Method and computing system for controlling access

US 7,924,810 B2
Filed: 09/19/2007
Issued: 04/12/2011
Est. Priority Date: 06/21/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method of controlling access by a user to a computing resource located in a destination domain in a hierarchy of domains, comprising:

storing, in a memory, said hierarchy of domains;

determining, by a processor, a path from a source domain to said destination domain, based on said hierarchy, wherein said source domain precedes said destination domain in said path;

identifying, by said processor, one or more intermediate domains between said source domain and said destination domain in said path;

determining, by said processor, for at least one domain preceding said destination domain in said path whether traversal to a successive domain in said path is permitted based on said at least one domain in said path, said successive domain, and a role of said user; and

providing to said user access to said computing resource if traversal from said source domain to said destination domain along said path is permittedwherein said processor is configured to selectively deny access by said user to a computer resource located in one or more of said intermediate domains while permitting traversal to said intermediate domains where access has been denied.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and computing system for controlling access by a user to a computing resource located in respective source and destination domains in a hierarchy of domains. The method comprises establishing a path of domains in the hierarchy from the source domain to the destination domain, specifying for at least one domain in the path preceding the destination domain whether traversal to a successive domain in the path is permitted, and providing to the user access to the computing resource if traversal from the source domain to the destination domain along the path is permitted.

12 Citations

11 Claims

1. A method of controlling access by a user to a computing resource located in a destination domain in a hierarchy of domains, comprising:
- storing, in a memory, said hierarchy of domains;
  
  determining, by a processor, a path from a source domain to said destination domain, based on said hierarchy, wherein said source domain precedes said destination domain in said path;
  
  identifying, by said processor, one or more intermediate domains between said source domain and said destination domain in said path;
  
  determining, by said processor, for at least one domain preceding said destination domain in said path whether traversal to a successive domain in said path is permitted based on said at least one domain in said path, said successive domain, and a role of said user; and
  
  providing to said user access to said computing resource if traversal from said source domain to said destination domain along said path is permittedwherein said processor is configured to selectively deny access by said user to a computer resource located in one or more of said intermediate domains while permitting traversal to said intermediate domains where access has been denied.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method as claimed in claim 1, including determining whether traversal is permitted from said source domain successively towards said destination domain until either further traversal is not permitted or said destination domain is reached, whereby access to said computing resource is respectively either denied or granted.
  - 3. A method as claimed in claim 1, wherein determining a path comprises determining said path as a shortest path from said source domain to said destination domain.
  - 4. A method as claimed in claim 1, wherein said at least one domain in said path preceding said destination domain comprises said source domain and one or more intermediate domains intermediate said source domain and said destination domain.
  - 5. A method as claimed in claim 1, wherein determining whether traversal is permitted includes determining whether a computing resource in said successive domain can be accessed by said user.

6. A computing system configured to control access by a user to a desired computing resource located in respective source and destination domains in a hierarchy of domains, comprising:
- a processor; and
  
  one or more computing resources including desired computing resource, said computing resources being associated with respective domains;
  
  wherein said computing system is configured to respond to a request by said user for access to said desired computing resource by;
  
  determining, by said processor, a path from said source domain to said destination domain, based on said hierarchy, wherein said source domain precedes said destination domain in said path;
  
  identifying, by said processor one or more intermediate domains between said source domain and said destination domain in said path;
  
  determining, by said processor, for at least one domain preceding said destination domain in said path whether traversal to a successive domain in said path is permitted based on said at least one domain in said path, said successive domain, and a role of said user; and
  
  providing to said user access to said desired computing resource if traversal from said source domain to said destination domain along said path is permitted;
  
  wherein said processor is configured to selectively deny access by the user to a computer resource located in one or more of said intermediate domains while permitting traversal to said intermediate domains where access has been denied.
- View Dependent Claims (7, 8)
- - 7. A system as claimed in claim 6, comprising a computer network including a plurality of computing devices.
  - 8. A system as claimed in claim 6, wherein determining whether traversal to said successive domain in said path is permitted is based on a plurality of criteria including said at least one domain in said path, said successive domain, and a role of said user.

9. A method for controlling access by a user to computing resources located in respective domains in a hierarchy of domains, comprising:
- storing, in a memory, a plurality of three dimensional access matrices, each of the plurality comprising a source domain element, a destination domain element and a user role element;
  
  storing, in said memory, a permission element associated with each of the plurality of three dimensional access matrices, said permission element specifying whether traversal from said source domain element to said destination domain element for a given user role element is permitted;
  
  at least partially populating said matrix with data indicative of whether, for a respective element of said matrix, traversal is permitted from said source domain to said destination domain according to said specification;
  
  wherein said permission element specifies, for at least one of the plurality of three dimensional access matrices, that traversal from said source domain element to said destination domain element for a given user role element is permitted, but denies access to one or more intermediate domains between said source domain and said destination domain.
- View Dependent Claims (10)
- - 10. A method as claimed in claim 9, including forming said specification based on a plurality of criteria including one or more of said at least one domain in said hierarchy, said other domain in said hierarchy, and a role of said user.

11. A non-transitory computer readable medium encoded with a computer program which, when executed by a processor, causes the processor to:
- store, in a memory, a hierarchy of domains;
  
  determine a path from a source domain to a destination domain, based on said hierarchy, wherein said source domain precedes said destination domain in said path;
  
  identify one or more intermediate domains between said source domain and said destination domain in said path;
  
  determine for at least one domain preceding said destination domain in said path whether traversal to a successive domain in said path is permitted based on said at least one domain in said path, said successive domain, and a role of a user;
  
  provide to said user access to said computing resource if traversal from said source domain to said destination domain along said path is permitted; and
  
  selectively deny access by said user to a computer resource located in one or more of said intermediate domains while permitting traversal to said intermediate domains where access has been denied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Singh, Sukhvinder
Primary Examiner(s)
CHO, HONG SOL

Application Number

US11/902,131
Publication Number

US 20080317012A1
Time in Patent Office

1,301 Days
Field of Search

370/237, 370/238, 370/254, 370/255, 370/351, 370/392, 370/400, 370/401
US Class Current

370/351
CPC Class Codes

H04L 45/04   Interdomain routing, e.g. h...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/105   Multiple levels of security

Method and computing system for controlling access

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method and computing system for controlling access

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links