[go: up one dir, main page]

GB2368147A - Access control system for network of servers via port - Google Patents

Access control system for network of servers via port Download PDF

Info

Publication number
GB2368147A
GB2368147A GB0014184A GB0014184A GB2368147A GB 2368147 A GB2368147 A GB 2368147A GB 0014184 A GB0014184 A GB 0014184A GB 0014184 A GB0014184 A GB 0014184A GB 2368147 A GB2368147 A GB 2368147A
Authority
GB
United Kingdom
Prior art keywords
server
servers
enquiry
database system
distributed database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
GB0014184A
Other versions
GB2368147B (en
GB0014184D0 (en
Inventor
Ali Guryel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to GB0014184A priority Critical patent/GB2368147B/en
Publication of GB0014184D0 publication Critical patent/GB0014184D0/en
Publication of GB2368147A publication Critical patent/GB2368147A/en
Application granted granted Critical
Publication of GB2368147B publication Critical patent/GB2368147B/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/954Navigation, e.g. using categorised browsing

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

A distributed database system, in which information is held on a plurality of servers in different physical locations, each having a connection to the internet, and an access portal, also connected to the internet, which is adapted to receive incoming enquiries intended for the servers, to authenticate each enquiry, to identify the appropriate server and to establish a connection with it, once the enquiry has been authenticated. Communication can be routed through the portal so that there is no direct communication between the originator and the server. In an embodiment, the database system can be used as an educational network comprising a plurality of servers at different educational establishments holding information relating to students.

Description

"Access Control System for Network of Servers via Portal" This invention relates to data network systems, and in particular, to networks in which a plurality of computers are connected together, by means of a publicly accessible network such as the"internet".
In certain types of such systems, it is necessary to hold information on widely distributed database servers, and for security reasons, it is also required to control access to each server, in order to ensure that unauthorised users do not gain access to confidential information.
Accordingly, the present invention provides a distributed database system, in which information is held on a plurality of servers in different physical locations, each having a connection to the internet, and an access portal, also connected to the internet, which is adapted to receive incoming enquiries intended for the servers, to authenticate each enquiry, to identify the appropriate server and to establish a connection with it, once the enquiry has been authenticated.
Preferably, when the enquiry has been successfully authenticated, a token is passed to the originator, and to the appropriate server, so that the server can confirm that the enquirer is properly authorised, and a direct connection is then established between the two.
Alternatively, when the enquiry has been authenticated, the access portal forwards the request to the server, and the response is routed back to the enquirer, via the access portal, so that there is no direct connection between the enquirer and the server.
The system of the invention is particularly useful in applications where the Individual distributed servers are not particularly powerful, and do not have great bandwidths. The access portal is used to control the access to the servers, and the routing of the requests to them, while the other servers by default are set to respond only
to the portal server and to reject all other access requests from any other source. Hence It is only necessary for each server to run a relatively simple access control program, whilst the access portal handles the more complex tasks of authenticating the requests, and routing them to the desired destinations.
One example of an application of the system of the present invention, is an educational information network, in which information relating to individual schools or colleges and their students, is held on a server at each establishment, and it is required to provide controlled access to this information, over the internet, for educational authorities, teachers, governors, parents or students. It will be appreciated that in practice, different levels of access will be provided, appropriate to each user or category of users.
One embodiment of the invention will now be described, with reference to the accompanying which is a schematic diagram of a system according to the invention.
As shown in the drawings, individual school servers indicated at references 2 to 8 store information such as student attendance and performance information, which is required to be accessed periodically, from various PCs or network terminals in different categories such as 10 (representing the LEA), 12 (representing governors), 14 (representing teachers) or 16 (representing parents).
Normally these will be remotely located using the internet but they may of course be connected by an"intranet"or WAN.
A centrally located"portal server"18 is arranged to receive enquiries from the PCs or terminals 10, 16, whilst the individual servers 2 to 8 will only accept connections from the portal computer 18 itself. In other words, assuming that"internet protocol"IS being used for communications, the servers are arranged to reject all IP addresses other than that of the portal.
When an enquiry is received by the portal 18, from one of the remote terminals 10, 12 etc, the user will be required to carry out a log-in procedure, and the portal computer
will then compare the identity of the user, and/or their network station, with an admissible list of users. The portal may also determine, from an internal database, which of the servers 2 to 8 needs to be accessed, and whether access is permitted for that particular enquiring terminal.
If the enquiry IS admissible, the portal computer transmits a corresponding message to the required server, which enable it to receive and answer the enquiry. For example, the portal computer may pass a token to the server, and to the enquirer, which enables the server to confirm that it should accept the enquiry by comparing the tokens.
At this point, the server will be enabled to accept a direct communication from the IP address of the enquiring terminal, rather than only via the portal computer, so that the portal computer does not have to handle the entire bandwidth of a large number of enquiries.
In an educational network, authorised users such as LEA's (local educational authorities) can in this way obtain statistical reports on student attendance, grades, behaviour, homework, school performance, etc over the internet using a web browser.
When data is required to cover a number of schools, the portal computer may carry a list of a number of appropriate school servers, which any given enquirer is allowed to access. For any particular school, reports may be provided covering various aspects of the performance of the school and the students, such as weekly percentage attendance report for registration groups, attendance reports of a single student over a specified range of weeks, grade average reports etc. Such reports will of course, be made available to both the local educational authority enquirer, and of course, to the school itself. Information relative to the performance of a number of schools in the area, on the other hand, will normally be made available only to the appropriate LEA.
Similarly, reports relating to a particular student will also be made available to parents, so that they will be allowed access to a rather restricted sub-set of the individual school reports.
On each of the servers, a number of software elements will be required : (1) a database, preferably using SQL (structured query language) ; (2) an internet connection which is permanently connected with a static IP configuration; (3) a"web server"capable of making SSL (secure sockets layer) connections; and (4) ODBC drivers to provide access to the SQL database.
This will enable the server to return the required data in a form appropriate to the enquiry, e. g. as html.
It will be appreciated that the present invention can confer a number of cost and performance advantages, because there is only one portal server in the whole system whereas there are thousands of school servers. With the preferred arrangement: (1) The"portal server"can be installed and developed with as high security software as possible as only one is required to benefit all users.
(2) Although the potential bandwidth requirement to service thousands of schools and millions of parents would be enormous, this requirement can be alleviated by using the portal server only in the initial log-in procedures and for authenticating the requests.
(3) Similarly the amount of information stored centrally on the portal server could be very large, if it were required to hold information normally held by thousands of school servers. This also involves additional complications of keeping copies of school server data up to date on the central portal server.

Claims (9)

1. A distributed database system, in which information is held on a plurality of servers in different physical locations, each having a connection to the internet, and an access portal, also connected to the internet, which is adapted to receive incoming enquiries intended for the servers, to authenticate each enquiry, to identify the appropriate server and to establish a connection with it, once the enquiry has been authenticated.
2. A distributed database system according to claim 1 in which a token is passed to the originator and to the appropriate server, after authentication, so that the server can confirm that the enquiry has been authorised, and a direct connection is then established between the originator and the server.
3. A distributed database system according to claim 1 in which the access portal forwards the request to the appropriate server, after authentication, and the response is routed back to the originator via the access portal so that there is no direct connection between the originator and the server.
4. An educational information network comprising a plurality of servers at different educational establishments holding information relating to students and arranged to form a distributed database system in accordance with any of claims 1 to 3.
5. A method of controlling access to a distributed database system in which information is held on a plurality of servers in different physical locations, each having a connection to the internet, the method comprising (a) arranging an access portal to receive all incoming enquiries to the servers of the database; (b) authenticating each enquiry at the access portal ; and (c) identifying an appropriate server to deal with the enquiry and establishing a connection with it, after successful authentication of the enquiry.
6. A method according to claim 5 in which, after successful authentication, a token is passed to the originator and to the appropriate server so that a direct connection can be established between them.
7. A method according to claim 5 in which, after successful authentication, the request is forwarded to the appropriate server by the access portal and the response is also routed back to the originator via the access portal so that there is no direct connection between the enquirer and the server.
8. A distributed database system substantially as herein described with reference to the accompanying drawings.
9. A method of controlling access to a distributed database system according to claim 5 and substantially as herein described.
GB0014184A 2000-06-09 2000-06-09 Access control system for network of servers via portal Expired - Fee Related GB2368147B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0014184A GB2368147B (en) 2000-06-09 2000-06-09 Access control system for network of servers via portal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB0014184A GB2368147B (en) 2000-06-09 2000-06-09 Access control system for network of servers via portal

Publications (3)

Publication Number Publication Date
GB0014184D0 GB0014184D0 (en) 2000-08-02
GB2368147A true GB2368147A (en) 2002-04-24
GB2368147B GB2368147B (en) 2004-10-20

Family

ID=9893384

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0014184A Expired - Fee Related GB2368147B (en) 2000-06-09 2000-06-09 Access control system for network of servers via portal

Country Status (1)

Country Link
GB (1) GB2368147B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2405005A (en) * 2003-07-16 2005-02-16 Sun Microsystems Inc Single-sign-on access to networked resources via a portal server
US7506070B2 (en) 2003-07-16 2009-03-17 Sun Microsytems, Inc. Method and system for storing and retrieving extensible multi-dimensional display property configurations

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8571975B1 (en) 1999-11-24 2013-10-29 Jpmorgan Chase Bank, N.A. System and method for sending money via E-mail over the internet

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001037171A1 (en) * 1999-11-18 2001-05-25 Debbs Phillips Eugene, Iii Interface for conversion of electronic currency to accepted method of payments to merchants/entities
WO2001050391A1 (en) * 1999-12-30 2001-07-12 Ecatalystone.Com, Inc. Methods for managing transactions over the internet by proxy and with single-use financial instruments
WO2001092997A2 (en) * 2000-04-26 2001-12-06 Science Applications International Corporation Secure domain name service
WO2001099019A1 (en) * 2000-06-22 2001-12-27 Jpmorgan Chase Bank Method and system for processing internet payments

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001037171A1 (en) * 1999-11-18 2001-05-25 Debbs Phillips Eugene, Iii Interface for conversion of electronic currency to accepted method of payments to merchants/entities
WO2001050391A1 (en) * 1999-12-30 2001-07-12 Ecatalystone.Com, Inc. Methods for managing transactions over the internet by proxy and with single-use financial instruments
WO2001092997A2 (en) * 2000-04-26 2001-12-06 Science Applications International Corporation Secure domain name service
WO2001099019A1 (en) * 2000-06-22 2001-12-27 Jpmorgan Chase Bank Method and system for processing internet payments

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
I/S Analyser Case Studies, March 2000, "Shawnee Mission School District portal supports schools, parents", Vol 39, pages 14 to 16 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2405005A (en) * 2003-07-16 2005-02-16 Sun Microsystems Inc Single-sign-on access to networked resources via a portal server
GB2405005B (en) * 2003-07-16 2005-12-14 Sun Microsystems Inc System and method for single-sign-on access to a resource via a portal server
US7506070B2 (en) 2003-07-16 2009-03-17 Sun Microsytems, Inc. Method and system for storing and retrieving extensible multi-dimensional display property configurations

Also Published As

Publication number Publication date
GB2368147B (en) 2004-10-20
GB0014184D0 (en) 2000-08-02

Similar Documents

Publication Publication Date Title
US7069267B2 (en) Data storage and access employing clustering
US7146404B2 (en) Method for performing authenticated access to a service on behalf of a user
CN106165371B (en) Relay agents that provide secure connections in a controlled network environment
US20030084345A1 (en) Managed access to information over data networks
US7979900B2 (en) Method and system for logging into and providing access to a computer system via a communication network
CN101005503A (en) Method and data processing system for intercepting communication between a client and a service
CN112541190B (en) Map authority control method and control system based on unified user information
WO2001022200A9 (en) Electronic voting scheme employing permanent ballot storage
CN110119598A (en) A kind of digital license signs and issues method, verification method and its system
CN109359446B (en) A kind of cross-domain login validation method in internet
AU2004203412A1 (en) Moving principals across security boundaries without service interruption
CN101056179B (en) Method and system for controlling users to access the Internet only in a specific area
Smith Forming an incident response team
GB2368147A (en) Access control system for network of servers via port
EP1372082A1 (en) Authentication system and authentication method
US20040039945A1 (en) Authentication method and authentication apparatus
KR100453616B1 (en) Method, article and apparatus for registering registrants, such as voter registrants
US7984428B1 (en) Methods and systems for testing evaluation modules
US20070022190A1 (en) Method for access management
TWI241497B (en) Operation method of single sign on system
Steinemann et al. Realization of a Vision: Authentication and Authorization Infrastructure for the Swiss Higher Education Community
Jillbert et al. ONLINE VOTING FOR E-DEMOCRACY IN DEVELOPING COUNTRIES: IS IT POSSIBLE?
Prosser et al. Implementing an Internet-Based Voting System for Public Elections
Basöz KIT-SCC-Services-Working environment-User account (password)-Federated Login Services (FeLS)-Federated Login Services (FeLS)
Ablon et al. Robust and Scalable UAS Registration: Key Technology Issues And Recommendations

Legal Events

Date Code Title Description
PCNP Patent ceased through non-payment of renewal fee

Effective date: 20090609