Profile inferencing through automated access control list analysis heuristics

US 6,513,039 B1
Filed: 06/24/1999
Issued: 01/28/2003
Est. Priority Date: 06/24/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for generating a profile of a system user comprising the steps of:

(a) searching an access control list for objects that the user has permission to access;

(b) determining a user affinity for objects based on series of plurality of rules, the rules comprising the permissions assigned to the user for each of the user accessible objects, wherein the affinity is determined regardless of whether the user has actually ever accessed the objects; and

(c) generating a user profile based on the user affinity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer readable medium for generating a profile of a network user based on a user'"'"'s access privileges stored in an access control list (ACL). The system may include an accessible objects determining object for determining objects that are accessible by a particular user. An access privilege determining object may be used to determine a user'"'"'s access privileges for each accessible object. The system may also include an object topic determining object for determining the subject matter of the object. The subject matter of the object may be used to generate a profile indicating a user'"'"'s affinity (e.g., experience, knowledge, interest, etc.). A user affinity object may be used to determine a user'"'"'s affinity based on, for example, the accessible objects, the user'"'"'s access privileges, and the subject matter of the accessible objects. The system may also include a profile compiling/updating object that generates a user profile based on the user'"'"'s affinity determined by the user affinity object. Preferably, the system includes editing and updating objects. An editing object may permit a user to edit the profile generated and an updating permits the system to update the profile (e.g., periodically or as desired).

98 Citations

View as Search Results

29 Claims

1. A method for generating a profile of a system user comprising the steps of:
- (a) searching an access control list for objects that the user has permission to access;
  
  (b) determining a user affinity for objects based on series of plurality of rules, the rules comprising the permissions assigned to the user for each of the user accessible objects, wherein the affinity is determined regardless of whether the user has actually ever accessed the objects; and
  
  (c) generating a user profile based on the user affinity.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the step of determining a user affinity determines the user affinity based on user access privileges for the objects accessible by the user.
  - 3. The method of claim 1, wherein the step of determining a user affinity determines the user affinity based on a topic of the objects accessible by the user.
  - 4. The method of claim 1, further comprising the step of updating the user profile periodically.
  - 5. The method of claim 1, further comprising the step of updating the user profile incrementally.
  - 6. The method of claim 1, further comprising the step of inserting keywords into the user profile based on the access privileges and the user affinity.
  - 7. The method of claim 6, wherein the step of inserting keywords inserts one or more keywords based on one or more inferencing rules.

8. A system for generating a profile of a system user comprising:
- storing means for storing an access control list;
  
  accessing means for accessing the list;
  
  accessible object determining means for determining the objects in the list that the user has permission to access;
  
  affinity determining means, responsive to the accessible object determining means, for determining a user affinity for the objects based on series of plurality of rules, the rules comprising the permissions assigned to the user for each of the user accessible objects, wherein the affinity is determined regardless of whether the user has actually ever accessed the objects; and
  
  profile generating means, responsive to the affinity determining means, for generating a user profile.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The system of claim 8, further comprising access privilege determining means for determining user access privileges for objects accessible by the user.
  - 10. The system of claim 8, further comprising topic determining means for determining a topic of the objects accessible by the user.
  - 11. The system of claim 8, further comprising updating means for updating the user profile.
  - 12. The system of claim 8, further comprising keyword inserting means for inserting keywords into the user profile based on the access privileges and the user affinity.
  - 13. The system of claim 12, wherein the keyword inserting means uses one or more inferencing rules for selecting the one or more keywords.
  - 14. The system of claim 8, further comprising searching means for enabling the user to search the user profile.
  - 15. The system of claim 8, further comprising editing means for enabling the user to edit the user profile.

16. A system for generating a profile of a system user comprising:
- an accessing object that accesses an access control list that stores a list of objects;
  
  an access determining object that determines the objects in the list that the user has permission to access;
  
  an affinity determining object that determines a user affinity for the objects based on series of plurality of rules, the rules comprising the permissions assigned to the user for each of the user accessible objects, wherein the affinity is determined regardless of whether the user has actually ever accessed the objects; and
  
  a generating object, responsive to the affinity determining object, that generates a user profile.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The system of claim 16, further comprising an access privilege determining object that determines access privileges of the user for the objects accessible by the user.
  - 18. The system of claim 16, further comprising a topic determining object that determines a topic of the objects accessible by the user.
  - 19. The system of claim 16, further comprising a keyword inserting object that inserts one or more keywords into the user profile based on the access privileges and the user affinity.
  - 20. The system of claim 19, wherein the keyword inserting means uses one or more inferencing rules for selecting the one or more keywords.
  - 21. The system of claim 16, further comprising an updating object that updates the user profile.
  - 22. The system of claim 16, further comprising a searching object that enables the user to search the user profile.
  - 23. The system of claim 16, further comprising an editing object that enables the user to edit the user profile.

24. A computer usable medium having computer readable program code embodied therein for generating a user profile, the computer readable program code comprising:
- computer readable program code that causes a computer to search an access control list for objects that the user has permission to access;
  
  computer readable program code that causes a computer to determine a user affinity for the objects based on series of plurality of rules, the rules comprising the permissions assigned to the user for each of the user accessible objects, wherein the affinity is determined regardless of whether the user has actually ever accessed the objects; and
  
  computer readable program code, responsive to the computer readable code for determining a user affinity, that causes a computer to generate a user profile.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The computer usable medium of claim 24, further comprising computer readable program code that causes a computer to determine access privileges of the user for the objects accessible by the user.
  - 26. The computer usable medium of claim 24, further comprising computer readable program code that causes a computer to determine a topic of the objects accessible by the user.
  - 27. The computer usable medium of claim 24, further comprising computer readable program code that causes a computer to insert one or more keywords into the profile based on the access privileges and the user affinity.
  - 28. The computer usable medium of claim 27, further comprising computer readable program code that causes a computer to insert the one or more keywords based on one or more inferencing rules.
  - 29. The computer usable medium of claim 24, further comprising computer readable program code that causes a computer to update the user profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Kraenzel, Carl J.
Primary Examiner(s)
Amsbury, Wayne
Assistant Examiner(s)
NGUYEN, CAM LINH T

Application Number

US09/339,174
Time in Patent Office

1,314 Days
Field of Search

707/1, 707/5, 707/9, 707/101
US Class Current

707/784
CPC Class Codes

G06F 21/604   Tools and structures for ma...

H04L 63/101   Access control lists [ACL]

Y10S 707/955   Object-oriented

Y10S 707/959   Network

Y10S 707/99939   Privileged access

Profile inferencing through automated access control list analysis heuristics

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

98 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Profile inferencing through automated access control list analysis heuristics

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links