Rule based database security system and method

US 6,820,082 B1
Filed: 04/03/2000
Issued: 11/16/2004
Est. Priority Date: 04/03/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for processing requests from a user to perform an action with respect to data stored in an electronic database, the method comprising:

defining a plurality of user defined rules containing security constraints for accessing said data;

receiving at a user interface a request to provide to the user interface data comprising a first set of data elements;

transferring the request from the user interface to a rule engine;

applying said plurality of rules to the request to determine if the request passes said security constraints and modifying the request, if required to meet the security constraints, by adding one or more constraints to the request implementing rules for transaction control, action triggering, object initialization and access control; and

accessing said data to perform the request if the request meets said security constraints.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A rule-based database security system and method are disclosed. A method for processing requests from a user to perform an action with respect to data stored in an electronic database includes defining a plurality of user defined rules containing security constraints for accessing the data and receiving a request at a user interface. The request is transferred from the user interface to a rule engine and the plurality of rules are applied to the request to determine if the request passes the security constraints. The method further includes modifying the request if required to meet the security constraints. The data is accessed to perform the request if the request meets the security constraints.

Citations

22 Claims

1. A method for processing requests from a user to perform an action with respect to data stored in an electronic database, the method comprising:
- defining a plurality of user defined rules containing security constraints for accessing said data;
  
  receiving at a user interface a request to provide to the user interface data comprising a first set of data elements;
  
  transferring the request from the user interface to a rule engine;
  
  applying said plurality of rules to the request to determine if the request passes said security constraints and modifying the request, if required to meet the security constraints, by adding one or more constraints to the request implementing rules for transaction control, action triggering, object initialization and access control; and
  
  accessing said data to perform the request if the request meets said security constraints.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein said user defined rules are based on a relation between the user and said data.
  - 3. The method of claim 1 wherein said user defined rules are based on rights associated with said user.
  - 4. The method of claim 1 wherein said user defined rules are based on a relation between said user and requested data and rights associated with said user.
  - 5. The method of claim 1 wherein said action is requesting data from said database and transferring said request comprises transferring a query.
  - 6. The method of claim 5 wherein said plurality of rules comprises object-level rules and field-level rules and wherein modifying said request comprises modifying the query based on said object-level rules.
  - 7. The method of claim 6 further comprising retrieving data from the database and applying said field-level rules to said data.
  - 8. The method of claim 7 further comprising delivering said data to the user in the form of a Web page.
  - 9. The method of claim 5 wherein said plurality of rules comprises field-level rules and wherein modifying said request comprises modifying the query based on said field level rules.
  - 10. The method of claim 1 wherein said action comprises updating said data within the database.
  - 11. The method of claim 10 further comprising notifying the user if requested update is not permitted by said security constraints.
  - 12. The method of claim 1 wherein receiving a request at a user interface comprises receiving a request from a browser.

13. A method for processing requests for accessing a database comprising:
- receiving a query for data from the database at a user interface, the query comprising a request to provide to the user interface data comprising a first set of data elements;
  
  transferring said query to a rule engine, the rule engine having a plurality of user defined rules containing security constraints for accessing said data;
  
  modifying said query by adding one or more constraints to the query;
  
  issuing said modified query to the database implementing rules for transaction control, action triggering, object initialization and access control; and
  
  transmitting data obtained from the database to the user.
- View Dependent Claims (14)
- - 14. The method of claim 13 further comprising applying said plurality of rules to the data obtained from the database to filter the data based on the security constraints.

15. A security system operable to interface between a user and an electronic database and configured to process requests from the user to perform an action with respect to data stored in the database, the system comprising:
- a user interface operable to receive a request from the user to obtain data within the electronic database, the request comprising a request to provide to the user interface data comprising a first set of data elements, form a query based on the request, and pass the query to a rule engine, the user request including a user identifier; and
  
  a data manager operable to submit said query to the database and return requested data to the rule engine;
  
  the rule engine comprising a plurality of user defined rules which apply security constraints to at least one of said query and requested data based on the user identifier, including by modifying said query, if required to meet the security constraints, by adding one or more constraints to the query and implementing rules for transaction control, action triggering, object initialization and access control.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15 wherein the security constraints are applied to the query within the rule engine to modify the query based on the security constraints before the query is submitted to the database.
  - 17. The system of claim 15 wherein the security constraints are applied to the returned data to filter the data based on the security constraints before being transmitted tithe user.
  - 18. The system of claim 15 wherein the security constraints are applied to the query to modify the query before being submitted to the database and to the returned data to filter the data based on the security constraints.
  - 19. The system of claim 15 further comprising a client browser configured for receiving requests from the user and sending the requests to the user interface.
  - 20. The system of claim 15 wherein the database utilizes an entity-relationship model.

21. A security system operable to interface between a user and an electronic database and configured to process requests from the user to perform an action with respect to data stored in the database, the system comprising:
- a user interface operable to receive a request from the user to obtain data within the database and pass the request to a rule engine, the request comprising a request to provide to the user interface data comprising a first set of data elements; and
  
  a rule engine comprising a plurality of security rules and operable to evaluate the request against said plurality of rules to determine if the user has authority to perform the requested action with respect to the data, the security rules being based on a relation between the user and said data, the rule engine being configured to modify said request, if required to satisfy the security rules, by adding one or more constraints to the request and implementing rules for transaction control, action triggering object initialization and access control.

22. A method for processing requests from a user to perform an action with respect to data stored in an electronic database, the method comprising:
- defining a plurality of user defined rules containing security constraints for accessing said data, said user defined rules being based on a relation between the user and said data;
  
  receiving at a user interface a request to provide to the user interface data comprising a first set of data elements;
  
  transferring the request from the user interface to a rule engine;
  
  applying said plurality of rules to the request to determine if the request passes said security constraints;
  
  modifying said request, if it is determined that said request does not pass the security constraints, by adding one or more constraints to the request implementing rules for transaction control, action triggering, object initialization and access control; and
  
  accessing said data to perform the request if the request meets said security constraints.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Allegis Corporation (Huron Consulting Group Incorporated)
Inventors
Cook, William R., Gannholm, Martin R.
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
HAMILTON, MONPLAISIR G

Application Number

US09/541,227
Time in Patent Office

1,688 Days
Field of Search

707/9, 707/4, 707/101, 707/103.Z, 707/513, 713/201, 713/200
US Class Current

707/754
CPC Class Codes

G06F 21/6227   where protection concerns t...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99939   Privileged access

Rule based database security system and method

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Rule based database security system and method

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links