ENFORCEMENT OF POLICIES ON CONTEXT-BASED AUTHORIZATION

US 20110167479A1
Filed: 01/07/2011
Published: 07/07/2011
Est. Priority Date: 01/07/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method of enforcing usage/context-based authorization, the method comprising:

generating an authorization context for access to a resource, wherein the access includes a first set of access parameters;

storing the authorization context associated with the resource;

intercepting, at a policy enforcer, an access request for the resource, wherein the access request includes a second set of access parameters;

checking, by the policy enforcer, the access request against the authorization context to determine if the second set of access parameters matches the first set of access parameters; and

in response to the first set of access parameters matching the second set of access parameters, permitting access to the resource in accordance with the second set of access parameters.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide methods and systems for enforcing usage/context-based authorization. The method may include generating an authorization context for access to a resource. The access may include a first set of access parameters. The method may further store the authorization context associated with the resource, and intercept an access request for the resource. The access request may include a second set of access parameters. The method may further check the access request against the authorization context to determine if the second set of access parameters matches the first set of access parameters, and in response to the first set of access parameters matching the second set of access parameters, permit access to the resource in accordance with the second set of access parameters.

Citations

24 Claims

1. A method of enforcing usage/context-based authorization, the method comprising:
- generating an authorization context for access to a resource, wherein the access includes a first set of access parameters;
  
  storing the authorization context associated with the resource;
  
  intercepting, at a policy enforcer, an access request for the resource, wherein the access request includes a second set of access parameters;
  
  checking, by the policy enforcer, the access request against the authorization context to determine if the second set of access parameters matches the first set of access parameters; and
  
  in response to the first set of access parameters matching the second set of access parameters, permitting access to the resource in accordance with the second set of access parameters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, further comprising, in response to the first set of access parameters differing from the second set of access parameters, denying access to the resource.
  - 3. The method of claim 1, further comprising based on the authorization request and the first set of access parameters, generating an authorization token.
  - 4. The method of claim 3, further comprising:
    - sending the authorization token to an entity which generated the authorization request;
      
      presenting the authorization token to the policy enforcer;
      
      checking the authorization token against the access parameters associated with the resource request; and
      
      based on the access parameters conforming with the authorization token, permitting access to the resource.
  - 5. The method of claim 4, wherein the authorization token includes one or more of the following restrictions:
    - a restriction of the number of times usage is permitted, a time-out restriction, and a transfer restriction.
  - 6. The method of claim 5, wherein the token is embedded in the authorization context, and wherein the token is revocable.
  - 7. The method of claim 6, wherein the policy enforcer monitors and reports access to the resource, and wherein the policy enforcer is included in one or more of the following:
    - a device, a requester, a network, middleware, or in front of the resource.
  - 8. The method of claim 7, further comprising based on access violating the context created by authorization token, terminating access to the resource by revoking the token.
  - 9. The method of claim 6, further comprising determining whether the authorization token has been tampered with or altered.
  - 10. The method of claim 9, further comprising, in response to the authorization being tampered with or altered, terminating access to the resource.
  - 11. The method of claim 1, wherein the first set of access parameters provides a context for accessing the resource.
  - 12. The method of claim 11, wherein the access request includes requesting access to the resource in accordance to the context.
  - 13. The method of claim 1, wherein the first and second sets of access parameters include one or more of the following:
    - a file name, a usage of the file, read/write parameters, user account parameters, pointers to interfaces, scripts, workflows, functions, or executables.
  - 14. The method of claim 1, wherein the access request is generated by a third party service provider, and wherein the resource comprises an end-user'"'"'s device resource and/or service.
  - 15. The method of claim 14, wherein the end-user'"'"'s device resource and/or service includes one or more of the following:
    - a global positioning system (GPS) resource, a short message system (SMS) resource, an email resource, an application resource, and a voicemail resource.
  - 16. The method of claim 15, wherein the third party service provider is one or more of:
    - a trusted provider, a non-trusted provider, a partner provider, a user, an unknown user, a subscriber, or an enterprise.
  - 17. The method of claim 16, wherein the authorization context includes a combination of resources and/or services which are accessible to the third party service provider.
  - 18. The method of claim 1, further comprising, in response to the second set of access parameters changing, terminating access to the resource.

19. A system enforcing usage based authorization, the system comprising:
- a requesting entity configured to request access to a resource, wherein the request includes access parameters; and
  
  an authorization entity coupled with the requestor, the authorization entity configured to receive the request from the requesting entity, identify a context associated with the request, and determine whether to authorize the request based on the context of the request and the access parameters.
- View Dependent Claims (20, 21, 22)
- - 20. The system of claim 19, wherein the request includes context information describing the context of the request.
  - 21. The system of claim 20, wherein the authorization entity is further configured to identify the context of the request based at least in part on the context information from the request.
  - 22. The system of claim 19, wherein the authorization entity is further configured to request context information describing the context of the request.

23. A machine-readable medium including sets of instruction for enforcing usage-based authorization which, when executed by a machine, cause the machine to:
- receive, from a third party service provider, a request for access to an address of an end-user device;
  
  in response to the request, provide a token to the third party service provider;
  
  receive the token and an accompanying message from the third party service provider;
  
  use the token to determine the address of the end-user device; and
  
  transmit the accompanying message to the end-user device.
- View Dependent Claims (24)
- - 24. The machine-readable medium of claim 23, wherein the end-user device is one or more of the following:
    - a personal digital assistant (PDA), a Smartphone, a mobile device, a portable computer, and a cellular phone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Maes, Stephane H.

Application Number

US12/986,435
Publication Number

US 20110167479A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6281   at program execution time, ...

H04L 2209/80   Wireless

H04L 9/3213   using tickets or tokens, e....

ENFORCEMENT OF POLICIES ON CONTEXT-BASED AUTHORIZATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

ENFORCEMENT OF POLICIES ON CONTEXT-BASED AUTHORIZATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links