Reputation based access control
First Claim
1. A method in a computer system having a network input/output (I/O), a central processing unit (CPU), a reputation based access control unit and one or more databases including a reputation based access control database, the method for assessing whether to allow or deny access to a requested controlled resource having a policy from a request from a requesting subject having a reputation based upon the requesting subject'"'"'s reputation and the requested controlled resource'"'"'s policy, the method comprising:
- identifying the requesting subject;
retrieving the requesting subject'"'"'s reputation stored as a virtual attribute in a reputation-based access control database, wherein the requesting subject'"'"'s reputation comprises a value for skill for operating with the requested controlled resource, and wherein the requesting subject'"'"'s reputation is modified in each of the following cases;
as the reputation of an associate of the requesting subject changes, and following an indication from a peer of the requesting subject that the requesting subject'"'"'s value for skill is diminished;
identifying the requested controlled resource;
retrieving the requested controlled resource'"'"'s policy;
associating the requesting subject'"'"'s reputation with the requested controlled resource'"'"'s policy;
determining if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy;
if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy, allowing the requesting subject access to the requested controlled resource; and
if the requesting subject'"'"'s reputation does not meet the requested controlled resource'"'"'s policy, denying the requesting subject access to the requested controlled resource.
1 Assignment
0 Petitions
Accused Products
Abstract
The reputation based access control system of the present invention allows or denies access to a requested controlled resource to a requesting subject based upon predetermined associations between the resource and security contexts to determine the subject'"'"'s reputation in those contexts. The reputation based access control system utilizes an authentication system (biometric, challenge/response, etc.) to identify a subject. Once the identity is determined, a resource to be accessed is determined by a reputation based access control unit. The system interfaces with a reputation assessment system to gauge the subject'"'"'s reputation in these contexts. If the subject'"'"'s reputation meets the predetermined limits for reputation in those contexts for that resource, the subject is allowed access to the resource. Otherwise access is denied and the proper agents are notified.
-
Citations
19 Claims
-
1. A method in a computer system having a network input/output (I/O), a central processing unit (CPU), a reputation based access control unit and one or more databases including a reputation based access control database, the method for assessing whether to allow or deny access to a requested controlled resource having a policy from a request from a requesting subject having a reputation based upon the requesting subject'"'"'s reputation and the requested controlled resource'"'"'s policy, the method comprising:
-
identifying the requesting subject; retrieving the requesting subject'"'"'s reputation stored as a virtual attribute in a reputation-based access control database, wherein the requesting subject'"'"'s reputation comprises a value for skill for operating with the requested controlled resource, and wherein the requesting subject'"'"'s reputation is modified in each of the following cases;
as the reputation of an associate of the requesting subject changes, and following an indication from a peer of the requesting subject that the requesting subject'"'"'s value for skill is diminished;identifying the requested controlled resource; retrieving the requested controlled resource'"'"'s policy; associating the requesting subject'"'"'s reputation with the requested controlled resource'"'"'s policy; determining if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy; if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy, allowing the requesting subject access to the requested controlled resource; and if the requesting subject'"'"'s reputation does not meet the requested controlled resource'"'"'s policy, denying the requesting subject access to the requested controlled resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system having a network input/output (I/O), a central processing unit (CPU) and one or more databases for assessing whether to allow or deny access to a requested controlled resource, the requested controlled resource having an access policy, based upon a request for access to the requested controlled resource from a requesting subject, having a reputation, the assessment being based upon the requesting subject'"'"'s reputation and the requested controlled resource'"'"'s access policy, the system comprising:
-
a reputation based access control database for storing a policy for access to one or more controlled resources, the reputation based access control database comprising; a subject reputation database for storing, as a virtual attribute, subject reputation information relating to one or more requesting subjects, wherein the subject reputation information comprises a value for skill for operating with the requested controlled resource, and wherein the requesting subject'"'"'s reputation is modified in each of the following cases;
as the reputation of an associate of the requesting subject changes, and following an indication from a peer of the requesting subject that the requesting subject'"'"'s value for skill is diminished; anda controlled resource policy database for storing one or more access policies of one or more requested controlled resources; a reputation based access control unit for controlling access to the controlled resources, the reputation based access control unit comprising; a subject reputation database access unit, connected to the subject reputation database, for retrieving the subject reputation information stored in the subject reputation database; a controlled resource policy database access unit, connected to the controlled resource policy database, for retrieving the access policy of the one or more requested controlled resources; a controlled resource request receiver for receiving requests from subjects and for forwarding the received requests to the subject reputation database access unit and the controlled resource policy database access unit; an association unit for associating the subject reputation information of the requesting subject and the subject reputation information relating to the requesting subject; and a subject/controlled resource clearance unit for determining, based upon the association between the requesting subject'"'"'s subject reputation information and the requested controlled resource'"'"'s policy, clearing or not clearing the requesting subject for access to the controlled resource, wherein the requesting subject is allowed access to the requested controlled resource if the requesting subject'"'"'s subject reputation information meets the policy of the requested controlled resource and is denied access to the requested controlled resource if the requesting subject'"'"'s subject reputation information does not meet the policy of the requested controlled resource. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer program product embodied in a computer readable physical storage device for operating in a system comprising a network input/output (I/O), a central processing unit (CPU), a reputation based access control unit and one or more databases including a reputation based access control database, the method for assessing whether to allow or deny access to a requested controlled resource, having an access policy, from a request from a requesting subject, having a reputation, based upon the requesting subject'"'"'s reputation and requested controlled resource'"'"'s access policy, the method comprising:
-
identifying the requesting subject; retrieving the requesting subject'"'"'s reputation stored as a virtual attribute in a reputation-based access control database, wherein the requesting subject'"'"'s reputation is modified in each of the following cases;
as the reputation of an associate of the requesting subject changes, and following an indication from a peer of the requesting subject that the requesting subject'"'"'s value for skill is diminished;identifying the requested controlled resource; retrieving the requested controlled resource'"'"'s access policy; associating the requesting subject'"'"'s reputation with the requested controlled resource'"'"'s access policy; determining if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s access policy; if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s access policy, allowing the requesting subject access to the requested controlled resource; and if the requesting subject'"'"'s reputation does not meet the requested controlled resource'"'"'s access policy, denying the requesting subject access to the requested controlled resource. - View Dependent Claims (16, 17)
-
-
18. A method for deploying a computer infrastructure in a system comprising a network input/output (I/O), a central processing unit (CPU), a reputation based access control unit and one or more databases including a reputation based access control database, for implementing a process for assessing whether to allow or deny access to a requested controlled resource having an access policy from a request from a requesting subject having a reputation based upon the requesting subject'"'"'s reputation and requested controlled resource'"'"'s access policy, the process comprising:
-
identifying the requesting subject; retrieving the requesting subject'"'"'s reputation stored as a virtual attribute in a reputation-based access control database, wherein the requesting subject'"'"'s reputation is modified in each of the following cases;
as the reputation of an associate of the requesting subject changes, and following an indication from a peer of the requesting subject that the requesting subject'"'"'s value for skill is diminished;identifying the requested controlled resource; retrieving the requested controlled resource'"'"'s access policy; associating the requesting subject'"'"'s reputation with the requested controlled resource'"'"'s access policy; determining if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s access policy; if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s access policy, allowing the requesting subject access to the requested controlled resource; and if the requesting subject'"'"'s reputation does not meet the requested controlled resource'"'"'s access policy, denying the requesting subject access to the requested controlled resource. - View Dependent Claims (19)
-
Specification