Access check system utilizing cached access permissions
Abstract
An access-check system for a network server comprises an access-cache for storing access-permissions generated by the server in response to resource access requests. The system retrieves the appropriate access-permission from the access-cache in response to receipt of a request necessitating the same access-permission as already generated for an earlier processed request. A user-token cache is also employed to assign a unique user-token, to be used in the access-cache, to each user logged on to the server. Changes made to the user-token cache are reflected in the access-cache by removing from the access-cache those entries containing the changed user-token. Changes made to an access control list are reflected in the access-cache by removing from the access-cache those entries containing the server resource with which the changed access control list is associated.
Claims
exact text as granted — not AI-modifiedWe claim:
1 . A computer-readable medium having computer-executable instructions for providing access to a computer network by performing steps comprising:
receiving a request from a user to access a resource on the computer network; checking a first memory to determine if the user may access the resource; providing the user with access to the resource if the first memory indicates that the user may access the resource; checking a second memory to determine if the user may access the resource if the first memory does not indicate that the user may access the resource; providing the user with access to the resource if the second memory indicates that the user may access the resource; and storing information in the first memory indicating that the user may access the resource if, after checking the second memory, the second memory indicates that the user may access the resource.
2 . The computer-readable medium of claim 1 wherein the first memory indicates that the user may access the resource by indicating that access to the resource has been previously provided to the user.
3 . The computer-readable medium of claim 1 wherein the user is represented in the first memory by a token.
4 . The computer-readable medium of claim 3 wherein the token also represents a plurality of other users.
5 . The computer-readable medium of claim 3 wherein the token represents anonymous users.
6 . The computer-readable medium of claim 3 further comprising:
authorizing fs to check the first memory.
7 . The computer-readable medium of claim 1 wherein the resource is a file.
8 . The computer-readable medium of claim 1 wherein the resource is a volume of files.
9 . The computer-readable medium of claim 1 wherein the resource is a memory device.
10 . The computer-readable medium of claim 1 wherein storing the information in the first memory comprises overwriting other information associated with the resource in the first memory.
11 . The computer-readable medium of claim 10 wherein storing the information in the first memory comprises writing a token for the user in the first memory over another token for another user that had last previous access to the resource.
12 . The computer-readable medium of claim 1 further comprising, if the resource is altered, removing indications from the first memory allowing access to the resource.
13 . The computer-readable medium of claim 1 further comprising, if rights of the user are altered, removing indications from the first memory allowing access by the user.
14 . The computer-readable medium of claim 1 wherein the request from the user indicates an operation to perform with respect to the resource, and further comprising:
checking the first memory to determine if the user may perform the operation with respect to the resource;
providing the user with access to the resource to perform the operation if the first memory indicates that the user may perform the operation with respect to the resource;
checking a second memory to determine if the user may perform the operation with respect to the resource if the first memory does not indicate that the user may perform the operation with respect to the resource;
providing the user with access to the resource if the second memory indicates that the user may perform the operation with respect to the resource; and
storing information in the first memory indicating that the user may perform the operation with respect to the resource if, after checking the second memory, the second memory indicates that the user may perform the operation with respect to the resource.
15 . A method for providing access to a computer network, the method comprising:
receiving a request from a user to access a resource on the computer network; checking a first memory to determine if the user may access the resource; providing the user with access to the resource if the first memory indicates that the user may access the resource; checking a second memory to determine if the user may access the resource if the first memory does not indicate that the user may access the resource; providing the user with access to the resource if the second memory indicates that the user may access the resource; and storing information in the first memory indicating that the user may access the resource if, after checking the second memory, the second memory indicates that the user may access the resource.
16 . The method of claim 15 wherein the first memory indicates that the user may access the resource by indicating that access to the resource has been previously provided to the user.
17 . The method of claim 15 wherein the user is represented in the first memory by a token.
18 . The method of claim 17 wherein the token also represents a plurality of other users.
19 . The method of claim 17 wherein the token represents anonymous users.
20 . The method of claim 17 further comprising:
authorizing the user by checking a password provided by the user;
associating the token with the user after authorizing the user; and
using the token to check the first memory.
21 . The method of claim 15 wherein the resource is a file.
22 . The method of claim 15 wherein the resource is a volume of files.
23 . The method of claim 15 wherein the resource is a memory device.
24 . The method of claim 15 wherein storing the information in the first memory comprises overwriting other information associated with the resource in the first memory.
25 . The method of claim 24 wherein storing the information in the first memory comprises writing a token for the user in the first memory over another token for another user that had last previous access to the resource.
26 . The method of claim 15 further comprising, if the resource is altered, removing indications from the first memory allowing access to the resource.
27 . The method of claim 15 further comprising, if rights of the user are altered, removing indications from the first memory allowing access by the user.
28 . The method of claim 15 wherein the request from the user indicates an operation to perform with respect to the resource, and further comprising:
checking the first memory to determine if the user may perform the operation with respect to the resource;
providing the user with access to the resource to perform the operation if the first memory indicates that the user may perform the operation with respect to the resource;
checking a second memory to determine if the user may perform the operation with respect to the resource if the first memory does not indicate that the user may perform the operation with respect to the resource;
providing the user with access to the resource if the second memory indicates that the user may perform the operation with respect to the resource; and
storing information in the first memory indicating that the user may perform the operation with respect to the resource if, after checking the second memory, the second memory indicates that the user may perform the operation with respect to the resource.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.