METHOD AND SYSTEM FOR SECURING APPLICATION INFORMATION IN SYSTEM-WIDE SEARCH ENGINES
First Claim
1. A method of providing a secure, shared search service, comprising:
- registering a plurality of security filtering modules with said secure, shared search service, wherein each of said security filtering modules is registered by a corresponding one of a plurality of applications, wherein said registering associates each one of said plurality of security filtering modules with said corresponding one of said plurality of applications;
obtaining data to be indexed from each of said plurality of applications;
indexing said data into a search index of said secure, shared search service, wherein said indexing causes each indexed document to be associated with one of said applications from which it was obtained to be indexed, and wherein said search index is shared across all of said plurality of applications and a plurality of users;
receiving a search query from one of said users;
determining, responsive to said search query and said search index, initial search results; and
applying said security filtering modules to said initial search results to obtain filtered search results, wherein said applying includes each of said security filtering modules removing documents from said initial search results that that were obtained from corresponding ones of said applications and to which said one of said users does not have access.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for securing application information in a shared, system-wide search service. Each application can register a security filtering module that is to be used at search time to filter data associated with that application. When a user performs a search, initial, unfiltered search results are obtained based the contents of the shared search index. The unfiltered search results are organized by application, and previously registered filter modules are called to perform user specific, per-application filtering on the initial results. The filter modules cause data to which the user issuing the search request does not have access to be removed from the search results, on a per application basis. Those of the initial search results that are determined in this way to not be accessible to the user issuing the search request are removed, resulting in a set of filtered search results that are presented to the user. The filtered search results thus contain indications only of data that is accessible to the user. In this way, the system-wide search service filters search results to remove indications of data which match the search criteria provided by the user, but to which the user does not have access, based on a conveniently extensible, per-application search result filtering process.
58 Citations
15 Claims
-
1. A method of providing a secure, shared search service, comprising:
-
registering a plurality of security filtering modules with said secure, shared search service, wherein each of said security filtering modules is registered by a corresponding one of a plurality of applications, wherein said registering associates each one of said plurality of security filtering modules with said corresponding one of said plurality of applications; obtaining data to be indexed from each of said plurality of applications; indexing said data into a search index of said secure, shared search service, wherein said indexing causes each indexed document to be associated with one of said applications from which it was obtained to be indexed, and wherein said search index is shared across all of said plurality of applications and a plurality of users; receiving a search query from one of said users; determining, responsive to said search query and said search index, initial search results; and applying said security filtering modules to said initial search results to obtain filtered search results, wherein said applying includes each of said security filtering modules removing documents from said initial search results that that were obtained from corresponding ones of said applications and to which said one of said users does not have access. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system including a computer readable medium, said computer readable medium having stored thereon program code for providing a secure, shared search service, said program code comprising:
-
program code for registering a plurality of security filtering modules with said secure, shared search service, wherein each of said security filtering modules is registered by a corresponding one of a plurality of applications, wherein said registering associates each one of said plurality of security filtering modules with said corresponding one of said plurality of applications; program code for obtaining data to be indexed from each of said plurality of applications; program code for indexing said data into a search index of said secure, shared search service, wherein said indexing causes each indexed document to be associated with one of said applications from which it was obtained to be indexed, and wherein said search index is shared across all of said plurality of applications and a plurality of users; program code for receiving a search query from one of said users; program code for determining, responsive to said search query and said search index, initial search results; and program code for applying said security filtering modules to said initial search results to obtain filtered search results, wherein said applying includes each of said security filtering modules removing documents from said initial search results that that were obtained from corresponding ones of said applications and to which said one of said users does not have access. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A computer program product including a computer readable medium, said computer readable medium having program code stored thereon for providing a secure, shared search service, said program code comprising:
-
program code for registering a plurality of security filtering modules with said secure, shared search service, wherein each of said security filtering modules is registered by a corresponding one of a plurality of applications, wherein said registering associates each one of said plurality of security filtering modules with said corresponding one of said plurality of applications; program code for obtaining data to be indexed from each of said plurality of applications; program code for indexing said data into a search index of said secure, shared search service, wherein said indexing causes each indexed document to be associated with one of said applications from which it was obtained to be indexed, and wherein said search index is shared across all of said plurality of applications and a plurality of users; program code for receiving a search query from one of said users; program code for determining, responsive to said search query and said search index, initial search results; and program code for applying said security filtering modules to said initial search results to obtain filtered search results, wherein said applying includes each of said security filtering modules removing documents from said initial search results that that were obtained from corresponding ones of said applications and to which said one of said users does not have access.
-
-
14. A computer data signal embodied in a carrier wave, said computer data signal having stored therein program code for providing a secure, shared search service, said program code comprising:
-
program code for registering a plurality of security filtering modules with said secure, shared search service, wherein each of said security filtering modules is registered by a corresponding one of a plurality of applications, wherein said registering associates each one of said plurality of security filtering modules with said corresponding one of said plurality of applications; program code for obtaining data to be indexed from each of said plurality of applications; program code for indexing said data into a search index of said secure, shared search service, wherein said indexing causes each indexed document to be associated with one of said applications from which it was obtained to be indexed, and wherein said search index is shared across all of said plurality of applications and a plurality of users; program code for receiving a search query from one of said users; program code for determining, responsive to said search query and said search index, initial search results; and program code for applying said security filtering modules to said initial search results to obtain filtered search results, wherein said applying includes each of said security filtering modules removing documents from said initial search results that that were obtained from corresponding ones of said applications and to which said one of said users does not have access.
-
-
15. A system for providing a secure, shared search service, comprising:
-
means for registering a plurality of security filtering modules with said secure, shared search service, wherein each of said security filtering modules is registered by a corresponding one of a plurality of applications, wherein said registering associates each one of said plurality of security filtering modules with said corresponding one of said plurality of applications; means for obtaining data to be indexed from each of said plurality of applications; means for indexing said data into a search index of said secure, shared search service, wherein said indexing causes each indexed document to be associated with one of said applications from which it was obtained to be indexed, and wherein said search index is shared across all of said plurality of applications and a plurality of users; means for receiving a search query from one of said users; means for determining, responsive to said search query and said search index, initial search results; and means for applying said security filtering modules to said initial search results to obtain filtered search results, wherein said applying includes each of said security filtering modules removing documents from said initial search results that that were obtained from corresponding ones of said applications and to which said one of said users does not have access.
-
Specification