Reputation based access control

US 9,047,336 B2
Filed: 06/26/2014
Issued: 06/02/2015
Est. Priority Date: 05/06/2010
Status: Active Grant

First Claim

Patent Images

1. A method in a computer system having a network input/output (I/O), a central processing unit (CPU), a reputation based access control unit and one or more databases including a reputation based access control database, the method comprising:

identifying a requesting subject that is requesting access to a controlled resource;

retrieving the requesting subject'"'"'s reputation stored as a virtual attribute in a reputation-based access control database, wherein the requesting subject'"'"'s reputation comprises a value for skill for operating with the requested controlled resource, and wherein the requesting subject'"'"'s reputation is modified following an indication from a peer of the requesting subject that the requesting subject'"'"'s value for skill is diminished;

retrieving the requested controlled resource'"'"'s policy;

determining if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy;

if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy, allowing the requesting subject access to the requested controlled resource; and

if the requesting subject'"'"'s reputation does not meet the requested controlled resource'"'"'s policy, denying the requesting subject access to the requested controlled resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Approaches for providing reputation based access control are provided. Specifically, at least one approaches includes: identifying a requesting subject that is requesting access to a controlled resource; retrieving the requesting subject'"'"'s reputation stored as a virtual attribute in a reputation-based access control database, wherein the requesting subject'"'"'s reputation comprises a value for skill for operating with the requested controlled resource, and wherein the requesting subject'"'"'s reputation is modified following an indication from a peer of the requesting subject that the requesting subject'"'"'s value for skill is diminished; retrieving the requested controlled resource'"'"'s policy; determining if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy; if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy, allowing the requesting subject access to the requested controlled resource; and if the requesting subject'"'"'s reputation does not meet the requested controlled resource'"'"'s policy, denying the requesting subject access to the requested controlled resource.

36 Citations

View as Search Results

20 Claims

1. A method in a computer system having a network input/output (I/O), a central processing unit (CPU), a reputation based access control unit and one or more databases including a reputation based access control database, the method comprising:
- identifying a requesting subject that is requesting access to a controlled resource;
  
  retrieving the requesting subject'"'"'s reputation stored as a virtual attribute in a reputation-based access control database, wherein the requesting subject'"'"'s reputation comprises a value for skill for operating with the requested controlled resource, and wherein the requesting subject'"'"'s reputation is modified following an indication from a peer of the requesting subject that the requesting subject'"'"'s value for skill is diminished;
  
  retrieving the requested controlled resource'"'"'s policy;
  
  determining if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy;
  
  if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy, allowing the requesting subject access to the requested controlled resource; and
  
  if the requesting subject'"'"'s reputation does not meet the requested controlled resource'"'"'s policy, denying the requesting subject access to the requested controlled resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method as defined in claim 1 wherein the requesting subject'"'"'s reputation comprises a value for trustworthiness, the method further comprising assessing the trustworthiness of the requesting subject.
  - 3. The method as defined in claim 2 further comprising determining the value for trustworthiness of the requesting subject by data mining associations of the requesting subject and performing a background check of the requesting subject.
  - 4. The method as defined in claim 2 further comprising determining the value for trustworthiness of the requesting subject by assessing actions previously taken by the requesting subject.
  - 5. The method as defined in claim 2 further comprising determining the value for trustworthiness of the requesting subject by assessing actions previously taken by associates of the requesting subject.
  - 6. The method as defined in claim 1 the method further comprising assessing the skill of the requesting subject.
  - 7. The method as defined in claim 6 further comprising determining the value for skill of the requesting subject by receiving peer feedback of the requesting subject and receiving an expert opinion by an assessor of the requesting subject.
  - 8. The method as defined in claim 6 further comprising determining the value for skill of the requesting subject by assessing actions previously taken by the requesting subject.

9. A non-transitory computer-readable storage device storing computer instructions, which, when executed, enables a computer system operating with a reputation based access control unit to provide reputation based access control, the computer-readable storage device storing computer instructions comprising:
- identifying a requesting subject that is requesting access to a controlled resource;
  
  retrieving the requesting subject'"'"'s reputation stored as a virtual attribute in a reputation-based access control database, wherein the requesting subject'"'"'s reputation comprises a value for skill for operating with the requested controlled resource, and wherein the requesting subject'"'"'s reputation is modified following an indication from a peer of the requesting subject that the requesting subject'"'"'s value for skill is diminished;
  
  retrieving the requested controlled resource'"'"'s policy;
  
  determining if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy;
  
  if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy, allowing the requesting subject access to the requested controlled resource; and
  
  if the requesting subject'"'"'s reputation does not meet the requested controlled resource'"'"'s policy, denying the requesting subject access to the requested controlled resource.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The non-transitory computer-readable storage device of claim 9, wherein the requesting subject'"'"'s reputation comprises a value for trustworthiness, the computer instructions further comprising assessing the trustworthiness of the requesting subject.
  - 11. The non-transitory computer-readable storage device of claim 10, the computer instructions further comprising determining the value for trustworthiness of the requesting subject by data mining associations of the requesting subject and performing a background check of the requesting subject.
  - 12. The non-transitory computer-readable storage device of claim 10, the computer instructions further comprising determining the value for trustworthiness of the requesting subject by assessing actions previously taken by one or more of the following:
    - the requesting subject, and associates of the requesting subject.
  - 13. The non-transitory computer-readable storage device of claim 9, the computer instructions further comprising determining the value for skill of the requesting subject using one or more of the following:
    - peer feedback of the requesting subject, and an expert opinion by an assessor of the requesting subject.
  - 14. The non-transitory computer-readable storage device of claim 13, the computer instructions further comprising determining the value for skill of the requesting subject by assessing actions previously taken by the requesting subject.

15. A computer system for providing reputation based access control, the system comprising:
- a memory medium comprising instructions;
  
  a bus coupled to the memory medium; and
  
  a processor coupled to the bus that when executing the instructions causes the computer system to;
  
  identify a requesting subject that is requesting access to a controlled resource;
  
  retrieve the requesting subject'"'"'s reputation stored as a virtual attribute in a reputation-based access control database, wherein the requesting subject'"'"'s reputation comprises a value for skill for operating with the requested controlled resource, and wherein the requesting subject'"'"'s reputation is modified following an indication from a peer of the requesting subject that the requesting subject'"'"'s value for skill is diminished;
  
  retrieve the requested controlled resource'"'"'s policy;
  
  determine if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy;
  
  if the requesting subject'"'"'s reputation meets the requested controlled resource'"'"'s policy, allowing the requesting subject access to the requested controlled resource; and
  
  if the requesting subject'"'"'s reputation does not meet the requested controlled resource'"'"'s policy, denying the requesting subject access to the requested controlled resource.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, the instructions further causing the computer to assess the trustworthiness of the requesting subject, wherein the requesting subject'"'"'s reputation comprises a value for trustworthiness.
  - 17. The computer system of claim 16, the instructions further causing the computer to determine the value for trustworthiness of the requesting subject by data mining associations of the requesting subject and performing a background check of the requesting subject.
  - 18. The computer system of claim 16, the instructions further causing the computer to determine the value for trustworthiness of the requesting subject by assessing actions previously taken by one or more of the following:
    - the requesting subject, and associates of the requesting subject.
  - 19. The computer system of claim 15, the instructions further causing the computer to determine the value for skill of the requesting subject using one or more of the following:
    - peer feedback of the requesting subject, and an expert opinion by an assessor of the requesting subject.
  - 20. The computer system of claim 19, the instructions further causing the computer to determine the value for skill of the requesting subject by assessing actions previously taken by the requesting subject.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hom, Richard V., Roxin, David C.
Primary Examiner(s)
Waldron, Scott A

Application Number

US14/315,397
Publication Number

US 20140310254A1
Time in Patent Office

341 Days
Field of Search

707/783, 707/784, 726/4
US Class Current

1/1
CPC Class Codes

G06F 16/24   Querying

G06F 21/552   involving long-term monitor...

G06F 21/554   involving event detection a...

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2103   Challenge-response

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Reputation based access control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Reputation based access control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links