Managing electronic information

US 7,590,630 B2
Filed: 12/15/2003
Issued: 09/15/2009
Est. Priority Date: 12/15/2003
Status: Active Grant

First Claim

Patent Images

1. A method implemented by a computer, the method comprising:

analyzing a plurality of database access statements stored in a computer memory that were issued for an application during the application'"'"'s use to determine previous accessed items and types of access for the application; and

developing a role for the application based on the previous accessed items and types of access for the application, wherein when the application is in use by a user, the developed role for the application allows the user database access.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Electronic information management includes techniques for developing and applying database security. In certain implementations, database access statements issued for applications in use are analyzed. Analyzing issued database access statements may include capturing the database access statements, normalizing the database access statements, and eliminating redundancies from the database access statements. A standardized set of issued database access statements may result from the analysis procedure. From the analyzed database access statements, the items accessed and types of access may be determined for an application, and a set of permissions may be determined from the determined items accessed and types of access for the application. A role associated with the application may be developed based on the permissions for the application. The role may be used to allow a user database access when associated with the application.

27 Citations

View as Search Results

23 Claims

1. A method implemented by a computer, the method comprising:
- analyzing a plurality of database access statements stored in a computer memory that were issued for an application during the application'"'"'s use to determine previous accessed items and types of access for the application; and
  
  developing a role for the application based on the previous accessed items and types of access for the application, wherein when the application is in use by a user, the developed role for the application allows the user database access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein analyzing the issued database access statements comprises:
    - capturing the plurality of database access statements;
      
      normalizing the captured database access statements; and
      
      eliminating redundancies in the normalized database access statements.
  - 3. The method of claim 2 wherein the database access statements comprise Structured Query Language (SQL) queries.
  - 4. The method of claim 1 wherein the previous accessed items and types of access include objects accessed and operations performed on the objects.
  - 5. The method of claim 1 wherein developing a role comprises determining permissions for the application based on the previous accessed items and types of access.
  - 6. The method of claim 1 further comprising determining which of a set of users are authorized to use the application.
  - 7. The method of claim 1 further comprising:
    - detecting a user request to establish an application session;
      
      finding the role for the application; and
      
      assigning the role to a user.
  - 8. The method of claim 7 wherein detecting a user request to establish an application session comprises determining if a user is authorized to use the application.
  - 9. The method of claim 7 further comprising:
    - detecting an end of the application session; and
      
      if an end of the application session is detected, disabling the assigned role for the user.

10. An article of manufacture comprising:
- a machine-readable storage medium storing instructions configured to cause one or more machines to perform operations comprising;
  
  analyzing a plurality of database access statements that were issued for an application during the application'"'"'s use to determine previous accessed items and types of access for the application; and
  
  developing a role for the application based on the previous accessed items and types of access for the application, wherein when the application is in use by a user, the developed role for the application allows the user database access.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The article of claim 10, wherein analyzing the issued database access statements comprises:
    - determining whether the plurality of database access statements have been captured;
      
      normalizing the captured database access statements; and
      
      eliminating redundancies in the normalized database access statements.
  - 12. The article of claim 10 wherein the previous accessed items and types of access include objects accessed and operations performed on the objects.
  - 13. The article of claim 10 wherein developing a role comprises determining permissions for the application based on the previous accessed items and types of access.
  - 14. The article of claim 10 wherein the instructions are further configured to cause one or more machines to perform operations comprising determining which of a set of users are authorized to use the application.
  - 15. The article of claim 10 wherein the instructions are further configured to cause one or more machines to perform operations comprising:
    - determining whether a user request to establish an application session has been detected;
      
      finding the role for the application; and
      
      assigning the role to a user.
  - 16. The article of claim 15 wherein determining whether a user request to establish an application session has been detected comprises determining if a user is authorized to use the application.
  - 17. The article of claim 15 wherein the instructions are further configured to cause one or more machines to perform operations comprising:
    - detecting an end of the application session; and
      
      if an end of the application session is detected, disabling the assigned role for the user.

18. A database security analyzer comprising:
- a communication interface configured to receive a plurality of database access statements that were issued for an application during the application'"'"'s use;
  
  a memory configured to store the issued database access statements; and
  
  a processor configured to develop a role for the application based on the previously issued database access statements for the application, wherein when the application is in use by a user, the developed role for the application allows a user database access.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The analyzer of claim 18 wherein developing a role comprises:
    - analyzing the database access statements to determine previous accessed items and types of access for the application;
      
      determining permissions for the application based on the previous accessed items and types of access for the application; and
      
      developing a role associated with the application based on the determined permissions.
  - 20. The analyzer of claim 19 wherein the previous accessed items and types of access include objects accessed and operations performed on the objects.
  - 21. The analyzer of claim 18 wherein developing a role comprises:
    - determining whether the received database access statements have been captured;
      
      normalizing the captured database access statements; and
      
      eliminating redundancies in the normalized database access statements.
  - 22. The analyzer of claim 18 wherein the memory comprises instructions, and the processor operates according to the instructions.

23. A method implemented by a computer comprising:
- capturing a plurality of database access statements that were issued for one or more applications during the application'"'"'s use, wherein the database access statements comprise Structured Query Language (SQL) queries;
  
  normalizing the captured database access statements;
  
  eliminating redundancies in the normalized database access statements;
  
  analyzing the normalized database access statements stored in a computer memory to determine previous accessed items and types of access for an application, wherein the previous accessed items and types of access include objects accessed and operations performed on the objects;
  
  determining permissions for the application based on the previous accessed items and types of access for the application;
  
  developing a role for the application based on the determined permissions;
  
  determining which of a set of users are authorized to use the application;
  
  detecting a user request to establish a session of the application;
  
  determining if the user is authorized to use the application;
  
  if the user is authorized to use the application, finding the role for the application;
  
  assigning the role to the user;
  
  detecting an end of the application session; and
  
  if an end of the application session is detected, disabling the assigned role for the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Electronic Data Systems Corporation (Perspecta, Inc.)
Inventors
Richter, John D.
Primary Examiner(s)
Breene; John E
Assistant Examiner(s)
COLAN, GIOVANNA B

Application Number

US10/736,001
Publication Number

US 20050131901A1
Time in Patent Office

2,101 Days
Field of Search

709/204, 709/229, 709/219, 705/35, 707/4, 726/7, 713/201
US Class Current

1/1
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

Managing electronic information

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Managing electronic information

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links