Implementation and use of PII data access control facility employing personally identifying information labels and purpose serving function sets
First Claim
1. A method of implementing a data access control facility, said method comprising:
- assigning personally identifying information (PII) classification labels to PII data objects, wherein a PII data object has one PII classification label assigned thereto;
defining at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects; and
assigning a PII classification label to each PSFS, wherein a PII data object is only read accessible via an application function of a PII PSFS having a PII classification label that is equal to or a proper subset of the PII classification label of the PII data object.
5 Assignments
0 Petitions
Accused Products
Abstract
A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.
-
Citations
29 Claims
-
1. A method of implementing a data access control facility, said method comprising:
-
assigning personally identifying information (PII) classification labels to PII data objects, wherein a PII data object has one PII classification label assigned thereto; defining at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects; and assigning a PII classification label to each PSFS, wherein a PII data object is only read accessible via an application function of a PII PSFS having a PII classification label that is equal to or a proper subset of the PII classification label of the PII data object. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A data access control method comprising:
-
(i) invoking, by a user of a data access control facility, a particular function, said data access control facility having personally identifying information (PII) classification labels assigned to PII data objects and at least one PII purpose serving function set (PSFS) including a list of application functions that read, write or reclassify PII data objects, and having a PII classification label assigned thereto, and wherein the user of the data access control facility has assigned thereto a PII clearance set, the PII clearance set for the user comprising a list containing at least one PII classification label; (ii) determining whether the particular function is defined to a PII PSFS of the at least one PII PSFS of the data access control facility, and if so, determining whether the user'"'"'s PII clearance set includes a PII classification label matching the PII classification label assigned to that PII PSFS, and if so, allowing access to the particular function; and (iii) determining whether the user is permitted access to a selected data object to perform the particular function. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A data access control facility comprising:
-
(i) means for invoking, by a user of a data access control facility, a particular function, said data access control facility having personally identifying information (PII) classification labels assigned to PII data objects and at least one PII purpose serving function set (PSFS) including a list of application functions that read, write or reclassify PII data objects, and having a PII classification label assigned thereto, and wherein the user of the data access control facility has assigned thereto a PII clearance set, the PII clearance set for the user comprising a list containing at least one PII classification label; (ii) means for determining whether the particular function is defined to a PII PSFS of the at least one PII PSFS of the data access control facility, and if so, determining whether the user'"'"'s PII clearance set includes a PII classification label matching the PII classification label assigned to that PII PSFS, and if so, allowing access to the particular function; and (iii) means for determining whether the user is permitted access to a selected data object to perform the particular function. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. At least one program storage device readable by a computer, embodying at least one program of instructions executable by the computer to perform, when executing, a method of implementing a data access control facility, said method comprising:
-
assigning personally identifying information (PII) classification labels to PII data objects, wherein a PII data object has one PII classification label assigned thereto; defining at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects; and assigning a PII classification label to each PSFS, wherein a PII data object is only read accessible via an application function of a PII PSFS having a PII classification label that is equal to or a proper subset of the PII classification label of the PII data object.
-
Specification