US20050240622A1 - Multi-connection control system - Google Patents

Multi-connection control system Download PDF

Info

Publication number
US20050240622A1
US20050240622A1 US11/165,225 US16522505A US2005240622A1 US 20050240622 A1 US20050240622 A1 US 20050240622A1 US 16522505 A US16522505 A US 16522505A US 2005240622 A1 US2005240622 A1 US 2005240622A1
Authority
US
United States
Prior art keywords
access
request
vector
computer
objects
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/165,225
Inventor
Tom Cheung
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US11/165,225 priority Critical patent/US20050240622A1/en
Publication of US20050240622A1 publication Critical patent/US20050240622A1/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHEUNG, TOM THUAN
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2147Locking files

Definitions

  • This invention relates in general to computer systems, and, in particular, to a multi-connection control system.
  • Some systems need to access a shared database connected to a server simultaneously with multiple requests. These systems need to access the server expeditiously at more than one time and in such a way that the number of available access permits are not exceeded. That is, these systems may have a limit as to how many users or requests may access the server. However, these systems want to access a server as many times as necessary. For example, one system may be a banking system which is used by many customers to access their account balances simultaneously. In this scenario, the banking system would need to access the server multiple times, once for each customer request. Some conventional systems access the server serially to process each request, which does not provide information to each customer efficiently.
  • the present invention discloses a method, apparatus, and article of manufacture for a multi-connection control system.
  • one or more requests to access a system are received. For each request, it is determined whether to allow access to the system using an access vector to identify an available access object.
  • FIG. 1 illustrates a block diagram of a computer hardware environment that could be used in accordance with a preferred embodiment of the present invention
  • FIG. 2 is a block diagram illustrating the elements of a multi-connection control system
  • FIG. 3 is a flow diagram illustrating the steps performed by a multi-connection control system to process a request.
  • FIG. 4 is a flow diagram illustrating the steps performed by a multi-connection control system to process changes to access criteria.
  • FIG. 1 illustrates a block diagram of a computer hardware environment that could be used in accordance with a preferred embodiment of the present invention.
  • FIG. 1 is a block diagram illustrating the interaction of a Product system and the Digital Library system.
  • the Product system is comprised of a Product Server 100 and Product Clients 104 .
  • the Product server 100 communicates with the Digital Library system (“Digital Library”) 110 via and eXtensible Markup Language (XML), which enables a user to create documents that contain links to multiple other documents on the Internet.
  • An XML server 102 receives XML commands from the Product server 100 and from other XML clients 106 .
  • the XML server 102 processes the XML commands to access data in the Digital Library 110 .
  • the XML server 102 communicates with a Digital Library System 110 via Object Oriented (OO) Application Programming Interface (API) calls (e.g., in the JAVA programming language).
  • the XML server 102 communicates with the Product server 100 and the XML clients 106 via XML streams (i.e., action/response).
  • XML commands that require a Digital Library 110 response (action) are parsed with the necessary parameters and passed to the Digital Library 100 .
  • the Digital Library 110 processes the command and returns a response.
  • the XML server 102 processes incoming XML action streams from XML clients.
  • the XML server 102 spawns an agent to do the work and return a response XML stream.
  • the XML server 102 also handles Product server 100 transaction requests.
  • the XML server 102 identifies requests from the Product server 100 or XML clients 106 to access the Digital Library 110 .
  • the XML server 102 processes responses received from the Digital Library 110 to determine whether there was success or failure.
  • the Digital Library 110 in processing requests received from the XML server 102 , modifies Product specific Digital Library tables in conjunction with normal database functions while processing the request.
  • the Product server 100 and the Digital Library 110 are connected via the Internet.
  • the Internet is a collection of computer networks that exchange information via Transmission Control Protocol/Internet Protocol (“TCP/IP”).
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • the Internet computer network consists of many internet networks, each of which is a single network that uses the TCP/IP protocol suite.
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • the World Wide Web (i.e., the “WWW” or the “Web”) is an information and communication system used on the Internet computer network with data communications operating according to a client/server model.
  • a Web client computer e.g., a Product client will request data stored in data sources from a Web server computer (e.g., a Product server 100 ), at which Web server software resides.
  • the Web server software interacts with an interface connected to, for example, the XML server 102 , which is connected to the data sources (e.g., the Digital Library 110 ).
  • the Product server 100 communicates with the Digital Library 110 through extensible Markup Language (XML) commands that are processed by the XML server 102 .
  • XML extensible Markup Language
  • the preferred embodiment improves integration of the Digital Library and a production system in which the Product has its own file storage up to the point of publication of digital media.
  • the Digital Library interface enables archival of file objects via the Digital Library system, enables placement of metadata information in the Digital Library, enables storage and maintenance of data, and enables storage of file objects into the Digital Library.
  • the Digital Library interface is implemented in the Java programming language.
  • the Digital Library architecture is based on a triangular client/server model comprised of a Library Server, one or more multimedia Object Servers, and one or more clients.
  • the core of the infrastructure is the Library Server.
  • the Library Server using IBM DB2 or Oracle database services, manages the Digital Library catalog information, locates stored objects using a variety of search technologies, provides secured access to the objects held in the collection, and communicates with the Object Servers.
  • the digital content is stored in Object Servers.
  • Object Servers support the attachment of DASD and other media devices, and can be distributed across an enterprise network to provide convenient user access.
  • the end user, on a client desktop receives direct access to the information requested from the collection regardless of where the data is stored.
  • Many clients can be connected to the Library and Object Server in a Digital Library system, including those accessing the Digital Library using supported Web browsers.
  • a preferred embodiment of the present invention works in conjunction with a language with the ability to declare static (shared) variables and the ability to synchronize a block of code for entrance by only one thread at a time. Although these can be worked around with variable passing and programming locks, performance and complexity increase with the work arounds. In particular, the static and synchronization types of the Java language are used.
  • the multi-connection control system of the preferred embodiment of the invention is preferably implemented in one or more computer programs or applications. These computer programs may be part of the Digital Library 110 .
  • the computer programs implementing the techniques of the invention are tangibly embodied in and/or readable from a device, carrier, or media, and/or remote devices coupled to a computer via data communication devices.
  • FIG. 1 the hardware environment illustrated in FIG. 1 is not intended to limit the present invention. Indeed those skilled in the art will recognize that other alternative hardware environments may be used without departing from the scope of the present invention.
  • a multi-connection control system is a connection provider to a server that enables multiple accesses by multiple requests simultaneously.
  • the multi-connection control system uses an accessibility construct, which is described in further detail below.
  • the accessibility construct may be applied to many general accessibility systems such as: badge systems, parking systems, and server systems.
  • the multi-connection control system has a dynamic design that allows growth without having to stop an ongoing system.
  • the multi-connection control system is dynamic in that a computer program in which the techniques of the invention are embodied could be running, and without interrupting the computer program, the number of requests to access the system may be increased.
  • the multi-connection control system allows for dynamically changing the number of users who access the database. This assists in determining access performance. In particular, if the number of users accessing the database is high, some users may wait for other users to finish before they can access the database. Therefore, by dynamically changing the number of users, the multi-connection control system enables access performance to be improved.
  • the multi-connection control system connects to a server (e.g., Digital Library) N number of times, and the connections are checked out via locks.
  • a server e.g., Digital Library
  • the multi-connection control system is an access system that controls access to the server.
  • “Access to server” refers to connecting to the server to initiate requests to the server.
  • FIG. 2 is a block diagram illustrating the elements of a multi-connection control system.
  • the multi-connection control system is an access system 200 .
  • the access system 200 includes an access function 202 that determines whether access is to be provided.
  • the access function 202 makes its determination using an access vector 204 .
  • the access vector is an array of access objects 206 . Each of these elements will be described in further detail below.
  • the access vector 204 is a dynamic array object that consists of objects, referred to as access objects 206 .
  • the access objects 206 are specified based on the access system 200 . For example, in a badge system in which a badge is required to enter a set of rooms, the badge is the access object.
  • the access object 206 consists of enough information (i.e., attributes) to determine valid access (i.e., whether a request is authorized) and other access rights.
  • the access vector 204 controls the uniqueness of the access and is stored in a shared memory storage for use by multiple requests.
  • An access function 202 is used to manipulate the access vector 204 to determine whether or not access is available. If access is available, the access system 200 returns the necessary confirmation to the request, otherwise, the access system 200 returns a predetermined “no access” value.
  • the use of static (shared) variables and the ability to synchronize a block of code for entrance by only one thread at a time is the key to allowing multi-threaded invocation of the access function 202 .
  • Access System // an access system object such ⁇ // as a server connection // manager Access Object // access object ⁇ long Id; // access information int AccessLevel; // specific to access system ... long getId( ); // get and set routines int getAccessLevel( ); ... ⁇ static Vector AccessVector (of Access Object); // access Vector // to store shared // access objects Object static synchronized AccessFunction( ); ⁇ look up AccessVector( ) for available access // can use // predetermined // logic here if (access available) ⁇ set Availability return values ⁇ else ⁇ set unAvailability return values ⁇ return returnObject; ⁇ ⁇
  • the Access System is comprised of an Access Object, an Access Vector, and an Access Function.
  • the Access System may be a server connection manager, which is part of a server.
  • the Access Object includes an identifier (i.e., Id, which is a long integer) used to provide access information and an access level indicator (i.e., AccessLevel, which is an integer) used to provide specific information for the access system.
  • Id identifier
  • AccessLevel access level indicator
  • the Access Object includes get and set routines to get and set the identifier and access level (e.g., the getId and getAccessLevel routines).
  • the Access Vector is an array of Access Objects that are shared among multiple users of one system or among multiple systems.
  • the Access Function contains logic for determining whether to give access to a request.
  • the Access Function includes logic for looking up the AccessVector to determine whether access is available.
  • the Access Function returns an object (i.e., returnObject) that contains Availability return values when access is available and contains unAvailability return values when access is not available.
  • FIG. 3 is a flow diagram illustrating the steps performed by a multi-connection control system to process a request.
  • the multi-connection control system receives one or more requests to access a system.
  • the multi-connection control system determines whether to allow access to the system using an access vector to identify an available access object.
  • the multi-connection control system provides access to the request.
  • the multi-connection control system provides an indicator to the request indicating that access is denied.
  • New Access Objects can be added to the Access Vector to allow more requests to access the server without stopping the Access System. Additionally, some Access Objects can be removed from the Access System or updated in the Access System, without stopping the execution of the Access System. For example, a request may be denied access either because the access limit (i.e., the number of requests that can simultaneously access the system) has been reached or the access level of the request does not allow the request to obtain the information that it wants.
  • the user submitting the request may request a system administrator to increase the number of requests that can access the Access System or may request that the access level (i.e., an attribute of an access object) be changed to allow the request to have greater access to, for example, tables stored at a server. Once the administrator increases the number of requests or updates the access level of the particular request, the request can access the Access System. In a similar manner, the number of requests that can simultaneously access the system may be decreased.
  • FIG. 4 is a flow diagram illustrating the steps performed by a multi-connection control system to process changes to access criteria.
  • the multi-connection control system receives a command to modify the access criteria.
  • the command indicates that additional requests are to simultaneously access the system
  • the multi-connection control system adds one or more access objects to the access vector.
  • the command indicates that fewer requests are to simultaneously access the system
  • the multi-connection control system deletes one or more access objects from the access vector.
  • the multi-connection control system updates one or more attributes of one or more access objects in the access vector.
  • the logic that is to be applied to determine whether access is available is easily fitted into the Access Function. This allows for a more general technique that enables different Access Systems, with varying characteristics, to have different Access Functions.
  • the Access System restricts access to an Access Function, which minimizes the amount of information a request “needs to know” of the overall system. That is, a request may input its request without understanding the logic of the Access Function.
  • One of the advantages of the multi-connection control system is that it provides synchronization. That is, the access function is being synchronized among multiple requests or even multiple systems (each with multiple requests). To maintain this synchronization, the access vector is manipulated by one thread at a time. Thus, the access vector is locked and cannot be accessed by others while one thread is manipulating the access vector.
  • the techniques of the invention are used to provide improved integration between a Digital Library System (“the Digital Library”), from International Business Machines Corporation, and a Product that accesses the Digital Library.
  • the Digital Library a Digital Library System
  • International Business Machines Corporation a Digital Library System
  • Product a Product that accesses the Digital Library.
  • the Digital Library is an advanced database for storing digital image files. This digital media may be text, full-motion video, audio, graphics, or images.
  • the Digital Library enables petabytes of text, images, audio and video, to be created or transformed into digital form, stored in the Digital Library, and distributed over any network, with security, to users around the world.
  • the Digital Library provides management and reuse of media assets, preserves assets from physical deterioration, protects assets with advanced rights management, and consolidates management of text, images, audio and video.
  • the Product may be any system that may use the Digital Library.
  • the Product may comprise a product for a banking system, for a media production group, for print and Web publishers, or for researchers and teachers.
  • the Digital Library provides media asset (i.e., digital media) solutions with sufficient storage capacity, scalability, speed, multi-level security, sophisticated searching techniques and Internet access to reach new markets, preserve assets from loss or deterioration, and ensure copyright protection.
  • the XML server 102 submits multiple requests to the Digital Library 110 .
  • the Digital Library 110 executes the access function to determine whether to provide access to that request.
  • the access function uses the access vector to determine whether any access objects are available. If an access object is available, the access function provides access to the request. Otherwise, the access function provides an error message or other indication to the request to indicate that the request cannot receive access to the Digital Library.
  • the access system is a parking lot.
  • the access object is a parking space and contains the details about that parking space, for example, that parking space might be associated with a parking space identifier, with a size (i.e., compact), and with other details (e.g., handicapped parking space).
  • One access factor is the sum of all of the parking spaces (i.e., access can only be give to as many cars as there are spaces for).
  • the access vector is an array of the access objects (i.e., the parking spaces), and the access vector indicates for each access object, whether that access object is available (i.e., whether the parking space is available).
  • the access function determines whether to let a car enter the parking lot. Lets assume that the parking structure contains only 100 spaces. If the 100 spaces are taken, then the access function at the parking lot entry denies access to the parking lot. Additionally, the access function processes exits by updating the access vector to indicate that parking spaces are available.
  • each one has a badge, which is a special ID. This is part of the access function.
  • the ID provides information, such as defining the type of access a car has and the type of parking space that it can park in (e.g., compact).
  • the access function determines whether the car has the appropriate access type to park in the parking lot. Additionally, the access function determines whether the appropriate parking space is available (e.g., handicapped).
  • the access vector is a list of the access objects that are available. Therefore, the access function checks the access vector to determine whether there is a parking space available. If the access function determines that a parking space is available, the access function allows the car to enter, otherwise, the access function indicates that the car must wait for an available parking space.
  • the access function also determines whether cars are exiting the parking lot. When a car exits, this information is input to the access function, which recognizes that an access object is free. At this time, the access function enables the waiting car to enter (assuming that the parking space is appropriate for that car).
  • any type of computer such as a mainframe, minicomputer, or personal computer, or computer configuration, such as a timesharing mainframe, local area network, or standalone personal computer, could be used with embodiments of the present invention.

Abstract

The present invention discloses a multi-connection control system. Initially, one or more requests to access a system are received. For each request, it is determined whether to allow access to the system using an access vector to identify an available access object.

Description

    BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • This invention relates in general to computer systems, and, in particular, to a multi-connection control system.
  • 2. Description of Related Art
  • Some systems need to access a shared database connected to a server simultaneously with multiple requests. These systems need to access the server expeditiously at more than one time and in such a way that the number of available access permits are not exceeded. That is, these systems may have a limit as to how many users or requests may access the server. However, these systems want to access a server as many times as necessary. For example, one system may be a banking system which is used by many customers to access their account balances simultaneously. In this scenario, the banking system would need to access the server multiple times, once for each customer request. Some conventional systems access the server serially to process each request, which does not provide information to each customer efficiently.
  • Therefore, there is a need in the art for an improved technique for accessing a server to process multiple requests.
  • SUMMARY OF THE INVENTION
  • To overcome the limitations in the prior art described above, and to overcome other limitations that will become apparent upon reading and understanding the present specification, the present invention discloses a method, apparatus, and article of manufacture for a multi-connection control system.
  • In accordance with the present invention, one or more requests to access a system are received. For each request, it is determined whether to allow access to the system using an access vector to identify an available access object.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • Referring now to the drawings in which like reference numbers represent corresponding parts throughout:
  • FIG. 1 illustrates a block diagram of a computer hardware environment that could be used in accordance with a preferred embodiment of the present invention;
  • FIG. 2 is a block diagram illustrating the elements of a multi-connection control system; and
  • FIG. 3 is a flow diagram illustrating the steps performed by a multi-connection control system to process a request; and
  • FIG. 4 is a flow diagram illustrating the steps performed by a multi-connection control system to process changes to access criteria.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
  • In the following description of the preferred embodiment, reference is made to the accompanying drawings which form a part hereof, and which is shown by of illustration a specific embodiment in which the invention may be practiced. It is to be understood that other embodiments may be utilized as structural changes may be made without departing from the scope of the present invention.
  • Hardware Environment
  • FIG. 1 illustrates a block diagram of a computer hardware environment that could be used in accordance with a preferred embodiment of the present invention. In particular, FIG. 1 is a block diagram illustrating the interaction of a Product system and the Digital Library system. The Product system is comprised of a Product Server 100 and Product Clients 104. The Product server 100 communicates with the Digital Library system (“Digital Library”) 110 via and eXtensible Markup Language (XML), which enables a user to create documents that contain links to multiple other documents on the Internet. An XML server 102 receives XML commands from the Product server 100 and from other XML clients 106. The XML server 102 processes the XML commands to access data in the Digital Library 110.
  • The XML server 102 communicates with a Digital Library System 110 via Object Oriented (OO) Application Programming Interface (API) calls (e.g., in the JAVA programming language). The XML server 102 communicates with the Product server 100 and the XML clients 106 via XML streams (i.e., action/response). XML commands that require a Digital Library 110 response (action) are parsed with the necessary parameters and passed to the Digital Library 100. The Digital Library 110 processes the command and returns a response.
  • In particular, the XML server 102 processes incoming XML action streams from XML clients. The XML server 102 spawns an agent to do the work and return a response XML stream. The XML server 102 also handles Product server 100 transaction requests. Additionally, the XML server 102 identifies requests from the Product server 100 or XML clients 106 to access the Digital Library 110. Additionally, the XML server 102 processes responses received from the Digital Library 110 to determine whether there was success or failure. Moreover, there may be multiple connections to the Digital Library 110. The Digital Library 110, in processing requests received from the XML server 102, modifies Product specific Digital Library tables in conjunction with normal database functions while processing the request.
  • In one embodiment, the Product server 100 and the Digital Library 110 are connected via the Internet. The Internet is a collection of computer networks that exchange information via Transmission Control Protocol/Internet Protocol (“TCP/IP”). The Internet computer network consists of many internet networks, each of which is a single network that uses the TCP/IP protocol suite. Currently, the use of the Internet computer network for commercial and non-commercial uses is exploding. Via its networks, the Internet computer network enables many users in different locations to access information stored in data sources (e.g., databases) stored in different locations.
  • The World Wide Web (i.e., the “WWW” or the “Web”) is an information and communication system used on the Internet computer network with data communications operating according to a client/server model. Typically, a Web client computer (e.g., a Product client will request data stored in data sources from a Web server computer (e.g., a Product server 100), at which Web server software resides. The Web server software interacts with an interface connected to, for example, the XML server 102, which is connected to the data sources (e.g., the Digital Library 110). Thus, the Product server 100 communicates with the Digital Library 110 through extensible Markup Language (XML) commands that are processed by the XML server 102.
  • The preferred embodiment improves integration of the Digital Library and a production system in which the Product has its own file storage up to the point of publication of digital media. The Digital Library interface enables archival of file objects via the Digital Library system, enables placement of metadata information in the Digital Library, enables storage and maintenance of data, and enables storage of file objects into the Digital Library. In one embodiment of the invention, the Digital Library interface is implemented in the Java programming language.
  • The Digital Library architecture is based on a triangular client/server model comprised of a Library Server, one or more multimedia Object Servers, and one or more clients. The core of the infrastructure is the Library Server. The Library Server, using IBM DB2 or Oracle database services, manages the Digital Library catalog information, locates stored objects using a variety of search technologies, provides secured access to the objects held in the collection, and communicates with the Object Servers. The digital content is stored in Object Servers. Object Servers support the attachment of DASD and other media devices, and can be distributed across an enterprise network to provide convenient user access. The end user, on a client desktop, receives direct access to the information requested from the collection regardless of where the data is stored. Many clients can be connected to the Library and Object Server in a Digital Library system, including those accessing the Digital Library using supported Web browsers.
  • A preferred embodiment of the present invention works in conjunction with a language with the ability to declare static (shared) variables and the ability to synchronize a block of code for entrance by only one thread at a time. Although these can be worked around with variable passing and programming locks, performance and complexity increase with the work arounds. In particular, the static and synchronization types of the Java language are used.
  • The multi-connection control system of the preferred embodiment of the invention is preferably implemented in one or more computer programs or applications. These computer programs may be part of the Digital Library 110. Generally, the computer programs implementing the techniques of the invention are tangibly embodied in and/or readable from a device, carrier, or media, and/or remote devices coupled to a computer via data communication devices. Those skilled in the art will recognize that the hardware environment illustrated in FIG. 1 is not intended to limit the present invention. Indeed those skilled in the art will recognize that other alternative hardware environments may be used without departing from the scope of the present invention.
  • A Multi-Connection Control System
  • In one embodiment of the invention, a multi-connection control system is a connection provider to a server that enables multiple accesses by multiple requests simultaneously. The multi-connection control system uses an accessibility construct, which is described in further detail below. The accessibility construct may be applied to many general accessibility systems such as: badge systems, parking systems, and server systems. The multi-connection control system has a dynamic design that allows growth without having to stop an ongoing system. The multi-connection control system is dynamic in that a computer program in which the techniques of the invention are embodied could be running, and without interrupting the computer program, the number of requests to access the system may be increased.
  • Additionally, the multi-connection control system allows for dynamically changing the number of users who access the database. This assists in determining access performance. In particular, if the number of users accessing the database is high, some users may wait for other users to finish before they can access the database. Therefore, by dynamically changing the number of users, the multi-connection control system enables access performance to be improved.
  • The multi-connection control system connects to a server (e.g., Digital Library) N number of times, and the connections are checked out via locks. Thus, the multi-connection control system is an access system that controls access to the server. “Access to server” refers to connecting to the server to initiate requests to the server.
  • FIG. 2 is a block diagram illustrating the elements of a multi-connection control system. The multi-connection control system is an access system 200. The access system 200 includes an access function 202 that determines whether access is to be provided. The access function 202 makes its determination using an access vector 204. The access vector is an array of access objects 206. Each of these elements will be described in further detail below.
  • The access vector 204 is a dynamic array object that consists of objects, referred to as access objects 206. The access objects 206 are specified based on the access system 200. For example, in a badge system in which a badge is required to enter a set of rooms, the badge is the access object. The access object 206 consists of enough information (i.e., attributes) to determine valid access (i.e., whether a request is authorized) and other access rights. The access vector 204 controls the uniqueness of the access and is stored in a shared memory storage for use by multiple requests.
  • An access function 202 is used to manipulate the access vector 204 to determine whether or not access is available. If access is available, the access system 200 returns the necessary confirmation to the request, otherwise, the access system 200 returns a predetermined “no access” value. The use of static (shared) variables and the ability to synchronize a block of code for entrance by only one thread at a time is the key to allowing multi-threaded invocation of the access function 202.
  • The following is an example of psuedocode defining an Access System:
    Access System // an access system object such
     { // as a server connection
    // manager
      Access Object // access object
      {
       long Id; // access information
       int AccessLevel; // specific to access system
       ...
       long getId( ); // get and set routines
       int getAccessLevel( );
       ...
      }
      static Vector AccessVector (of Access Object); // access Vector
    // to store shared
    // access objects
      Object static synchronized AccessFunction( );
      {
       look up AccessVector( ) for available access // can use
    // predetermined
    // logic here
       if (access available)
       {
        set Availability return values
       }
       else
       {
       set unAvailability return values
      }
      return returnObject;
     }
    }
  • In the above example, the Access System is comprised of an Access Object, an Access Vector, and an Access Function. The Access System may be a server connection manager, which is part of a server.
  • The Access Object includes an identifier (i.e., Id, which is a long integer) used to provide access information and an access level indicator (i.e., AccessLevel, which is an integer) used to provide specific information for the access system. In addition to this data, the Access Object includes get and set routines to get and set the identifier and access level (e.g., the getId and getAccessLevel routines).
  • The Access Vector is an array of Access Objects that are shared among multiple users of one system or among multiple systems.
  • The Access Function contains logic for determining whether to give access to a request. In particular, the Access Function includes logic for looking up the AccessVector to determine whether access is available. Additionally, the Access Function returns an object (i.e., returnObject) that contains Availability return values when access is available and contains unAvailability return values when access is not available.
  • Although the above example discussed objects, one skilled in the art would recognize that the techniques of the multi-connection control system could be applied to other implementations, including a functional implementation that is developed with parameter passing and dynamic allocation of the Access Vector.
  • FIG. 3 is a flow diagram illustrating the steps performed by a multi-connection control system to process a request. In block 300, the multi-connection control system receives one or more requests to access a system. In block 302, the multi-connection control system, for each request, determines whether to allow access to the system using an access vector to identify an available access object. When it is determined that access will be allowed, in block 304, the multi-connection control system provides access to the request. When it is determined that access will not be allowed, in block 306, the multi-connection control system provides an indicator to the request indicating that access is denied.
  • New Access Objects can be added to the Access Vector to allow more requests to access the server without stopping the Access System. Additionally, some Access Objects can be removed from the Access System or updated in the Access System, without stopping the execution of the Access System. For example, a request may be denied access either because the access limit (i.e., the number of requests that can simultaneously access the system) has been reached or the access level of the request does not allow the request to obtain the information that it wants. In this case, the user submitting the request may request a system administrator to increase the number of requests that can access the Access System or may request that the access level (i.e., an attribute of an access object) be changed to allow the request to have greater access to, for example, tables stored at a server. Once the administrator increases the number of requests or updates the access level of the particular request, the request can access the Access System. In a similar manner, the number of requests that can simultaneously access the system may be decreased.
  • FIG. 4 is a flow diagram illustrating the steps performed by a multi-connection control system to process changes to access criteria. In block 400, the multi-connection control system receives a command to modify the access criteria. When the command indicates that additional requests are to simultaneously access the system, in block 402, the multi-connection control system adds one or more access objects to the access vector. When the command indicates that fewer requests are to simultaneously access the system, in block 404, the multi-connection control system deletes one or more access objects from the access vector. When the command indicates that the attributes used to determine whether to allow access are to be modified, the multi-connection control system updates one or more attributes of one or more access objects in the access vector.
  • The logic that is to be applied to determine whether access is available is easily fitted into the Access Function. This allows for a more general technique that enables different Access Systems, with varying characteristics, to have different Access Functions.
  • Moreover, separation of the access logic from an overall complex system reduces the complexity of the system. Also, the Access System restricts access to an Access Function, which minimizes the amount of information a request “needs to know” of the overall system. That is, a request may input its request without understanding the logic of the Access Function.
  • One of the advantages of the multi-connection control system is that it provides synchronization. That is, the access function is being synchronized among multiple requests or even multiple systems (each with multiple requests). To maintain this synchronization, the access vector is manipulated by one thread at a time. Thus, the access vector is locked and cannot be accessed by others while one thread is manipulating the access vector.
  • Examples
  • In a preferred embodiment of the invention, the techniques of the invention are used to provide improved integration between a Digital Library System (“the Digital Library”), from International Business Machines Corporation, and a Product that accesses the Digital Library.
  • The Digital Library is an advanced database for storing digital image files. This digital media may be text, full-motion video, audio, graphics, or images. The Digital Library enables petabytes of text, images, audio and video, to be created or transformed into digital form, stored in the Digital Library, and distributed over any network, with security, to users around the world. The Digital Library provides management and reuse of media assets, preserves assets from physical deterioration, protects assets with advanced rights management, and consolidates management of text, images, audio and video.
  • The Product may be any system that may use the Digital Library. For example, the Product may comprise a product for a banking system, for a media production group, for print and Web publishers, or for researchers and teachers. The Digital Library provides media asset (i.e., digital media) solutions with sufficient storage capacity, scalability, speed, multi-level security, sophisticated searching techniques and Internet access to reach new markets, preserve assets from loss or deterioration, and ensure copyright protection.
  • The following is an example that applies the techniques of the embodiment of the invention to the Digital Library and a XML server. In particular, for the Digital Library system 110, the XML server 102 submits multiple requests to the Digital Library 110. For each request, the Digital Library 110 executes the access function to determine whether to provide access to that request. The access function uses the access vector to determine whether any access objects are available. If an access object is available, the access function provides access to the request. Otherwise, the access function provides an error message or other indication to the request to indicate that the request cannot receive access to the Digital Library.
  • In yet another example, the access system is a parking lot. The access object is a parking space and contains the details about that parking space, for example, that parking space might be associated with a parking space identifier, with a size (i.e., compact), and with other details (e.g., handicapped parking space). One access factor is the sum of all of the parking spaces (i.e., access can only be give to as many cars as there are spaces for). The access vector is an array of the access objects (i.e., the parking spaces), and the access vector indicates for each access object, whether that access object is available (i.e., whether the parking space is available). The access function determines whether to let a car enter the parking lot. Lets assume that the parking structure contains only 100 spaces. If the 100 spaces are taken, then the access function at the parking lot entry denies access to the parking lot. Additionally, the access function processes exits by updating the access vector to indicate that parking spaces are available.
  • When cars enter the parking lot, each one has a badge, which is a special ID. This is part of the access function. When the ID is submitted to a badge reader, it becomes input to the access function. The ID provides information, such as defining the type of access a car has and the type of parking space that it can park in (e.g., compact). Then, the access function determines whether the car has the appropriate access type to park in the parking lot. Additionally, the access function determines whether the appropriate parking space is available (e.g., handicapped). The access vector is a list of the access objects that are available. Therefore, the access function checks the access vector to determine whether there is a parking space available. If the access function determines that a parking space is available, the access function allows the car to enter, otherwise, the access function indicates that the car must wait for an available parking space.
  • The access function also determines whether cars are exiting the parking lot. When a car exits, this information is input to the access function, which recognizes that an access object is free. At this time, the access function enables the waiting car to enter (assuming that the parking space is appropriate for that car).
  • Additionally, when new parking spaces are added, this translates to additional access objects. Typically, this is done by executing an add function to increase the number of access objects. This add function is executed to modify the access system while the access system is being used. Thus, the access system simulates the real time without having to shut down.
  • CONCLUSION
  • This concludes the description of the preferred embodiment of the invention. The following describes some alternative embodiments for accomplishing the present invention. For example, any type of computer, such as a mainframe, minicomputer, or personal computer, or computer configuration, such as a timesharing mainframe, local area network, or standalone personal computer, could be used with embodiments of the present invention.
  • The foregoing description of the preferred embodiment of the invention has been presented for purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form disclosed. Many modifications and variations are possible in light of the above teaching. It is intended that the scope of the invention be limited not by this description, but rather by the claims appended hereto.

Claims (21)

1. A computer-implemented method of determining access to a system, the method comprising:
receiving a request to access the system;
determining whether to allow access to the system using an access vector having a plurality of access objects, each access object corresponding to a simultaneous access to the system; and
allowing access to the system if an available access object is identified in the access vector.
2. The computer-implemented method of claim 1, wherein the access vector is shared by a plurality of requests to access the system, and wherein only one request at a time uses the access vector.
3. The computer-implemented method of claim 1, wherein the access objects contain information used to determine the validity of the request for access.
4. The computer-implemented method of claim 3, wherein the information used to determine the validity includes an access level identifier and the validity of the request is determined based upon comparing an access level associated with the request with the access level identifier.
5. The computer-implemented method of claim 3, wherein the access objects include a resource characteristic and determining the validity of a request further includes comparing information contained in the access request with said resource characteristic.
6. The computer-implemented method of claim 1, further comprising modifying the number of access objects in the access vector.
7. The computer-implemented method of claim 1, wherein the modifying the number of access objects in the access vector is performed while the system is operating.
8. An apparatus for determining access to a system, comprising:
a computer;
one or more computer programs, performed by the computer, for:
receiving a request to access the system;
determining whether to allow access to the system using an access vector having a plurality of access objects, each access object corresponding to a simultaneous access to the system; and
allowing access to the system if an available access object is identified in the access vector.
9. The apparatus of claim 8, wherein the access vector is shared by a plurality of requests to access the system, and wherein only one request at a time uses the access vector.
10. The apparatus of claim 8 wherein the access objects contain information used to determine the validity of the request for access.
11. The apparatus of claim 10, wherein the information used to determine the validity includes an access level identifier and the validity of the request is determined based upon comparing an access level associated with the request with the access level identifier.
12. The apparatus of claim 10, wherein the access objects include a resource characteristic and determining the validity of a request further includes comparing information contained in the access request with said resource characteristic.
13. The apparatus of claim 8, further comprising means for modifying the number of access objects in the access vector.
14. The apparatus of claim 13, wherein the number of access objects in the access vector is modified while the system is operating.
15. An article of manufacture comprising a computer program carrier readable by a computer and embodying one or more instructions executable by the computer to perform operations for determining access to a system, the operations comprising:
receiving a request to access the system;
determining whether to allow access to the system using an access vector having a plurality of access objects, each access object corresponding to a simultaneous access to the system; and
allowing access to the system if an available access object is identified in the access vector.
16. The article of manufacture of claim 15, wherein the access vector is shared by a plurality of requests to access the system, and wherein only one request at a time uses the access vector.
17. The article of manufacture of claim 15, wherein said access indicators contain information used to determine validity of the request for access.
18. The article of manufacture of claim 17, wherein the information used to determine the validity includes an access level identifier and the validity of the request is determined based upon comparing an access level associated with the request with the access level identifier.
19. The article of manufacture of claim 17, wherein said access indicators include a resource characteristic and determining the validity of a request further includes comparing information contained in the access request with said resource characteristic.
20. The article of manufacture of claim 15, wherein the operations further comprise modifying the number of access objects in the access vector.
21. The article of manufacture of claim 20, wherein the operation of modifying the number of access objects in the access vector is performed while the system is operating.
US11/165,225 1999-07-30 2005-06-24 Multi-connection control system Abandoned US20050240622A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/165,225 US20050240622A1 (en) 1999-07-30 2005-06-24 Multi-connection control system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/364,315 US6922729B1 (en) 1999-07-30 1999-07-30 Multi-connection control system
US11/165,225 US20050240622A1 (en) 1999-07-30 2005-06-24 Multi-connection control system

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US09/364,315 Continuation US6922729B1 (en) 1999-07-30 1999-07-30 Multi-connection control system

Publications (1)

Publication Number Publication Date
US20050240622A1 true US20050240622A1 (en) 2005-10-27

Family

ID=34748689

Family Applications (2)

Application Number Title Priority Date Filing Date
US09/364,315 Expired - Fee Related US6922729B1 (en) 1999-07-30 1999-07-30 Multi-connection control system
US11/165,225 Abandoned US20050240622A1 (en) 1999-07-30 2005-06-24 Multi-connection control system

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US09/364,315 Expired - Fee Related US6922729B1 (en) 1999-07-30 1999-07-30 Multi-connection control system

Country Status (1)

Country Link
US (2) US6922729B1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050193093A1 (en) * 2004-02-23 2005-09-01 Microsoft Corporation Profile and consent accrual
US7076558B1 (en) 2002-02-27 2006-07-11 Microsoft Corporation User-centric consent management system and method
US7188252B1 (en) 2003-06-10 2007-03-06 Microsoft Corporation User editable consent
US7269853B1 (en) 2003-07-23 2007-09-11 Microsoft Corporation Privacy policy change notification
US7334013B1 (en) 2002-12-20 2008-02-19 Microsoft Corporation Shared services management
US7428750B1 (en) 2003-03-24 2008-09-23 Microsoft Corporation Managing multiple user identities in authentication environments
US7516194B1 (en) 2002-05-21 2009-04-07 Microsoft Corporation Method for downloading high-volumes of content from the internet without adversely effecting the source of the content or being detected
US7912971B1 (en) * 2002-02-27 2011-03-22 Microsoft Corporation System and method for user-centric authorization to access user-specific information
US20160099833A1 (en) * 2014-10-07 2016-04-07 Canon Kabushiki Kaisha Information processing apparatus, method for controlling the same, and storage medium

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6425005B1 (en) * 1997-10-06 2002-07-23 Mci Worldcom, Inc. Method and apparatus for managing local resources at service nodes in an intelligent network
US6922729B1 (en) * 1999-07-30 2005-07-26 International Business Machines Corporation Multi-connection control system
US6754718B1 (en) * 2000-05-10 2004-06-22 Emc Corporation Pushing attribute information to storage devices for network topology access
ATE501484T1 (en) * 2007-05-07 2011-03-15 Software Ag METHOD AND SERVER FOR SYNCHRONIZING A MULTIPLE CLIENTS ACCESSING A DATABASE
US20090157202A1 (en) 2007-08-10 2009-06-18 Smiths Medical Md Therapy rules for closed loop programming of medical devices

Citations (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4720784A (en) * 1983-10-18 1988-01-19 Thiruvengadam Radhakrishnan Multicomputer network
US5394542A (en) * 1992-03-30 1995-02-28 International Business Machines Corporation Clearing data objects used to maintain state information for shared data at a local complex when at least one message path to the local complex cannot be recovered
US5444859A (en) * 1992-09-29 1995-08-22 Amdahl Corporation Method and apparatus for tracing multiple errors in a computer system subsequent to the first occurence and prior to the stopping of the clock in response thereto
US5495614A (en) * 1994-12-14 1996-02-27 International Business Machines Corporation Interface control process between using programs and shared hardware facilities
US5526524A (en) * 1993-12-23 1996-06-11 International Business Machines Corporation Method and system for management of locked objects in a computer supported cooperative work environment
US5553239A (en) * 1994-11-10 1996-09-03 At&T Corporation Management facility for server entry and application utilization in a multi-node server configuration
US5581753A (en) * 1994-09-28 1996-12-03 Xerox Corporation Method for providing session consistency guarantees
US5615339A (en) * 1991-02-22 1997-03-25 Nec Corporation Online system having session control information table in a host computer for establishing or disconnecting session with multiple terminals in accordance with processing performance
US5682478A (en) * 1995-01-19 1997-10-28 Microsoft Corporation Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a client and network server
US5793979A (en) * 1994-05-27 1998-08-11 Microsoft Corporation System for allocating the resources of a computer system
US5848271A (en) * 1994-03-14 1998-12-08 Dun & Bradstreet Software Services, Inc. Process and apparatus for controlling the work flow in a multi-user computing system
US5872915A (en) * 1996-12-23 1999-02-16 International Business Machines Corporation Computer apparatus and method for providing security checking for software applications accessed via the World-Wide Web
US5881232A (en) * 1996-07-23 1999-03-09 International Business Machines Corporation Generic SQL query agent
US5892905A (en) * 1996-12-23 1999-04-06 International Business Machines Corporation Computer apparatus and method for providing a common user interface for software applications accessed via the world-wide web
US5933825A (en) * 1997-07-21 1999-08-03 Apple Computer, Inc. Arbitrating concurrent access to file system objects
US5940865A (en) * 1996-10-14 1999-08-17 Fujitsu Limited Apparatus and method for accessing plural storage devices in predetermined order by slot allocation
US6006228A (en) * 1996-12-11 1999-12-21 Ncr Corporation Assigning security levels to particular documents on a document by document basis in a database
US6044435A (en) * 1997-07-25 2000-03-28 Storage Technology Corporation Method for determining allocatability of tape drives to serve requests to store information
US6049877A (en) * 1997-07-16 2000-04-11 International Business Machines Corporation Systems, methods and computer program products for authorizing common gateway interface application requests
US6088728A (en) * 1997-06-11 2000-07-11 Oracle Corporation System using session data stored in session data storage for associating and disassociating user identifiers for switching client sessions in a server
US6098093A (en) * 1998-03-19 2000-08-01 International Business Machines Corp. Maintaining sessions in a clustered server environment
US6125384A (en) * 1996-12-23 2000-09-26 International Business Machines Corporation Computer apparatus and method for communicating between software applications and computers on the world-wide web
US6144990A (en) * 1996-12-23 2000-11-07 International Business Machines Corporation Computer apparatus and method for communicating between software applications and computers on the world-wide web using universal variable handling
US6170013B1 (en) * 1998-03-27 2001-01-02 Nortel Networks Limited Method and apparatus for controlling access to network information sources
US6170019B1 (en) * 1996-12-10 2001-01-02 Siemens Aktiengesellschaft Means system and method for operating an apparatus
US6182129B1 (en) * 1997-09-11 2001-01-30 International Business Machines Corporation Apparatus, methods and computer program products for managing sessions with host-based application using session vectors
US6233588B1 (en) * 1998-12-02 2001-05-15 Lenel Systems International, Inc. System for security access control in multiple regions
US6233608B1 (en) * 1997-12-09 2001-05-15 Openwave Systems Inc. Method and system for securely interacting with managed data from multiple devices
US6253248B1 (en) * 1997-06-13 2001-06-26 Canon Kabushiki Kaisha Information processing apparatus and method
US6282561B1 (en) * 1995-12-07 2001-08-28 Microsoft Corporation Method and system for resource management with independent real-time applications on a common set of machines
US6295575B1 (en) * 1998-06-29 2001-09-25 Emc Corporation Configuring vectors of logical storage units for data storage partitioning and sharing
US6304906B1 (en) * 1998-08-06 2001-10-16 Hewlett-Packard Company Method and systems for allowing data service system to provide class-based services to its users
US6324580B1 (en) * 1998-09-03 2001-11-27 Sun Microsystems, Inc. Load balancing for replicated services
US6327622B1 (en) * 1998-09-03 2001-12-04 Sun Microsystems, Inc. Load balancing in a network environment
US6359711B1 (en) * 1998-05-20 2002-03-19 Steelcase Development Corporation System and method for supporting a worker in a distributed work environment
US6408336B1 (en) * 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US6430619B1 (en) * 1999-05-06 2002-08-06 Cisco Technology, Inc. Virtual private data network session count limitation
US20030065796A1 (en) * 1997-12-05 2003-04-03 Network Appliance, Inc. Enforcing uniform file-locking for diverse file-locking protocols
US6578081B1 (en) * 1998-08-27 2003-06-10 Fujitsu Limited Security system for electronic information sharing
US6615264B1 (en) * 1999-04-09 2003-09-02 Sun Microsystems, Inc. Method and apparatus for remotely administered authentication and access control
US6654745B2 (en) * 1999-01-29 2003-11-25 Bea Systems, Inc. System and method for control of access to resources
US20040073670A1 (en) * 1999-02-22 2004-04-15 Chack Michael A. Method of queuing requests to access a communications network
US6816901B1 (en) * 1999-05-06 2004-11-09 Cisco Technology, Inc. Proxy session count limitation
US6922729B1 (en) * 1999-07-30 2005-07-26 International Business Machines Corporation Multi-connection control system

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3287203B2 (en) * 1996-01-10 2002-06-04 株式会社日立製作所 External storage controller and data transfer method between external storage controllers
JPH1091360A (en) * 1996-09-12 1998-04-10 Fujitsu Ltd Disk control system
US6092201A (en) * 1997-10-24 2000-07-18 Entrust Technologies Method and apparatus for extending secure communication operations via a shared list

Patent Citations (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4720784A (en) * 1983-10-18 1988-01-19 Thiruvengadam Radhakrishnan Multicomputer network
US5615339A (en) * 1991-02-22 1997-03-25 Nec Corporation Online system having session control information table in a host computer for establishing or disconnecting session with multiple terminals in accordance with processing performance
US5394542A (en) * 1992-03-30 1995-02-28 International Business Machines Corporation Clearing data objects used to maintain state information for shared data at a local complex when at least one message path to the local complex cannot be recovered
US5444859A (en) * 1992-09-29 1995-08-22 Amdahl Corporation Method and apparatus for tracing multiple errors in a computer system subsequent to the first occurence and prior to the stopping of the clock in response thereto
US5526524A (en) * 1993-12-23 1996-06-11 International Business Machines Corporation Method and system for management of locked objects in a computer supported cooperative work environment
US5848271A (en) * 1994-03-14 1998-12-08 Dun & Bradstreet Software Services, Inc. Process and apparatus for controlling the work flow in a multi-user computing system
US5793979A (en) * 1994-05-27 1998-08-11 Microsoft Corporation System for allocating the resources of a computer system
US5581753A (en) * 1994-09-28 1996-12-03 Xerox Corporation Method for providing session consistency guarantees
US5553239A (en) * 1994-11-10 1996-09-03 At&T Corporation Management facility for server entry and application utilization in a multi-node server configuration
US5495614A (en) * 1994-12-14 1996-02-27 International Business Machines Corporation Interface control process between using programs and shared hardware facilities
US5682478A (en) * 1995-01-19 1997-10-28 Microsoft Corporation Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a client and network server
US6282561B1 (en) * 1995-12-07 2001-08-28 Microsoft Corporation Method and system for resource management with independent real-time applications on a common set of machines
US5881232A (en) * 1996-07-23 1999-03-09 International Business Machines Corporation Generic SQL query agent
US5940865A (en) * 1996-10-14 1999-08-17 Fujitsu Limited Apparatus and method for accessing plural storage devices in predetermined order by slot allocation
US6170019B1 (en) * 1996-12-10 2001-01-02 Siemens Aktiengesellschaft Means system and method for operating an apparatus
US6006228A (en) * 1996-12-11 1999-12-21 Ncr Corporation Assigning security levels to particular documents on a document by document basis in a database
US6144990A (en) * 1996-12-23 2000-11-07 International Business Machines Corporation Computer apparatus and method for communicating between software applications and computers on the world-wide web using universal variable handling
US6125384A (en) * 1996-12-23 2000-09-26 International Business Machines Corporation Computer apparatus and method for communicating between software applications and computers on the world-wide web
US5872915A (en) * 1996-12-23 1999-02-16 International Business Machines Corporation Computer apparatus and method for providing security checking for software applications accessed via the World-Wide Web
US5892905A (en) * 1996-12-23 1999-04-06 International Business Machines Corporation Computer apparatus and method for providing a common user interface for software applications accessed via the world-wide web
US6408336B1 (en) * 1997-03-10 2002-06-18 David S. Schneider Distributed administration of access to information
US6088728A (en) * 1997-06-11 2000-07-11 Oracle Corporation System using session data stored in session data storage for associating and disassociating user identifiers for switching client sessions in a server
US6253248B1 (en) * 1997-06-13 2001-06-26 Canon Kabushiki Kaisha Information processing apparatus and method
US6049877A (en) * 1997-07-16 2000-04-11 International Business Machines Corporation Systems, methods and computer program products for authorizing common gateway interface application requests
US5933825A (en) * 1997-07-21 1999-08-03 Apple Computer, Inc. Arbitrating concurrent access to file system objects
US6044435A (en) * 1997-07-25 2000-03-28 Storage Technology Corporation Method for determining allocatability of tape drives to serve requests to store information
US6182129B1 (en) * 1997-09-11 2001-01-30 International Business Machines Corporation Apparatus, methods and computer program products for managing sessions with host-based application using session vectors
US20030065796A1 (en) * 1997-12-05 2003-04-03 Network Appliance, Inc. Enforcing uniform file-locking for diverse file-locking protocols
US6233608B1 (en) * 1997-12-09 2001-05-15 Openwave Systems Inc. Method and system for securely interacting with managed data from multiple devices
US6098093A (en) * 1998-03-19 2000-08-01 International Business Machines Corp. Maintaining sessions in a clustered server environment
US6170013B1 (en) * 1998-03-27 2001-01-02 Nortel Networks Limited Method and apparatus for controlling access to network information sources
US6359711B1 (en) * 1998-05-20 2002-03-19 Steelcase Development Corporation System and method for supporting a worker in a distributed work environment
US6295575B1 (en) * 1998-06-29 2001-09-25 Emc Corporation Configuring vectors of logical storage units for data storage partitioning and sharing
US6304906B1 (en) * 1998-08-06 2001-10-16 Hewlett-Packard Company Method and systems for allowing data service system to provide class-based services to its users
US6578081B1 (en) * 1998-08-27 2003-06-10 Fujitsu Limited Security system for electronic information sharing
US6324580B1 (en) * 1998-09-03 2001-11-27 Sun Microsystems, Inc. Load balancing for replicated services
US6327622B1 (en) * 1998-09-03 2001-12-04 Sun Microsystems, Inc. Load balancing in a network environment
US6233588B1 (en) * 1998-12-02 2001-05-15 Lenel Systems International, Inc. System for security access control in multiple regions
US6654745B2 (en) * 1999-01-29 2003-11-25 Bea Systems, Inc. System and method for control of access to resources
US20040073670A1 (en) * 1999-02-22 2004-04-15 Chack Michael A. Method of queuing requests to access a communications network
US6615264B1 (en) * 1999-04-09 2003-09-02 Sun Microsystems, Inc. Method and apparatus for remotely administered authentication and access control
US6430619B1 (en) * 1999-05-06 2002-08-06 Cisco Technology, Inc. Virtual private data network session count limitation
US6816901B1 (en) * 1999-05-06 2004-11-09 Cisco Technology, Inc. Proxy session count limitation
US6922729B1 (en) * 1999-07-30 2005-07-26 International Business Machines Corporation Multi-connection control system

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7912971B1 (en) * 2002-02-27 2011-03-22 Microsoft Corporation System and method for user-centric authorization to access user-specific information
US7076558B1 (en) 2002-02-27 2006-07-11 Microsoft Corporation User-centric consent management system and method
US20070038765A1 (en) * 2002-02-27 2007-02-15 Microsoft Corporation User-centric consent management system and method
US8185932B2 (en) 2002-02-27 2012-05-22 Microsoft Corporation System and method for user-centric authorization to access user-specific information
US20110119732A1 (en) * 2002-02-27 2011-05-19 Microsoft Corporation System and method for user-centric authorization to access user-specific information
US7610391B2 (en) 2002-02-27 2009-10-27 Microsoft Corporation User-centric consent management system and method
US7516194B1 (en) 2002-05-21 2009-04-07 Microsoft Corporation Method for downloading high-volumes of content from the internet without adversely effecting the source of the content or being detected
US7334013B1 (en) 2002-12-20 2008-02-19 Microsoft Corporation Shared services management
US7428750B1 (en) 2003-03-24 2008-09-23 Microsoft Corporation Managing multiple user identities in authentication environments
US7188252B1 (en) 2003-06-10 2007-03-06 Microsoft Corporation User editable consent
US7269853B1 (en) 2003-07-23 2007-09-11 Microsoft Corporation Privacy policy change notification
US7590705B2 (en) 2004-02-23 2009-09-15 Microsoft Corporation Profile and consent accrual
US20050193093A1 (en) * 2004-02-23 2005-09-01 Microsoft Corporation Profile and consent accrual
US8719366B2 (en) 2004-02-23 2014-05-06 Ashvin Joseph Mathew Profile and consent accrual
US9092637B2 (en) 2004-02-23 2015-07-28 Microsoft Technology Licensing, Llc Profile and consent accrual
US10003667B2 (en) 2004-02-23 2018-06-19 Microsoft Technology Licensing, Llc Profile and consent accrual
US20160099833A1 (en) * 2014-10-07 2016-04-07 Canon Kabushiki Kaisha Information processing apparatus, method for controlling the same, and storage medium
US10581725B2 (en) * 2014-10-07 2020-03-03 Canon Kabushiki Kaisha Information processing apparatus having a multi-connection communication function for transmitting and receiving data blocks by using a plurality of connections, method for controlling the same, and storage medium

Also Published As

Publication number Publication date
US6922729B1 (en) 2005-07-26

Similar Documents

Publication Publication Date Title
US20050240622A1 (en) Multi-connection control system
US6651072B1 (en) Method and apparatus for providing shared data to a requesting client
US5689698A (en) Method and apparatus for managing shared data using a data surrogate and obtaining cost parameters from a data dictionary by evaluating a parse tree object
US9870483B2 (en) Row-level security in a relational database management system
US5794250A (en) Method and apparatus for extending existing database management system for new data types
US5864843A (en) Method and apparatus for extending a database management system to operate with diverse object servers
US6085223A (en) Method and apparatus for providing database information to non-requesting clients
US5754841A (en) Method and apparatus for parallel execution of user-defined functions in an object-relational database management system
US6339771B1 (en) Method and system for managing connections to a database management system
US8745707B2 (en) Method and apparatus providing optimistic locking of shared computer resources
US9807097B1 (en) System for managing access to protected resources
US6535868B1 (en) Method and apparatus for managing metadata in a database management system
US6587854B1 (en) Virtually partitioning user data in a database system
US6487552B1 (en) Database fine-grained access control
US7827302B2 (en) Scalable virtual partitioning of resources
US7680793B2 (en) Commit-time ordered message queue supporting arbitrary read and dequeue patterns from multiple subscribers
EP1559006B1 (en) Techniques for supporting application-specific access controls with a separate server
US7533157B2 (en) Method for delegation of administrative operations in user enrollment tasks
US20050038783A1 (en) Database fine-grained access control
US6718349B2 (en) Intelligent, optimistic concurrency database access scheme
US7260831B1 (en) Method and system for authorization and access to protected resources
US6799172B2 (en) Method and system for removal of resource manager affinity during restart in a transaction processing system
US6922671B2 (en) System and method for grouping companies according to accounting system or rules
US7603675B2 (en) Object in, object out technique
WO1999066429A1 (en) Network for a virtual environment

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:CHEUNG, TOM THUAN;REEL/FRAME:021393/0368

Effective date: 19991001

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION