Context-sensitive authorization in an RDBMS

US 6,289,344 B1
Filed: 05/11/1998
Issued: 09/11/2001
Est. Priority Date: 05/11/1998
Status: Expired due to Fees

First Claim

Patent Images

1. A method of executing a statement in a computer, the statement being executed by the computer to manipulate data in a database stored on a data storage device connected to the computer, the method comprising the steps of:

identifying an environment of the database from which the statement was invoked, wherein the environment comprises a trusted environment or an untrusted environment;

when the environment is the untrusted environments enabling a user to specify one or more authorization privileges;

identifying a security option associated with the statement or with the user; and

determining authorization privileges based on the identified environment and security option.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus, and article of manufacture for a computer implemented authorization system. A statement is to be executed by a computer to manipulate data in a database stored on a data storage device connected to the computer. Initially, an environment of the database from which the statement was invoked is identified. Additionally, a security option is identified. Then, authorization privileges for the statement are determined based on the identified environment and security option.

89 Citations

View as Search Results

42 Claims

1. A method of executing a statement in a computer, the statement being executed by the computer to manipulate data in a database stored on a data storage device connected to the computer, the method comprising the steps of:
- identifying an environment of the database from which the statement was invoked, wherein the environment comprises a trusted environment or an untrusted environment;
  
  when the environment is the untrusted environments enabling a user to specify one or more authorization privileges;
  
  identifying a security option associated with the statement or with the user; and
  
  determining authorization privileges based on the identified environment and security option.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the statement was invoked in a trusted environment.
  - 3. The method of claim 2, wherein the security option is for a context-sensitive definer.
  - 4. The method of claim 3, wherein one or more secure components are invoked while executing the statement and wherein the authorization privileges are those of a creator of a last invoked secure component.
  - 5. The method of claim 2, wherein the security option is for a context-sensitive invoker.
  - 6. The method of claim 5, wherein one or more secure components are invoked while executing the statement and wherein the authorization privileges are those associated with a statement invoking a last invoked secure component.
  - 7. The method of claim 2, wherein the security option is for a context-sensitive binder.
  - 8. The method of claim 7, wherein one or more secure components are invoked while executing the statement and wherein the authorization privileges are those associated with a component that invoked a last secure component.
  - 9. The method of claim 1, wherein the environment is an untrusted environment.
  - 10. The method of claim 9, further comprising the step of determining that the security option is for a context-insensitive user.
  - 11. The method of claim 10, wherein the authorization privileges are those of an end-user.
  - 12. The method of claim 9, further comprising the step of determining that the security option is for a context-insensitive binder.
  - 13. The method of claim 12, wherein the authorization privileges are those of binder who bound an invoked unsecure component to the database.
  - 14. The method of claim 13, wherein the invoked unsecure component uses a driver to access the database and wherein the authorization privileges are those of a binder who bound the driver to the database.

15. An apparatus for executing a statement, comprising:
- a computer having a data storage device connected thereto, wherein the data storage device stores a database and wherein the statement is executed by the computer to manipulate data in the database;
  
  one or more computer programs, performed by the computer, for identifying an environment of the database from which the statement was invoked, wherein the environment comprises a trusted environment or an untrusted environment, when the environment is the untrusted environment enabling a user to specify one or more authorization privileges identifying a security option associated with the statement or with the user, and determining authorization privileges based on the identified environment and security option.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The apparatus of claim 15, wherein the statement was invoked in a trusted environment.
  - 17. The apparatus of claim 16, wherein the security option is for a context-sensitive definer.
  - 18. The apparatus of claim 17, wherein one or more secure components are invoked while executing the statement and wherein the authorization privileges are those of a creator of a last invoked secure component.
  - 19. The apparatus of claim 16, wherein the security option is for a context-sensitive invoker.
  - 20. The apparatus of claim 19, wherein one or more secure components are invoked while executing the statement and wherein the authorization privileges are those associated with a statement invoking a last invoked secure component.
  - 21. The apparatus of claim 16, wherein the security option is for a context-sensitive binder.
  - 22. The apparatus of claim 21, wherein one or more secure components are invoked while executing the statement and wherein the authorization privileges are those associated with a component that invoked a last secure component.
  - 23. The apparatus of claim 15, wherein the environment is an untrusted environment.
  - 24. The apparatus of claim 23, further comprising the means for determining that the security option is for a context-insensitive user.
  - 25. The apparatus of claim 24, wherein the authorization privileges are those of an end-user.
  - 26. The apparatus of claim 23, further comprising the means for determining that the security option is for a context-insensitive binder.
  - 27. The apparatus of claim 26, wherein the authorization privileges are those of a binder who bound an invoked unsecure component to the database.
  - 28. The apparatus of claim 27, wherein the invoked unsecure component uses a driver to access the database and wherein the authorization privileges are those of a binder who bound the driver to the database.

29. An article of manufacture comprising a computer program carrier readable by a computer and embodying one or more instructions executable by the computer to perform method steps for executing a statement, the statement being performed by the computer to manipulate data in a database stored on a data storage device connected to the computer, the method comprising the steps of:
- identifying an environment of the database from which the statement was invoked, wherein the environment comprises a trusted environment or an untrusted environment;
  
  when the environment is the untrusted environment, enabling a user to specify one or more authorization privileges;
  
  identifying a security option associated with the statement or with the user; and
  
  determining authorization privileges based on the identified environment and security option.
- View Dependent Claims (37, 38, 39, 40, 41, 42)
- - 37. The article of manufacture of claim 29, wherein the environment is an untrusted environment.
  - 38. The article of manufacture of claim 37, further comprising the step of determining that the security option is for a context-insensitive user.
  - 39. The article of manufacture of claim 38, wherein the authorization privileges are those of an end-user.
  - 40. The article of manufacture of claim 37, further comprising the step of determining that the security option is for a context-insensitive binder.
  - 41. The article of manufacture of claim 40, wherein the authorization privileges are those of a binder who bound an invoked unsecure component to the database.
  - 42. The article of manufacture of claim 41, wherein the invoked unsecure component uses a driver to access the database and wherein the authorization privileges are those of a binder who bound the driver to the database.

30. The article of manufacture of clai m 29, wherein the statement was invoked in a trusted environment.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. The article of manufacture of claim 30, wherein the security option is for a context-sensitive definer.
  - 32. The article of manufacture of claim 31, wherein one or more secure components are invoked while executing the statement and wherein the authorization privileges are those of a creator of a last invoked secure component.
  - 33. The article of manufacture of claim 30, wherein the security option is for a context-sensitive invoker.
  - 34. The article of manufacture of claim 33, wherein one or more secure components are invoked wh ile executing the statement an d wherein the authorization privileges are those asso ciated with a statement invoking a last invoked secure component.
  - 35. The article of manufacture of claim 30, wherein the security option is for a context-sensitive binder.
  - 36. The article of manufacture of claim 35, wherein one or more secure components are invoked while executing the statement and wherein the authorization privileges are those associated with a component that invoked a last secure component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Wong, Jerome Quan, Smith, Roy Lorenzo, Braia, Kimberly Anne, Nakagawa, Randy M., Cotner, Curt Lee, Mattos, Nelson Mendonca
Primary Examiner(s)
Amsbury, Wayne
Assistant Examiner(s)
Pardo, Thuy N.

Application Number

US09/075,652
Time in Patent Office

1,219 Days
Field of Search

707/100, 707/2, 707/3, 707/9, 707/201, 707/6, 709/225, 713/201, 713/202, 713/200, 340/825.34, 380/25
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99936   Pattern matching access

Y10S 707/99939   Privileged access

Context-sensitive authorization in an RDBMS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

89 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Context-sensitive authorization in an RDBMS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links