Modeling technique for system access control and management

US 5,899,991 A
Filed: 05/12/1997
Issued: 05/04/1999
Est. Priority Date: 05/12/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of controlling system access comprising the steps of:

providing a plurality of terminals for a plurality of users to access said system;

modeling said system in advance of any users accessing said system;

said modeling accepting as input parameters derived from said system to be accessed;

determining, in response to said step of modeling, which particular types of system access will result in degraded system performance; and

preventing such types of system access.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access and control system for use in a computer network provides for a rule making algorithm which models a database in advance and prevents queries which could result in exceptional processing requirements. As queries are entered during the life of the system, a learning algorithm updates the rules. The rules may be applied at the point of entry as well as the database.

187 Citations

25 Claims

1. A method of controlling system access comprising the steps of:
- providing a plurality of terminals for a plurality of users to access said system;
  
  modeling said system in advance of any users accessing said system;
  
  said modeling accepting as input parameters derived from said system to be accessed;
  
  determining, in response to said step of modeling, which particular types of system access will result in degraded system performance; and
  
  preventing such types of system access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprising the steps of:
    - storing, in response to said step of determining, a set of rules indicative of which types of system access will be permitted and which types of system access will not be permitted;
      
      examining a particular type of system access requested;
      
      concluding, based upon said stored rules, that a particular system access should be prevented; and
      
      recording said particular type of system access to be prevented.
  - 3. The method of claim 2 wherein said prevented type of system access or said stored rules are displayed to an operator.
  - 4. The method of claims 1, 2, or 3 wherein system access generates a result, and wherein said result is examined to determine whether said result causes too many of a plurality of database records to be retrieved.
  - 5. The method of claim 1, 2, or 3 wherein said rules are implemented at said terminal.
  - 6. The method of claim 2 wherein said rules are updated periodically.
  - 7. The method of claim 6 wherein transactions causing excessive system loading results in said rules being promptly updated.
  - 8. The method of claim 5 wherein said rules are updated after predetermined time periods.
  - 9. The method of claim 5 wherein said rules are updated after a predetermined number of system accesses.
  - 10. The method of claim 1 further comprising the step of:
    - preventing said particular types of system access.

11. A method of controlling system access by using rules, the method comprising the steps of:
- determining via a computerized induction process, properties of database queries which result in high resource utilization retrieving data from a database;
  
  generating, in response to said step of determining, a set of rules to prevent queries which have said properties;
  
  filtering said rules through a computer program to determine if any of said rules are inapplicable; and
  
  discarding in response to said filtering step at least one of said rules which requires that a query having said property should not be allowed.

12. A method of controlling system access comprising:
- forming a set of rules which govern whether particular transactions in said system will or will notbe permitted;
  
  weighing rules depending upon system conditions, several of said rules potentially conflicting with each other; and
  
  applying a weighted average of the rules to determine if system access will be permitted.
- View Dependent Claims (14)
- - 14. The method of claim 12 wherein at least two of said steps a-d are performed on a computing device other than said computer.

13. A method of controlling access to a multi-user computer system comprising the steps of:
- (a) modeling a database contained in said computer;
  
  (b) determining, from said step of modeling, database queries which will generate excessive loading;
  
  (c) ascertaining, after database queries which generate excessive loading are transacted, additional queries which generate excessive loading and which where not determined in step (b); and
  
  (d) controlling access to said system by rules based upon both said step of ascertaining and said step of determining.
- View Dependent Claims (15)
- - 15. The method of claim 13 wherein excessive loading includes one or more of the following:
    - (i) CPU time, (ii) elapsed time, (iii) bandwidth, and (iv) number of items retrieved.

16. A method of forming rules to govern and control data access to a database, said method comprising:
- recording the occurrence of a first transaction at a first time;
  
  recording the occurrence of a second transaction at a second time;
  
  preventing specified future data accesses to said database if said first and second times have a predetermined relationship with each other with respect to time and substance.

17. A method of updating rules in a computer system, said computer system having a plurality of clients, said method comprising:
- applying, at least one of said clients, rules to objects contained within said clients;
  
  collecting results of said applications at said at least one of said clients of said rules to said objects said results being organized into samples;
  
  updating rules based upon said samples; and
  
  applying said updated rules to said objects at each of said at least one of said clients.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25)
- - 18. The method of claim 17 wherein said step of collecting comprises the step of transmitting samples to a central server.
  - 19. The method of claim 17 or 18 wherein said step of updating comprises the step of utilizing a learning engine.
  - 20. The method of claim 19 further comprising the steps of maintaining, at said central server, a database of all samples, and utilizing samples regarding a particular object to update rules governing such particular object types.
  - 21. The method of claim 18 wherein said object is a database query.
  - 22. The method of claim 21 further comprising the steps of maintaining, at said central server, a database of all samples, and utilizing samples regarding a particular object to update rules governing such particular object types.
  - 23. The method of claim 21 wherein said rules are designed to prevent database queries from generating results with more than a predetermined amount of data.
  - 24. The method of claim 18 further comprising the steps of maintaining, at said central server, a database of all samples, and utilizing samples regarding a particular object to update rules governing such particular object types.
  - 25. The method of claim 18 wherein any client which transmits a sample to said central server is automatically scheduled to receive updates to rules governing objects of a type corresponding to objects within said sample.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telean Technologies Limited
Original Assignee
Telean Technologies Limited
Inventors
Karch, Robert
Primary Examiner(s)
Black, Thomas G.
Assistant Examiner(s)
Min, Donald

Application Number

US08/857,837
Time in Patent Office

722 Days
Field of Search

707/1, 707/2, 707/5, 707/10
US Class Current

707/694
CPC Class Codes

G06F 16/24564   Applying rules; Deductive q...

G06F 16/24575   using context

G06F 21/55   Detecting local intrusion o...

G06F 21/604   Tools and structures for ma...

G06F 21/6227   where protection concerns t...

Y10S 707/99931   Database or file accessing

Y10S 707/99932   Access augmentation or opti...

Y10S 707/99935   Query augmenting and refini...

Modeling technique for system access control and management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

187 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Modeling technique for system access control and management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

187 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others