Method for device dependent access control for device independent web content

US 7,657,946 B2
Filed: 06/09/2008
Issued: 02/02/2010
Est. Priority Date: 04/14/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method in a data processing system for device dependent access control for device independent content, the method comprising:

a processor storing instructions therein and when executed performing steps of detecting a device type of a user device and a security level of the user device from a request for access to a resource of the data processing system by the user device, responsive to a user device login;

loading a three-dimensional matrix from one of a data source and a configuration file, wherein the three-dimensional matrix includes a user role axis, a device axis, and a resource axis, wherein the device axis comprises a list of devices used by a given user;

performing a lookup of a plurality of matrix assignment tables based on a user role of the user device, the device type of the user device, and the resource requested by the user device;

determining, based on one of a plurality of devices of the device axis, if permission is granted to the user device, wherein the plurality of devices is grouped by the device type of each device into groups, with each group of the groups including given ones of the plurality of devices having a same device type;

wherein the plurality of devices represent a plurality of security levels, wherein the plurality of security levels include a security protocol implemented in different devices of the plurality of device, an encryption scheme implemented in the different devices, a security patch applied in a device of the plurality of devices, and a combination of the security protocol, the encryption scheme, and the security patch applied;

wherein the plurality of devices is further grouped by a security level of the each device into subgroups, with each subgroup of the subgroups including given ones of the plurality of devices having a same security level; and

if the permission is granted, allowing the user device to access the resource; and

if the permission is not granted, denying the user device access to the resource and sending a warning to at least one of the user device and another user device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, an apparatus, and computer instructions are provided for device-dependent access control for device independent web content. In an illustrative embodiment, a module may be implemented in a computer program detects a client device and security level from a request for a resource by a client device. The module loads, from a data source or configuration file, a three-dimensional device dependent access control matrix, which includes a user role axis, a device axis, and a resource axis. Based on the security level of the device indicated by the device matrix, the module grants or denies access to the resource by the user device. The security levels may include security protocols implemented by different devices, encryption schemes implemented by different devices, and security patches applied by the same device.

36 Citations

View as Search Results

14 Claims

1. A method in a data processing system for device dependent access control for device independent content, the method comprising:
- a processor storing instructions therein and when executed performing steps of detecting a device type of a user device and a security level of the user device from a request for access to a resource of the data processing system by the user device, responsive to a user device login;
  
  loading a three-dimensional matrix from one of a data source and a configuration file, wherein the three-dimensional matrix includes a user role axis, a device axis, and a resource axis, wherein the device axis comprises a list of devices used by a given user;
  
  performing a lookup of a plurality of matrix assignment tables based on a user role of the user device, the device type of the user device, and the resource requested by the user device;
  
  determining, based on one of a plurality of devices of the device axis, if permission is granted to the user device, wherein the plurality of devices is grouped by the device type of each device into groups, with each group of the groups including given ones of the plurality of devices having a same device type;
  
  wherein the plurality of devices represent a plurality of security levels, wherein the plurality of security levels include a security protocol implemented in different devices of the plurality of device, an encryption scheme implemented in the different devices, a security patch applied in a device of the plurality of devices, and a combination of the security protocol, the encryption scheme, and the security patch applied;
  
  wherein the plurality of devices is further grouped by a security level of the each device into subgroups, with each subgroup of the subgroups including given ones of the plurality of devices having a same security level; and
  
  if the permission is granted, allowing the user device to access the resource; and
  
  if the permission is not granted, denying the user device access to the resource and sending a warning to at least one of the user device and another user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the user role includes at least one of an administrator, a user, and a manager.
  - 3. The method of claim 1, wherein the type of user device includes a personal digital assistant, a web browser, a smart phone, and a telephone.
  - 4. The method of claim 1, wherein the resource requested include at least one of an application, a data set, a web page, and a spreadsheet.
  - 5. The method of claim 1, wherein the permission includes at least one of deploy, create, delete, update, assign, view, and configure.
  - 6. The method of claim 1, wherein the security protocol implemented in different devices includes at least one of a proprietary security protocol, and a secure sockets layer (SSL) protocol.
  - 7. The method of claim 1, wherein the security level comprises a type and version of an application executable by the each device, and an encryption scheme used by the application executable by the each device.
  - 8. The method of claim 1, wherein the security patch applied in a device includes security patches published by vendors for specific devices.
  - 9. The method of claim 1, wherein the detecting, loading, determining, allowing, and denying steps are performed by a module implemented in a computer program executed by the data processing system, and wherein the three-dimensional matrix is configured by the administrator via a user interface to add a new device after the module is created, and determining permission to access a given resource by the new device is enabled by the method without modifying the module by use of the configured three-dimensional matrix.
  - 10. The method of claim 1, wherein the loading step comprises:
    - reading data from the three-dimensional matrix into a resource-to-user assignment table; and
      
      reading data from the three-dimensional matrix into a resource-to-device assignment table that indicates what resources are accessible according to the type of user device.

11. A data processing system comprising:
- a bus;
  
  a memory connected to the bus, wherein a set of instructions are located in the memory; and
  
  a processor connected to the bus, wherein the processor executes the set of instructions to (i) detect a device type of a user device and a security level of the user device from a request for access to a resource of the data processing system by the user device, responsive to a user device login, (ii) load a three-dimensional matrix from one of a data source and a configuration file, wherein the three-dimensional matrix includes a user role axis, a device axis, and a resource axis, (iii) perform a lookup of a plurality of matrix assignment tables based on a user role of the user device, the device type of the user device, and the resource requested by the user device, (iv) determine, based on one of a plurality of devices of the device axis, if permission is granted to the user device, wherein the plurality of devices is grouped by the device type of each device into groups, with each group of the groups including given ones of the plurality of devices having a same device type, (v) allow the user device to access the resource if the permission is granted, and (vi) deny the user device access to the resource and send a warning to at least one of the user device and another user device if the permission is not granted; and
  
  wherein the plurality of devices represent a plurality of security levels, wherein the plurality of security levels include a security protocol implemented in different devices of the plurality of device, an encryption scheme implemented in the different devices, a security patch applied in a device of the plurality of devices, and a combination of the security protocol, the encryption scheme, and the security patch applied;
  
  wherein the plurality of devices is further grouped by a security level of the each device into subgroups, with each subgroup of the subgroups including given ones of the plurality of devices having a same security level.
- View Dependent Claims (12)
- - 12. The data processing system of claim 11, wherein the processor, in executing the set of instructions to load a three-dimensional matrix from one of a data source or a configuration file, reads data from the three-dimensional matrix into a resource-to-user assignment table, and reads data from the three-dimensional matrix into a resource-to-device assignment table that indicates what resources are accessible according to the type of user device.

13. A computer program product stored in a computer recordable-type medium for device dependent access control for device independent web content, the computer program product comprising:
- first instructions for detecting a device type of a user device and a security level of the user device from a request for access to a resource of a data processing system by the user device, responsive to a user device login;
  
  second instructions for loading a three-dimensional matrix from at least one of a data source or a configuration file, wherein the three-dimensional matrix includes a user role axis, a device axis, and a resource axis;
  
  third instructions for performing a lookup of a plurality of matrix assignment tables based on a user role of the user device, the device type of the user device, and the resource requested by the user device;
  
  fourth instructions for determining, based on one of a plurality of devices of the device axis, if permission is granted to the user device, wherein the plurality of devices is grouped by the device type of each device into groups, with each group of the groups including given ones of the plurality of devices having a same device type;
  
  fifth instructions for allowing the user device to access the resource if the permission is granted; and
  
  sixth instructions for denying the user device access to the resource and sending a warning to at least one of the user device and another user device if the permission is not granted; and
  
  wherein the plurality of devices represent a plurality of security levels, wherein the plurality of security levels include a security protocol implemented in different devices of the plurality of device, an encryption scheme implemented in the different devices, a security patch applied in a device of the plurality of devices, and a combination of the security protocol, the encryption scheme, and the security patch applied;
  
  wherein the plurality of devices is further grouped by a security level of the each device into subgroups, with each subgroup of the subgroups including given ones of the plurality of devices having a same security level.
- View Dependent Claims (14)
- - 14. The computer program product of claim 13, wherein the second instructions comprises:
    - first sub-instructions for reading data from the three-dimensional matrix into a resource-to-user assignment table; and
      
      second sub-instructions for reading data from the three-dimensional matrix into a resource-to-device assignment table that indicates what resources are accessible according to the type of user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Yan, Shunguo
Primary Examiner(s)
Shiferaw; Eleni A

Application Number

US12/135,436
Publication Number

US 20080235811A1
Time in Patent Office

603 Days
Field of Search

711/163, 726 28- 29
US Class Current

726/28
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Method for device dependent access control for device independent web content

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method for device dependent access control for device independent web content

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links