Multi-Focused Fine-Grained Security Framework
1 Assignment
0 Petitions
Accused Products
Abstract
An approach is provided in which a knowledge manager generates a knowledge structure that includes security annotation tokens and term tokens. Each of the security annotation tokens are stored in a parallel field and align to at least one of the term tokens. The knowledge manager matches security policies corresponding to a search request to one or more of the security annotation tokens and, in turn, generates search results based upon obfuscation of one or more of the term tokens aligned to the matched security annotation tokens.
39 Citations
25 Claims
-
1. (canceled)
-
2. (canceled)
-
3. (canceled)
-
4. (canceled)
-
5. (canceled)
-
6. (canceled)
-
7. (canceled)
-
8. An information handling system comprising:
-
one or more processors; a memory coupled to at least one of the processors; and a set of computer program instructions stored in the memory and executed by at least one of the processors in order to perform actions of; creating a knowledge structure that includes a plurality of security annotation tokens and a plurality of term tokens, wherein each of the plurality of security annotation tokens are stored in at least one of a plurality of parallel fields that correspond to at least one of the plurality of term tokens; matching one or more security policies corresponding to a search request to one or more of the plurality of security annotation tokens; and generating one or more answers to the search request based upon obfuscation of a subset of the plurality of term tokens that each correspond to at least one of the matched one or more security annotation tokens. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product stored in a computer readable storage medium, comprising computer program code that, when executed by an information handling system, causes the information handling system to perform actions comprising:
-
creating a knowledge structure that includes a plurality of security annotation tokens and a plurality of term tokens, wherein each of the plurality of security annotation tokens are stored in at least one of a plurality of parallel fields that correspond to at least one of the plurality of term tokens; matching one or more security policies corresponding to a search request to one or more of the plurality of security annotation tokens; and generating one or more answers to the search request based upon obfuscation of a subset of the plurality of term tokens that each correspond to at least one of the matched one or more security annotation tokens. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. (canceled)
-
23. (canceled)
-
24. An information handling system comprising:
-
one or more processors; a memory coupled to at least one of the processors; and a set of computer program instructions stored in the memory and executed by at least one of the processors in order to perform actions of; receiving a search request initiated by a user; identifying one or more user authorizations corresponding to the user; and generating one or more answers of the search request based upon the one or more user authorizations, wherein the generation of the one or more answers comprises; creating one or more preliminary search results from searching a knowledge structure utilizing one or more search restriction policies corresponding to the one or more user authorizations, wherein the knowledge structure includes a plurality of security annotation tokens and a plurality of term tokens, each of the plurality of security annotation tokens stored in at least one of a plurality of parallel fields corresponding to at least one of the plurality of term tokens; scoring the one or more preliminary search results based upon one or more scoring security policies corresponding to the one or more user authorizations, resulting in one or more scored preliminary search results; and generating the one or more answers from the scored preliminary search results by removing one or more passages from the scored preliminary search results based upon one or more passage authorization security policies corresponding to the one or more user authorizations. - View Dependent Claims (25)
-
Specification