Refined permission constraints using internal and external data extraction in a role-based access control system

US 8,271,527 B2
Filed: 08/26/2004
Issued: 09/18/2012
Est. Priority Date: 08/26/2004
Status: Active Grant

First Claim

Patent Images

1. A Role Based Access Control (RBAC) method performed by a data processor, comprising:

retaining a role for a user having access to a computer system, the role including access constraints;

receiving a request for access to an object of the computer system from the user;

verifying the role has access to the object;

granting or denying access to the object in response to the request by extracting context and content from internal to the computer system and external to the computer system, wherein granting access to the object includes altering the access constraints of the role for the request according to the context and content from internal to the computer system and external to the computer system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention can enable increasing refinement of role-based permission to access data within a Role Based Access Control (RBAC) controlled computer system by enabling constraints to be written on the role-based permissions. The constraints may utilize each and every type or combination of subject, object, or environment information extracted from sources internal or external to the controlled computer system and may evaluate the content or context of the information extracted to enable refined and dynamic access after the role permission assignment and immediately before every access grant without the reassignment of roles.

42 Citations

View as Search Results

26 Claims

1. A Role Based Access Control (RBAC) method performed by a data processor, comprising:
- retaining a role for a user having access to a computer system, the role including access constraints;
  
  receiving a request for access to an object of the computer system from the user;
  
  verifying the role has access to the object;
  
  granting or denying access to the object in response to the request by extracting context and content from internal to the computer system and external to the computer system, wherein granting access to the object includes altering the access constraints of the role for the request according to the context and content from internal to the computer system and external to the computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The Role Based Access Control (RBAC) method according to claim 1, wherein the extracted internal content includes text extracted from the requested object.
  - 3. The Role Based Access Control (RBAC) method according to claim 1, further comprising extracting external content from at least one of an external database or Internet.
  - 4. The Role Based Access Control (RBAC) method according to claim 1, wherein the access constraints are specified using Structured Query Language (SQL), Relational Algebra, or Prepositional Logic.
  - 5. The Role Based Access Control (RBAC) method according to claim 1, wherein the external content and the external context are obtained via a search mechanism that uses crawlers, via a search mechanism that uses a mediator, via a search mechanism using text search engines, via a search mechanism as used in database management systems, via a search mechanism as used in reconciled structured repositories, or via a search mechanism as used in geospatial database searches.
  - 6. The Role Based Access Control (RBAC) method according to claim 1, wherein the internal content, internal context, external content and external context are obtained via an extraction technique using part of speech tagging.
  - 7. The Role Based Access Control (RBAC) method according to claim 1, wherein the internal content, internal context, external content and external context are obtained via an extraction technique using conventional term extraction, via an extraction technique using term co-occurrence, via an extraction technique using inference networks, or via an extraction technique using language models.

8. A Role Based Access Control (RBAC) method performed by a data processor, comprising:
- retaining a role for a user having access to a computer system, the role including access constraints;
  
  receiving a request from a user for an operation on an object of the computer system, the computer system including an environment;
  
  verifying the access constraints of the role by;
  
  extracting content internal to the computer system about at least one of the user, the role, the object, and the environment;
  
  extracting content external to the computer system about at least one of the role, the user, the object, and the environment;
  
  extracting context external to the computer system about at least one of the user, the role, the object, and the environment;
  
  extracting context internal to the computer system about at least one of the role, the user, the object, and the environment;
  
  altering the access constraints of the role for the request according to the extracted context and content from internal to the computer system and external to the computer system; and
  
  granting access to the operation.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 9. The Role Based Access Control (RBAC) method according to claim 8, wherein the extracted internal content includes text extracted from the requested object.
  - 10. The Role Based Access Control (RBAC) method according to claim 8, wherein the extracting content external to the system comprises extracting content from at least one of an external database or an Internet.
  - 11. The Role Based Access Control (RBAC) method according to claim 8, wherein extracting context and content comprises at least one of information retrieval, data mining, or a natural language processing technique.
  - 12. The Role Based Access Control (RBAC) method according to claim 8, wherein extracting context and content from internal to the computer system and external to the computer system comprises information retrieval.
  - 13. The Role Based Access Control (RBAC) method according to claim 8, wherein extracting context and content from internal to the computer system and external to the computer system comprises data mining.
  - 14. The Role Based Access Control (RBAC) method according to claim 8, wherein extracting context and content from internal to the computer system and external to the computer system comprises a natural language processing technique.
  - 15. The Role Based Access Control (RBAC) method according to claim 8, wherein the access constraints are specified using Structured Query Language (SQL), Relational Algebra, or Prepositional Logic.
  - 16. The Role Based Access Control (RBAC) method according to claim 8, wherein the external content and the external context are obtained via a search mechanism that uses crawlers.
  - 17. The Role Based Access Control (RBAC) method according to claim 8, wherein the external content and the external context are obtained via a search mechanism that uses a mediator.
  - 18. The Role Based Access Control (RBAC) method according to claim 8, wherein the external content and the external context are obtained via a search mechanism using text search engines.
  - 19. The Role Based Access Control (RBAC) method according to claim 8, wherein the external content and the external context are obtained via a search mechanism as used in database management systems.
  - 20. The Role Based Access Control (RBAC) method according to claim 8, wherein the external content and the external context are obtained via a search mechanism as used in reconciled structured repositories.
  - 21. The Role Based Access Control (RBAC) method according to claim 8, wherein the external content and the external context are obtained via a search mechanism as used in geospatial database searches.
  - 22. The Role Based Access Control (RBAC) method according to claim 8, wherein the internal content, internal context, external content and external context are obtained via an extraction technique using part of speech tagging.
  - 23. The Role Based Access Control (RBAC) method according to claim 8, wherein the internal content, internal context, external content and external context are obtained via an extraction technique using conventional term extraction.
  - 24. The Role Based Access Control (RBAC) method according to claim 8, wherein the internal content, internal context, external content and external context are obtained via an extraction technique using term co-occurrence.
  - 25. The Role Based Access Control (RBAC) method according to claim 8, wherein the internal content, internal context, external content and external context are obtained via an extraction technique using inference networks.
  - 26. The Role Based Access Control (RBAC) method according to claim 8, wherein the internal content, internal context, external content and external context are obtained via an extraction technique using language models.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Illinois Institute of Technology
Original Assignee
Illinois Institute of Technology
Inventors
Frieder, Ophir, Ren, Shangping
Primary Examiner(s)
DANG, THANH HA T

Application Number

US10/926,548
Publication Number

US 20060047657A1
Time in Patent Office

2,945 Days
Field of Search

707/3, 707/2, 707/9, 707/783
US Class Current

707/783
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Refined permission constraints using internal and external data extraction in a role-based access control system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Refined permission constraints using internal and external data extraction in a role-based access control system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others