System and Methods for Context-Aware and Situation-Aware Secure, Policy-Based Access Control for Computing Devices
First Claim
1. A system for context-aware policy-based access control for access to resources by computing devices comprising:
- a policy-based access control system, having at least one policy decision point and at least one policy enforcement point for storing policy rules, adjudicating access to resources in accordance with secure policy-driven conditions for permitted operations on the resources, and for enforcing policy adjudicated decisions;
at least one policy information point having a local memory for storing external contextual information;
a connecting interface for connecting policy information points to each other and to the policy decision points of the policy-based access control system;
an incoming information interface coupled to the policy information point for securely receiving and storing external contextual information.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and methods for context-aware and situation-aware secure, policy-based access control for computing devices. The invention enhances the previously disclosed policy-based control system by adding contextual information to the set of resources by which a policy decision point can adjudicate a query to execute a transaction or to access a secure resource. Policy information points are able to store information collected over time related to resources under the control of the system. The system can further include an analytical processing engine capable of inferring new information from existing information that also can be used by the decision points. The policy information points provide context to the decision. They are also able to consider and include information that is external to the system or detected outside the system itself.
-
Citations
13 Claims
-
1. A system for context-aware policy-based access control for access to resources by computing devices comprising:
-
a policy-based access control system, having at least one policy decision point and at least one policy enforcement point for storing policy rules, adjudicating access to resources in accordance with secure policy-driven conditions for permitted operations on the resources, and for enforcing policy adjudicated decisions; at least one policy information point having a local memory for storing external contextual information; a connecting interface for connecting policy information points to each other and to the policy decision points of the policy-based access control system; an incoming information interface coupled to the policy information point for securely receiving and storing external contextual information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for context-aware policy-based access control for access to resources by computing devices comprising the steps of:
-
receiving secure contextual information from external sources at the policy information points; storing contextual information at the policy information points; connecting the policy information points to the policy decision points; transmitting contextual information from the policy information points to the policy decision points as requested by the policy decision points; and adjudicating queries for access to resources in accordance with secure, policy-driven conditions for permitted operations on the resources by evaluating policy rules at the policy decision points using contextual information from the policy information points. - View Dependent Claims (11, 12, 13)
-
Specification