USING EXCLUSION BASED SECURITY RULES FOR ESTABLISHING URI SECURITY

US 20090328153A1
Filed: 06/25/2008
Published: 12/31/2009
Est. Priority Date: 06/25/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling access to Uniform Resource Identifier (URI) identified resources comprising:

receiving a request for a resource identified by a URI;

comparing the URI associated with the request against at least one previously established security rule, said security rule including an exclusion comparison operator and a regular expression defining a pattern; and

determining whether to grant a requester access to the resource based at least in part upon results of the comparing of the URI against the previously established security rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A solution for controlling access to Uniform Resource Identifier (URI) identified resources can receive a request for a resource identified by a URI. The URI associated with the request can be compared against at least one previously established security rule. The security rule can include an exclusion comparison operator and a regular expression defining a pattern. A determination as to whether to grant a requester access to the resource can be based at least in part upon results of the comparing of the URI against the previously established security rule.

Citations

19 Claims

1. A method for controlling access to Uniform Resource Identifier (URI) identified resources comprising:
- receiving a request for a resource identified by a URI;
  
  comparing the URI associated with the request against at least one previously established security rule, said security rule including an exclusion comparison operator and a regular expression defining a pattern; and
  
  determining whether to grant a requester access to the resource based at least in part upon results of the comparing of the URI against the previously established security rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - determining that the URI matches the pattern defined by the regular expression; and
      
      evaluating the security rule as FALSE based upon the exclusion comparison operator.
  - 3. The method of claim 1, further comprising:
    - determining that the URI does not match the pattern defined by the regular expression; and
      
      evaluating the security rule as TRUE based upon the exclusion comparison operator.
  - 4. The method of claim 1, further comprising:
    - programmatically determining that the requested resource is a secure resource when the security rule evaluates as FALSE and performing at least one security action before granting access to the resource responsive to the request, wherein the at least one security action prompts a user for additional security credentials and bases access of the requested resource upon whether credentials provided responsive to the prompts are valid; and
      
      programmatically determining that the requested resource is an unsecure resource when the security rule evaluates as TRUE and granting access to the resource responsive to the request.
  - 5. The method of claim 1, wherein said at least one security rule comprises a plurality of security rules, wherein at least two of said plurality of security rules comprise an exclusion comparison operator for evaluating the URI against a pattern defined in the corresponding security rule.
  - 6. The method of claim 5, wherein at least one of the plurality of security rules comprise an inclusion comparison operator for evaluating the URI against an associated pattern defined in the corresponding security rule.
  - 7. The method of claim 6, further comprising:
    - establishing an evaluation order for the plurality of security rules; and
      
      processing each security rule in order until one of the security rules evaluates as TRUE, in which case lowered ordered security rules are not processed for the request.
  - 8. The method of claim 1, wherein the resource is a RESTful resource.
  - 9. The method of claim 1, wherein an application server is used to perform the receiving, comparing, and determining in accordance with programmatic rules digitally encoded within a machine readable medium that are executed by the application server, wherein the security rules utilized by the application server are based upon a plurality of matching rules comprising pattern matching, exact matching, and extension based matching.

10. A computer program product for controlling access to Uniform Resource Identifier (URI) identified resources comprising:
- a computer usable medium having computer usable program code embodied therewith, the computer usable program code comprising;
  
  computer usable program code configured to receive a request for a resource identified by a URI;
  
  computer usable program code configured to compare the URI associated with the request against at least one previously established security rule, said security rule including an exclusion comparison operator and a regular expression defining a pattern; and
  
  computer usable program code configured to determine whether to grant a requester access to the resource based at least in part upon results of the comparing of the URI against the previously established security rule.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer program product of claim 10, further comprising:
    - computer usable program code configured to determine that the URI matches the pattern defined by the regular expression; and
      
      computer usable program code configured to evaluate the security rule as FALSE based upon the exclusion comparison operator.
  - 12. The computer program product of claim 10, further comprising:
    - computer usable program code configured to determine that the URI does not match the pattern defined by the regular expression; and
      
      computer usable program code configured to evaluate the security rule as TRUE based upon the exclusion comparison operator.
  - 13. The computer program product of claim 10, further comprising:
    - computer usable program code configured to programmatically determine that the requested resource is a secure resource when the security rule evaluates as FALSE and performing at least one security action before granting access to the resource responsive to the request, wherein the at least one security action prompts a user for additional security credentials and bases access of the requested resource upon whether credentials provided responsive to the prompts are valid; and
      
      computer usable program code configured to programmatically determine that the requested resource is an unsecure resource when the security rule evaluates as TRUE and granting access to the resource responsive to the request.
  - 14. The computer program product of claim 10, wherein said at least one security rule comprises a plurality of security rules, wherein at least two of said plurality of security rules comprise an exclusion comparison operator for evaluating the URI against a pattern defined in the corresponding security rule.
  - 15. The method of claim 14, wherein at least one of the plurality of security rules comprise an inclusion comparison operator for evaluating the URI against an associated pattern defined in the corresponding security rule.
  - 16. The method of claim 15, further comprising:
    - computer usable program code configured to establish an evaluation order for the plurality of security rules; and
      
      computer usable program code configured to process each security rule in order until one of the security rules evaluates as TRUE, in which case lowered ordered security rules are not processed for the request.
  - 17. The computer program product of claim 10, wherein the resource is a RESTful resource.
  - 18. The computer program product of claim 10, wherein an application server is used to execute the computer useable program code configured to receive, to compare, and to determine as defined in claim 10, wherein the security rules utilized by the application server are based upon a plurality of matching rules comprising pattern matching, exact matching, and extension based matching.

19. An application server comprising:
- a URI security engine configured to evaluate requests for URI identified resources based upon a plurality of previously established security rules, said URI security engine comprising an exclusion mechanism configured to evaluate security rules comprising exclusion conditional operators; and
  
  a Web server configured to selectively serve a plurality of URI identified resources to requesting clients based upon evaluation results of the URI security engine, wherein the security rules are based upon a plurality of matching rules comprising pattern matching, exact matching, and extension based matching.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kaplinger, Todd E., Haberkorn, Marc E., Chetuparambil, Madhu K.

Application Number

US12/146,006
Publication Number

US 20090328153A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2119   Authenticating web pages, e...

G06N 5/046   Forward inferencing; Produc...

USING EXCLUSION BASED SECURITY RULES FOR ESTABLISHING URI SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

USING EXCLUSION BASED SECURITY RULES FOR ESTABLISHING URI SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links