Multi-level security profile refresh

US 7,136,856 B2
Filed: 12/04/2002
Issued: 11/14/2006
Est. Priority Date: 12/04/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A computer implemented method for performing a multi-level refresh of a cached user security profile associated with a client in a database management system comprising the steps of:

receiving a user request from a user associated with said client, wherein the user request comprises a transaction aging value defining an updated maximum time for trusting a cached user security profile without a refresh from a permanent data store;

in response to the presence of said transaction aging value on the user request, copying the transaction aging value to a security aging value associated with said cached user security profile;

calculating a decay time equal to the time since the user security profile in cache was last refreshed from a permanent data store utilizing a profile refresh time stampassociated with said cached user security profile and a system clock; and

refreshing said cached user security profile from the permanent data store in response to a refresh event,wherein said client is a software application, and wherein said refresh event occurs in response to one of the decay time being larger than the security aging value, and the security aging value being larger than the transaction aging value prior to said copying step.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A request is received from a user associated with the client and a transaction aging value is copied to a security aging value associated with the cached user security profile if the transaction aging value is specified with the user request. A decay time is calculated utilizing a profile refresh time stamp associated with the cached user security profile and a system clock. The cached user security profile is then refreshed if a refresh event occurs.

32 Citations

View as Search Results

27 Claims

1. A computer implemented method for performing a multi-level refresh of a cached user security profile associated with a client in a database management system comprising the steps of:
- receiving a user request from a user associated with said client, wherein the user request comprises a transaction aging value defining an updated maximum time for trusting a cached user security profile without a refresh from a permanent data store;
  
  in response to the presence of said transaction aging value on the user request, copying the transaction aging value to a security aging value associated with said cached user security profile;
  
  calculating a decay time equal to the time since the user security profile in cache was last refreshed from a permanent data store utilizing a profile refresh time stampassociated with said cached user security profile and a system clock; and
  
  refreshing said cached user security profile from the permanent data store in response to a refresh event,wherein said client is a software application, and wherein said refresh event occurs in response to one of the decay time being larger than the security aging value, and the security aging value being larger than the transaction aging value prior to said copying step.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising the steps of:
    - receiving a client request from said client;
      
      initializing a default aging value for said client;
      
      creating said cached user security profile for said user wherein said cached user security profile comprises said security aging value, said profile refresh time stamp, a sub-dynamic aging value and a user security record; and
      
      copying said default aging value to said security aging value.
  - 3. The method of claim 2 wherein said refresh event occurs if a global command refresh encompasses said cached user security profile.
  - 4. The method of claim 2 wherein creating said cached user security profile comprises:
    - allocating memory to contain said cached user security profile;
      
      copying a master dynamic aging value to said sub-dynamic aging value;
      
      copying said default aging value to said security aging value;
      
      copying a system clock value to said profile refresh time stamp; and
      
      copying a record from a security file to said user security record.
  - 5. The method of claim 4 wherein said allocating comprises locating an available pre-allocated user security profile in memory.
  - 6. The method of claim 2 wherein refreshing said cached user security profile comprises:
    - deleting existing information within said cached user security profile;
      
      copying a master dynamic aging value to said sub-dynamic aging value;
      
      copying a system clock value to said profile refresh time stamp; and
      
      copying a record from a security file to said user security record.
  - 7. The method of claim 1 wherein said database management system is IMS.

8. A method for performing a multi-level refresh of a cached user security profile associated with a client in a database management system comprising:
- generating a transaction message wherein said transaction message comprises a transaction aging value and an indication that said transaction aging value is present wherein the transaction aging value defines an updated maximum time for trusting a cached user security profile without a refresh from a permanent data store; and
  
  sending said transaction message to said database management system wherein said database management system comprises a multi-level security profile refresh routine and whereby said multi-level security profile refresh routine refreshes said cached user security profile if in response to the occurrence of a refresh event comprising, the occurrence of a decay time being larger than a security aging value, andwherein the client is a software application.
- View Dependent Claims (9)
- - 9. The method of claim 8 wherein said refresh event occurs if a global command refresh encompasses said cached user security profile.

10. A computer system for performing a multi-level refresh of a cached user security profile associated with a client software application in a database management system comprising:
- a computer;
  
  means for receiving a user request from a user associated with said client software application;
  
  means for copying a transaction aging value to a security aging value associated with said cached user security profile if said transaction aging value is specified with said user request, wherein the transaction aging value defines an updated maximum time for trusting a cached user security profile without a refresh from a permanent data store;
  
  means for calculating a decay time utilizing a profile refresh time stamp associated with said cached user security profile and a system clock; and
  
  means for refreshing said cached user security profile if in response to a refresh event comprising the occurrence of the decay time being larger than the security aging value.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer system of claim 10 wherein said refresh event occurs if said security aging value prior to said copying step is larger than said transaction aging value.
  - 12. The computer system of claim 10 wherein said refresh event occurs if said transaction value is specified with said user request.
  - 13. The computer system of claim 10 further comprising:
    - means for receiving a client request from said client;
      
      means for initializing a default aging value for said client;
      
      means for creating said cached user security profile for said user wherein said cached user security profile comprises said security aging value, said profile refresh time stamp, a sub-dynamic aging value and a user security record; and
      
      means for copying said default aging value to said security aging value.
  - 14. The computer system of claim 13 wherein said refresh event occurs if a global command refresh encompasses said cached user security profile.
  - 15. The computer system of claim 13 wherein said means for creating said cached user security profile comprises:
    - means for allocating memory to contain said cached user security profile;
      
      means for copying a master dynamic aging value to said sub-dynamic aging value;
      
      means for copying said default aging value to said security aging value;
      
      means for copying a system clock value to said profile refresh time stamp; and
      
      means for copying a record from a security file to said user security record.
  - 16. The computer system of claim 15 wherein said means for allocating comprises locating an available pre-allocated user security profile in memory.
  - 17. The computer system of claim 13 wherein means for refreshing said cached user security profile comprises:
    - means for deleting existing information within said cached user security profile;
      
      means for copying a master dynamic aging value to said sub-dynamic aging value;
      
      means for copying a system clock value to said profile refresh time stamp; and
      
      means for copying a record from a security file to said user security record.
  - 18. The computer system of claim 10 wherein said database management system is IMS.

19. An article of manufacture for use in a computer system tangibly embodying computer instructions executable by said computer system to perform process steps for performing a multi-level refresh of a cached user security profile associated with a client in a database management system, said process steps comprising:
- receiving a user request from a user associated with said client;
  
  copying a transaction aging value to a security aging value associated with said cached user security profile if said transaction aging value is specified with said user request wherein the transaction aging value defines an updated maximum time for trusting a cached user security profile without a refresh from a permanent data store;
  
  calculating a decay time utilizing a profile refresh time stamp associated with said cached user security profile and a system clock; and
  
  refreshing said cached user security profile in response to the occurrence of if a refresh event comprising the decay time being larger than the security aging value, wherein said client is a software application.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The article of manufacture of claim 19 wherein said refresh event occurs if said security aging value prior to said copying step is larger than said transaction aging value.
  - 21. The article of manufacture of claim 19 wherein said refresh event occurs if said transaction value is specified with said user request.
  - 22. The article of manufacture of claim 19 further comprising the steps of receiving a client request from said client;
    - initializing a default aging value for said client;
      
      creating said cached user security profile for said user wherein said cached user security profile comprises said security aging value, said profile refresh time stamp, a sub-dynamic aging value and a user security record; and
      
      copying said default aging value to said security aging value.
  - 23. The article of manufacture of claim 22 wherein said refresh event occurs if a global command refresh encompasses said cached user security profile.
  - 24. The article of manufacture of claim 22 wherein creating said cached user security profile comprises:
    - allocating memory to contain said cached user security profile;
      
      copying a master dynamic aging value to said sub-dynamic aging value;
      
      copying said default aging value to said security aging value;
      
      copying a system clock value to said profile refresh time stamp; and
      
      copying a record from a security file to said user security record.
  - 25. The article of manufacture of claim 24 wherein said allocating comprises locating an available pre-allocated user security profile in memory.
  - 26. The article of manufacture of claim 22 wherein refreshing said cached user security profile comprises:
    - deleting existing information within said cached user security profile;
      
      copying a master dynamic aging value to said sub-dynamic aging value;
      
      copying a system clock value to said profile refresh time stamp; and
      
      copying a record from a security file to said user security record.
  - 27. The article of manufacture of claim 19 wherein said database management system is IMS.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Yuan, Jack Chiu-Chiu, Ueno, Yoshinobu, Tollerud, Andrew D., Birbo, Getachew G., Sherrill, Sandra L., Zimmer, James E., Hsiao, Joyce Yuan-Sheng
Primary Examiner(s)
Corrielus, Jean M.
Assistant Examiner(s)
Ly, Anh

Application Number

US10/310,399
Publication Number

US 20040111413A1
Time in Patent Office

1,441 Days
Field of Search

707/9, 707/1, 707/100, 707 3- 4, 713200-201, 713/168, 711/163, 711/167, 711/106, 711/175
US Class Current

1/1
CPC Class Codes

G06F 21/6227   where protection concerns t...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99934   Query formulation, input pr...

Y10S 707/99939   Privileged access

Multi-level security profile refresh

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Multi-level security profile refresh

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others