Method and system for controlling access to objects in a data processing system based on temporal constraints
First Claim
1. A computer implemented method of controlling access in a data processing system, comprising the steps of:
- a) providing a schedule of access for a security subject to access an object of said data processing system, said schedule containing one or more times, for each time there being a corresponding change in said access of said security subject to said object;
b) automatically determining if any one of said times in said schedule has occurred, said automatic determination occurring independently from actions taken by said security subject;
c) automatically implementing said change in said access to said object according to said schedule, said implementation of said change in access corresponding to said occurred time in said schedule;
d) repeating steps b) and c) if none of said times in said schedule have yet occurred or if there are other of said times in said schedule that have not yet occurred;
e) wherein said step of automatically implementing said access change further comprises the step of determining if there is authorization to implement said access change, and preventing implementation of said access change if it is determined that no authorization to implement the access change exists.
1 Assignment
0 Petitions
Accused Products
Abstract
Access by a security subject to an object on a data processing system is automatically controlled in accordance with a time based schedule. In accordance with times contained in the schedule, an access control list of an object is modified by either adding, to invoke access, or deleting, to revoke access, a security subject. The schedule is made up of one or more requests for single access or cyclical accesses that are stored in a request queue. The request queue is periodically polled to determine if any requests qualify for further processing. A request is processed if the time for changing the status of the security subject on the access control list, as specified by the request, is either the same as or less than the current time of the data processing system. Processing the request modifies the access control list by either adding or deleting the security subject to or from the access control list.
-
Citations
10 Claims
-
1. A computer implemented method of controlling access in a data processing system, comprising the steps of:
-
a) providing a schedule of access for a security subject to access an object of said data processing system, said schedule containing one or more times, for each time there being a corresponding change in said access of said security subject to said object; b) automatically determining if any one of said times in said schedule has occurred, said automatic determination occurring independently from actions taken by said security subject; c) automatically implementing said change in said access to said object according to said schedule, said implementation of said change in access corresponding to said occurred time in said schedule; d) repeating steps b) and c) if none of said times in said schedule have yet occurred or if there are other of said times in said schedule that have not yet occurred; e) wherein said step of automatically implementing said access change further comprises the step of determining if there is authorization to implement said access change, and preventing implementation of said access change if it is determined that no authorization to implement the access change exists. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A data processing system having controlled access, comprising:
-
a) means for providing a schedule of access for a security subject to access an object of said data processing system, said schedule containing one or more times, for each time there being a corresponding change in said access of said security subject to said object; b) means for automatically determining if any one of said times in said schedule has occurred, said means for automatically determining being coupled to said means for providing a schedule of access, said means for automatically determining operating independently from actions taken by said security subject; and c) means for automatically implementing said access change that corresponds to said occurred time, said means for automatically implementing being coupled to said means for automatically determining and said means for automatically implementing being invoked by said means for automatically determining upon the determination that one of said times has occurred wherein said means for automatically implementing said access change further comprises means for automatically determining if there is authorization to implement said access change, and means for preventing implementation of said access change if it is determined that no authorization to implement the access change exists. - View Dependent Claims (7, 8, 9, 10)
-
Specification