Controlling access to a database using database internal and external authorization information

US 7,516,134 B2
Filed: 02/01/2005
Issued: 04/07/2009
Est. Priority Date: 02/01/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method for controlling access to data stored in a database that stores at least a plurality of records, comprising:

receiving, from a remote location, authentication information associated with a request to access said database, wherein said authentication information is for at least one database external account defined for an external system external to said database;

determining, based on said authentication information, whether said request can be authenticated;

obtaining, from said database, integrated authorization data that has been stored on said database for said authentication information when said request can be authenticated, wherein said integrated authorization data includes one or more first authorization identifiers for said at least one database internal account and one or more second authorization identifiers for said at least one database external account, and wherein said first one or more authorization identifiers are different than said second one or more identifiers;

searching, based on said integrated authorization data, an integrated access-privilege set associated with said integrated authorization data, wherein said integrated access-privilege set has also been stored on said database and includes first authorization information for said at least one database internal account and second authorization information for said at least one database external account that has been defined based on said database external authorization information of said external account defined for said external system, wherein said first and second authorization information define different access-privileges for accessing said database;

determining, based on said searching of said integrated access-privilege set, whether access to said database should be granted as said database internal account which has been defined for said database, or whether access to said database should be granted based on database external authorization information of said external account defined for said external system, wherein said external authorization information effectively defines at least one database external account for said database corresponding to said external account defined for said external system;

authorizing access to said database based on access privilege information defined for a database internal account when said determines that access to said database should be granted as a database internal account defined for said database; and

authorizing access to said database based on said external authorization information defined for said database external account when said determines that access to said database should be granted based on database external authorization information, thereby allowing said external account to be effectively used to access said database based on said external authorization information defined by said external system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for using both database internal and database external authorization information to control access to a database are disclosed. Corporate accounts which are generally used in many corporate environments (e.g., operating system accounts) can be defined as “external” database accounts with database external authorization information that define database external access privileges for a database. The database external access-privileges are used in conjunction with a set of complementary database “internal” access privileges defined for database internal accounts. An integrated access-privilege set is generated and used as a single source to authorize access to a database regardless of whether database internal or external accounts are used to access the database. As a result, databases can be integrated with various non-database entities (e.g., corporate computing systems).

Citations

8 Claims

1. A computer-implemented method for controlling access to data stored in a database that stores at least a plurality of records, comprising:
- receiving, from a remote location, authentication information associated with a request to access said database, wherein said authentication information is for at least one database external account defined for an external system external to said database;
  
  determining, based on said authentication information, whether said request can be authenticated;
  
  obtaining, from said database, integrated authorization data that has been stored on said database for said authentication information when said request can be authenticated, wherein said integrated authorization data includes one or more first authorization identifiers for said at least one database internal account and one or more second authorization identifiers for said at least one database external account, and wherein said first one or more authorization identifiers are different than said second one or more identifiers;
  
  searching, based on said integrated authorization data, an integrated access-privilege set associated with said integrated authorization data, wherein said integrated access-privilege set has also been stored on said database and includes first authorization information for said at least one database internal account and second authorization information for said at least one database external account that has been defined based on said database external authorization information of said external account defined for said external system, wherein said first and second authorization information define different access-privileges for accessing said database;
  
  determining, based on said searching of said integrated access-privilege set, whether access to said database should be granted as said database internal account which has been defined for said database, or whether access to said database should be granted based on database external authorization information of said external account defined for said external system, wherein said external authorization information effectively defines at least one database external account for said database corresponding to said external account defined for said external system;
  
  authorizing access to said database based on access privilege information defined for a database internal account when said determines that access to said database should be granted as a database internal account defined for said database; and
  
  authorizing access to said database based on said external authorization information defined for said database external account when said determines that access to said database should be granted based on database external authorization information, thereby allowing said external account to be effectively used to access said database based on said external authorization information defined by said external system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as recited in claim 1, wherein said integrated access-privilege set is an ordered list of access-privileges associated with both of said at least one database internal account and at least one database external account.
  - 3. A method as recited in claim 2, determining whether access to said database should be granted as a database internal account or based on database external authorization information comprises:
    - determining said access-privilege information based on the order listed in said ordered list.
  - 4. A method as recited in claim 1, further comprises:
    - authenticating said authentication information by an external database component which does not directly access said database; and
      
      receiving database external authorization information from said external database component.
  - 5. A method as recited in claim 4,wherein said authentication information includes a username and a password, andwherein said external database component is an authenticator associated with an operating system.
  - 6. A method as recited in claim 5, further comprising one or more of the following:
    - defining a set of database internal authorization information defined for said username and password; and
      
      storing said set of database internal authorization information in database internal accounts for said database.
  - 7. A method as recited in claim 6, further comprising:
    - defining a set of database external authorization information for said username and password, based on one or more database external privilege-identifiers which has been defined for an operating system.
  - 8. A method as recited in claim 7,wherein said database external privilege-identifiers are one or more group names defined for said operating system, andone or more access-privileges have been associated with each one of said one or more groups and stored as database external authentication information for said database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Hom, Erwin, Maeckel, Clay
Primary Examiner(s)
Alam; Shahid A
Assistant Examiner(s)
Bromell; Alexandria Y

Application Number

US11/048,834
Publication Number

US 20060173810A1
Time in Patent Office

1,526 Days
Field of Search

707/9, 707/3, 707/10, 709/217, 726/2
US Class Current

1/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

Controlling access to a database using database internal and external authorization information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling access to a database using database internal and external authorization information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links