CONTROL OF ACCESS TO FILES

US 20140130180A1
Filed: 11/07/2012
Published: 05/08/2014
Est. Priority Date: 11/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to files, the method comprising the steps of:

receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;

product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;

receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category;

in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and program product for using access-control lists to control access to categorized computer files. Two or more computer files are each associated with one of a set of possible classifications that fall within a single category and an access-control list associates a user with a subset of these classifications. In response to the user'"'"'s request for access to one of these files, where the request specifies the requested file but does not specify the category of the requested file, the processor identifies the requested file'"'"'s category based on that file'"'"'s associated classifications, checks the access-control list to determine that the user is authorized to access files of the identified category, and then grants the requesting user access to the requested file.

Citations

13 Claims

1. A method for controlling access to files, the method comprising the steps of:
- receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;
  
  product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;
  
  receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category;
  
  in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the same category comprises one of:
    - product-line identifier, geographic location, and customer-account identifier.
  - 3. The method of claim 1, wherein the same category comprises one of:
    - network type, server-platform type, and server operating status.
  - 4. The method of claim 1:
    - wherein the configuration comprises;
      
      the processor storing the access-control list in an information repository, wherein the information repository comprises a security architecture, wherein the security architecture controls access to a secured system, wherein the security architecture comprises a category variable, and wherein the category variable comprises a set of category sub-variables; and
      
      wherein the identifying comprises;
      
      requesting and receiving a set of user credentials, wherein the set of user credentials is associated with the user;
      
      communicating a first query to the information repository, wherein the first query is a function of the set of user credentials;
      
      receiving an authorization code from the information repository in response to the first query, wherein the authorization code is a function of the user credentials, and wherein the authorization code confirms that the user is an authenticated user of the secured system;
      
      communicating a second query to the information repository, wherein the second query is a function of the authorization code;
      
      receiving the access-control list from the information repository in response to the second query, wherein the receiving is a function of the authorization code; and
      
      retrieving the category from the access-control list.
  - 5. The method of claim 4, wherein the same category comprises one of:
    - product-line identifier, geographic location, and customer-account identifier.
  - 6. The method of claim 4, wherein the same category comprises one of:
    - network type, server-platform type, and server operating status.
  - 7. The method of claim 4, wherein the information repository comprises one of:
    - a data warehouse, a database, and a file system.

8. A computer program product for controlling access to files, the computer program product comprising:
- a computer-readable storage device;
  
  first program instructions for receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;
  
  product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;
  
  second program instructions for receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category;
  
  third program instructions for, in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file.wherein the first program instructions, the second program instructions, and the third program instructions are stored on the computer-readable storage device.
- View Dependent Claims (9, 10)
- - 9. The computer program product of claim 8, wherein the same category comprises one of:
    - product-line identifier, geographic location, and customer-account identifier.
  - 10. The computer program product of claim 8, wherein the same category comprises one of:
    - network type, server-platform type, and server operating status.

11. A computer system for controlling access to files, the computer system comprising:
- a processor;
  
  a computer-readable memory;
  
  a computer-readable storage device;
  
  first program instructions for receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;
  
  product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;
  
  second program instructions for receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category;
  
  third program instructions for, in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file.wherein the first program instructions, the second program instructions, and the third program instructions are stored on the computer-readable storage device for execution by the processor via the computer-readable memory.
- View Dependent Claims (12, 13)
- - 12. The computer system of claim 11, wherein the same category comprises one of:
    - product-line identifier, geographic location, and customer-account identifier.
  - 13. The computer system of claim 11, wherein the same category comprises one of:
    - network type, server-platform type, and server operating status.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Schaefer, Donald E., Balasubramanyan, Arun, Rudden, Mary E.

Granted Patent

US 8,904,551 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

CONTROL OF ACCESS TO FILES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

CONTROL OF ACCESS TO FILES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links