ROLE-BASED ACCESS CONTROL

US 20090019516A1
Filed: 01/30/2007
Published: 01/15/2009
Est. Priority Date: 01/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method of using a role-based access control (RBAC) system for controlling access rights to protected resources in a record keeping system, the method comprising the acts of:

associating a rights request with a role based policy to determine access rights;

modifying the determined access rights in accordance with an exception list related to particular users and records; and

authorizing access to a record based upon the modified determined access rights.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user interface and a processor coupled to the user interface wherein the processor receives access requests through the user interface and authorizes access through the user interface. The processor associates a rights request with a role based policy to determine access rights, modifies the determined access rights in accordance with an exception list related to particular users and records, and authorizes access to a record based upon the modified determined access rights.

50 Citations

View as Search Results

20 Claims

1. A method of using a role-based access control (RBAC) system for controlling access rights to protected resources in a record keeping system, the method comprising the acts of:
- associating a rights request with a role based policy to determine access rights;
  
  modifying the determined access rights in accordance with an exception list related to particular users and records; and
  
  authorizing access to a record based upon the modified determined access rights.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the role based policy is a default policy modified to be a personalized policy.
  - 3. The method of claim 1, comprising the acts of:
    - determining if an exception applies to a majority of at least one of users and records; and
      
      modifying the role based policy to include the exception if the exception applies to the majority of at least one of users and records;
      
      modifying the exception list to apply to a minority of users rights previously controlled by the role based policy.
  - 4. The method of claim 1, comprising the act of associating the role based policy to the exception list.
  - 5. The method of claim 1, wherein the exception list is one of a plurality of exception lists, the method comprising the act of associating each of the plurality of role based policies to one or more of the plurality of exception lists.
  - 6. The method of claim 1, wherein the role based policy is one of a plurality of role based policies and the exception list is one of a plurality of exception lists, the method comprising the act of associating each one of the plurality of role based policies to one of the plurality of exception lists.
  - 7. The method of claim 1, comprising the act of associating additional access rights and restricted access rights with the exception list.

8. A role-based access control (RBAC) system for controlling access to protected resources, the system comprising:
- a user interface;
  
  and a processor operably coupled to the user interface, wherein the processor is configured to receive access requests through the user interface and is configured to authorize access through the user interface, wherein the processor is configured to associate a rights request with a role based policy to determine access rights, modify the determined access rights in accordance with an exception list related to particular users and records, and authorize access to a record based upon the modified determined access rights.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the processor is configured to determine if an exception applies to a majority of users, is configured to modify the role based policy to include the exception if the exception applies to the majority of users, and is configured to modify the exception list to apply to a minority of users rights previously controlled by the role based policy.
  - 10. The system of claim 8, wherein the role based policy is one of a plurality of role based policies and the exception list is one of a plurality of exception lists, the processor configured to associate each one of the plurality of role based policies to one of the plurality of exception lists.
  - 11. The system of claim 8, wherein the processor is configured to associate additional access rights and restricted access rights with the exception list.
  - 12. The system of claim 8, wherein the processor is configured to update instructions for determining the role based policy by combining the role based policy with the exception list.

13. An application embodied on a computer readable medium configured to provide a role-based access control system (RBAC), the application comprising:
- a portion configured to associate a rights request with a role based policy to determine access rights;
  
  a portion configured to modify the determined access rights in accordance with an exception list related to particular users and records; and
  
  a portion configured to authorize access to a record based upon the modified determined access rights.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The application of claim 13, wherein the role based policy is a default policy modified to be a personalized policy.
  - 15. The application of claim 13, comprising:
    - a portion configured to determine if an exception applies to a majority of at least one of users and records;
      
      a portion configured to modify the role based policy to include the exception if the exception applies to the majority of at least one of users and records; and
      
      a portion configured to modify the exception list to apply to a minority of at least one of users rights and records previously controlled by the role based policy.
  - 16. The application of claim 13, comprising a portion configured to associate the role based policy to the exception list.
  - 17. The application of claim 13, wherein the exception list is one of a plurality of exception lists, the application comprising a portion configured to associate each of the plurality of role based policies to one or more of the plurality of exception lists.
  - 18. The application of claim 13, wherein the role based policy is one of a plurality of role based policies and the exception list is one of a plurality of exception lists, the application comprising a portion configured to associate each one of the plurality of role based policies to one of the plurality of exception lists.
  - 19. The application of claim 13, comprising a portion configured to associate additional access rights and restricted access rights with the exception list.
  - 20. The application of claim 13, comprising:
    - a portion configured to determine if an exception applies to a majority of atomic blocks that have the same policy;
      
      a portion configured to modify the role based policy to include the exception if the exception applies to the majority of atomic blocks; and
      
      a portion configured to modify the exception list to apply to a minority of atomic blocks previously controlled by the role based policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Original Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Inventors
Hammoutene, Malik, Conrado, Claudine, Petkovic, Milan

Granted Patent

US 8,448,240 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

ROLE-BASED ACCESS CONTROL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

50 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

ROLE-BASED ACCESS CONTROL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others