Control of access to files

US 8,904,551 B2
Filed: 11/07/2012
Issued: 12/02/2014
Est. Priority Date: 11/07/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A computer system for controlling access to files, the computer system comprising:

a processor;

a computer-readable memory;

a computer-readable storage device;

first program instructions for receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;

product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;

second program instructions for receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category;

third program instructions for, in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file, andfourth program instructions for storing the access-control list in an information repository,wherein the information repository comprises a security architecture,wherein the security architecture controls access to a secured system,wherein the security architecture comprises a category variable, andwherein the category variable comprises a set of category sub-variables; and

wherein the identifying comprises;

requesting and receiving a set of user credentials, wherein the set of user credentials is associated with the user;

communicating a first query to the information repository, wherein the first query is a function of the set of user credentials;

receiving an authorization code from the information repository in response to the first query, wherein the authorization code is a function of the user credentials, and wherein the authorization code confirms that the user is an authenticated user of the secured system;

communicating a second query to the information repository, wherein the second query is a function of the authorization code;

receiving the access-control list from the information repository in response to the second query, wherein the receiving is a function of the authorization code; and

retrieving the category from the access-control list; and

wherein the first program instructions, the second program instructions, and the third program instructions, and the fourth program instructions are stored on the computer-readable storage device for execution by the processor via the computer-readable memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and program product for using access-control lists to control access to categorized computer files. Two or more computer files are each associated with one of a set of possible classifications that fall within a single category and an access-control list associates a user with a subset of these classifications. In response to the user'"'"'s request for access to one of these files, where the request specifies the requested file but does not specify the category of the requested file, the processor identifies the requested file'"'"'s category based on that file'"'"'s associated classifications, checks the access-control list to determine that the user is authorized to access files of the identified category, and then grants the requesting user access to the requested file.

18 Citations

View as Search Results

12 Claims

1. A computer system for controlling access to files, the computer system comprising:
- a processor;
  
  a computer-readable memory;
  
  a computer-readable storage device;
  
  first program instructions for receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;
  
  product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;
  
  second program instructions for receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category;
  
  third program instructions for, in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file, andfourth program instructions for storing the access-control list in an information repository,wherein the information repository comprises a security architecture,wherein the security architecture controls access to a secured system,wherein the security architecture comprises a category variable, andwherein the category variable comprises a set of category sub-variables; and
  
  wherein the identifying comprises;
  
  requesting and receiving a set of user credentials, wherein the set of user credentials is associated with the user;
  
  communicating a first query to the information repository, wherein the first query is a function of the set of user credentials;
  
  receiving an authorization code from the information repository in response to the first query, wherein the authorization code is a function of the user credentials, and wherein the authorization code confirms that the user is an authenticated user of the secured system;
  
  communicating a second query to the information repository, wherein the second query is a function of the authorization code;
  
  receiving the access-control list from the information repository in response to the second query, wherein the receiving is a function of the authorization code; and
  
  retrieving the category from the access-control list; and
  
  wherein the first program instructions, the second program instructions, and the third program instructions, and the fourth program instructions are stored on the computer-readable storage device for execution by the processor via the computer-readable memory.
- View Dependent Claims (2, 3, 4)
- - 2. The computer system of claim 1, wherein the same category comprises one of:
    - product-line identifier, geographic location, and customer-account identifier.
  - 3. The computer system of claim 1, wherein the same category comprises one of:
    - network type, server-platform type, and server operating status.
  - 4. The computer system of claim 1, wherein the information repository comprises one of:
    - a data warehouse, a database, and a file system.

5. A method for controlling access to files, the method comprising:
- one or more processors of a computer system receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;
  
  product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;
  
  the one or more processors further receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category;
  
  the one or more processors, in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by the one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file, andthe one or more processors storing the access-control list in an information repository,wherein the information repository comprises a security architecture,wherein the security architecture controls access to a secured system,wherein the security architecture comprises a category variable, andwherein the category variable comprises a set of category sub-variables; and
  
  wherein the identifying comprises;
  
  requesting and receiving a set of user credentials, wherein the set of user credentials is associated with the user;
  
  communicating a first query to the information repository, wherein the first query is a function of the set of user credentials;
  
  receiving an authorization code from the information repository in response to the first query, wherein the authorization code is a function of the user credentials, and wherein the authorization code confirms that the user is an authenticated user of the secured system;
  
  communicating a second query to the information repository, wherein the second query is a function of the authorization code;
  
  receiving the access-control list from the information repository in response to the second query, wherein the receiving is a function of the authorization code; and
  
  retrieving the category from the access-control list.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the same category comprises one of:
    - product-line identifier, geographic location, and customer-account identifier.
  - 7. The method of claim 5, wherein the same category comprises one of:
    - network type, server-platform type, and server operating status.
  - 8. The method of claim 5, wherein the information repository comprises one of:
    - a data warehouse, a database, and a file system.

9. A computer program product, comprising a computer-readable hardware storage device having a computer-readable program code stored therein, said program code configured to be executed by one or more processors of a computer system to implement a method for controlling access to files, the method comprising:
- the one or more processors receiving classifications of two or more files into a same category and storing the classifications of the two or more files, wherein the category comprises one of;
  
  product-line identifier, geographic location, customer-account identifier, network type, server-platform type, and server operating status;
  
  the one or more processors further receiving a configuration of an access-control list to grant access to one or more users to the two or more files based on the category;
  
  the one or more processors, in response to a request for access by a user for one file of the two or more files, the request specifying the one file but not the category of the one file, identifying, by the one or more processors, the category of the one file based on the stored classification of the one file, and checking the access-control list to determine that the user is authorized to access the category, and, in response, granting, by the one or more processors, the user access to the one file, andthe one or more processors storing the access-control list in an information repository,wherein the information repository comprises a security architecture,wherein the security architecture controls access to a secured system,wherein the security architecture comprises a category variable, andwherein the category variable comprises a set of category sub-variables; and
  
  wherein the identifying comprises;
  
  requesting and receiving a set of user credentials, wherein the set of user credentials is associated with the user;
  
  communicating a first query to the information repository, wherein the first query is a function of the set of user credentials;
  
  receiving an authorization code from the information repository in response to the first query, wherein the authorization code is a function of the user credentials, and wherein the authorization code confirms that the user is an authenticated user of the secured system;
  
  communicating a second query to the information repository, wherein the second query is a function of the authorization code;
  
  receiving the access-control list from the information repository in response to the second query, wherein the receiving is a function of the authorization code; and
  
  retrieving the category from the access-control list.
- View Dependent Claims (10, 11, 12)
- - 10. The computer program product of claim 9, wherein the same category comprises one of:
    - product-line identifier, geographic location, and customer-account identifier.
  - 11. The computer program product of claim 9, wherein the same category comprises one of:
    - network type, server-platform type, and server operating status.
  - 12. The computer program product of claim 9, wherein the information repository comprises one of:
    - a data warehouse, a database, and a file system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Balasubramanyan, Arun, Rudden, Mary E., Schaefer, Donald E.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US13/670,581
Publication Number

US 20140130180A1
Time in Patent Office

755 Days
Field of Search

726/27
US Class Current

726/27
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

Control of access to files

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Control of access to files

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links