SYSTEM AND METHOD FOR FAST PROBABILISTIC QUERYING ROLE-BASED ACCESS CONTROL SYSTEMS
First Claim
1. A computer-based method, comprising the steps of:
- extracting from a computer-based system, information identifying a plurality of users and information identifying one or more profiles for each respective one of the users, wherein each profile corresponds to one or more assigned authorizations;
creating one computer-based user bloom filter for each one of the users, wherein each user bloom filter correlates an associated one of the users to one or more of the profiles;
creating one computer-based profile bloom filter for each one of the profiles, wherein each profile bloom filter correlates an associated one of the profiles to one or more of the assigned authorizations; and
creating one action bloom filter for each of a plurality of possible end user queries, wherein each action bloom filter correlates an associated one of the possible end user queries to a set of users that are authorized to perform the action associated with the corresponding end user query.
4 Assignments
0 Petitions
Accused Products
Abstract
A method includes extracting from a computer-based system, (e.g., a role-based access control system) information identifying users and information identifying one or more profiles for each of the users, creating one computer-based user bloom filter for each one of the users, creating one computer-based profile bloom filter for each one of the profiles and creating one action bloom filter for each of a plurality of possible end user queries. Each profile corresponds to one or more assigned authorizations, each user bloom filter correlates an associated one of the users to one or more of the assigned profiles, each profile bloom filter correlates an associated one of the profiles to one or more of the assigned authorizations, and each action bloom filter correlates an associated one of the possible end user queries to a set of users that are authorized to perform the action associated with the corresponding end user query.
18 Citations
24 Claims
-
1. A computer-based method, comprising the steps of:
-
extracting from a computer-based system, information identifying a plurality of users and information identifying one or more profiles for each respective one of the users, wherein each profile corresponds to one or more assigned authorizations; creating one computer-based user bloom filter for each one of the users, wherein each user bloom filter correlates an associated one of the users to one or more of the profiles; creating one computer-based profile bloom filter for each one of the profiles, wherein each profile bloom filter correlates an associated one of the profiles to one or more of the assigned authorizations; and creating one action bloom filter for each of a plurality of possible end user queries, wherein each action bloom filter correlates an associated one of the possible end user queries to a set of users that are authorized to perform the action associated with the corresponding end user query. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-based method, comprising the steps of:
-
initializing a query system for a computer-based, role-based access control (RBAC) system by; extracting from the RBAC system information identifying a plurality of users and information identifying one or more profiles for each respective one of the users, wherein each profile corresponds to one or more assigned authorizations; and creating a plurality of different types of computer-based bloom filters based on the extracted information; and monitoring the computer-based RBAC system for changes and updating one or more of the bloom filters according to one or more changes to the computer-based RBAC system. - View Dependent Claims (19, 20)
-
-
21. A system comprising:
-
a computer-based processor; and a computer-based memory that stores instructions executable by the processor to perform the steps comprising; extracting from a computer-based, role-based access control (RBAC) system information identifying a plurality of users and information identifying one or more profiles for each respective one of the users, wherein each profile corresponds to one or more assigned authorizations; creating one computer-based user bloom filter for each one of the users, wherein each user bloom filter correlates an associated one of the users to one or more of the assigned profiles; creating one computer-based profile bloom filter for each one of the profiles, wherein each profile bloom filter correlates an associated one of the profiles to one or more of the contained authorizations; and creating one action bloom filter for each of a plurality of possible end user queries, wherein each action bloom filter correlates an associated one of the possible end user queries to a set of users that are authorized to perform the action associated with the corresponding end user query.
-
-
22. A system comprising:
-
a computer-based processor; and a computer-based memory that stores instructions executable by the processor to perform the steps comprising; initializing a query system for a computer-based, role-based access control (RBAC) system by; extracting from the RBAC system information identifying a plurality of users and information identifying one or more profiles for each respective one of the users, wherein each profile corresponds to one or more assigned authorizations; and creating a plurality of different types of computer-based bloom filters based on the extracted information; and monitoring the computer-based RBAC system for changes and updating one or more of the bloom filters according to one or more changes to the computer-based RBAC system.
-
-
23. A non-transitory, computer-readable medium that stores instructions executable by a processor to perform the steps comprising:
-
extracting from a computer-based, role-based access control (RBAC) system information identifying a plurality of users and information identifying one or more profiles for each respective one of the users, wherein each profile corresponds to one or more assigned authorizations; creating one computer-based user bloom filter for each one of the users, wherein each user bloom filter correlates an associated one of the users to one or more of the assigned profiles; creating one computer-based profile bloom filter for each one of the profiles, wherein each profile bloom filter correlates an associated one of the profiles to one or more of the contained authorizations; and creating one action bloom filter for each of a plurality of possible end user queries, wherein each action bloom filter correlates an associated one of the possible end user queries to a set of users that are authorized to perform the action associated with the corresponding end user query.
-
-
24. A non-transitory, computer-readable medium that stores instructions executable by a processor to perform the steps comprising:
-
initializing a query system for a computer-based, role-based access control (RBAC) system by; extracting from the RBAC system information identifying a plurality of users and information identifying one or more profiles for each respective one of the users, wherein each profile corresponds to one or more assigned authorizations; and creating a plurality of different types of computer-based bloom filters based on the extracted information; and monitoring the computer-based RBAC system for changes and updating one or more of the bloom filters according to one or more changes to the computer-based RBAC system.
-
Specification