Optimizing data cache when applying user-based security

US 8,375,056 B2
Filed: 02/26/2010
Issued: 02/12/2013
Est. Priority Date: 02/26/2010
Status: Active Grant

First Claim

Patent Images

1. A secure caching method comprising:

receiving a user request for data and a security context;

searching a cache for the requested data based on the user request and the received security context;

if the requested data is found in the cache, returning the cached data in response to the user request, andif the requested data is not found in the cache, obtaining the requested data from a data source, storing the obtained data in the cache and associating the obtained data with the security context, and returning the requested data in response to the user request,wherein the cached data is stored with a corresponding list that associates the cached data with the security context which comprises a profile of at least one authorized user, andwherein the corresponding list further comprises at least one dimension for the at least one authorized user, and an identifier for each cached member data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure caching system and caching method include receiving a user request for data, the request containing a security context, and searching a cache for the requested data based on the user request and the received security context. If the requested data is found in cache, returning the cached data in response to the user request. If the requested data is not found in cache, obtaining the requested data from a data source, storing the obtained data in the cache and associating the obtained data with the security context, and returning the requested data in response to the user request. The search for the requested data can include searching for a security list that has the security context as a key, the security list including an address in the cache of the requested data.

Citations

27 Claims

1. A secure caching method comprising:
- receiving a user request for data and a security context;
  
  searching a cache for the requested data based on the user request and the received security context;
  
  if the requested data is found in the cache, returning the cached data in response to the user request, andif the requested data is not found in the cache, obtaining the requested data from a data source, storing the obtained data in the cache and associating the obtained data with the security context, and returning the requested data in response to the user request,wherein the cached data is stored with a corresponding list that associates the cached data with the security context which comprises a profile of at least one authorized user, andwherein the corresponding list further comprises at least one dimension for the at least one authorized user, and an identifier for each cached member data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, and wherein if the requested data is not found in the cache, generating a new list for associating the obtained data stored in the cache with the security context by storing references to the obtained data stored in the cache.
  - 3. The method according to claim 2, wherein the new list is stored in a list storage unit in which number of stored lists increases incrementally based on received user queries.
  - 4. The method according to claim 2, further comprising purging a list from a list storage unit if a change in the cached data compromises integrity of the list.
  - 5. The method according to claim 2, further comprising initializing a list storage unit prior to using the cache, wherein the initializing comprises submitting queries to the data source for commonly used data for commonly used security contexts, loading the cache with the results of the queries and creating security lists which reference the cached data.
  - 6. The method according to claim 2, further comprising checking stored lists for redundancy and if two identical lists are found, the two identical lists are collapsed into a single list.
  - 7. The method according to claim 1, wherein the data is metadata.
  - 8. The secure caching method of claim 1, wherein the data source is online analytic processing databases and wherein the profile of the at least one authorized user and the at least one dimension are categories of the data source.
  - 9. The secure caching method of claim 1, wherein if the requested data is not found in the cache, performing the following operations:
    - generating a new list comprising the profile of the at least one authorized user corresponding to the security content and a dimension comprising at least one member data;
      
      retrieving each of the at least one member data from the data source;
      
      for each of the retrieved at least one member data, checking if a corresponding member data exists in the cache,if the corresponding member does not exist in the cache, populating the cache with the corresponding member data and inserting a new identifier of the corresponding member data into the new list; and
      
      if the corresponding member exists in the cache, inserting the new identifier of the corresponding member data into the new list.
  - 10. The secure caching method of claim 1, wherein if the requested data does not exist in cache, generating a new list comprising the profile of the at least one authorized user and a dimension comprising at least one member data and retrieving the requested data from a remote data source and storing the retrieved data in the cache, and wherein, if a corresponding member data exists in the cache, inserting a new identifier which identifies an address of the corresponding member data into the new list.

11. A secure caching method in a system connected to a user and a data source, said data source having defined access rights based on a security context of users, the method comprising:
- receiving a user request including a security context and a data identifier;
  
  checking in a list storage for the presence of a list identified by the security context and the data identifier; and
  
  if the list is not present, creating a list and storing the list in the list storage identified by the security context comprising a profile of at least one authorized user and the data identifier, retrieving data from the data source, and storing the retrieved data separately in a data storage, and populating the created list stored in the list storage with addresses of storage of the retrieved data stored in the data storage; and
  
  if the list is present, retrieving data from the data storage using the storage addresses in said list.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method according to claim 11, wherein the data identifier is a cube dimension identifier.
  - 13. The method according to claim 11, wherein the data storage is a cache that comprises data provided from a plurality of heterogeneous remote data sources.
  - 14. The method according to claim 11, further comprising preloading the data storage and the list storage, wherein the list storage is preloaded with lists corresponding to commonly used security contexts and data identifiers, and the data storage is preloaded with commonly used data referenced by said preloaded lists.
  - 15. The method according to claim 11, wherein the data stored in data storage is OLAP metadata.

16. A caching system comprising:
- a processor executing software modules; and
  
  a memory storing the software module,wherein the software modules comprise;
  
  a receiver module which receives a user request for data and a security context;
  
  a search module which searches a cache for the requested data based on the user request and the received security context; and
  
  a management module which obtains the cached data in response to the user request if the requested data is found in the cache,wherein if the requested data is not found in the cache, the management module obtains the requested data from a data source, stores the obtained data in the cache and associates the obtained data with the security context, and returns the requested data in response to the user request,wherein the cached data is stored by the management module with a corresponding list that associates the cached data with the security context comprising a profile of at least one authorized user, andwherein the corresponding list further comprises at least one dimension for the at least one authorized user, and an identifier for each cached member data.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The system according to claim 16, wherein if the search module does not find the requested data in the cache, the management module generates a new list for associating the obtained data stored in the cache with the security context by storing references to the obtained data stored in the cache.
  - 18. The system according to claim 17, wherein the management module stores the new list in a list storage unit in which number of stored lists increases incrementally based on unique received user queries.
  - 19. The system according to claim 17, further comprising a purge module which purges a list from a list storage unit if a change in the cached data compromises integrity of the list.
  - 20. The system according to claim 17, further comprising a preloading module which initializes a list storage unit prior to using the cache, wherein the preloading module submits queries to the data source for commonly used data for commonly used security contexts, preloads the cache with the results of the queries and creates new security lists which reference the cached data.
  - 21. The system according to claim 17, further comprising a check module which checks stored lists for redundancy and if two identical lists are found, which collapses the two identical lists into a single list.

22. A non-transitory computer readable medium storing instructions for secure caching, the instructions comprising:
- receiving a user request for data and a security context;
  
  searching a cache for the requested data based on the user request and the received security context;
  
  if the requested data is found in the cache, returning the cached data in response to the user request, andif the requested data is not found in the cache, obtaining the requested data from a data source, storing the obtained data in the cache and associating the obtained data with the security context,wherein the cached data is stored with a corresponding list that associates the cached data with the security context comprising a profile of at least one authorized user, andwherein the corresponding list further comprises at least one dimension for the at least one authorized user, and an identifier for each cached member data.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The non-transitory computer readable medium according to claim 22, wherein the instructions further comprise:
    - if the requested data is not found in the cache, generating a new list for associating the obtained data stored in the cache with the security context by storing references to the obtained data stored in the cache.
  - 24. The non-transitory computer readable medium according to claim 23, wherein the instructions further comprise the new list is stored in a list storage unit in which number of stored lists increases incrementally based on unique received user queries.
  - 25. The non-transitory computer readable medium according to claim 23, wherein the instructions further comprises purging a list from a list storage unit if a change in the cached data compromises integrity of the list.
  - 26. The non-transitory computer readable according to claim 23, wherein the instructions further comprises initializing a list storage unit prior to using the cache, wherein the initializing comprises submitting queries to the data source for commonly used data for commonly used security contexts, loading the cache with the results of the queries and creating new security lists which reference the cached data.
  - 27. The non-transitory computer readable according to claim 23, wherein the instructions further comprises checking stored lists for redundancy and if two identical lists are found, the two identical lists are collapsed into a single list.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Iorio, Pierre, Lanthier, Gregoire D., Griggs, John C., Grosset, Robin N.
Primary Examiner(s)
Ng, Amy

Application Number

US12/714,225
Publication Number

US 20110213751A1
Time in Patent Office

1,082 Days
Field of Search

707/782, 707/783, 707/784
US Class Current

707/783
CPC Class Codes

G06F 12/0864   using pseudo-associative me...

G06F 12/1458   by checking the subject acc...

G06F 16/24552   Database cache management

H04L 67/306   User profiles

H04L 67/5681   Pre-fetching or pre-deliver...

H04L 67/5682   Policies or rules for updat...

Optimizing data cache when applying user-based security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Optimizing data cache when applying user-based security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links