×

Data resource control through a control policy defining an authorized context for utilization of a protected data resource

  • US 9,948,682 B2
  • Filed: 08/07/2016
  • Issued: 04/17/2018
  • Est. Priority Date: 08/11/2015
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for controlling a data resource of a datastore, using a computer processor and a computer readable physical memory, comprising:

  • traversing a referent attribute of a first node of a non-hierarchical data structure referencing a security node,wherein the security node comprises a protected resource of the security node that is at least one of a protected primitive and a protected referent referring to a second node of the non-hierarchical data structure;

    receiving an authorization request from a device for utilization of the protected resource of the security node, the authorization request comprising a state dataset comprising one or more state attributes each having a state value associated with a state of the device at generation of the authorization request;

    referencing a control policy that defines an authorized context in which the device is authorized to utilize the protected resource of the security node, the control policy comprising a first component that is a control algorithm and optionally a second component that is a control dataset,wherein the control dataset comprising one or more control attributes each having a control value range, the control value range of each of the one or more control attributes usable as inputs to the control algorithm;

    selecting the control algorithm to be extracted from the security node based on an application program generating the authorization request;

    extracting the control algorithm of the control policy from the security node, the control algorithm comprising one or more conditionals each comparing a first input that is a context value with a second input that is any one of a different context value and a control value range of the control dataset,wherein the context value is at least one of the state value of one or more of the state attributes and an external value associated with a source other than the authorization request of the device, andwherein the one or more conditionals of the control algorithm are expressed in a Turing complete language, the Turing complete language comprising an if operation, a then operation, and an else operation;

    retrieving each of the context value specified in the control algorithm from at least one of the state dataset and the external dataset;

    determining that the context dataset conforms with the authorized context by evaluating each of one or more conditionals of the control algorithm; and

    authorizing utilization of the protected resource of the security node by the device when it is determined that the context dataset conforms to the authorized context defined by the control policy.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×