Entitlement management and access control system

US 6,154,741 A
Filed: 04/08/1999
Issued: 11/28/2000
Est. Priority Date: 01/29/1999
Status: Expired due to Term

First Claim

Patent Images

1. In a system having a plurality of accessors and at least one resource, a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource, comprising the steps of:

a) associating with the resource an entitlement expression, the entitlement expression including a reference to at least one membership map having membership information for the accessor, the at least one membership map being a bit map;

b) associating with the accessor a unique identifier, the unique identifier acting as an index into each membership map;

c) evaluating the entitlement expression for the resource to determine the entitlement of the requesting accessor to the resource, the evaluation including looking up the accessor'"'"'s membership information in the at least one membership map using the accessor'"'"'s unique identifier.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a method, system, and computer program product for determining accessor entitlement to a resource in response to an accessor request for access to the resource. The invention associates a resource with an entitlement expression that includes a reference to at least one membership map having membership information regarding the accessor and associates with the accessor a unique identifier that acts as an index into each membership map. The entitlement expression is evaluated for the resource to determine the entitlement of the requesting accessor to the resource. The evaluation includes looking up the accessor'"'"'s membership information in at least one membership map using the accessor'"'"'s unique identifier. The invention may further include at least one accessor group having a name, zero or more accessors that are members of the group, and a membership map for determining whether a particular accessor is a member of the group. The entitlement expression then refers to at least one membership map by including at least one group name in the entitlement expression.

Citations

37 Claims

1. In a system having a plurality of accessors and at least one resource, a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource, comprising the steps of:
- a) associating with the resource an entitlement expression, the entitlement expression including a reference to at least one membership map having membership information for the accessor, the at least one membership map being a bit map;
  
  b) associating with the accessor a unique identifier, the unique identifier acting as an index into each membership map;
  
  c) evaluating the entitlement expression for the resource to determine the entitlement of the requesting accessor to the resource, the evaluation including looking up the accessor'"'"'s membership information in the at least one membership map using the accessor'"'"'s unique identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the system further comprises at least one group, each group having a name, zero or more accessors that are members of the group, and a membership map for determining whether a particular accessor is a member of the group, the entitlement expression referencing at least one membership map by including at least one group name corresponding to a group having a membership map.
  - 3. The method of claim 2, wherein the entitlement expression comprises a plurality of group names and at least one operator.
  - 4. The method of claim 3, wherein the entitlement expression operator comprises one or more boolean operators.
  - 5. The method of claim 1, wherein the accessor'"'"'s unique identifier is an index to a position in each bit map wherein the bit at that position indicates whether the accessor is a member of the group corresponding to the bit map.
  - 6. The method of claim 1, wherein the bit map includes at least one bit for each accessor.
  - 7. The method of claim 1, wherein the bit maps are stored in paged data structures.

8. In a system having a plurality of accessors, at least one group having a name and having zero or more accessors as members, and at least one resource, a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource, comprising the steps of:
- a) associating with the resource an entitlement expression including at least one group name;
  
  b) associating with each group a membership map indicating whether particular accessors are members of that group, the membership map being a bit map;
  
  c) associating with each accessor a unique identifier usable as an index into each group membership map to determine whether that accessor is a member of that group;
  
  d) evaluating an entitlement expression for the resource to determine the entitlement of the requesting accessor to the requested resource.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The method of claim 8, wherein the accessor'"'"'s unique identifier is an index to a position in each bit map wherein the bit at that position indicates whether the accessor is a member of the group corresponding to the bit map.
  - 10. The method of claim 8, wherein the bit map includes at least one bit for each accessor.
  - 11. The method of claim 8, wherein the bit maps are stored in paged data structures.
  - 12. The method of claim 8, wherein each group name is associated with a membership map identifier that represents the location of the membership map for the group.
  - 13. The method of claim 12, wherein the group names and the membership map identifiers associated with the group names are stored in an accessor group store.
  - 14. The method of claim 13, wherein the membership map identifier is a number.
  - 15. The method of claim 14, wherein an accessor group store bit map tracks which membership map identifier numbers are associated with group names and which member ship map identifier numbers are available for association with a new group name.
  - 16. The method of claim 8, wherein each accessor has a unique name and each accessor'"'"'s name and unique identifier are stored in an accessor store.
  - 17. The method of claim 16, wherein the accessor identifier is a number.
  - 18. The method of claim 17, wherein an accessor store bit map tracks which identifier numbers are associated with accessors and which identifier numbers are available for association with a new accessor.

19. A system for determining accessor entitlement to a resource comprising:
- a) a first means for storing a plurality of accessors and a unique identifier associated with each accessor;
  
  b) a second means for storing a plurality of unique accessor group names, each of the plurality of accessor group names having an associated membership map, the accessor identifier acting as an index into the accessor group membership maps for determining whether an accessor is a member of an accessor group, the membership maps being bit maps; and
  
  c) a processor means for determining whether an accessor is entitled to a resource in response to an accessor request for the resource by evaluating an entitlement expression for the resource, the entitlement expression including a reference to at least one accessor group.
- View Dependent Claims (20, 21, 22)
- - 20. The system of claim 19, further comprising a third means for storing at least one unique resource name corresponding to a resource and an entitlement expression associated with each resource name.
  - 21. The system of claim 19, wherein the processor means comprises a server process responsive to one or more client processes representing accessor requests for access to a resource.
  - 22. The system of claim 21, wherein the processor means comprises a plurality of threads executing on a server computer for accessing the first and second means and for evaluating accessor entitlement requests based on information retrieved from the first and second means.

23. In a system having a plurality of accessors and at least one resource, a computer program product comprising a computer useable medium having computer readable program code to direct the system to perform a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource comprising at least the following steps:
- a) associating with the resource an entitlement expression, the entitlement expression including a reference to at least one membership map having membership information for the accessory, the at least one membership map being a bit map;
  
  b) associating with the accessor a unique identifier, the unique identifier acting as an index into each membership map;
  
  c) evaluating the entitlement expression for the resource to determine the entitlement of the requesting accessor to the resource, the evaluation including looking up the accessor'"'"'s membership information in the at least one membership map using the accessor'"'"'s unique identifier.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. The computer program product of claim 23, wherein the system further comprises at least one group, each group having a name, zero or more accessors that are members of the group, and a membership map for determining whether a particular accessor is a member of the group, the entitlement expression referencing at least one membership map by including at least one group name corresponding to a group having a membership map.
  - 25. The computer program product of claim 24, wherein the entitlement expression comprises a plurality of group names and at least one operator.
  - 26. The computer program product of claim 25, wherein the entitlement expression operator comprises one or more boolean operators.
  - 27. The computer program product of claim 23, wherein the accessor'"'"'s unique identifier is an index to a position in each bit map wherein the bit at that position indicates whether the accessor is a member of the group corresponding to the bit map.
  - 28. The computer program product of claim 23, wherein the bit map includes at least one bit for each accessor.
  - 29. The computer program product of claim 23, wherein the bit maps are stored in paged data structures.

30. In a system having a plurality of accessors, at least one group having a name and having zero or more accessors as members, and at least one resource, a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource, comprising the steps of:
- a) associating with the resource an entitlement expression including at least one group name;
  
  b) associating with each group a membership map indicating whether particular accessors are members of that group;
  
  c) associating with each group name a membership map identifier that represents the location of the membership map for the group;
  
  d) associating with each accessor a unique identifier usable as an index into each group membership map to determine whether that accessor is a member of that group; and
  
  e) evaluating an entitlement expression for the resource to determine the entitlement of the requesting accessor to the requested resource.
- View Dependent Claims (31, 32, 33)
- - 31. The method of claim 30, wherein the group names and the membership map identifiers associated with the group names are stored in an accessor group store.
  - 32. The method of claim 31, wherein the membership map identifier is a number.
  - 33. The method of claim 32, wherein an accessor group store bit map tracks which membership map identifier numbers are associated with group names and which member ship map identifier numbers are available for association with a new group name.

34. In a system having a plurality of accessors, at least one group having a name and having zero or more accessors as members, and at least one resource, a method for determining accessor entitlement to a resource in response to an accessor request for access to the resource, comprising the steps of:
- a) associating with the resource an entitlement expression including at least one group name;
  
  b) associating with each group a membership map indicating whether particular accessors are members of that group;
  
  c) associating with each accessor a unique name and a unique identifier usable as an index into each group membership map to determine whether that accessor is a member of that group, each accessor'"'"'s name and unique identifier being stored in an accessor store; and
  
  d) evaluating an entitlement expression for the resource to determine the entitlement of the requesting accessor to the requested resource.
- View Dependent Claims (35, 36, 37)
- - 35. The method of claim 34, wherein each accessor has a unique name and each accessor'"'"'s name and unique identifier are stored in an accessor store.
  - 36. The method of claim 34, wherein the accessor identifier is a number.
  - 37. The method of claim 36, wherein an accessor store bit map tracks which identifier numbers are associated with accessors and which identifier numbers are available for association with a new accessor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
EntitleNet Inc (Oracle Corporation)
Inventors
Feldman, Daniel J.
Primary Examiner(s)
HOMERE, JEAN RAYMOND

Application Number

US09/288,321
Time in Patent Office

600 Days
Field of Search

707/3, 707/9, 707/10, 707/102, 709/219, 709/225, 709/229
US Class Current

1/1
CPC Class Codes

G06F 9/468   Specific access rights for ...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99939   Privileged access

Y10S 707/99943   Generating database or data...

Entitlement management and access control system

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Entitlement management and access control system

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links