Method, system and program product for verifying access to a data object

US 7,739,303 B2
Filed: 07/22/2004
Issued: 06/15/2010
Est. Priority Date: 07/22/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method executed on at least one computer device, of verifying access to a data object, the method comprising:

automatically determining, on the at least one computer device, whether a privilege of a user for access to the data object requires verification, the determining including;

determining whether a frequency period for verifying access to the data object has passed since a previous time that access was verified for the data object;

obtaining an owner for the data object on the at least one computer device;

obtaining on the at least one computer device, a set of current users having access to the data object, the set of current users including all users having privileges that allow the users to request access the data object at present time independent of whether the users are currently accessing the data object;

providing the set of current users to the owner;

receiving on the computer device, a set of verified users based on the set of current users, the set of verified users including all users whose status as a user has been verified by the owner for access to the data object; and

updating the previous time after receiving the set of verified users.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved solution for verifying access to a data object. In particular, the invention automatically determines when access to the data object requires verification and provides an owner of the data object a set of current users for verification. The set of current users can include all or a subset of the users/user groups that have access to the data object. Additionally, an indication of one or more attributes of each user can be provided to the owner to assist in verification. Access information can be updated based on a response from the owner.

Citations

14 Claims

1. A computer-implemented method executed on at least one computer device, of verifying access to a data object, the method comprising:
- automatically determining, on the at least one computer device, whether a privilege of a user for access to the data object requires verification, the determining including;
  
  determining whether a frequency period for verifying access to the data object has passed since a previous time that access was verified for the data object;
  
  obtaining an owner for the data object on the at least one computer device;
  
  obtaining on the at least one computer device, a set of current users having access to the data object, the set of current users including all users having privileges that allow the users to request access the data object at present time independent of whether the users are currently accessing the data object;
  
  providing the set of current users to the owner;
  
  receiving on the computer device, a set of verified users based on the set of current users, the set of verified users including all users whose status as a user has been verified by the owner for access to the data object; and
  
  updating the previous time after receiving the set of verified users.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising updating the set of current users based on the set of verified users.
  - 3. The method of claim 2, further comprising preventing access to the data object until the set of current users has been updated.
  - 4. The method of claim 1, wherein the obtaining a set of current users step comprises:
    - determining a set of current user groups that have access to the data object;
      
      determining a set of additional users; and
      
      generating the set of current users by selecting from the set of current user groups and the set of additional users.
  - 5. The method of claim 1, further comprising, for each user in the set of current users:
    - determining if the user is a current employee; and
      
      indicating whether the user comprises a current employee.
  - 6. The method of claim 1, wherein the providing step comprises:
    - generating an electronic message that comprises a description of the data object and the set of current users; and
      
      sending the electronic message to the owner.

7. A computer-implemented method of requesting verification of access to a data object, implemented on at least one computer device, the method comprising:
- obtaining a frequency period on the at least one computer device, for verifying whether each user of the data object should continue to have access to the data object, the frequency period being a pre-determined period of time during which privileges that allow the users to request access the data object at present time independent of whether the users are currently accessing the data object;
  
  obtaining a previous time on the at least one computer device, that the access was verified for the data object;
  
  determining on the at least one computer device, that the frequency period has passed since the previous time;
  
  obtaining on the at least one computer device, an owner for the data object;
  
  obtaining a set of current users having access to the data object, the obtaining comprising;
  
  determining a set of current user groups that have access to the data object;
  
  determining a set of additional users; and
  
  generating the set of current users by selecting from the set of current user groups and the set of additional users;
  
  providing the set of current users to the owner; and
  
  sending a request to the owner to verify access to the data object.
- View Dependent Claims (8)
- - 8. The method of claim 7, further comprising, for each user in the set of current users:
    - obtaining at least one attribute for the user; and
      
      indicating the at least one attribute to the owner.

9. A system for verifying access to a data object, the system comprising:
- at least one computer device including;
  
  a monitor system for automatically determining when a privilege of a user for access to the data object requires verification, the determining including;
  
  determining whether a frequency period for verifying access to the data object has passed since a previous time that access was verified for the data object;
  
  an owner system for obtaining an owner for the data object;
  
  a selection system for obtaining a set of current users having access to the data object, the set of current users including all users having privileges that allow the users to request access the data object at present time independent of whether the users are currently accessing the data object;
  
  a verification system for providing the set of current users to the owner and receiving a set of verified users based on the set of current users, the set of verified users including all users whose status as a user has been verified by the owner for access to the data object; and
  
  an access system for updating the set of current users based on the set of verified users.
- View Dependent Claims (10)
- - 10. The system of claim 9, further comprising an attribute system for obtaining at least one attribute for each user in the set of current users.

11. A program product stored on a computer-recordable storage medium for verifying access to a data object, which when executed comprises:
- program code for automatically determining when a privilege of a user for access to the data object requires verification, the determining including;
  
  determining whether a frequency period for verifying access to the data object has passed since a previous time that access was verified for the data object;
  
  program code for obtaining an owner for the data object;
  
  program code for obtaining a set of current users having access to the data object, the set of current users including all users having privileges that allow the users to request access the data object at present time independent of whether the users are currently accessing the data object;
  
  program code for providing the set of current users to the owner;
  
  program code for receiving a set of verified users based on the set of current users, the set of verified users including all users whose status as a user has been verified by the owner for access to the data object; and
  
  program code for updating the set of current users based on the set of verified users.
- View Dependent Claims (12)
- - 12. The program product of claim 11, further comprising program code for indicating each user in the set of current users that is not a current employee.

13. A system for deploying an application for requesting verification of access to a data object, the system comprising:
- a computer infrastructure being operable to;
  
  automatically determine when a privilege of a user for access to the data object requires verification, the determining including;
  
  determining whether a frequency period for verifying access to the data object has passed since a previous time that access was verified for the data object;
  
  obtain an owner for the data object;
  
  obtain a set of current users having access to the data object, the set of current users including all users having privileges that allow the users to request access the data object at present time independent of whether the users are currently accessing the data object; and
  
  provide the set of current users to the owner;
  
  receive a set of verified users based on the set of current users, the set of verified users including all users whose status as a user has been verified by the owner for access to the data object; and
  
  update the previous time after receiving the set of verified users.
- View Dependent Claims (14)
- - 14. The system of claim 13, wherein the computer infrastructure is further operable to indicate at least one attribute for each user in the set of current users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated (Kyndryl Holdings, Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Murray, Douglas G., Martin, James A. Jr., Rauch, Diane C.
Primary Examiner(s)
Le; Miranda

Application Number

US10/898,099
Publication Number

US 20060020599A1
Time in Patent Office

2,154 Days
Field of Search

707/900, 707/9, 707/783, 707/787, 707/999.09, 726/28, 713/182
US Class Current

707/783
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Y10S 707/99939 Privileged access

Method, system and program product for verifying access to a data object

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system and program product for verifying access to a data object

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links