Dynamic evaluation of access rights
First Claim
1. A method for evaluating an access right, the method comprising:
- receiving a set of access rules associated with a secured file;
obtaining respective rule items from the access rules;
obtaining respective parameters corresponding to the rule items;
comparing the parameters and the rule items, respectively;
granting the access right if the comparing of the parameters and the rule items is considered successful; and
denying the access right if the comparing of the parameters and the rule items is considered unsuccessful.
5 Assignments
0 Petitions
Accused Products
Abstract
To grant or deny access rights to a user attempting to access a protected system or secured electronic data, an access right evaluation process is carried out among all applicable policies including those embedded in the secured electronic data. In a preferred embodiment, the access right evaluation process is invoked only when a system being accessed is protected or a file being accessed is detected to be in a secured format. Further, the access right evaluation process is configured preferably to operate transparently to the user. The access right evaluation may be advantageously used in systems or applications in which devices, mediums or electronic data are secured and can be restrictively accessed by those who are authenticated and have proper access privilege.
337 Citations
46 Claims
-
1. A method for evaluating an access right, the method comprising:
-
receiving a set of access rules associated with a secured file;
obtaining respective rule items from the access rules;
obtaining respective parameters corresponding to the rule items;
comparing the parameters and the rule items, respectively;
granting the access right if the comparing of the parameters and the rule items is considered successful; and
denying the access right if the comparing of the parameters and the rule items is considered unsuccessful. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus for evaluating an access right, the apparatus comprising:
-
a memory store for storing an executable module;
a processor, coupled to the memory store and when executing the executable module, causing the processor to perform operations of;
receiving a set of access rules originally embedded in a secured file;
obtaining respective rule items from the access rules;
obtaining respective parameters corresponding to the rule items;
comparing the parameters and the rule items, respectively;
granting the access right if the comparing of the parameters and the rule items is considered successful; and
denying the access right if the comparing of the parameters and the rule items is considered unsuccessful. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40)
-
-
37. A method for evaluating an access right, the method comprising:
-
obtaining a system rule set and an access rule set, wherein the access rule set is associated with the secured file;
evaluating, respectively, each of items in the system rule set and the access rule set;
granting the access right if the evaluating of each of the items in the system rule set and the access rule set produces a logic pass; and
denying the access right if the evaluating of one of the items in the system rule set or the access rule set produces a logic failure.
-
-
41. A method for evaluating an access right, the method comprising:
-
obtaining a first system rule set and a second system rule set;
determining if one of the first and second system rule sets has a property of overriding other system rule sets;
if one of the first and second system rule sets has a property of overriding other system rule sets, obtaining rule items from the one of the first and second system rule;
obtaining respective parameters corresponding to the rule items;
comparing the parameters and the rule items, respectively;
granting the access right if the comparing of the parameters and the rule items is considered successful; and
denying the access right if the comparing of the parameters and the rule items is considered unsuccessful;
if one of the first and second system rule sets does not have a property of overriding other system rule sets, obtaining respective rule items from the first and second system rule sets;
obtaining respective parameters corresponding to the rule items of the first and second system rule sets;
comparing the parameters and the rule items of the first and second system rule sets, respectively;
granting the access right if the comparing of the parameters and the rule items is considered successful; and
denying the access right if the comparing of the parameters and the rule items is considered unsuccessful. - View Dependent Claims (42, 43, 44, 45, 46)
-
Specification