METHOD FOR CONTROLLING ACCESS TO DATA CONTAINERS IN A COMPUTER SYSTEM

US 20100299362A1
Filed: 05/24/2010
Published: 11/25/2010
Est. Priority Date: 05/24/2009
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling access to objects stored in a computer system;

wherein ownership and access rights may be attributes of object containers and,wherein ownership and access rights of contained objects are implied by presence of said objects in an object container and,wherein object containers may be in the form of logical entities, including but not limited to file systems, folders and directories, and data structures in various forms including but not limited to lists, chains, trees, arrays, queues and tables.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for controlling access to stored objects in a computer system is provided that is both powerful and flexible, and minimizes complexity to the user. The method may apply to logical containers of objects and supports arbitrary configurations of logical containers, including nests and hierarchies. The method extends beyond the simple notion of permission, to include not only operation-oriented rights, but more complex and possibly dynamic access conditions, criteria and rules. The method provides for association of actions to be triggered and performed, optionally, in relation to access or attempted access to stored objects.

165 Citations

15 Claims

1. A method for controlling access to objects stored in a computer system;
- wherein ownership and access rights may be attributes of object containers and,wherein ownership and access rights of contained objects are implied by presence of said objects in an object container and,wherein object containers may be in the form of logical entities, including but not limited to file systems, folders and directories, and data structures in various forms including but not limited to lists, chains, trees, arrays, queues and tables.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 wherein each object container has an associated access policy comprising a plurality of access conditions and,wherein access conditions may comprise an access mode, and access group, and a plurality of access rules and access actions.
  - 3. The method of claim 1 wherein access policies, as applied to logical containers, may be deferred from one container to another, such as from a subordinate container to a superior container in a configuration in which containers may appear to be nested or layered.
  - 4. The method of claim 1 wherein an access policy may include an access condition that asserts control over modification of said access policy.
  - 5. The method of claim 1 wherein access rights permitting listing of objects stored in an object container and permitting reading the contents of an object within an object container may be defined and asserted separately.
  - 6. The method of claim 1 wherein access rights permitting creation of an object and permitting updates to an existing object may be defined and asserted separately.
  - 7. The method of claim 1 wherein an object container'"'"'s access policy may be encoded in a compact serialized form such that the access conditions and their associated elements are encoded into that form.
  - 8. The method of claim 1 wherein an access policy may be defined or undefined, being distinct but reasonable states, such that an undefined state may result in deferring access control decisions to another entity, including but not limited to an enclosing object container.
  - 9. The method of claim 1 wherein access may apply to operations, including but not limited to creation of objects and object containers, addition of objects to an object container, reading the content and attributes of objects, updating the content and attributes of objects and object containers, listing the contents of object containers, deleting objects from object containers and deleting object containers.
  - 10. The method of claim 1 wherein access by an entity that prior to effecting access control had not been authenticated or had been authenticated as anonymous, (hereinafter “
    - anonymous access”
      
      ) may be permitted.
  - 11. The method of claim 1 wherein anonymous access may be permitted, per access policy, with the application of additional credentials, rules or actions, such as, but not limited to password, biometrics or communication with a process or entity external to the core access control logic.
  - 12. The method of claim 1 wherein access policies may be complex conditions, in addition to operations conditions, including but not limited to date and time of access, locality, access density, account standing, bandwidth or other resource utilization levels, climate and all manner of external conditions.
  - 13. The method of claim 1 wherein actions may be associated with access and:
    - wherein said actions may execute;
      
      upon satisfaction of access criteria or rules, orupon failure to satisfy access criteria or rules, orunconditionally, before after or during access.
  - 14. The method of claim 1 wherein an access policy may comprise access conditions and their respective elements, that in combination may result in a write-only or WORM (write-once-read-many) behavior.

15. The method of claim 15 wherein subsequent operations or other accesses may be controlled in accordance with rules, criteria or policies such as digital signatures, expiration date and time, and possibly other mechanisms to provide assurance of the integrity and authenticity of stored objects.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pi-Coral Incorporated
Original Assignee
Pi-Coral Incorporated
Inventors
Osmond, Roger Frederick

Application Number

US12/785,752
Publication Number

US 20100299362A1
Time in Patent Office

Days
Field of Search
US Class Current

707/781
CPC Class Codes

G06F 21/6218 to a system of files or obj...

METHOD FOR CONTROLLING ACCESS TO DATA CONTAINERS IN A COMPUTER SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

165 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR CONTROLLING ACCESS TO DATA CONTAINERS IN A COMPUTER SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

165 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links