Data access control

US 8,090,853 B2
Filed: 12/01/2009
Issued: 01/03/2012
Est. Priority Date: 12/01/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving, by a computer processor of a computing system from a requestor, a request for access to specified data;

extracting, by said computer processor from said request, a requestor identification string associated with said requestor;

first verifying, by said computer processor, a match for said requestor identification string against a requestor registry;

retrieving, by said computer processor, a service requestor identification string associated with a service requesting said specified data;

second verifying, by said computer processor, a match for said service requestor identification string against a service registry;

retrieving, by said computer processor, a requestor software component operating process identification string associated with a requestor software component requesting said specified data;

third verifying, by said computer processor, a match for said requestor software component operating process identification string against a process registry;

retrieving, by said computer processor, a requestor server identification string associated with a requestor server requesting said specified data;

fourth verifying, by said computer processor, a match for said requestor server identification string against a server registry;

retrieving, by said computer processor, a requestor hardware device network address and a requestor media access control (MAC) address associated with a requestor hardware device requesting said specified data;

fifth verifying, by said computer processor, a match for said requestor hardware device network address and said requestor MAC address against a network registry;

retrieving, by said computer processor, a requestor hardware device identification string associated with said requestor hardware device requesting said specified data;

sixth verifying, by said computer processor, a match for said requestor hardware device identification string against a device registry;

extracting, by said computer processor from said request, a provider identification string associated with a provider of said specified data;

seventh verifying, by said computer processor, a match for said provider identification string against a provider registry;

retrieving, by said computer processor, a service provider identification string associated with a service providing said specified data;

eighth verifying, by said computer processor, a match for said service provider identification string against said service registry;

retrieving, by said computer processor, a provider software component operating process identification string associated with a provider software component providing said specified data;

ninth verifying, by said computer processor, a match for said provider software component operating process identification string against said process registry;

retrieving, by said computer processor, a provider server identification string associated with a provider server providing said specified data;

tenth verifying, by said computer processor, a match for said provider server identification string against said server registry;

retrieving, by said computer processor, a provider hardware device identification string associated with said provider hardware device providing said specified data; and

eleventh verifying, by said computer processor, a match for said provider hardware device identification string against said device registry;

generating, by said computer processor, an access point door associated with a specified logical storage room representation, said logical storage room representation comprising a storage space comprised by a plurality of different storage mediums and physical storage locations, said logical storage room representation comprising said specified data;

cross-referencing, by said computer processor, verification results of said first verifying, said second verifying, said third verifying, said fourth verifying, said fifth verifying, said sixth verifying, said seventh verifying, said eighth verifying, said ninth verifying, said tenth verifying, and said eleventh verifying;

generating, by said computer processor, a scorecard comprising results of said cross-referencing, wherein said scorecard comprises;

a Score_Card ID entry comprising a unique record for each scorecard record;

a Scorecard_Results entry providing a tabulated value of the scorecard and determining pass or failure of a combined verification test; and

a plurality of verification results entries comprising said verification results;

determining, by said computer processor, that said scorecard comprises a valid integration pattern;

generating, by said computer processor based on said valid integration pattern, a logical key associated with said access point door;

generating, by said computer processor based on said valid integration pattern, a logical lock associated with said logical key;

enabling, by said computer processor, said logical lock with said logical key;

determining, by said computer processor based, that a time stamp associated with said logical lock and said logical key is valid;

enabling, by said computer processor based on said scorecard comprising said results of said cross-referencing, said valid integration pattern, said enabling said logical lock with said logical key, and said time stamp being valid, access to said specified data via said access point door and said specified logical storage room representation; and

disabling, by said computer processor, said logical lock using said logical key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data access control method and system. The method includes receiving by a computer processor from a requestor, a request for access to data. The computer processor extracts from the request, a requestor identification string associated with the requestor. The computer processor verifies a match for the requestor identification string, a service requestor identification string, a requestor software component operating process identification string, a requestor server identification string, a requestor hardware device network address and a requestor MAC address, and a requestor hardware device identification string against a plurality of registries. The computer processor generates an access point door associated with a specified logical storage room representation comprising the data. The computer processor enables access to the data via the access point door and the specified logical storage room representation based on enabling a logical lock with a logical key and a valid timestamp.

Citations

18 Claims

1. A method comprising:
- receiving, by a computer processor of a computing system from a requestor, a request for access to specified data;
  
  extracting, by said computer processor from said request, a requestor identification string associated with said requestor;
  
  first verifying, by said computer processor, a match for said requestor identification string against a requestor registry;
  
  retrieving, by said computer processor, a service requestor identification string associated with a service requesting said specified data;
  
  second verifying, by said computer processor, a match for said service requestor identification string against a service registry;
  
  retrieving, by said computer processor, a requestor software component operating process identification string associated with a requestor software component requesting said specified data;
  
  third verifying, by said computer processor, a match for said requestor software component operating process identification string against a process registry;
  
  retrieving, by said computer processor, a requestor server identification string associated with a requestor server requesting said specified data;
  
  fourth verifying, by said computer processor, a match for said requestor server identification string against a server registry;
  
  retrieving, by said computer processor, a requestor hardware device network address and a requestor media access control (MAC) address associated with a requestor hardware device requesting said specified data;
  
  fifth verifying, by said computer processor, a match for said requestor hardware device network address and said requestor MAC address against a network registry;
  
  retrieving, by said computer processor, a requestor hardware device identification string associated with said requestor hardware device requesting said specified data;
  
  sixth verifying, by said computer processor, a match for said requestor hardware device identification string against a device registry;
  
  extracting, by said computer processor from said request, a provider identification string associated with a provider of said specified data;
  
  seventh verifying, by said computer processor, a match for said provider identification string against a provider registry;
  
  retrieving, by said computer processor, a service provider identification string associated with a service providing said specified data;
  
  eighth verifying, by said computer processor, a match for said service provider identification string against said service registry;
  
  retrieving, by said computer processor, a provider software component operating process identification string associated with a provider software component providing said specified data;
  
  ninth verifying, by said computer processor, a match for said provider software component operating process identification string against said process registry;
  
  retrieving, by said computer processor, a provider server identification string associated with a provider server providing said specified data;
  
  tenth verifying, by said computer processor, a match for said provider server identification string against said server registry;
  
  retrieving, by said computer processor, a provider hardware device identification string associated with said provider hardware device providing said specified data; and
  
  eleventh verifying, by said computer processor, a match for said provider hardware device identification string against said device registry;
  
  generating, by said computer processor, an access point door associated with a specified logical storage room representation, said logical storage room representation comprising a storage space comprised by a plurality of different storage mediums and physical storage locations, said logical storage room representation comprising said specified data;
  
  cross-referencing, by said computer processor, verification results of said first verifying, said second verifying, said third verifying, said fourth verifying, said fifth verifying, said sixth verifying, said seventh verifying, said eighth verifying, said ninth verifying, said tenth verifying, and said eleventh verifying;
  
  generating, by said computer processor, a scorecard comprising results of said cross-referencing, wherein said scorecard comprises;
  
  a Score_Card ID entry comprising a unique record for each scorecard record;
  
  a Scorecard_Results entry providing a tabulated value of the scorecard and determining pass or failure of a combined verification test; and
  
  a plurality of verification results entries comprising said verification results;
  
  determining, by said computer processor, that said scorecard comprises a valid integration pattern;
  
  generating, by said computer processor based on said valid integration pattern, a logical key associated with said access point door;
  
  generating, by said computer processor based on said valid integration pattern, a logical lock associated with said logical key;
  
  enabling, by said computer processor, said logical lock with said logical key;
  
  determining, by said computer processor based, that a time stamp associated with said logical lock and said logical key is valid;
  
  enabling, by said computer processor based on said scorecard comprising said results of said cross-referencing, said valid integration pattern, said enabling said logical lock with said logical key, and said time stamp being valid, access to said specified data via said access point door and said specified logical storage room representation; and
  
  disabling, by said computer processor, said logical lock using said logical key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - retrieving, by said computer processor, a provider hardware device network address and a provider MAC address associated with a provider hardware device providing said specified data;
      
      twelfth verifying, by said computer processor, a match for said provider hardware device network address and said provider MAC address against said network registry;
      
      wherein said enabling said access to said specified data is further based on second results of said twelfth verifying.
  - 3. The method of claim 2, further comprising:
    - retrieving, by said computer processor, a first global unique identifier (GUID) associated with a requestor operating system requesting said specified data;
      
      verifying, by said computer processor, said first GUID against a GUID validator;
      
      retrieving, by said computer processor, a second GUID associated with a provider operating system providing said specified data; and
      
      verifying, by said computer processor, said second GUID against said GUID validator, wherein said enabling said access to said specified data is further based on results of said verifying said first GUID and results of said verifying said second GUID.
  - 4. The method of claim 1, wherein said generating said access point door comprises:
    - generating, by said computer processor, a first random number;
      
      generating, by said computer processor, a first specified number; and
      
      appending, by said computer processor, said first specified number to said first random number.
  - 5. The method of claim 4, wherein said generating said logical key comprises:
    - generating, by said computer processor, a second random number;
      
      generating, by said computer processor, a second specified number; and
      
      appending, by said computer processor, said second specified number to said second random number.
  - 6. The method of claim 5, wherein said generating said logical key comprises:
    - generating, by said computer processor, a third random number;
      
      generating, by said computer processor, a third specified number; and
      
      appending, by said computer processor, said third specified number to said third random number.
  - 7. A computer program product, comprising a computer readable storage device storing a computer readable program code embodied therein, said computer readable program code configured to perform the method of claim 1 upon being enabled by said processor of said computing system.
  - 8. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable code in said computer processor, wherein the code in combination with the computer processor is capable of performing the method of claim 1.

9. A computing system comprising a computer processor coupled to a computer-readable memory unit, said memory unit comprising instructions that when enabled by the computer processor implements a verification method comprising:
- receiving, by said computer processor from a requestor, a request for access to specified data;
  
  extracting, by said computer processor from said request, a requestor identification string associated with said requestor;
  
  first verifying, by said computer processor, a match for said requestor identification string against a requestor registry;
  
  retrieving, by said computer processor, a service requestor identification string associated with a service requesting said specified data;
  
  second verifying, by said computer processor, a match for said service requestor identification string against a service registry;
  
  retrieving, by said computer processor, a requestor software component operating process identification string associated with a requestor software component requesting said specified data;
  
  third verifying, by said computer processor, a match for said requestor software component operating process identification string against a process registry;
  
  retrieving, by said computer processor, a requestor server identification string associated with a requestor server requesting said specified data;
  
  fourth verifying, by said computer processor, a match for said requestor server identification string against a server registry;
  
  retrieving, by said computer processor, a requestor hardware device network address and a requestor media access control (MAC) address associated with a requestor hardware device requesting said specified data;
  
  fifth verifying, by said computer processor, a match for said requestor hardware device network address and said requestor MAC address against a network registry;
  
  retrieving, by said computer processor, a requestor hardware device identification string associated with said requestor hardware device requesting said specified data;
  
  sixth verifying, by said computer processor, a match for said requestor hardware device identification string against a device registry;
  
  extracting, by said computer processor from said request, a provider identification string associated with a provider of said specified data;
  
  seventh verifying, by said computer processor, a match for said provider identification string against a provider registry;
  
  retrieving, by said computer processor, a service provider identification string associated with a service providing said specified data;
  
  eighth verifying, by said computer processor, a match for said service provider identification string against said service registry;
  
  retrieving, by said computer processor, a provider software component operating process identification string associated with a provider software component providing said specified data;
  
  ninth verifying, by said computer processor, a match for said provider software component operating process identification string against said process registry;
  
  retrieving, by said computer processor, a provider server identification string associated with a provider server providing said specified data;
  
  tenth verifying, by said computer processor, a match for said provider server identification string against said server registry;
  
  retrieving, by said computer processor, a provider hardware device identification string associated with said provider hardware device providing said specified data; and
  
  eleventh verifying, by said computer processor, a match for said provider hardware device identification string against said device registry;
  
  generating, by said computer processor, an access point door associated with a specified logical storage room representation, said logical storage room representation comprising a storage space comprised by a plurality of different storage mediums and physical storage locations, said logical storage room representation comprising said specified data;
  
  cross-referencing, by said computer processor, verification results of said first verifying, said second verifying, said third verifying, said fourth verifying, said fifth verifying, said sixth verifying, said seventh verifying, said eighth verifying, said ninth verifying, said tenth verifying, and said eleventh verifying;
  
  generating, by said computer processor, a scorecard comprising results of said cross-referencing, wherein said scorecard comprises;
  
  a Score_Card ID entry comprising a unique record for each scorecard record;
  
  a Scorecard_Results entry providing a tabulated value of the scorecard and determining pass or failure of a combined verification test; and
  
  a plurality of verification results entries comprising said verification results;
  
  determining, by said computer processor, that said scorecard comprises a valid integration pattern;
  
  generating, by said computer processor based on said valid integration pattern, a logical key associated with said access point door;
  
  generating, by said computer processor based on said valid integration pattern, a logical lock associated with said logical key;
  
  enabling, by said computer processor, said logical lock with said logical key;
  
  determining, by said computer processor based, that a time stamp associated with said logical lock and said logical key is valid;
  
  enabling, by said computer processor based on said scorecard comprising said results of said cross-referencing, said valid integration pattern, said enabling said logical lock with said logical key, and said time stamp being valid, access to said specified data via said access point door and said specified logical storage room representation; and
  
  disabling, by said computer processor, said logical lock using said logical key.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The computing system of claim 9, wherein said method further comprises:
    - retrieving, by said computer processor, a provider hardware device network address and a provider MAC address associated with a provider hardware device providing said specified data;
      
      twelfth verifying, by said computer processor, a match for said provider hardware device network address and said provider MAC address against said network registry;
      
      wherein said enabling said access to said specified data is further based on second results of said twelfth verifying.
  - 11. The computing system of claim 10, wherein said method further comprises:
    - retrieving, by said computer processor, a first global unique identifier (GUID) associated with a requestor operating system requesting said specified data;
      
      verifying, by said computer processor, said first GUID against a GUID validator;
      
      retrieving, by said computer processor, a second GUID associated with a provider operating system providing said specified data; and
      
      verifying, by said computer processor, said second GUID against said GUID validator, wherein said enabling said access to said specified data is further based on results of said verifying said first GUID and results of said verifying said second GUID.
  - 12. The computing system of claim 9, wherein said generating said access point door comprises:
    - generating, by said computer processor, a first random number;
      
      generating, by said computer processor, a first specified number; and
      
      appending, by said computer processor, said first specified number to said first random number.
  - 13. The computing system of claim 12, wherein said generating said logical key comprises:
    - generating, by said computer processor, a second random number;
      
      generating, by said computer processor, a second specified number; and
      
      appending, by said computer processor, said second specified number to said second random number.

14. A method comprising:
- defining, by a computer processor of a computing system, a requestor identification string associated with a requestor of data;
  
  adding, by said computer processor, said requestor identification string to a requestor registry;
  
  generating, by said computer processor, a requester verification component configured to enable a verification process that authenticates a service requester identification string match within a service request and defined with said requester registry, wherein said requester verification component comprises a requester table listing all registered requesters for services, and wherein said requester table comprises a Requester ID entry comprising a unique record for each requester record and a Requester Description entry describing each said requester;
  
  defining, by said computer processor, a provider identification string associated with a provider of said data;
  
  adding, by said computer processor, said provider identification string to a provider registry;
  
  generating, by said computer processor, a provider verification component configured to enable a verification process authenticating service provider identification within a service request and defined with said provider registry, wherein said provider verification component comprises a provider table listing all registered providers of services, wherein the provider table comprises a Provider ID entry comprising a unique record for each provider record and a Provider Description entry describing each said provider;
  
  defining, by said computer processor, a service identification string associated with said services associated with said data;
  
  adding, by said computer processor, said service identification string to a security registry;
  
  generating, by said computer processor, a service verification component configured to enable a verification process that authenticates said services comprising an internal application interface to a function, wherein said service verification component comprises a service table comprising service records;
  
  generating, by said computer processor, a security data model comprising said requester verification component, said provider verification component, and said service verification component;
  
  deploying, by said computer processor, said services to a server platform;
  
  adding, by said computer processor, results of said deploying to a server registry;
  
  executing, by said computer processor, said security data model, wherein said executing said security data model results in;
  
  generating, by said computer processor, an access point door associated with a specified logical storage room representation, said logical storage room representation comprising a storage space comprised by a plurality of different storage mediums and physical storage locations, said logical storage room representation comprising said data;
  
  cross-referencing, by said computer processor, verification results of;
  
  verifying a match for said requestor identification string against said requestor registry;
  
  verifying a match for said service requestor identification string against said service registry;
  
  verifying a match for a requestor software component operating process identification string against a process registry;
  
  verifying a match for a requestor server identification string against said server registry;
  
  verifying a match for a requestor hardware device network address and a requestor MAC address against a network registry;
  
  verifying a match for a requestor hardware device identification string against a device registry;
  
  verifying a match for said provider identification string against said provider registry;
  
  verifying a match for a service provider identification string against said service registry;
  
  verifying a match for a provider software component operating process identification string against said process registry;
  
  verifying a match for a provider server identification string against said server registry;
  
  verifying a match for a provider hardware device identification string against said device registry;
  
  generating, by said computer processor, a scorecard comprising results of said cross-referencing, wherein said scorecard comprises;
  
  a Score Card ID entry comprising a unique record for each scorecard record of scorecard records;
  
  a Scorecard Results entry providing a tabulated value of the scorecard and determining pass or failure of a combined verification test; and
  
  a plurality of verification results entries comprising said verification results;
  
  determining, by said computer processor, that said scorecard comprises a valid integration pattern;
  
  generating, by said computer processor based on said valid integration pattern, a logical key associated with said access point door;
  
  generating, by said computer processor based on said valid integration pattern, a logical lock associated with said logical key;
  
  enabling, by said computer processor, said logical lock with said logical key;
  
  determining, by said computer processor based, that a time stamp associated with said logical lock and said logical key is valid; and
  
  enabling, by said computer processor based on said scorecard comprising said results of said cross-referencing, said valid integration pattern, said enabling said logical lock with said logical key, and said time stamp being valid, access to said data via said access point door and said specified logical storage room representation; and
  
  disabling, by said computer processor, said logical lock using said logical key.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising:
    - generating, by said computer processor, a software component operating identification string associated with said data;
      
      adding, by said computer processor, said software component operating identification string to said process registry;
      
      generating, by said computer processor, a software component global unique identifier (GUID) associated with said data;
      
      adding, by said computer processor, said software component GUID to a GUID registry;
      
      defining, by said computer processor, a network address and a media access control (MAC) address associated with said requestor and said provider of said data;
      
      adding, by said computer processor, said network address and said MAC address to said network registry;
      
      defining, by said computer processor, a hardware device identification string associated with said data;
      
      adding, by said computer processor, said hardware device identification string to a hardware registry; and
      
      storing, by said computing system, said requestor registry, said provider registry, said security registry, said server registry, said process registry, said GUID registry, said network registry, and said hardware registry.
  - 16. A computer program product, comprising a computer readable storage device storing a computer readable program code embodied therein, said computer readable program code configured to perform the method of claim 14 upon being enabled by said processor of said computing system.
  - 17. A process for supporting computer infrastructure, said process comprising providing at least one support service for at least one of creating, integrating, hosting, maintaining, and deploying computer-readable code in said computer processor, wherein the code in combination with the computer processor is capable of performing the method of claim 14.
  - 18. A computing system comprising a processor coupled to a computer-readable memory unit, said memory unit comprising a computer readable code configured to be enabled by the processor to perform the method of claim 14.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Brown, William A., Carr, Daniel D., Muirhead, Richard William, Reddington, Francis Xavier, Wolfe, Martin Andrew
Primary Examiner(s)
Strange, Aaron
Assistant Examiner(s)
Edwards, James

Application Number

US12/628,301
Publication Number

US 20110131339A1
Time in Patent Office

763 Days
Field of Search

709/229
US Class Current

709/229
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Data access control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Data access control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links