Role-based access control utilizing token profiles
First Claim
1. A method comprising:
- receiving, by a token processing system (TPS) executing on a computing system, a request from a TPS client over a network to perform an operation on entries of a token database, wherein each of the entries of the token database is associated with a token assigned to one of a plurality of groups, wherein the TPS is configured to communicate with the token database and configured to communicate over the network with one or more additional clients having the tokens to the plurality of groups;
identifying a subset of the plurality of groups that corresponds to the entries indicated in the request of the TPS client;
determining to which of the identified groups the TPS client belongs using token profiles stored in a profile data structure, each of the token profiles specifying one or more of the plurality of groups and one or more corresponding roles for access privileges to the entries corresponding to the respective one or more of the plurality of groups;
for each group the TPS client belongs, determining a corresponding role for the TPS client from the token profiles, wherein the corresponding role defines the TPS client'"'"'s access privileges to the entries corresponding to the tokens in the respective group; and
for each group the TPS client belongs, allowing the TPS client access to the entries of the respective group to perform the operation when the TPS client user has the appropriate role assigned within the respective group.
2 Assignments
0 Petitions
Accused Products
Abstract
A method A method and system for managing role-based access control of token data using token profiles is described. In one method, a token processing system (TPS) receives a request from a TPS client over a network to perform an operation on entries of a token database. The TPS identifies a subset of the multiple groups that corresponds to the entries indicated in the request of the TPS client, determines to which of the identified groups the TPS client belongs using token profiles. For each group the TPS client belongs, the TPS determines a corresponding role for the TPS client from the token profiles. For each group the TPS belongs, the TPS allows the TPS client access to the entries of the respective group to perform the operation when the TPS client has the appropriate role assigned within the respective group.
-
Citations
23 Claims
-
1. A method comprising:
-
receiving, by a token processing system (TPS) executing on a computing system, a request from a TPS client over a network to perform an operation on entries of a token database, wherein each of the entries of the token database is associated with a token assigned to one of a plurality of groups, wherein the TPS is configured to communicate with the token database and configured to communicate over the network with one or more additional clients having the tokens to the plurality of groups; identifying a subset of the plurality of groups that corresponds to the entries indicated in the request of the TPS client; determining to which of the identified groups the TPS client belongs using token profiles stored in a profile data structure, each of the token profiles specifying one or more of the plurality of groups and one or more corresponding roles for access privileges to the entries corresponding to the respective one or more of the plurality of groups; for each group the TPS client belongs, determining a corresponding role for the TPS client from the token profiles, wherein the corresponding role defines the TPS client'"'"'s access privileges to the entries corresponding to the tokens in the respective group; and for each group the TPS client belongs, allowing the TPS client access to the entries of the respective group to perform the operation when the TPS client user has the appropriate role assigned within the respective group. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A certificate system, comprising:
-
a data storage device to store a plurality of token profiles, wherein each of the plurality of token profiles corresponds to one of a plurality of groups, each of the plurality of groups having a plurality of tokens, and wherein each of the plurality of token profiles specifies a role that defines the TPS client'"'"'s access privileges to entries of a token database corresponding to the tokens in the respective group; and a first server, comprising a token processing system (TPS), coupled to the data storage device, wherein the TPS is configured to communicate with the data storage device and is configured to communicate over a network with a TPS client and one or more additional clients having the tokens assigned to the plurality of groups, wherein the TPS is configured to receive a request from the TPS client to perform an operation on the entries of the token database, to identify a subset of the plurality of groups that corresponds to the entries indicated in the request of the TPS client, and to determine to which of the identified groups the TPS client belongs using the token profiles, each of the token profiles specifying one or more of the plurality of groups and one or more corresponding roles for access privileges to the entries corresponding to the respective one or more of the plurality of groups, and for each group the TPS client belongs, the TPS is configured to determine a corresponding role for the TPS client from the token profiles, and to allow the TPS client access to the entries of the respective group to perform the operation when the TPS client has the appropriate role assigned within the respective group. - View Dependent Claims (17, 18, 19)
-
-
20. A non-transitory machine-readable storage medium having instructions, which when executed, cause a computing system to perform a method, the method comprising:
-
receiving, by a token processing system (TPS) executing on the computing system, a request from a TPS client over a network to perform an operation on entries of a token database, wherein each of the entries of the token database is associated with a token assigned to one of a plurality of groups, wherein the TPS is configured to communicate with the token database and configured to communicate over the network with one or more additional clients having the tokens assigned to the plurality of groups; identifying a subset of the plurality of groups that corresponds to the entries indicated in the request of the TPS client; determining to which of the identified groups the TPS client belongs using token profiles stored in a profile data structure, each of the token profiles specifying one or more of the plurality of groups and one or more corresponding roles for access privileges to the entries corresponding to the respective one or more of the plurality of groups; for each group the TPS client belongs, determining a corresponding role for the TPS client from the token profiles, wherein the corresponding role defines the TPS client'"'"'s access privileges to the entries corresponding to the tokens in the respective group; and for each group the TPS client belongs, allowing the TPS client access to the entries of the respective group to perform the operation when the TPS client has the appropriate role assigned within the respective group. - View Dependent Claims (21, 22, 23)
-
Specification