Variable domain resource data security for data processing systems

US 8,590,011 B1
Filed: 02/24/2005
Issued: 11/19/2013
Est. Priority Date: 02/24/2005
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A method of providing controlled, electronic access to variable domain data stored in a data processing system, the method comprising:

performing using a computer system;

receiving information from a principal that includes information identifying the principal;

performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein the variable domain model comprises a product configuration model, and performing the one or more logical operations comprises executing a configuration engine to perform an intersection between configuration spaces defined by a data security model and a product configuration model, wherein data included in any overlap of the configuration spaces is used to determine a level of resource data access to be granted to the principal; and

granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal, wherein the principal comprises an entity that has controlled access to the resource data.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

The variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions as an associated variable domain data model. An application, such as a configuration engine, can be used to create controlled access to the variable domain data model using the data security model.

120 Citations

View as Search Results

25 Claims

1. A method of providing controlled, electronic access to variable domain data stored in a data processing system, the method comprising:
- performing using a computer system;
  
  receiving information from a principal that includes information identifying the principal;
  
  performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein the variable domain model comprises a product configuration model, and performing the one or more logical operations comprises executing a configuration engine to perform an intersection between configuration spaces defined by a data security model and a product configuration model, wherein data included in any overlap of the configuration spaces is used to determine a level of resource data access to be granted to the principal; and
  
  granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal, wherein the principal comprises an entity that has controlled access to the resource data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the product configuration model comprises configuration parts, configuration rules, resource data, attributes, and logical relationships.
  - 3. The method of claim 2 wherein the data security model and the product configuration model separately utilize a common logical relationship data structure, and the logical data relationship structure includes logical relationship expressions that define data within the data security model and the product configuration model.
  - 4. The method of claim 3 wherein the logical relationship data structure includes intra-model data interrelationships defined using Boolean logic.
  - 5. The method of claim 1 wherein the level of resource data access granted to the principal comprises rights to view the resource data.
  - 6. The method of claim 1 wherein the level of resource data access granted to the principal comprises rights to modify at least one member of the group consisting of:
    - the resource data, variable domain data model attributes, and logical relationships used to describe the resource data.
  - 7. The method of claim 1 further comprising:
    - providing display data to allow the resource data to be displayed on an electronic monitor, wherein a display of the resource data includes an indication of the level of resource data access granted to the principal.
  - 8. The method of claim 1 wherein the display data provided to allow the resource data to be displayed on the electronic monitor comprises data to allow the resource data to be displayed in a grid framework wherein the resource data for which a level of resource data access has been granted to the principal are visually distinguishable from the resource data for which a level of resource data access has not been granted to the principal.

9. A data processing system to provide controlled, electronic access to variable domain data stored in a data processing system, the data processing system comprises:
- a processor; and
  
  a storage medium coupled to the processor and having data encoded therein, the data comprising processor executable code for;
  
  receiving information from a principal that includes information identifying the principal;
  
  performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein variable domain model comprises a product configuration model, and performing the one or more logical operations comprises executing a configuration engine to perform an intersection between configuration spaces defined by a data security model and a product configuration model, wherein data included in any overlap of the configuration spaces is used to determine a level of resource data access to be granted to the principal; and
  
  granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal, wherein the principal comprises an entity that has controlled access to the resource data.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The data processing system of claim 9 wherein the product configuration model comprises configuration parts, configuration rules, resource data, attributes, and logical relationships.
  - 11. The data processing system of claim 10 wherein the data security model and the product configuration model separately utilize a common logical relationship data structure, and the logical data relationship structure includes logical relationship expressions that define data within the data security model and the product configuration model.
  - 12. The data processing system of claim 9 wherein the logical relationship data structure includes intra-model data interrelationships defined using Boolean logic.
  - 13. The data processing system of claim 9 wherein the level of resource data access granted to the principal comprises rights to view the resource data.
  - 14. The data processing system of claim 9 wherein the level of resource data access granted to the principal comprises rights to modify at least one member of the group consisting of:
    - the resource data, variable domain data model attributes, and logical relationships used to describe the resource data.
  - 15. The data processing system of claim 9 wherein the encoded data further comprises code for:
    - providing display data to allow the resource data to be displayed on an electronic monitor, wherein a display of the resource data includes an indication of the level of resource data access granted to the principal.
  - 16. The data processing system of claim 15 wherein the display data provided to allow the resource data to be displayed on the electronic monitor comprises data to allow the resource data to be displayed in a grid framework wherein the resource data for which a level of resource data access has been granted to the principal are visually distinguishable from the resource data for which a level of resource data access has not been granted to the principal.

17. A computer storage device comprising data embedded therein to cause a computer system to provide controlled, electronic access to variable domain data stored in a data processing system, wherein the embedded data comprises processor executable code for:
- receiving information from a principal that includes information identifying the principal;
  
  performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein the variable domain model comprises a product configuration model, and performing the one or more logical operations comprises executing a configuration engine to perform an intersection between configuration spaces defined by a data security model and a product configuration model, wherein data included in any overlap of the configuration spaces is used to determine a level of resource data access to be granted to the principal; and
  
  granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal, wherein the principal comprises an entity that has controlled access to the resource data.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The storage medium of claim 17 wherein the product configuration model comprises configuration parts, configuration rules, resource data, attributes, and logical relationships.
  - 19. The storage medium of claim 18 wherein the data security model and the product configuration model separately utilize a common logical relationship data structure, and the logical data relationship structure includes logical relationship expressions that define data within the data security model and the product configuration model.
  - 20. The storage medium of claim 17 wherein the logical relationship data structure includes intra-model data interrelationships defined using Boolean logic.
  - 21. The storage medium of claim 17 wherein the level of resource data access granted to the principal comprises rights to view the resource data.
  - 22. The storage medium of claim 17 wherein the level of resource data access granted to the principal comprises rights to modify at least one member of the group consisting of:
    - the resource data, variable domain data model attributes, and logical relationships used to describe the resource data.
  - 23. The storage medium of claim 17 wherein the encoded data further comprises code for:
    - providing display data to allow the resource data to be displayed on an electronic monitor, wherein a display of the resource data includes an indication of the level of resource data access granted to the principal.
  - 24. The storage medium of claim 23 wherein the display data provided to allow the resource data to be displayed on the electronic monitor comprises data to allow the resource data to be displayed in a grid framework wherein the resource data for which a level of resource data access has been granted to the principal are visually distinguishable from the resource data for which a level of resource data access has not been granted to the principal.

25. A computer system to provide controlled, electronic access to variable domain data stored in a data processing system, the system comprising:
- means for receiving information from a principal that includes information identifying the principal;
  
  means for performing one or more logical relationship operations on a data security model and a variable domain data model using security attributes of the data security model to determine a level of resource data access to be granted to the principal, wherein the variable domain model comprises a product configuration model, and performing the one or more logical operations comprises executing a configuration engine to perform an intersection between configuration spaces defined by a data security model and a product configuration model, wherein data included in any overlap of the configuration spaces is used to determine a level of resource data access to be granted to the principal; and
  
  means for granting the principal access to the resource data in accordance with the determined level of resource data access to be granted to the principal, wherein the principal comprises an entity that has controlled access to the resource data.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Versata Development Group, Inc. (ESW Capital, LLC)
Original Assignee
Versata Development Group, Inc. (ESW Capital, LLC)
Inventors
Loyens, Jon, Legault, Jacy M.
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US11/064,633
Time in Patent Office

3,190 Days
Field of Search

713/166, 726/1, 726/3, 726/28
US Class Current

726/3
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/105   Multiple levels of security

Variable domain resource data security for data processing systems

First Claim

2 Assignments

Litigations

0 Petitions

Accused Products

Abstract

120 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Variable domain resource data security for data processing systems

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others