CREDENTIAL-BASED ACCESS TO DATA
First Claim
1. One or more computer-readable media comprising computer-executable instructions for controlling access to a set of data that is associated with an access control list comprising one or more access control entries, the computer-executable instructions performing steps comprising:
- receiving, from accessing computer-executable instructions, a request to access the set of data;
searching the one or more access control entries for one or more access control entries relevant to a user identified by a user token associated with the accessing computer-executable instructions;
comparing credential data associated with the user token to credential data specified by the one or more access control entries relevant to the user if the one or more access control entries relevant to the user specify credential data; and
denying the request and notifying the accessing computer-executable instructions that credential data is required to access the set of data if the comparing reveals that the credential data associated with the user token differs from the credential data specified by the one or more access control entries relevant to the user.
2 Assignments
0 Petitions
Accused Products
Abstract
Existing mechanisms that control access to data based upon whether the user seeking to access the data is identified among the users that are allowed to access the data, can be extended to further control access based upon the provision of credential data by the user, or processes associated therewith. Access control entries can limit access based upon Boolean conditionals, including those referencing credential data, such that access can be granted only to specific users that provide the credential data or, alternatively, to any user that provides it. The referenced credential data can be specified in the access control information in an obfuscated form for security purposes. Information associated with the user, such as a user token, can be temporarily updated to include credential data when provided by the user, so as to enable access to the data but to prevent such access from remaining open too long.
-
Citations
20 Claims
-
1. One or more computer-readable media comprising computer-executable instructions for controlling access to a set of data that is associated with an access control list comprising one or more access control entries, the computer-executable instructions performing steps comprising:
-
receiving, from accessing computer-executable instructions, a request to access the set of data; searching the one or more access control entries for one or more access control entries relevant to a user identified by a user token associated with the accessing computer-executable instructions; comparing credential data associated with the user token to credential data specified by the one or more access control entries relevant to the user if the one or more access control entries relevant to the user specify credential data; and denying the request and notifying the accessing computer-executable instructions that credential data is required to access the set of data if the comparing reveals that the credential data associated with the user token differs from the credential data specified by the one or more access control entries relevant to the user. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more computer-readable media comprising computer-executable instructions that access a set of data that is associated with an access control list comprising one or more access control entries, the computer-executable instructions performing steps comprising:
-
requesting access to the set of data; receiving, in response to the requesting the access, a denial of access notification comprising an indication that credential data is required to access the set of data; requesting, in response to the receiving the denial of access notification, the credential data; receiving a received credential data in response to the requesting the credential data; associating, for a temporally limited amount of time, the received credential data with a user token associated with the computer-executable instructions; and requesting, for a subsequent time, access to the set of data; wherein the temporally limited amount of time is only so long as to enable accesses that are associated with the requested access and the subsequently requested access to proceed. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A method of accessing a first set of data that is associated with an access control list comprising one or more access control entries, the method comprising the steps of:
-
requesting access to the set of data; searching the one or more access control entries for one or more access control entries relevant to a user identified by a user token associated with the requesting the access; comparing credential data associated with the user token to credential data specified by the one or more access control entries relevant to the user if the one or more access control entries relevant to the user specify credential data; generating a denial of access notification comprising an indication that credential data is required to access the set of data if the comparing reveals that the credential data associated with the user token differs from the credential data specified by the one or more access control entries relevant to the user; requesting, in response to receiving the denial of access notification, the credential data; receiving a received credential data in response to the requesting the credential data; associating, for a temporally limited amount of time, the received credential data with the user token; and requesting, for a subsequent time, access to the set of data; wherein the temporally limited amount of time is only so long as to enable accesses that are associated with the requested access and the subsequently requested access to proceed. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification