Method, apparatus and system for enforcing access control policies using contextual attributes

US 20060236369A1
Filed: 12/21/2005
Published: 10/19/2006
Est. Priority Date: 03/24/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

receiving a request for access to a protected resource;

receiving contextual attributes associated with the request;

comparing the contextual attributes against a policy database; and

granting access if the contextual attributes are valid according to a policy in the policy database.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus and system provide access control utilizing contextual attributes. An access control module may receive a client request for access to a protected resource. The access control module may examine the contextual attributes associated with the request and compare the attributes against a policy database. If the attributes are valid according to a policy in the policy database, access may be granted to the protected resource. Otherwise, access may be denied.

Citations

23 Claims

1. A method comprising:
- receiving a request for access to a protected resource;
  
  receiving contextual attributes associated with the request;
  
  comparing the contextual attributes against a policy database; and
  
  granting access if the contextual attributes are valid according to a policy in the policy database.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1 further comprising authenticating the request for access prior to comparing the contextual attributes against a policy database.
  - 3. The method according to claim 2 wherein authenticating the request comprises authenticating the contextual attributes associated with the request.
  - 4. The method according to claim 1 wherein the contextual attributes comprise at least one of information about a subject of the request, information about the protected resource and information about a type of transaction pertaining to the request.
  - 5. The method according to claim 1 wherein the contextual attributes comprise a type and the type includes at least one of an identification attribute, an implicit attribute and an explicit attribute.
  - 6. The method according to claim 1 wherein the policy in the policy database includes a at least one policy statement defined by at least one contextual attribute.
  - 7. The method according to claim 1 wherein the contextual attributes include at least one of ambient noise level, brightness, air temperature, atmospheric pressure, time, an electronic receipt and a location.

8. An article comprising a machine-accessible medium having stored thereon instructions that, when executed by a machine, cause the machine to:
- receive a request for access to a protected resource;
  
  receive contextual attributes associated with the request;
  
  compare the contextual attributes against a policy database; and
  
  grant access if the contextual attributes are valid according to a policy in the policy database.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The article according to claim 8 wherein the instructions, when executed by the machine, further cause the machine to authenticate the request for access prior to comparing the contextual attributes against a policy database.
  - 10. The article according to claim 9 wherein the instructions, when executed by the machine, further cause the machine to authenticate the request by authenticating the contextual attributes associated with the request.
  - 11. The article according to claim 8 wherein the contextual attributes comprise at least one of information about a subject of the request, information about the protected resource and information about a type of transaction pertaining to the request.
  - 12. The article according to claim 8 wherein the contextual attributes comprise a type and the type includes at least one of an identification attribute, an implicit attribute and an explicit attribute.
  - 13. The article according to claim 8 wherein the policy in the policy database includes at least one policy statement defined by at least one contextual attribute.

14. A method comprising:
- requesting access to a protected resource;
  
  collecting contextual attributes associated with the request, the contextual attributes comprising at least one of information about a subject of the request, information about the protected resource and information about a type of transaction pertaining to the request, the contextual attributes further comprising a type and the type including at least one of an identification attribute, an implicit attribute and an explicit attribute;
  
  transmitting the contextual attributes with the request.
- View Dependent Claims (15, 16)
- - 15. The method according to claim 14 wherein collecting contextual attributes further comprises retrieving the contextual information from a trusted platform.
  - 16. The method according to claim 14 further comprising receiving authorization to access the protected resource if the contextual attributes transmitted with the request match a policy in a policy database.

17. An article comprising a machine-accessible medium having stored thereon instructions that, when executed by a machine, cause the machine to:
- request access to a protected resource;
  
  collect contextual attributes associated with the request, the contextual attributes comprising at least one of information about a subject of the request, information about the protected resource and information about a type of transaction pertaining to the request, the contextual attributes further comprising a type and the type including at least one of an identification attribute, an implicit attribute and an explicit attribute;
  
  transmit the contextual attributes with the request.
- View Dependent Claims (18, 19)
- - 18. The article according to claim 17 wherein the instructions, when executed by the machine, further cause the machine to collect contextual attributes by retrieving the contextual information from a trusted platform.
  - 19. The article according to claim 17 wherein the instructions, when executed by the machine, further cause the machine to receive authorization to access the protected resource if the contextual attributes transmitted with the request match a policy in a policy database.

20. An access control system comprising:
- a client device capable of transmitting a request to a service provider requesting access to a protected resources, the client device further capable of transmitting contextual information with the access request; and
  
  a resource manager of the service provider capable of receiving the request from the client device for access to the protected resources, the resource manager capable of comparing the received contextual attributes against a policy database and granting access to the protected resource if the contextual attributes are valid according to a policy in the policy database.
- View Dependent Claims (21, 22, 23)
- - 21. The access control system of claim 20 wherein the contextual information comprises at least one of information about a subject of the request, information about the protected resource and information about a type of transaction pertaining to the request.
  - 22. The access control system of claim 21 wherein the contextual attributes comprise a type and the type includes at least one of an identification attribute, an implicit attribute and an explicit attribute.
  - 23. The access control system of claim 20, wherein the client device further includes a trusted platform capable of storing the contextual attributes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Covington, Michael J., Sastry, Manoj R.

Application Number

US11/317,879
Publication Number

US 20060236369A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/80   Wireless

H04L 63/0421   Anonymous communication, i....

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

H04L 9/3271   using challenge-response

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/63   Location-dependent; Proximi...

H04W 12/65   Environment-dependent, e.g....

Method, apparatus and system for enforcing access control policies using contextual attributes

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method, apparatus and system for enforcing access control policies using contextual attributes

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links