A method for describing access control rules for data analysis
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
An access control and data analysis technology, applied in digital data authentication, digital data protection, electronic digital data processing, etc.
Active Publication Date: 2019-03-15
TSINGHUA UNIV
View PDF5 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
Second, existing access control technologies usually only support direct authorization of access to data resources, but cannot require specific operations on data resources
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
[0052] Access control rule r1 prohibits data analysts other than Marketing Analyst from accessing customer names, that is, only Marketing Analyst can access customer names.
[0055] Access control rule r2 requires that when data analysts output Address and Sale_Price at the same time, they must perform avg, sum, min or max operations on Sale_Price, but there is no desensitization requirement on Address. Since Address further includes State, City, Street, and Zip in the data resource hierarchy, when one of them is output together with Sale_Price, the access control rule is also applicable. In addition, both Address and Sale_Price in the access control rule correspond to the output action. Therefore, when the Address or Sale_Price is not directly output but used for condition judgment, the access control rule will no longer apply.
[0058] Access control rule r3 prohibits data analysts from accessing State, City and Street at the same time. However, data analysts can independently access one or two of the three data resources, such as accessing State alone, or accessing State and City at the same time.
[0059] After the above description of the access control rule is completed, after the access control request for data analysis is received, the access control request is controlled based on the access control rule. The access control method specifically includes the following steps:
[0060] For each access control rule, first check whether the data access request triggers the access control rule; if triggered, then check whether the data access request meets the restrictions of the access control rule; if so, continue to traverse subsequent access control rules until the data The data resource request is authorized only when the...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention provides an access control rule description method for data analysis. The method includes the steps that firstly, user roles are divided into one or more role units according to application scenarios, and data resources are divided into one or more data elements; secondly, the user roles are organized into a hierarchical structure form, wherein an intermediate node includes role units corresponding to all descendant nodes of the intermediate node, and leaf nodes correspond to specific personnel corresponding to the role units in a certain application scenario; the data sources are organized into a hierarchical structure form, wherein an intermediate node includes data elements corresponding to all descendant nodes of the intermediate node, and leaf nodes correspond to a group of real data; thirdly, a group of actions are designated for each data resource; fourthly, access control rules for controlling access to the data sources are described based on the user roles, the data resources and the actions. The method supports control over simultaneous access to the data resources, and it can be required to carry out specific desensitization operation on the data resources.
Description
technical field [0001] The invention relates to the technical field of data resource rights management and control, in particular to an access control rule description method for data analysis. Background technique [0002] Data analysis refers to the process of drawing useful information and conclusions from data using appropriate statistical analysis methods. With the development of cloud computing, big data and other related technologies, more and more enterprises and institutions are beginning to use data analysis technology to mine the value of commercial data. Typical application scenarios include retail enterprises, medical institutions, and social networks. However, commercial data usually contains a lot of sensitive information, such as user personal information and commercial confidential information. In order to protect the security of business data, data access needs to be controlled. [0003] Access control technology ensures that resources are not illegally ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more