Context-based security screening for accessing data

US 8,931,109 B2
Filed: 11/19/2012
Issued: 01/06/2015
Est. Priority Date: 11/19/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A processor-implemented method for securely accessing a specific data store, the processor-implemented method comprising:

associating, by a security module having a processor, a first non-contextual data object with a first context object to define a first synthetic context-based object, wherein the first non-contextual data object describes multiple types of persons, and wherein the first context object provides a context that identifies a specific type of person from the multiple types of persons;

associating, by the security module, the first synthetic context-based object with at least one specific data store in a data structure;

receiving, by the security module, a string of binary data that describes a requester of data from said at least one specific data store in the data structure;

determining, by the security module, the context according to a physical location of a computer being used, by the requester, to send the request to the security module;

generating, by the security module, a new synthetic context-based object for the requester;

determining, by the security module, whether the new synthetic context-based object matches the first synthetic context-based object;

in response to determining that the new synthetic context-based object matches the first synthetic context-based object, the security module locating, via the first synthetic context-based object, said at least one specific data store;

providing, by the security module, the requester access to said at least one specific data store;

constructing, by the security module, a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, wherein synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and wherein synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects;

receiving, from the requester, the request for data from at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; and

returning, to the requester, data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processor-implemented method, system, and/or computer program product securely accesses a specific data store. A non-contextual data object is associated with a context object to define a first synthetic context-based object. The non-contextual data object ambiguously describes multiple types of persons, and the context object provides a circumstantial context that identifies a specific type of person from the multiple types of persons. The first synthetic context-based object is associated with at least one specific data store in a data structure. A string of binary data that describes a requester of data is received by a security module for generating a new synthetic context-based object. If there is a match between the new synthetic context-based object and the first synthetic context-based object, then the data is returned to the requester.

158 Citations

16 Claims

1. A processor-implemented method for securely accessing a specific data store, the processor-implemented method comprising:
- associating, by a security module having a processor, a first non-contextual data object with a first context object to define a first synthetic context-based object, wherein the first non-contextual data object describes multiple types of persons, and wherein the first context object provides a context that identifies a specific type of person from the multiple types of persons;
  
  associating, by the security module, the first synthetic context-based object with at least one specific data store in a data structure;
  
  receiving, by the security module, a string of binary data that describes a requester of data from said at least one specific data store in the data structure;
  
  determining, by the security module, the context according to a physical location of a computer being used, by the requester, to send the request to the security module;
  
  generating, by the security module, a new synthetic context-based object for the requester;
  
  determining, by the security module, whether the new synthetic context-based object matches the first synthetic context-based object;
  
  in response to determining that the new synthetic context-based object matches the first synthetic context-based object, the security module locating, via the first synthetic context-based object, said at least one specific data store;
  
  providing, by the security module, the requester access to said at least one specific data store;
  
  constructing, by the security module, a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, wherein synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and wherein synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects;
  
  receiving, from the requester, the request for data from at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; and
  
  returning, to the requester, data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The processor-implemented method of claim 1, further comprising:
    - blocking, by the security module, the requester from accessing data stores other than said at least one specific data store in the data structure.
  - 3. The processor-implemented method of claim 1, further comprising:
    - further determining, by the security module, the context according to a current activity of the requester, wherein the current activity is not based on a role or title of the requester.
  - 4. The processor-implemented method of claim 1, further comprising:
    - further determining, by the security module, the context according to a professional certification possessed by the requester.
  - 5. The processor-implemented method of claim 1, further comprising:
    - further determining, by the security module, the context according to a time window within which data from said at least one specific data store must be returned to the requester.
  - 6. The processor-implemented method of claim 1, wherein said at least one specific data store is owned by an enterprise, and wherein the requester is an employee of the enterprise, and wherein the processor-implemented method further comprises:
    - further determining, by the security module, the context according to a length of time that the requester has been an employee of the enterprise.
  - 7. The processor-implemented method of claim 1, wherein said at least one specific data store is owned by an enterprise, and wherein the processor-implemented method further comprises:
    - further determining, by the security module, the context according to whether the requester is a full time employee of the enterprise, a contract employee of the enterprise, or a non-employee of the enterprise.
  - 8. The processor-implemented method of claim 1, further comprising:
    - further determining, by the security module, the context of the requester by data mining a database that describes current interests of the requester.
  - 9. The processor-implemented method of claim 1, further comprising:
    - further determining, by the security module, the context of the requester by data mining a database that describes an educational background of the requester.
  - 10. The processor-implemented method of claim 1, further comprising:
    - associating a second non-contextual data object with a second context object to define a second synthetic context-based object, wherein the second non-contextual data object relates to multiple subject-matters, and wherein the second context object provides a context that identifies a specific subject-matter, from the multiple subject-matters, of the second non-contextual data object;
      
      associating the second synthetic context-based object with said at least one specific data store in the data structure;
      
      associating the second synthetic context-based object with the first synthetic context-based object; and
      
      accessing, by the security module, said at least one specific data store by accessing the second synthetic context-based object via the first synthetic context-based object.
  - 11. The processor-implemented method of claim 10, wherein said at least one specific data store is a text document, and wherein the processor-implemented method further comprises:
    - searching, by the security module, the text document for text data that is part of the second synthetic context-based object; and
      
      associating the text document that contains said text data with the second synthetic context-based object.
  - 12. The processor-implemented method of claim 10, wherein said at least one specific data store is a video file, and wherein the processor-implemented method further comprises:
    - searching, by the security module, metadata associated with the video file for text data that is part of the second synthetic context-based object; and
      
      associating the video file having said metadata with the second synthetic context-based object.
  - 13. The processor-implemented method of claim 10, wherein said at least one specific data store is a web page, and wherein the processor-implemented method further comprises:
    - searching, by the security module, the web page for text data that is part of the second synthetic context-based object; and
      
      associating the web page that contains said text data with the second synthetic context-based object.

14. A computer program product for securing data stores, the computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code readable and executable by a processor to perform a method comprising:
- associating, by a security module having one or more processors, a first non-contextual data object with a first context object to define a first synthetic context-based object, wherein the first non-contextual data object describes multiple types of persons, and wherein the first context object provides a context that identifies a specific type of person from the multiple types of persons, wherein the context describes an activity performed by the specific type of person;
  
  associating, by the security module, the first synthetic context-based object with at least one specific data store in a data structure;
  
  receiving, by a security module, a string of binary data that describes a requester of data from said at least one specific data store in the data structure;
  
  generating, by the security module, a new synthetic context-based object for the requester;
  
  determining, by the security module, whether the new synthetic context-based object matches the first synthetic context-based object;
  
  in response to determining that the new synthetic context-based object matches the first synthetic context-based object, the security module locating, via the first synthetic context-based object, said at least one specific data store; and
  
  providing, by the security module, the requester access to said at least one specific data store;
  
  constructing a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, wherein synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and wherein synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects;
  
  receiving the request for data from at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; and
  
  returning data from said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library.
- View Dependent Claims (15)
- - 15. The computer program product of claim 14, wherein the program code is further readable and executable by the processor for:
    - blocking the requester from accessing any data store in the data structure other than said at least one specific data store.

16. A processor-implemented method for securely accessing a specific data store, the processor-implemented method comprising:
- associating, by a security module having a processor, a first non-contextual data object with a first context object to define a first synthetic context-based object, wherein the first non-contextual data object relates to multiple subject-matters and describes multiple types of persons, wherein the first context object provides a context that identifies a specific type of person from the multiple types of persons, andassociating, by the security module, the first synthetic context-based object with at least one specific data store in a data structure;
  
  receiving, by a security module, a string of binary data that describes a requester of data from said at least one specific data store in the data structure;
  
  generating, by the security module, a new synthetic context-based object for the requester;
  
  determining, by the security module, whether the new synthetic context-based object matches the first synthetic context-based object;
  
  in response to determining that the new synthetic context-based object matches the first synthetic context-based object, the security module locating, via the first synthetic context-based object, said at least one specific data store;
  
  providing, by the security module, the requester access to said at least one specific data store;
  
  constructing, by the processor, a dimensionally constrained hierarchical synthetic context-based object library for multiple synthetic context-based objects, wherein synthetic context-based objects within a same dimension of the dimensionally constrained hierarchical synthetic context-based object library share data from a same non-contextual data object, and wherein synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library contain disparate data from different context objects;
  
  receiving, from the requester, a request for at least one data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library; and
  
  returning, to the requester, said at least one specific data store that is associated with synthetic context-based objects within the same dimension of the dimensionally constrained hierarchical synthetic context-based object library.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Adams, Samuel S., Friedlander, Robert R., Kraemer, James R., Linton, Jeb R.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US13/680,832
Publication Number

US 20140143891A1
Time in Patent Office

778 Days
Field of Search

726 26- 30
US Class Current

726/30
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2111 Location-sensitive, e.g. ge...

Context-based security screening for accessing data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

158 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Context-based security screening for accessing data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

158 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links