RULE-BASED ACCESS CONTROL TO DATA OBJECTS

US 20150227754A1
Filed: 02/10/2014
Published: 08/13/2015
Est. Priority Date: 02/10/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

assigning, via a computer processor, a plurality of tags to data objects associated with a client device, the tags representing security attributes; and

upon determining an access attempt for one of the data objects has been initiated by a user of the client device;

gathering environmental information associated with conditions surrounding the client device;

identifying a tag, of the plurality of tags, assigned to the one of the data objects;

applying an access control rule to the environmental information as a function of the corresponding tag; and

performing, via the computer processor, an access-related function with respect to the access attempt for the one of the data objects based on results of application of the access control rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access control functions for data objects include assigning tags to the data objects associated with a client device. The tags represent security attributes. Upon determining an access attempt for one of the data objects has been initiated by a user of the client device, the access control functions include gathering environmental information associated with conditions surrounding the client device, identifying a tag assigned to the one of the data objects, applying access control rules to the environmental information as a function of the corresponding tag, and performing an access-related function with respect to the access attempt based on results of application of the access control rules.

9 Citations

View as Search Results

20 Claims

1. A method comprising:
- assigning, via a computer processor, a plurality of tags to data objects associated with a client device, the tags representing security attributes; and
  
  upon determining an access attempt for one of the data objects has been initiated by a user of the client device;
  
  gathering environmental information associated with conditions surrounding the client device;
  
  identifying a tag, of the plurality of tags, assigned to the one of the data objects;
  
  applying an access control rule to the environmental information as a function of the corresponding tag; and
  
  performing, via the computer processor, an access-related function with respect to the access attempt for the one of the data objects based on results of application of the access control rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - determining device characteristics of the client device, the device characteristics including at least one of a size of a display screen, a port for engaging a headset, brightness settings, and screen sharing features; and
      
      determining the access-related function based further on the device characteristics.
  - 3. The method of claim 1, wherein the security attributes indicate a level of care afforded to the data objects in preventing exposure of the data objects to individuals outside of an entity.
  - 4. The method of claim 1, further comprising:
    - gathering environmental information associated with conditions surrounding the client device from within a defined range of the client device.
  - 5. The method of claim 4, wherein the conditions reflect location-based characteristics, the location-based characteristics including a physical location or address, a location in which a plurality of individuals are present within a proximity, and a location indicating the user of the client device is on an aircraft;
    - wherein the location-based characteristics are derived from at least one of a global positioning system, a scheduled event in a calendar application of the client device, a level of noise detected, and air pressure sensor.
  - 6. The method of claim 4, wherein the conditions reflect an identity of a person who is present and in proximity of the client device, the identity determined by at least one of voice recognition, video recognition, and a scheduled event in a calendar application of the client device.
  - 7. The method of claim 1, wherein the access-related function includes at least one of:
    - preventing access to the data object;
      
      presenting a message to the client device instructing the user to modify at least one rendering function of the client device;
      
      automatically adjusting at least one setting of a rendering function of the client device.
  - 8. The method of claim 1, wherein the data objects include:
    - a text file;
      
      an audio file;
      
      a video file;
      
      a multimedia file; and
      
      a screen shot.

9. A system comprising:
- a computer processor; and
  
  logic executable by the computer processor, the logic configured to;
  
  assign a plurality of tags to data objects associated with a client device, the tags representing security attributes; and
  
  upon determining an access attempt for one of the data objects has been initiated by a user of the client device;
  
  gather environmental information associated with conditions surrounding the client device;
  
  identify a tag, of the plurality of tags, assigned to the one of the data objects;
  
  apply an access control rule to the environmental information as a function of the corresponding tag; and
  
  perform, via the computer processor, an access-related function with respect to the access attempt for the one of the data objects based on results of application of the access control rule.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The system of claim 9, wherein the logic is configured to:
    - determine device characteristics of the client device, the device characteristics including at least one of a size of a display screen, a port for engaging a headset, brightness settings, and screen sharing features; and
      
      determine the access-related function based further on the device characteristics.
  - 11. The system of claim 9, wherein the security attributes indicate a level of care afforded to the data objects in preventing exposure of the data objects to individuals outside of an entity.
  - 12. The system of claim 9, wherein the logic is configured to:
    - gather environmental information associated with conditions surrounding the client device from within a defined range of the client device;
      
      wherein the conditions reflect location-based characteristics, the location-based characteristics including a physical location or address, a location in which a plurality of individuals are present within a proximity, and a location indicating the user of the client device is on an aircraft;
      
      wherein the location-based characteristics are derived from at least one of a global positioning system, a scheduled event in a calendar application of the client device, a level of noise detected, and air pressure sensor; and
      
      wherein the conditions reflect an identity of a person who is present and in proximity of the client device, the identity determined by at least one of voice recognition, video recognition, and a scheduled event in a calendar application of the client device.
  - 13. The system of claim 9, wherein the access-related function includes at least one of:
    - preventing access to the data object;
      
      presenting a message to the client device instructing the user to modify at least one rendering function of the client device;
      
      automatically adjusting at least one setting of a rendering function of the client device.
  - 14. The system of claim 9, wherein the data objects include:
    - a text file;
      
      an audio file;
      
      a video file;
      
      a multimedia file; and
      
      a screen shot.

15. A computer program product comprising a computer readable storage medium having program instructions embodied thereon, the program instructions executable by a computer processor to cause the computer processor:
- assign a plurality of tags to data objects associated with a client device, the tags representing security attributes; and
  
  upon determining an access attempt for one of the data objects has been initiated by a user of the client device;
  
  gather environmental information associated with conditions surrounding the client device;
  
  identify a tag, of the plurality of tags, assigned to the one of the data objects;
  
  apply an access control rule to the environmental information as a function of the corresponding tag; and
  
  perform an access-related function with respect to the access attempt for the one of the data objects based on results of application of the access control rule.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the program instructions executable by the computer processor cause the computer processor to:
    - determine device characteristics of the client device, the device characteristics including at least one of a size of a display screen, a port for engaging a headset, brightness settings, and screen sharing features; and
      
      determine the access-related function based further on the device characteristics.
  - 17. The computer program product of claim 15, wherein the security attributes indicate a level of care afforded to the data objects in preventing exposure of the data objects to individuals outside of an entity.
  - 18. The computer program product of claim 15, wherein the program instructions executable by the computer processor cause the computer processor to:
    - gather environmental information associated with conditions surrounding the client device from within a defined range of the client device;
      
      wherein the conditions reflect location-based characteristics, the location-based characteristics including a physical location or address, a location in which a plurality of individuals are present within a proximity, and a location indicating the user of the client device is on an aircraft;
      
      wherein the location-based characteristics are derived from at least one of a global positioning system, a scheduled event in a calendar application of the client device, a level of noise detected, and air pressure sensor; and
      
      wherein the conditions reflect an identity of a person who is present and in proximity of the client device, the identity determined by at least one of voice recognition, video recognition, and a scheduled event in a calendar application of the client device.
  - 19. The computer program product of claim 15, wherein the access-related function includes at least one of:
    - preventing access to the data object;
      
      presenting a message to the client device instructing the user to modify at least one rendering function of the client device;
      
      automatically adjusting at least one setting of a rendering function of the client device.
  - 20. The computer program product of claim 15, wherein the data objects include:
    - a text file;
      
      an audio file;
      
      a video file;
      
      a multimedia file; and
      
      a screen shot.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Boss, Gregory J., Jones, Andrew R., Lingafelt, Charles S., McConnell, Kevin C., Moore, John E. Jr.

Application Number

US14/176,708
Publication Number

US 20150227754A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 67/52   specially adapted for the l...

RULE-BASED ACCESS CONTROL TO DATA OBJECTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

RULE-BASED ACCESS CONTROL TO DATA OBJECTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others