Method for device dependent access control for device independent web content
First Claim
1. A method in a data processing system for device dependent access control for device independent content, the method comprising:
- a processor storing instructions therein and when executed performing steps of detecting a device type of a user device and a security level of the user device from a request for access to a resource of the data processing system by the user device, responsive to a user device login;
loading a three-dimensional matrix from one of a data source and a configuration file, wherein the three-dimensional matrix includes a user role axis, a device axis, and a resource axis, wherein the device axis comprises a list of devices used by a given user;
performing a lookup of a plurality of matrix assignment tables based on a user role of the user device, the device type of the user device, and the resource requested by the user device;
determining, based on one of a plurality of devices of the device axis, if permission is granted to the user device, wherein the plurality of devices is grouped by the device type of each device into groups, with each group of the groups including given ones of the plurality of devices having a same device type;
wherein the plurality of devices represent a plurality of security levels, wherein the plurality of security levels include a security protocol implemented in different devices of the plurality of device, an encryption scheme implemented in the different devices, a security patch applied in a device of the plurality of devices, and a combination of the security protocol, the encryption scheme, and the security patch applied;
wherein the plurality of devices is further grouped by a security level of the each device into subgroups, with each subgroup of the subgroups including given ones of the plurality of devices having a same security level; and
if the permission is granted, allowing the user device to access the resource; and
if the permission is not granted, denying the user device access to the resource and sending a warning to at least one of the user device and another user device.
0 Assignments
0 Petitions
Accused Products
Abstract
A method, an apparatus, and computer instructions are provided for device-dependent access control for device independent web content. In an illustrative embodiment, a module may be implemented in a computer program detects a client device and security level from a request for a resource by a client device. The module loads, from a data source or configuration file, a three-dimensional device dependent access control matrix, which includes a user role axis, a device axis, and a resource axis. Based on the security level of the device indicated by the device matrix, the module grants or denies access to the resource by the user device. The security levels may include security protocols implemented by different devices, encryption schemes implemented by different devices, and security patches applied by the same device.
36 Citations
14 Claims
-
1. A method in a data processing system for device dependent access control for device independent content, the method comprising:
-
a processor storing instructions therein and when executed performing steps of detecting a device type of a user device and a security level of the user device from a request for access to a resource of the data processing system by the user device, responsive to a user device login; loading a three-dimensional matrix from one of a data source and a configuration file, wherein the three-dimensional matrix includes a user role axis, a device axis, and a resource axis, wherein the device axis comprises a list of devices used by a given user; performing a lookup of a plurality of matrix assignment tables based on a user role of the user device, the device type of the user device, and the resource requested by the user device; determining, based on one of a plurality of devices of the device axis, if permission is granted to the user device, wherein the plurality of devices is grouped by the device type of each device into groups, with each group of the groups including given ones of the plurality of devices having a same device type; wherein the plurality of devices represent a plurality of security levels, wherein the plurality of security levels include a security protocol implemented in different devices of the plurality of device, an encryption scheme implemented in the different devices, a security patch applied in a device of the plurality of devices, and a combination of the security protocol, the encryption scheme, and the security patch applied; wherein the plurality of devices is further grouped by a security level of the each device into subgroups, with each subgroup of the subgroups including given ones of the plurality of devices having a same security level; and if the permission is granted, allowing the user device to access the resource; and
if the permission is not granted, denying the user device access to the resource and sending a warning to at least one of the user device and another user device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A data processing system comprising:
-
a bus; a memory connected to the bus, wherein a set of instructions are located in the memory; and a processor connected to the bus, wherein the processor executes the set of instructions to (i) detect a device type of a user device and a security level of the user device from a request for access to a resource of the data processing system by the user device, responsive to a user device login, (ii) load a three-dimensional matrix from one of a data source and a configuration file, wherein the three-dimensional matrix includes a user role axis, a device axis, and a resource axis, (iii) perform a lookup of a plurality of matrix assignment tables based on a user role of the user device, the device type of the user device, and the resource requested by the user device, (iv) determine, based on one of a plurality of devices of the device axis, if permission is granted to the user device, wherein the plurality of devices is grouped by the device type of each device into groups, with each group of the groups including given ones of the plurality of devices having a same device type, (v) allow the user device to access the resource if the permission is granted, and (vi) deny the user device access to the resource and send a warning to at least one of the user device and another user device if the permission is not granted; and wherein the plurality of devices represent a plurality of security levels, wherein the plurality of security levels include a security protocol implemented in different devices of the plurality of device, an encryption scheme implemented in the different devices, a security patch applied in a device of the plurality of devices, and a combination of the security protocol, the encryption scheme, and the security patch applied; wherein the plurality of devices is further grouped by a security level of the each device into subgroups, with each subgroup of the subgroups including given ones of the plurality of devices having a same security level. - View Dependent Claims (12)
-
-
13. A computer program product stored in a computer recordable-type medium for device dependent access control for device independent web content, the computer program product comprising:
-
first instructions for detecting a device type of a user device and a security level of the user device from a request for access to a resource of a data processing system by the user device, responsive to a user device login; second instructions for loading a three-dimensional matrix from at least one of a data source or a configuration file, wherein the three-dimensional matrix includes a user role axis, a device axis, and a resource axis; third instructions for performing a lookup of a plurality of matrix assignment tables based on a user role of the user device, the device type of the user device, and the resource requested by the user device; fourth instructions for determining, based on one of a plurality of devices of the device axis, if permission is granted to the user device, wherein the plurality of devices is grouped by the device type of each device into groups, with each group of the groups including given ones of the plurality of devices having a same device type; fifth instructions for allowing the user device to access the resource if the permission is granted; and sixth instructions for denying the user device access to the resource and sending a warning to at least one of the user device and another user device if the permission is not granted; and wherein the plurality of devices represent a plurality of security levels, wherein the plurality of security levels include a security protocol implemented in different devices of the plurality of device, an encryption scheme implemented in the different devices, a security patch applied in a device of the plurality of devices, and a combination of the security protocol, the encryption scheme, and the security patch applied; wherein the plurality of devices is further grouped by a security level of the each device into subgroups, with each subgroup of the subgroups including given ones of the plurality of devices having a same security level. - View Dependent Claims (14)
-
Specification