Condition based authorization model for data access
First Claim
1. A method for controlling access to a securable software object in a computer operating system, the method comprising:
- receiving a security policy from an owner who is authorized to control access settings for the securable software object, the security policy being at least partially based on an access condition, wherein the access condition is based on dynamic user state information or dynamic system state information having a value that is updatable while a user is logged on to the computer operating system;
receiving a request from a user to perform an action on the securable software object, the request being received at an application programming interface of the computer operating system; and
determining whether the user is authorized to perform the action on the securable software object based at least in part on an evaluation of whether the access condition is satisfied, the evaluation being made by reference to a dynamically updatable operating system resource containing a current value of the dynamic system state information or dynamic user state information.
2 Assignments
0 Petitions
Accused Products
Abstract
A condition-based authorization model for data access is provided. According to the model, the owner of a securable software object, such as a file, folder, or process, may specify a security policy that includes an access condition for accessing the object. The access condition may be based on dynamic user or system state information having a value that is updatable while a user is logged on, such as system time or user location. When a later request is received from a user to perform an action on the object via an application programming interface of a computer operating system, a security subsystem of the computer operating system queries a system resource containing information suitable to evaluate the access condition, and determines whether the access condition is met. If the access condition is met, access by the user to the securable software object is permitted. Otherwise, access is denied.
-
Citations
20 Claims
-
1. A method for controlling access to a securable software object in a computer operating system, the method comprising:
-
receiving a security policy from an owner who is authorized to control access settings for the securable software object, the security policy being at least partially based on an access condition, wherein the access condition is based on dynamic user state information or dynamic system state information having a value that is updatable while a user is logged on to the computer operating system; receiving a request from a user to perform an action on the securable software object, the request being received at an application programming interface of the computer operating system; and determining whether the user is authorized to perform the action on the securable software object based at least in part on an evaluation of whether the access condition is satisfied, the evaluation being made by reference to a dynamically updatable operating system resource containing a current value of the dynamic system state information or dynamic user state information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for controlling access to a securable software object in a computer operating system, the system comprising:
-
an object security data structure configured to contain an access condition for the securable software object, wherein the access condition is based on dynamic user state information or dynamic system state information having a value that is updatable while a user is logged on to the computer operating system; a dynamically updatable system resource containing dynamic user state information or dynamic system state information for evaluating the access condition; and a security subsystem that is configured to determine whether the user is authorized to perform an action on the securable software object based at least in part on an evaluation of whether the access condition is satisfied, the evaluation being made by reference to the dynamic user state information or dynamic system state information for evaluating the access condition contained in the system resource. - View Dependent Claims (16, 17, 18)
-
-
19. A system for controlling access to a securable software object of a computer operating system, the system comprising:
code executable to generate a graphical user interface, the graphical user interface including a security policy selection tool configured to receive input of an access condition from an owner of a securable software object, and the graphical user interface being configured to store the inputted access condition in an object security data structure for evaluation by a security subsystem of the computer operating system upon a requested action on the object by a user during a subsequent user logon session, wherein the access condition is based on dynamic user state information or dynamic system state information having a value that is updatable while the user is logged on to the computer operating system. - View Dependent Claims (20)
Specification