최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0127109 (2002-04-22) |
등록번호 | US-10033700 (2018-07-24) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 0 인용 특허 : 470 |
To grant or deny access rights to a user attempting to access a protected system or secured electronic data, an access right evaluation process is carried out among all applicable policies including those embedded in the secured electronic data. In a preferred embodiment, the access right evaluation
To grant or deny access rights to a user attempting to access a protected system or secured electronic data, an access right evaluation process is carried out among all applicable policies including those embedded in the secured electronic data. In a preferred embodiment, the access right evaluation process is invoked only when a system being accessed is protected or a file being accessed is detected to be in a secured format. Further, the access right evaluation process is configured preferably to operate transparently to the user. The access right evaluation may be advantageously used in systems or applications in which devices, mediums or electronic data are secured and can be restrictively accessed by those who are authenticated and have proper access privilege.
1. A method for evaluating an access right of a user to an encrypted data portion of a secured electronic file, the method comprising: obtaining a system rule set stored separate from the secured electronic file and an access rule set specific to the secured electronic file, wherein the system and a
1. A method for evaluating an access right of a user to an encrypted data portion of a secured electronic file, the method comprising: obtaining a system rule set stored separate from the secured electronic file and an access rule set specific to the secured electronic file, wherein the system and access rule sets comprise a plurality of access rules applicable to the user that control access to the secured electronic file in an enterprise environment and that regulate at least a duration of access to the secured electronic file, wherein each access rule includes: a rule type defining whether the rule is an authorization rule or a restriction rule;a right attribute indicating a set of rights controlled by the access rule;a resource attribute indicating a system or set of electronic files on which the access rule operates; anda principal attribute indicating a user or group of users to which the access rule applies,wherein each access rule is obtained based on matching at least one of the right attribute to the access right of the user, the resource attribute to the secured electronic file, and the principal attribute to the user;evaluating the plurality of access rules of the system rule set to determine whether the user is allowed to access a protected system containing the secured electronic file, wherein the evaluation of the plurality of access rules of the system rule set is halted upon determining that the user does not meet evaluation criteria defined by a restriction rule of the plurality of access rules of the system rule set;evaluating the plurality of access rules of the access rule set, in response to determining that the user is allowed to access the protected system, to determine whether the user has a type of access required to access the secured electronic file for the duration, wherein the evaluation of the plurality of access rules of the access rule set is halted upon determining that the user does not meet evaluation criteria defined by a restriction rule of the plurality of access rules of the access rule set;decrypting the encrypted data portion of the secured electronic file in response to determining that the user has permission to access the secured electronic file; andproviding the decrypted data portion to the user. 2. The method of claim 1, wherein the system rule set is obtained from a server. 3. The method of claim 1, wherein obtaining the access rule set comprises: activating a user key associated with a user attempting to access the secured electronic file after the user has been authenticated; anddecrypting the access rule set with the user key. 4. The method of claim 1, wherein the plurality of access rules are expressed in a markup language. 5. The method of claim 4, wherein the markup language is selected from a group consisting of XACML, HTML, XML, SGML. 6. The method of claim 1, wherein an access rule of the access rule set defines how the secured electronic file is permitted to be accessed. 7. The method of claim 1, wherein an access rule of the access rule set defines when the secured electronic file is permitted to be accessed. 8. The method of claim 1, wherein an access rule of the access rule set defines an application or type of application the secured electronic file is permitted to be accessed with. 9. The method of claim 1, wherein an access rule of the system rule set defines a group the secured electronic file is permitted to be accessed by. 10. The method of claim 1, wherein the plurality of access rules are evaluated using parameters. 11. The method of claim 10, wherein the parameters include a user identifier, an application identifier, a group identifier, and a current time. 12. The method of claim 1, further comprising: obtaining a super system rule set that is distinct from the system rule set in response to determining that the user is not allowed to access the protected system containing the secured electronic file, wherein the super system rule set comprises access rules that override the access rules of the system rule set; andevaluating the super system rule set to determine whether the user is allowed to access the protected system containing the secured electronic file. 13. The method of claim 1, wherein the access rule set is obtained from a header portion of the secured electronic file. 14. The method of claim 1, wherein each access rule further includes: a condition expression defining evaluation criteria for the access rule. 15. The method of claim 1, wherein evaluating each access rule further comprises: determining whether each access rule is an authorization rule or a restriction rule;evaluating each access rule to determine whether the user meets evaluation criteria defined by the rule; anddetermining that the user has permission to access the secured electronic file when the user meets the evaluation criteria defined by each restriction rule and at least one authorization rule. 16. An article of manufacture including a computer-readable medium having computer-executable instructions stored thereon that, in response to execution by a computing device, cause the computing device to perform operations to evaluate access rights of a user to an encrypted data portion of a secured electronic file, the operations comprising: obtaining a system rule set stored separate from the secured electronic file and an access rule set specific to the secured file, wherein the system and access rule sets comprise a plurality of access rules applicable to the user that control access to the secured electronic file in an enterprise environment and that regulate at least a duration of access to the secured electronic file, wherein each access rule includes: a rule type defining whether the rule is an authorization rule or a restriction rule;a right attribute indicating a set of rights controlled by the access rule;a resource attribute indicating a system or set of electronic files on which the access rule operates; anda principal attribute indicating a user or group of users to which the access rule applies,wherein each access rule is obtained based on matching at least one of the right attribute to the access right of the user, the resource attribute to the secured electronic file, and the principal attribute to the user;evaluating the plurality of access rules of the system rule set to determine whether the user is allowed to access a protected system containing the secured electronic file, wherein the evaluation of the plurality of access rules of the system rule set is halted upon determining that the user does not meet evaluation criteria defined by a restriction rule of the plurality of access rules of the system rule set;evaluating the plurality of access rules of the access rule set, in response to detei mining that the user is allowed to access the protected system, to determine whether the user has a type of access required to access the secured electronic file for the duration, wherein the evaluation of the plurality of access rules of the access rule set is halted upon determining that the user does not meet evaluation criteria defined by a restriction rule of the plurality of access rules of the access rule set;decrypting the encrypted data portion of the secured electronic file in response to determining that the user has permission to access the secured electronic file; andproviding the decrypted data portion to the user. 17. The article of manufacture of claim 16, wherein the system rule set is obtained from a server. 18. The article of manufacture of claim 16, wherein obtaining the access rule set comprises: activating a user key associated with a user attempting to access the secured electronic file; anddecrypting the access rule set with the user key. 19. The article of manufacture of claim 16, wherein the plurality of access rules are expressed in a markup language. 20. The article of manufacture of claim 19, wherein the markup language is selected from a group consisting of XACML, HTML, XML, SGML. 21. The article of manufacture of claim 16, wherein an access rule of the access rule set defines how the secured electronic file is permitted to be accessed. 22. The article of manufacture of claim 16, wherein an access rule of the access rule set defines when the secured electronic file is permitted to be accessed. 23. The article of manufacture of claim 16, wherein an access rule of the access rule set defines what application or type of application the secured electronic file is permitted to be accessed with. 24. The article of manufacture of claim 16, wherein an access rule of the system rule set defines a group the secured electronic file is permitted to be accessed by. 25. The article of manufacture of claim 16, wherein the plurality of access rules are evaluated using parameters. 26. The article of manufacture of claim 25, wherein the parameters include a user identifier, an application identifier, a group identifier, and a current time. 27. The article of manufacture of claim 16, the operations further comprising: obtaining a super system rule set that is distinct from the system rule set in response to determining that the user is not allowed to access the protected system containing the secured electronic file, wherein the super system rule set comprises access rules that override the access rules of the system rule set; andevaluating the super system rule set to determine whether the user is allowed to access the protected system containing the secured electronic file.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.