Security mechanism for a computer system

US 5,283,830 A
Filed: 09/30/1992
Issued: 02/01/1994
Est. Priority Date: 12/17/1991
Status: Expired due to Term

First Claim

Patent Images

1. A computer system including a plurality of programs and a plurality of objects, accessible by a plurality of users, each program having an associated program identifier, each user having a user identifier, and at least some of the objects having respective access control lists (ACL) associated with them, each ACL containing a list of entries, each entry comprising a program identifier key, a user identifier key and an access permission indication, and wherein the system includes means operative when a user attempts to access an object by way of a program, for selecting an entry in the ACL of the object by matching the program identifier key and user identifier key in the entry with the program identifier of the program and the user identifier of the user and for granting or denying access on the basis of the access permission indication in the selected entry.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system includes a plurality of programs and a plurality of accessible objects. Each program has an associated program identifier, and at least some of the objects have respective access control lists (ACL). Each ACL entry may comprise a program identifier key and an access permission indication. When a user attempts to access an object by way of a program, an entry in the ACL of the object is selected by matching the entry keys with at least the program identifier of the program, and access is granted or denied on the basis of the access permission indication in the selected entry.

216 Citations

8 Claims

1. A computer system including a plurality of programs and a plurality of objects, accessible by a plurality of users, each program having an associated program identifier, each user having a user identifier, and at least some of the objects having respective access control lists (ACL) associated with them, each ACL containing a list of entries, each entry comprising a program identifier key, a user identifier key and an access permission indication, and wherein the system includes means operative when a user attempts to access an object by way of a program, for selecting an entry in the ACL of the object by matching the program identifier key and user identifier key in the entry with the program identifier of the program and the user identifier of the user and for granting or denying access on the basis of the access permission indication in the selected entry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A system according to claim 1 wherein the program identifier is a certification indication number (CIN) associated with the program by user certification action.
  - 3. A system according to claim 2 including means for removing certification from a program when the program is modified.
  - 4. A system according to claim 1 wherein the access permission indication includes means for controlling permission to change the attributes of the object.
  - 5. A system according to claim 1 wherein the access permission indication includes means for controlling permission to change the name of the object.
  - 6. A system according to claim 1 wherein the access permission indication includes means for controlling permission to delete the object.
  - 7. A system according to claim 2 wherein each CIN comprises first and second parts, and wherein the system includes means for allocating said first part without user intervention and means for permitting a user to specify said second part.
  - 8. A system according to claim 2 wherein each CIN has an inheritance flag associated with it, and wherein the system includes means operative when a new process is created to execute a program, for using the inheritance flag associated with the CIN of that program to control whether the new process derives its CIN from its parent process or from the program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Computers Limited (Fujitsu Limited)
Original Assignee
International Computers Limited (Fujitsu Limited)
Inventors
Hinsley, Stewart R., Hughes, Christopher D.
Primary Examiner(s)
Buczinski, Stephen C.

Application Number

US07/954,570
Time in Patent Office

489 Days
Field of Search

380/25, 380/49, 364/DIG. 1
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

Y10S 707/99939   Privileged access

Security mechanism for a computer system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

216 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Security mechanism for a computer system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

216 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links