Security systems, methods, and computer program products for information integration platform

US 10,567,383 B2
Filed: 03/28/2017
Issued: 02/18/2020
Est. Priority Date: 03/14/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a search system, a search query from a client device associated with a user, the search system configured for evaluating search queries according to a security model, the security model having an inbound check and an outbound check;

responsive to the search query, performing the inbound check at query time, the inbound check including determining principals associated with the user, the inbound check performed by the search system embodied on a server machine;

modifying the search query to include a union of the security level principals associated with the user to define a scope of search for the search query, the modifying performed by the search system, the principals obtained or received from a plurality of repositories, wherein the search system performs the search query that has been modified in across the plurality of repositories using the principals obtained or received from the plurality of repositories;

after the search query is performed, performing an outbound check including verifying whether the user has authorization to view search results from the search query, the outbound check performed by the search system;

based on authorization information associated with the user, filtering out documents in the search results for which the user is not authorized to access, the filtering performed by the search system; and

presenting, on the client device, only documents in the search results for which the user is authorized to access based on the authorization information associated with the user.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information integration system may include a set of integration services embodied on one or more server machines in a computing environment. The set of integration services may include connectors communicatively connected to disparate information systems. The connectors may be configured for integrating data stored in the disparate information systems utilizing a common model employed by the set of integration services. The common model may overlay, augment, integrate, or otherwise utilize a content management interoperability services data model and may include common property definitions and a common security model. The common security model may include permissions particularly defined for use by the set of integration services. These common property definitions and permissions may be uniquely defined and utilized by the information integration system.

Citations

20 Claims

1. A method, comprising:
- receiving, by a search system, a search query from a client device associated with a user, the search system configured for evaluating search queries according to a security model, the security model having an inbound check and an outbound check;
  
  responsive to the search query, performing the inbound check at query time, the inbound check including determining principals associated with the user, the inbound check performed by the search system embodied on a server machine;
  
  modifying the search query to include a union of the security level principals associated with the user to define a scope of search for the search query, the modifying performed by the search system, the principals obtained or received from a plurality of repositories, wherein the search system performs the search query that has been modified in across the plurality of repositories using the principals obtained or received from the plurality of repositories;
  
  after the search query is performed, performing an outbound check including verifying whether the user has authorization to view search results from the search query, the outbound check performed by the search system;
  
  based on authorization information associated with the user, filtering out documents in the search results for which the user is not authorized to access, the filtering performed by the search system; and
  
  presenting, on the client device, only documents in the search results for which the user is authorized to access based on the authorization information associated with the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein the inbound check includes checking user permissions with respect to search queries at query time, and wherein the outbound check includes checking user access rights with respect to search results so as to produce filtered search results prior to presentation of the filtered search results on user devices.
  - 3. The method according to claim 1, wherein the principals associated with the user are obtained by the search system via a principals service running on an information integration server and wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server.
  - 4. The method according to claim 1, wherein the authorization information associated with the user is obtained by the search system via an authorization service running on an information integration server and wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server.
  - 5. The method according to claim 1, wherein the principals associated with the user and the authorization information associated with the user are obtained by the search system via an information integration server, wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server, wherein credentials for the user to access the disparate information systems are stored in an encrypted database, and wherein the encrypted database is internal to the information integration server.
  - 6. The method according to claim 1, wherein the principals associated with the user and the authorization information associated with the user are obtained by the search system via an information integration server, wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server, wherein credentials for the user to access the disparate information systems are stored in an encrypted database, and wherein the encrypted database is external to the information integration server.
  - 7. The method according to claim 1, wherein the search system comprises a unified index that implements the security model and wherein the unified index references information stored in disparate information systems.

8. A search system, comprising:
- a processor;
  
  a non-transitory computer readable medium; and
  
  stored instructions translatable by the processor to perform;
  
  receiving a search query from a client device associated with a user;
  
  responsive to the search query, performing an inbound check at query time, the inbound check including determining principals associated with the user;
  
  modifying the search query to include a union of the principals associated with the user to define a scope of search for the search query, the principals obtained or received from a plurality of repositories, wherein the search system performs the search query that has been modified across the plurality of repositories using the principals obtained or received from the plurality of repositories;
  
  after the search query is performed, performing an outbound check including verifying whether the user has authorization to view search results from the search query;
  
  based on authorization information associated with the user, filtering out documents in the search results for which the user is not authorized to access; and
  
  presenting, on the client device, only documents in the search results for which the user is authorized to access based on the authorization information associated with the user.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The search system of claim 8, wherein the inbound check includes checking user permissions with respect to search queries at query time, and wherein the outbound check includes checking user access rights with respect to search results so as to produce filtered search results prior to presentation of the filtered search results on user devices.
  - 10. The search system of claim 8, wherein the principals associated with the user are obtained via a principals service running on an information integration server and wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server.
  - 11. The search system of claim 8, wherein the authorization information associated with the user is obtained via an authorization service running on an information integration server and wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server.
  - 12. The search system of claim 8, wherein the principals associated with the user and the authorization information associated with the user are obtained via an information integration server, wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server, wherein credentials for the user to access the disparate information systems are stored in an encrypted database, and wherein the encrypted database is internal to the information integration server.
  - 13. The search system of claim 8, wherein the principals associated with the user and the authorization information associated with the user are obtained via an information integration server, wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server, wherein credentials for the user to access the disparate information systems are stored in an encrypted database, and wherein the encrypted database is external to the information integration server.
  - 14. The search system of claim 8, further comprising a unified index that implements the security model, wherein the unified index references information stored in disparate information systems.

15. A computer program product comprising a non-transitory computer readable medium storing instructions translatable by a processor of a search system to perform:
- receiving a search query from a client device associated with a user;
  
  responsive to the search query, performing an inbound check at query time, the inbound check including determining principals associated with the user;
  
  modifying the search query in accordance with to include a union of the principals associated with the user to define a scope of search for the search query, the principals obtained or received from a plurality of repositories, wherein the search system performs the search query that has been modified across the plurality of repositories using the principals obtained or received from the plurality of repositories;
  
  after the search query is performed, performing an outbound check including verifying whether the user has authorization to view search results from the search query;
  
  based on authorization information associated with the user, filtering out documents in the search results for which the user is not authorized to access; and
  
  presenting, on the client device, only documents in the search results for which the user is authorized to access based on the authorization information associated with the user.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the inbound check includes checking user permissions with respect to search queries at query time, and wherein the outbound check includes checking user access rights with respect to search results so as to produce filtered search results prior to presentation of the filtered search results on user devices.
  - 17. The computer program product of claim 15, wherein the principals associated with the user are obtained via a principals service running on an information integration server and wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server.
  - 18. The computer program product of claim 15, wherein the authorization information associated with the user is obtained via an authorization service running on an information integration server and wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server.
  - 19. The computer program product of claim 15, wherein the principals associated with the user and the authorization information associated with the user are obtained via an information integration server, wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server, wherein credentials for the user to access the disparate information systems are stored in an encrypted database, and wherein the encrypted database is internal to the information integration server.
  - 20. The computer program product of claim 15, wherein the principals associated with the user and the authorization information associated with the user are obtained via an information integration server, wherein the information integration server integrates information from disparate information systems communicatively connected to the information integration server, wherein credentials for the user to access the disparate information systems are stored in an encrypted database, and wherein the encrypted database is external to the information integration server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ip Ot Sub Ulc
Original Assignee
Open Text Sa Ulc (Open Text Corporation)
Inventors
Palmer, Jody Hupton, Lilko, Alexander, Molloy, Steve
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US15/471,669
Publication Number

US 20170201523A1
Time in Patent Office

1,057 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/27   Replication, distribution o...

G06F 16/9038   Presentation of query results

G06F 16/9535   Search customisation based ...

G06F 21/10   Protecting distributed prog...

G06F 21/6227   where protection concerns t...

H04L 63/10   for controlling access to d...

Security systems, methods, and computer program products for information integration platform

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Security systems, methods, and computer program products for information integration platform

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links