DATABASE ACCESS CONTROL

US 20150278542A1
Filed: 06/13/2015
Published: 10/01/2015
Est. Priority Date: 09/26/2012
Status: Abandoned Application

First Claim

Patent Images

1. A method for database access control, comprising:

receiving an access request from a requesting user, the access request comprising user credentials identifying the requesting user and identifying requested data, the requesting user having access to one or more data categories;

generating a security table that identifies the one or more data categories to which the requesting user has access;

generating, based on a query of a base table that maps each of a plurality of data entries to at least one data category of the one or more data categories, a candidate data entry table that includes data entries identified by the access request and the data categories to which each included data entry is mapped within the base table;

performing a join operation between the security table and the candidate data entry table to generate a result set, each result in the result set comprising a data entry within the candidate data entry table mapped to at least one data category included within the security table; and

providing the generated result set to the requesting user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for database access control includes receiving an access request from a requesting user, the access request identifying one or more data entries stored in a base table storing a plurality a data entries each associated with a data category. The identified one or more data entries from the base table are retrieved and a security table including one or more data categories to which the requesting user is authorized to access is generated based on an identity of the requesting user. The data entries associated with a data category included in the security table are outputted as a result table.

65 Citations

View as Search Results

20 Claims

1. A method for database access control, comprising:
- receiving an access request from a requesting user, the access request comprising user credentials identifying the requesting user and identifying requested data, the requesting user having access to one or more data categories;
  
  generating a security table that identifies the one or more data categories to which the requesting user has access;
  
  generating, based on a query of a base table that maps each of a plurality of data entries to at least one data category of the one or more data categories, a candidate data entry table that includes data entries identified by the access request and the data categories to which each included data entry is mapped within the base table;
  
  performing a join operation between the security table and the candidate data entry table to generate a result set, each result in the result set comprising a data entry within the candidate data entry table mapped to at least one data category included within the security table; and
  
  providing the generated result set to the requesting user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein at least one data category to which the requesting user has access is dependent on a time that the access request is received.
  - 3. The method of claim 1, wherein at least one data category to which the requesting user has access is based on a data access level indicating a maximum magnitude of data access to specific data entries within the at least one data category.
  - 4. The method of claim 1, wherein:
    - the base table comprises an encrypted representation of the data entries and the data categories; and
      
      querying the base table comprises decrypting one or more of the encrypted data entries to access the plurality of data entries and corresponding data categories.
  - 5. The method of claim 1, wherein the one or more data categories correspond to business entities, organizational groups, class years, social circles, data types, data classes, security levels, or any combination thereof.

6. A database access control system, comprising:
- a non-transitory computer-readable memory storing executable computer instructions, the instructions comprising instructions for;
  
  receiving an access request from a requesting user, the access request comprising user credentials identifying the requesting user and identifying requested data, the requesting user having access to one or more data categories;
  
  generating a security table that identifies the one or more data categories to which the requesting user has access;
  
  generating, based on a query of a base table that maps each of a plurality of data entries to at least one data category of the one or more data categories, a candidate data entry table that includes data entries identified by the access request and the data categories to which each included data entry is mapped within the base table;
  
  performing a join operation between the security table and the candidate data entry table to generate a result set, each result in the result set comprising a data entry within the candidate data entry table mapped to at least one data category included within the security table; and
  
  providing the generated result set to the requesting user; and
  
  a processor configured to execute the computer instructions.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6, wherein at least one data category to which the requesting user has access is dependent on a time that the access request is received.
  - 8. The system of claim 6, wherein at least one data category to which the requesting user has access is based on a data access level indicating a maximum magnitude of data access to specific data entries within the at least one data category.
  - 9. The system of claim 6, wherein:
    - the base table comprises an encrypted representation of the data entries and the data categories; and
      
      querying the base table comprises decrypting one or more of the encrypted data entries to access the plurality of data entries and corresponding data categories.
  - 10. The system of claim 6, wherein the one or more data categories correspond to business entities, organizational groups, class years, social circles, data types, data classes, security levels, or any combination thereof.

11. A method for database access control, comprising:
- receiving an access request from a requesting user, the access request comprising user credentials identifying the requesting user and identifying requested data, the requesting user having access to one or more data categories;
  
  generating based on the user credentials, a security table that identifies the one or more data categories to which the requesting user has access;
  
  retrieving a candidate data entry table that maps data entries identified by the access request to one or more data categories, the categories including at least one category to which the user has access and at least one category to which the user does not have access;
  
  performing a join operation between the security table and the candidate data entry table to generate a result set, each result in the result set comprising only those data entries within the candidate data entry table that are mapped to at least one data category included within the security table to which the user has access; and
  
  providing the generated result set to the requesting user.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein at least one data category to which the requesting user has access is dependent on a time that the access request is received.
  - 13. The method of claim 11, wherein at least one data category to which the requesting user has access is based on a data access level indicating a maximum magnitude of data access to specific data entries within the at least one data category.
  - 14. The method of claim 11, wherein the requested data is stored in a base table, the base table storing the requested data in an encrypted format, and wherein providing the generated result set of the requesting user comprises decrypting the requested data before providing the generated result set to the requesting user.
  - 15. The method of claim 11, wherein the one or more data categories correspond to business entities, organizational groups, class years, social circles, data types, data classes, security levels, or any combination thereof.

16. A database access control system, comprising:
- a non-transitory computer-readable memory storing executable computer instructions, the instructions comprising instructions for;
  
  receiving an access request from a requesting user, the access request comprising user credentials identifying the requesting user and identifying requested data, the requesting user having access to one or more data categories;
  
  generating based on the user credentials, a security table that identifies the one or more data categories to which the requesting user has access;
  
  retrieving a candidate data entry table that maps data entries identified by the access request to one or more data categories, the categories including at least one category to which the user has access and at least one category to which the user does not have access;
  
  performing a join operation between the security table and the candidate data entry table to generate a result set, each result in the result set comprising only those data entries within the candidate data entry table that are mapped to at least one data category included within the security table to which the user has access; and
  
  providing the generated result set to the requesting user; and
  
  a processor configured to execute the computer instructions.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein at least one data category to which the requesting user has access is dependent on a time that the access request is received.
  - 18. The system of claim 16, wherein at least one data category to which the requesting user has access is based on a data access level indicating a maximum magnitude of data access to specific data entries within the at least one data category.
  - 19. The system of claim 16, wherein the requested data is stored in a base table, the base table storing the requested data in an encrypted format, and wherein providing the generated result set of the requesting user comprises decrypting the requested data before providing the generated result set to the requesting user.
  - 20. The system of claim 16, wherein the one or more data categories correspond to business entities, organizational groups, class years, social circles, data types, data classes, security levels, or any combination thereof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf, Meijer, Hans, Boberg, Jan

Application Number

US14/738,831
Publication Number

US 20150278542A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/176   Support for shared access t...

G06F 16/951   Indexing; Web crawling tech...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

DATABASE ACCESS CONTROL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

65 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATABASE ACCESS CONTROL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links