Context-based security screening for accessing data

US 9,477,844 B2
Filed: 10/28/2014
Issued: 10/25/2016
Est. Priority Date: 11/19/2012
Status: Active Grant

First Claim

Patent Images

1. A processor-implemented method for securely accessing a specific data store, the processor-implemented method comprising:

associating, by a security module having a processor, a first non-contextual data object with a first context object to define a first synthetic context-based object, wherein the first non-contextual data object describes multiple types of persons, wherein the first context object provides a context that identifies a specific type of person from the multiple types of persons, and wherein the first context object further describes a location of a computer that is being used by a requester of data as being a public Wi-Fi hot spot that provides the computer with access to a network;

associating, by the security module, the first synthetic context-based object with at least one specific data store in a data structure;

receiving, by the security module, a string of binary data that describes a request, from the requester, for data from said at least one specific data store in the data structure;

determining, by the security module, the context according to a physical location of a computer being used, by the requester, to send the request to the security module;

generating, by the security module, a new synthetic context-based object for the requester;

determining, by the security module, whether the new synthetic context-based object matches the first synthetic context-based object;

in response to determining that the new synthetic context-based object matches the first synthetic context-based object, the security module locating, via the first synthetic context-based object, said at least one specific data store;

providing, by the security module, the requester access to said at least one specific data store;

constructing, by the security module, a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, wherein synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and wherein synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects;

receiving, from the requester, the request for data from at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;

receiving, from the requester, a time window for receiving the data from said at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library, wherein the time window describes an amount of time that the requester of data is willing to wait for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;

determining, by the security module, a security level of the requester based on the time window received from the requester, wherein a longer time window is indicative of a higher security level for the requester than a relatively shorter time window;

matching, by the security module and based on the time window for the requester, the security level of the requester to data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; and

returning, to the requester, data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library and that matches the security level of the requester.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processor-implemented method, system, and/or computer program product securely accesses a specific data store. A non-contextual data object is associated with a context object to define a first synthetic context-based object. The non-contextual data object ambiguously describes multiple types of persons, and the context object provides a circumstantial context that identifies a specific type of person from the multiple types of persons. The first synthetic context-based object is associated with at least one specific data store in a data structure. A string of binary data that describes a requester of data, including a time window for receipt and security level of the requester, is received by a security module for generating a new synthetic context-based object. If there is a match between the new synthetic context-based object, the first synthetic context-based object, and the security level of the requester, then the data is returned to the requester.

Citations

20 Claims

1. A processor-implemented method for securely accessing a specific data store, the processor-implemented method comprising:
- associating, by a security module having a processor, a first non-contextual data object with a first context object to define a first synthetic context-based object, wherein the first non-contextual data object describes multiple types of persons, wherein the first context object provides a context that identifies a specific type of person from the multiple types of persons, and wherein the first context object further describes a location of a computer that is being used by a requester of data as being a public Wi-Fi hot spot that provides the computer with access to a network;
  
  associating, by the security module, the first synthetic context-based object with at least one specific data store in a data structure;
  
  receiving, by the security module, a string of binary data that describes a request, from the requester, for data from said at least one specific data store in the data structure;
  
  determining, by the security module, the context according to a physical location of a computer being used, by the requester, to send the request to the security module;
  
  generating, by the security module, a new synthetic context-based object for the requester;
  
  determining, by the security module, whether the new synthetic context-based object matches the first synthetic context-based object;
  
  in response to determining that the new synthetic context-based object matches the first synthetic context-based object, the security module locating, via the first synthetic context-based object, said at least one specific data store;
  
  providing, by the security module, the requester access to said at least one specific data store;
  
  constructing, by the security module, a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, wherein synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and wherein synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects;
  
  receiving, from the requester, the request for data from at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;
  
  receiving, from the requester, a time window for receiving the data from said at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library, wherein the time window describes an amount of time that the requester of data is willing to wait for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;
  
  determining, by the security module, a security level of the requester based on the time window received from the requester, wherein a longer time window is indicative of a higher security level for the requester than a relatively shorter time window;
  
  matching, by the security module and based on the time window for the requester, the security level of the requester to data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; and
  
  returning, to the requester, data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library and that matches the security level of the requester.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The processor-implemented method of claim 1, further comprising:
    - blocking, by the security module, the requester from accessing data stores other than said at least one specific data store in the data structure.
  - 3. The processor-implemented method of claim 1, further comprising:
    - further determining, by the security module, the context according to a current activity of the requester, wherein the current activity is not based on a role or title of the requester.
  - 4. The processor-implemented method of claim 1, further comprising:
    - further determining, by the security module, the context according to a professional certification possessed by the requester.
  - 5. The processor-implemented method of claim 1, wherein said at least one specific data store is owned by an enterprise, and wherein the requester is an employee of the enterprise, and wherein the processor-implemented method further comprises:
    - further determining, by the security module, the context according to a length of time that the requester has been an employee of the enterprise.
  - 6. The processor-implemented method of claim 1, wherein said at least one specific data store is owned by an enterprise, and wherein the processor-implemented method further comprises:
    - further determining, by the security module, the context according to whether the requester is a full time employee of the enterprise, a contract employee of the enterprise, or a non-employee of the enterprise.
  - 7. The processor-implemented method of claim 1, further comprising:
    - further determining, by the security module, the context of the requester by data mining a database that describes current interests of the requester.
  - 8. The processor-implemented method of claim 1, further comprising:
    - further determining, by the security module, the context of the requester by data mining a database that describes an educational background of the requester.
  - 9. The processor-implemented method of claim 1, further comprising:
    - associating a second non-contextual data object with a second context object to define a second synthetic context-based object, wherein the second non-contextual data object relates to multiple subject-matters, and wherein the second context object provides a context that identifies a specific subject-matter, from the multiple subject-matters, of the second non-contextual data object;
      
      associating the second synthetic context-based object with said at least one specific data store in the data structure;
      
      associating the second synthetic context-based object with the first synthetic context-based object; and
      
      accessing, by the security module, said at least one specific data store by accessing the second synthetic context-based object via the first synthetic context-based object.
  - 10. The processor-implemented method of claim 9, wherein said at least one specific data store is a text document, and wherein the processor-implemented method further comprises:
    - searching, by the security module, the text document for text data that is part of the second synthetic context-based object; and
      
      associating the text document that contains said text data with the second synthetic context-based object.
  - 11. The processor-implemented method of claim 9, wherein said at least one specific data store is a video file, and wherein the processor-implemented method further comprises:
    - searching, by the security module, metadata associated with the video file for text data that is part of the second synthetic context-based object; and
      
      associating the video file having said metadata with the second synthetic context-based object.
  - 12. The processor-implemented method of claim 9, wherein said at least one specific data store is a web page, and wherein the processor-implemented method further comprises:
    - searching, by the security module, the web page for text data that is part of the second synthetic context-based object; and
      
      associating the web page that contains said text data with the second synthetic context-based object.

13. A computer program product for securing data stores, the computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code readable and executable by a processor to perform a method comprising:
- associating, by a security module having one or more processors, a first non-contextual data object with a first context object to define a first synthetic context-based object, wherein the first non-contextual data object describes multiple types of persons, wherein the first context object provides a context that identifies a specific type of person from the multiple types of persons, and wherein the first context object further describes a location of a computer that is being used by a requester of data as being a public Wi-Fi hot spot that provides the computer with access to a network;
  
  associating, by the security module, the first synthetic context-based object with at least one specific data store in a data structure;
  
  receiving, by the security module, a string of binary data that describes a request, from the requester, for data from said at least one specific data store in the data structure;
  
  determining, by the security module, the context according to a physical location of a computer being used, by the requester, to send the request to the security module;
  
  generating, by the security module, a new synthetic context-based object for the requester;
  
  determining, by the security module, whether the new synthetic context-based object matches the first synthetic context-based object;
  
  in response to determining that the new synthetic context-based object matches the first synthetic context-based object, the security module locating, via the first synthetic context-based object, said at least one specific data store;
  
  providing, by the security module, the requester access to said at least one specific data store;
  
  constructing, by the security module, a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, wherein synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and wherein synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects;
  
  receiving, from the requester, the request for data from at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;
  
  receiving, from the requester, a time window for receiving the data from said at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library, wherein the time window describes an amount of time that the requester of data is willing to wait for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;
  
  determining, by the security module, a security level of the requester based on the time window received from the requester, wherein a longer time window is indicative of a higher security level for the requester than a relatively shorter time window;
  
  matching, by the security module and based on the time window for the requester, the security level of the requester to data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; and
  
  returning, to the requester, data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library and that matches the security level of the requester.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The computer program product of claim 13, wherein the program code is further readable and executable by the processor for:
    - blocking the requester from accessing any data store in the data structure other than said at least one specific data store.
  - 15. The computer program product of claim 13, wherein the program code is further readable and executable by the processor for:
    - further determining, by the security module, the context according to a current activity of the requester, wherein the current activity is not based on a role or title of the requester.
  - 16. The computer program product of claim 13, wherein the program code is further readable and executable by the processor for:
    - further determining, by the security module, the context according to a professional certification possessed by the requester.
  - 17. The computer program product of claim 13, wherein the program code is further readable and executable by the processor for:
    - further determining, by the security module, the context according to a time window within which data from said at least one specific data store must be returned to the requester.
  - 18. The computer program product of claim 13, wherein the program code is further readable and executable by the processor for:
    - further determining, by the security module, the context of the requester by data mining a database that describes current interests of the requester.
  - 19. The computer program product of claim 13, wherein the program code is further readable and executable by the processor for:
    - associating a second non-contextual data object with a second context object to define a second synthetic context-based object, wherein the second non-contextual data object relates to multiple subject-matters, and wherein the second context object provides a context that identifies a specific subject-matter, from the multiple subject-matters, of the second non-contextual data object;
      
      associating the second synthetic context-based object with said at least one specific data store in the data structure;
      
      associating the second synthetic context-based object with the first synthetic context-based object; and
      
      accessing, by the security module, said at least one specific data store by accessing the second synthetic context-based object via the first synthetic context-based object.

20. A processor-implemented method for securely accessing a specific data store, the processor-implemented method comprising:
- associating, by a security module having a processor, a first non-contextual data object with a first context object to define a first synthetic context-based object, wherein the first non-contextual data object relates to multiple subject-matters and describes multiple types of persons, wherein the first context object provides a context that identifies a specific type of person from the multiple types of persons, and wherein the first context object further describes a location of a computer that is being used by a requester of data as being a public Wi-Fi hot spot that provides the computer with access to a network;
  
  associating, by the security module, the first synthetic context-based object with at least one specific data store in a data structure;
  
  receiving, by a security module, a string of binary data that describes the requester of data from said at least one specific data store in the data structure;
  
  generating, by the security module, a new synthetic context-based object for the requester;
  
  determining, by the security module, whether the new synthetic context-based object matches the first synthetic context-based object;
  
  in response to determining that the new synthetic context-based object matches the first synthetic context-based object, the security module locating, via the first synthetic context-based object, said at least one specific data store;
  
  providing, by the security module, the requester access to said at least one specific data store;
  
  constructing, by the processor, a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, wherein synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and wherein synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects;
  
  receiving, from the requester, a request for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;
  
  receiving, from the requester, a time window for receiving the data from said at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library, wherein the time window describes an amount of time that the requester of data is willing to wait for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library;
  
  determining, by the security module, a security level of the requester based on the time window received from the requester, wherein a longer time window is indicative of a higher security level for the requester than a relatively shorter time window;
  
  matching, by the security module and based on the time window for the requester, the security level of the requester to data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; and
  
  returning, to the requester, data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library and that matches the security level of the requester.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Adams, Samuel S., Friedlander, Robert R., Kraemer, James R., Linton, Jeb R.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US14/526,103
Publication Number

US 20150047057A1
Time in Patent Office

728 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2111 Location-sensitive, e.g. ge...

Context-based security screening for accessing data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Context-based security screening for accessing data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links