公开(公告)号：DE60100680D1

公开(公告)日：2003-10-09

申请号：DE60100680

申请日：2001-04-24

Applicant: IBM

Inventor： HENN DR ,  HERRENDOERFER DIRK ,  SCHAECK THOMAS ,  WEBER ROLAND

IPC: H04L29/06 ,  H04L29/08

Abstract: The present invention relates to a client-server system having a security system for controlling access to application functions. The security system separated from the clients and the application functions routes all incoming requests created by various PVC-devices to a centralized security system providing an authentication component and a security component. The authentication component provides several authentication mechanisms which may be selected by information contained in the client's request. The authentication mechanism may be changed or extended without changing conditions on the client as well on the server or application side. The security component provides a security policy describing security requirements for accessing application functions which may be invoked by the security component. If the selected authentication mechanism succeeds and fulfills the security policy associated to that application function then the application function will be invoked by the security component.

公开(公告)号：DE60100680T2

公开(公告)日：2004-07-22

申请号：DE60100680

申请日：2001-04-24

Applicant: IBM

Inventor： HENN DR ,  HERRENDOERFER DIRK ,  SCHAECK THOMAS ,  WEBER ROLAND

IPC: H04L29/06 ,  H04L29/08

Abstract: The present invention relates to a client-server system having a security system for controlling access to application functions. The security system separated from the clients and the application functions routes all incoming requests created by various PVC-devices to a centralized security system providing an authentication component and a security component. The authentication component provides several authentication mechanisms which may be selected by information contained in the client's request. The authentication mechanism may be changed or extended without changing conditions on the client as well on the server or application side. The security component provides a security policy describing security requirements for accessing application functions which may be invoked by the security component. If the selected authentication mechanism succeeds and fulfills the security policy associated to that application function then the application function will be invoked by the security component.