Method and apparatus for secure processing of XML-based documents

US 7,433,870 B2
Filed: 12/27/2004
Issued: 10/07/2008
Est. Priority Date: 12/27/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for securely providing access to Extensible Markup Language (XML) data of an XML document comprising:

Defining at least one access control policy for at least one user of the XML document; and

Deriving a security view of a Document Type Definition (DTD) of the XML document for the schema level processing employs at least one internal query annotation, made to the DTD, describing the access control policy, wherein the security view is computed as a function of a DTD view and a function defined via Xpath queries, wherein the step of deriving a security view further comprises invoking, if a first accessible element type of the DTD has not been previously processed, a first sub process that includes;

Computing a query annotation for each child element in a production rule of the first accessible element type;

Computing a view production rule for the first accessible element type in a view DTD representing an accessible portion of the XML document; and

Computing a security view for each child element in the production rule of the first accessible element type.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method for providing controlled access to an XML document includes defining at least one access control policy for a user of the XML document, deriving a security view of the XML document for the user based upon said access control policy and schema level processing of the XML document and translating a user query based on the security view of the XML document to an equivalent query based on the XML document. An apparatus for same includes means for defining an access control policy for a user of the XML document and means for deriving a security view of the XML document for the user based on said access control policy and schema level processing of the XML document. Also included are means for translating a user query based on the security view of the XML document to an equivalent query based on the XML document.

11 Citations

View as Search Results

13 Claims

1. A method for securely providing access to Extensible Markup Language (XML) data of an XML document comprising:
- Defining at least one access control policy for at least one user of the XML document; and
  
  Deriving a security view of a Document Type Definition (DTD) of the XML document for the schema level processing employs at least one internal query annotation, made to the DTD, describing the access control policy, wherein the security view is computed as a function of a DTD view and a function defined via Xpath queries, wherein the step of deriving a security view further comprises invoking, if a first accessible element type of the DTD has not been previously processed, a first sub process that includes;
  
  Computing a query annotation for each child element in a production rule of the first accessible element type;
  
  Computing a view production rule for the first accessible element type in a view DTD representing an accessible portion of the XML document; and
  
  Computing a security view for each child element in the production rule of the first accessible element type.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - (c) translating a user query based on the security view of the XML document to an equivalent query based on the XML document.
  - 3. The method of claim 1 wherein the step of computing a security view for each child element in the production rule of the first accessible element type further comprises invoking a second sub process if a child element in the production rule of the first accessible element type is inaccessible;
    - otherwise, the first sub process is invoked for the child element.
  - 4. The method of claim 3 wherein then the second sub process performs the steps of:
    - computing a path for each child element in a production rule of a first inaccessible element type;
      
      computing an expression for the first inaccessible element type; and
      
      computing a security view for each child element in the production rule of the first inaccessible element type.
  - 5. The method of claim 4 wherein the step of computing a security view for each child element in the production rule of the first inaccessible element type further comprises invoking the second sub process if a child element in the production rule of the first inaccessible element type is inaccessible;
    - otherwise, the first sub process is invoked for the child element.
  - 6. The method of claim 2 wherein the step of translating the user query based on the security view of the XML document further comprises:
    - iteratively computing at least one local translation corresponding to at least one subquery of the first accessible element type that is part of the user query.
  - 7. The method of claim 6 wherein iteratively computing at least one local translation further comprises:
    - computing at least one local translation corresponding to at least one subquery of a child element of the first accessible element type; and
      
      combining all of said at least one local translation(s) corresponding to at least one subquery of a child element.

8. Apparatus for performing an operation of securely providing access to Extensible Markup Language (XML) data of an XML document comprising:
- means for defining at least one access control policy for at least one user of the XML document; and
  
  means for deriving a security view of a Document Type Definition (DTD) of the XML document for the schema level processing employs at least one internal query annotation, made to the DTD, describing the access control policy, wherein the security view is computed as a function of a DTD view and a function defined via Xpath queries, wherein the step of deriving a security view further comprises invoking, if a first accessible element type of the DTD has not been previously processed, a first sub process that includes;
  
  Computing a query annotation for each child element in a production rule of the first accessible element type;
  
  Computing a view production rule for the first accessible element type in a view DTD representing an accessible portion of the XML document; and
  
  Computing a security view for each child element in the production rule of the first accessible element type.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The apparatus of claim 8 further comprising:
    - means for translating a user query based on the security view of the DTD of the XML document to an equivalent query based on the DTD of the XML document.
  - 10. The apparatus of claim 8 wherein the means for defining the at least one access control policy further comprises an access specification.
  - 11. The apparatus of claim 10 wherein the access specification annotates the DTD representing the XML document.
  - 12. The apparatus of claim 8 wherein the means for deriving a security view of the XML document is further adapted to invoke, if a child element in the production rule of the first accessible element type is inaccessible, a second sub process that includes:
    - Computing a path for each child element in a production rule of a first inaccessible element type;
      
      Computing an expression for the first inaccessible element type; and
      
      Computing a security view for each child element in the production rule of the first inaccessible element type.
  - 13. The apparatus of claim 9 wherein the means for translating a user query based on the security view of the XML document to an equivalent query based on the XML document further comprises a query evaluator that maps one or more nodes in the security view to corresponding one or more nodes in the Document Type Definition (DTD) representing the XML document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Garofalakis, Minos N., Chan, Chee-Yong, Fan, Wenfei
Primary Examiner(s)
Lu, Kuen
Assistant Examiner(s)
Sweeney, Patrick E

Application Number

US11/022,894
Publication Number

US 20060143557A1
Time in Patent Office

1,380 Days
Field of Search

707/9, 707/104.1
US Class Current

1/1
CPC Class Codes

G06F 16/8373   Query execution

G06F 21/6245   Protecting personal data, e...

Y10S 707/99939   Privileged access

Y10S 707/99945   Object-oriented database st...

Method and apparatus for secure processing of XML-based documents

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure processing of XML-based documents

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links