within a group identification which is permitted access. In one embodiment of the present invention selected objects and users each have associated therewith a clearance level and access to a selected object by a particular user listed within a group identification may be denied if that particular user's clearance level does not meet or exceed the clearance level of the selected object. ________________________________________ Inventors: Howell; William E. (North Richland Hills, TX), Reddy; Hari N. (Grapevine, TX), Wang; Diana S. (Trophy Club, TX) Assignee: International Business Machines Corporation (Armonk, NY) Appl. No.: 07/807,685 Filed: December 16, 1991 ________________________________________ Current U.S. Class: 340/5.2; 340/5.54; 707/783; 707/999.009; 713/167 Current International Class: G06F 1/00 (20060101); G06F 21/00 (20060101); G06F 012/14 () Field of Search: 340/825.31,825.34,825.5 380/4,25 395/600,800 ________________________________________ References Cited [Referenced By] ________________________________________ U.S. Patent Documents 4104721 August 1978 Marstein et al. 5014345 May 1991 Comroe et al. Foreign Patent Documents 0398645 Nov., 1990 EP Other References C J. Date, An Introduction to Database Systems, vol. II, 1983, pp. 158-159. . Shien et al., "An N-Grid Model for Group Authorization", Proceedings of the Sixth Annual Computer Security Applications Conference, Dec. 3-7, 1990, pp. 384-392. . Wilms et al., "A Database Authorization Mechanism Supporting Individual and Group Authorization", Second International Seminar on Distributed Data Sharing Systems, 1982, pp. 273-292.. Primary Examiner: Lee; Thomas C. Attorney, Agent or Firm: Dillon; Andrew J. ________________________________________ Claims ________________________________________ We claim: 1. A method in a data processing system of controlling access by groups of users to a plurality of objects stored within a data processing system library service wherein each of said plurality of objects within said data processing system library service includes associated therewith an explicit list of individual users permitted access thereto and wherein each individual user has associated therewith an access control folder which includes a listing of privileges for selected ones of said plurality of objects which said individual user is permitted to access, said method comprising the steps of: establishing a group identification for a selected subset of users within said data processing system and associating a group access control folder with said group identification, said group access control folder including a listing of privileges for selected ones of said plurality of objects which each individual user within said selected subset of users is permitted to access; inserting a reference to said group access control folder within said access control folder associated with each individual user within said selected subset of users.
джерело:
Інтернет-сайт "ВЯПат"
корисний матеріал? Натисніть:
групи:
реєстрація прав; світ
теги:
винахід; методика; сайт; інтернет; комп'ютерні технології
|