Context-aware role-based access control system and control method thereof
First Claim
1. A context-aware role-based access control system comprising:
- a processor and a memory storing a software, that when executed by the processor performs;
a context-aware user assignment manager (CAUAM) for performing a role assignment function, a role delegation function, or a role revocation function for a user according to a context of the user without intervention from a security manager, based on a preset context request condition including at least one context description connecting a plurality of contexts with the user;
a context-aware permission assignment manager (CAPAM) for performing a permission modification, a permission restoration, and a personalized permission modification for a permission, which the role has, according to changes in the context of the user;
an information repository for storing a user profile and context information;
an access control manager (ACM) for controlling the context-aware user assignment manager, the context-aware permission assignment manager, and the information repository, and processing an access control request; and
a personalized permission modification component (PPMC) for modifying the permission, which the role assigned to the user has, into a permission preferred by the user among permissions for performing an equal operation, by making reference to a user profile.
2 Assignments
0 Petitions
Accused Products
Abstract
A context-aware role-based access control system and a control method thereof. The context-aware role-based access control system includes: a context-aware user assignment manager (CAUAM) for performing a role assignment function, a role delegation function, or a role revocation function for a user according to a context of the user, based on a preset context request condition; a context-aware permission assignment manager (CAPAM) for performing a permission modification, a permission restoration, and a personalized permission modification for a permission, which the role has, according to changes in the context of the user; an information repository for storing a user profile and context information; and an access control manager (ACM) for controlling the context-aware user assignment manager, the context-aware permission assignment manager, and the information repository, and processing an access control request. Accordingly, more efficient access control can be achieved in ubiquitous environments where the context of the user dynamically changes.
76 Citations
16 Claims
-
1. A context-aware role-based access control system comprising:
-
a processor and a memory storing a software, that when executed by the processor performs; a context-aware user assignment manager (CAUAM) for performing a role assignment function, a role delegation function, or a role revocation function for a user according to a context of the user without intervention from a security manager, based on a preset context request condition including at least one context description connecting a plurality of contexts with the user; a context-aware permission assignment manager (CAPAM) for performing a permission modification, a permission restoration, and a personalized permission modification for a permission, which the role has, according to changes in the context of the user; an information repository for storing a user profile and context information; an access control manager (ACM) for controlling the context-aware user assignment manager, the context-aware permission assignment manager, and the information repository, and processing an access control request; and a personalized permission modification component (PPMC) for modifying the permission, which the role assigned to the user has, into a permission preferred by the user among permissions for performing an equal operation, by making reference to a user profile. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16)
-
-
12. A control method of a context-aware user assignment manager (CAUAM) in a context-aware role-based access control system including a processor, the method comprising the steps of:
-
assigning, by the processor, a role to a user based on a first context request condition, which is preset to grant the user a role according to at least one context description connecting a plurality of contexts with the user, the plurality of contexts including information on a location and a state of the user; checking, by the processor, if a second context request condition, which is preset for a context in which the role of the user is to be delegated to a different user, is satisfied; creating, by the processor, a user assignment element (UAE) which includes delegator information and a delegator'"'"'s role when the second context request condition is satisfied as a result of the check; updating, by the processor, a user assignment table (UAT) with the created user assignment element, and delegating the role to the different user; determining, by the processor, if the assigned or delegated role coincides with the preset context request condition; revoking, by the processor without intervention from a security manager, the assigned or delegated role when the assigned or delegated role does not coincide with the preset context request condition as a result of the determination; and modifying, by the processor, a permission, which a role assigned to the user has, into a permission preferred by the user among permissions for performing an equal operation, by making reference to a user profile. - View Dependent Claims (13)
-
-
14. A control method of a context-aware permission assignment manager (CAPAM) in a context-aware role-based access control system including a processor, the method comprising the steps of:
-
assigning or delegating, by a context-aware user assignment manager without intervention from a security manager, a role suitable for a context of a user; checking, by the processor, if an operation of a permission, which the assigned or delegated role has, corresponds to a third context request condition which is preset according to contexts requiring modification, the third context request condition including at least one context description connecting a plurality of contexts with the user; modifying, by the processor, the operation of the permission according to the third context request condition, when the operation of the permission corresponds to the third context request condition as a result of the check; determining, by the processor, if the modified permission coincides with the third context request condition; reading, by the processor, the pre-modification permission from a permission queue (PQ), when the modified permission does not coincide with the third context request condition as a result of the determination; updating, by the processor, a permission assignment table with the pre-modification permission, and restoring the operation of the permission to an original state; and modifying, by the processor, a permission, which a role assigned to the user has, into a permission preferred by the user among permissions for performing an equal operation, by making reference to a user profile. - View Dependent Claims (15)
-
Specification