640 results about "Data access control" patented technology

Display regions for representations of results of transformations applied to access control settings for a resource appear integrated with a familiar representation of the resource, e.g. word processor, or Web browser. A number of functions modify layout and transformations, and those functions are available for invocation, e.g. through mouse gestures or key combinations. Users are graphically represented by displays comprising photographic likenesses. Groups can be shown as individual users. Giving someone access to a resource can be as easy as dragging that person's likeness. Access log information can be shown together with access control settings. Reviewing the subset of resources available to a user is made easier. Overflow indicators replace scroll bars. Macros effect snapshots of volatile sets of users. Sections within documents can be omitted automatically if a user lacks authorization. Access control settings for one resource can be linked to be dependent on settings for other resources.

This invention provides a data access control apparatus arranged to automatically set access right information limiting data access, in accordance with a user attribute when a user accesses a database. In setting, for a plurality of users, access right information corresponding to each user, the load on an operator can be reduced, and access right information setting errors can be prevented. An automatic setting unit reads out information from a login management information file and an employee information file on the basis of definition information of a definition files to automatically generate a user access right management file which stores a login ID, an item access right, and a record access right group code for each user. When a login ID is input in accessing the employee information file, a setting controller refers to the management file to determine a user group to which the user belongs and an access enabled/disabled state of the data on the basis of the access right made to correspond to this user group.

A system and method for providing pluggable authentication and access control in computer systems and services are described. The authentication and access control process may be categorized into three components: an authentication protocol, a user repository and an access control model. In one embodiment, the authentication and access control mechanism may be implemented as three pluggable modules: an authentication protocol handler module for the authenticator side, an authentication protocol handler for the side to be authenticated, and an access control context module on the authenticator side. The pluggable modules may be exchangeable to support a variety of authentication types, user repositories, and access control models. The authentication protocol handlers provide symmetrical methods to handle requests and responses in the authentication process that reflect the symmetrical nature of the authentication process.

The invention discloses a cloud security access control model. The model is characterized in that: aiming at the multi-tenant architecture characteristic of cloud computing, by combining a role-based access control (RBAC) model, a tenant concept and a cloud service provider concept are introduced to an access control model, and a uniform tenant access control model and a user access control model are formed by defining model elements and formally describing model functions. The cloud security access control model can adapt to the characteristic of multi-tenant of the cloud computing, improves the flexibility of user authority management in a cloud computing environment, can reduce the complexity of authorization management and management overhead, and can effectively ensure the security and integrity of user data in the cloud computing environment.

The invention discloses a data assessing control method based on a blockchain, and relates to the technical field of management and control of data of blockchains. According to the technical scheme, the technical problem in the prior art that the controllability in data assessing is poor and a block is large due to design boundedness of control authorities and storage structures of block data is solved. The data assessing control method based on the blockchain mainly comprises the steps that data of all users can be only accessed through users and agents, any third party who wants to access user data must send requests to the agents so that the third party can conduct accessing as the identity of the agents; all access logs of the user data can only be accessed by the agents and the users, any third party who wants to access logs must send requests through the agents so that the third party can conduct accessing as the identity of the agents. The data assessing control method based on the blockchain is used for designing a data sharing and accessing control system based on a large data environment.

A system manages directory access permissions without help-desk intervention. The system automatically manages user permissions to access processing system resources and includes a user interface providing data representing at least one display image enabling a user to request permission to access a particular processing system resource. A communication processor, in response to detection of a user request for permission to access a particular processing system resource, automatically, acquires a user identifier and user email address, determines an owner responsible for granting permission to access the particular processing system resource and an associated owner email address, emails a request message to the owner email address to grant the access of the user to the particular processing system resource and receives a response email message indicating grant of the access. An access manager, in response to a received grant of the access and updates access data to enable the user to access the particular processing system resource.

The invention provides a network access control method and system based on IP access behaviors. The method includes: after a Web request sent by a client is acquired through a router, the Web request is sent to a behavior analyzing server; data in the Web request are extracted by the behavior analyzing server and a corresponding user IP and a behavior record of the user IP are generated and whether the Web request is a normal request is judged according to the behavior record; if the Web request is a normal request, then the Web request is forwarded to a corresponding service server and if not, then a response refusing the Web request is sent to the client so that access control on unknown IPs can be carried out dynamically and problems such as low efficiency, tedious configuration and poor dynamic instantaneity and the like in traditional IP access control are solved. At the same time, the network access control method and system also aim at restraining network attacks, regulating crawler behaviors, improving website or API service qualities and enhancing website stability and usability.

The invention belongs to the technical field of information of the building industry, and provides an engine device and a method for data integration and exchange of building information mode based on IFC (industry foundation classes) standards, which are used for creating and applying a building information model (BIM). The method is based on a BIM database created on the basis of the IFC standards and a relational database, and BIM resolution in an IFC format, conversion of building information in non-IFC formats, extraction and integration of BIM submodels and storage, exchange and access control of BIM data are realized. The engine device comprises an IFC entity library, an IFC file resolver, an IFC geometric model converter, a Project-IFC converter, a BIM submodel integrator, a BIM submodel extractor, a data access controller, a BIM data storage device, a BIM data extractor, an IFC file generator and the like. The building information model data integration and exchange engine device and the method support conversion of BIM data in various formats, and BIM data integration and exchange oriented to various stages of the life cycle of a building or different applications can be realized. In addition, BIM data integration and exchange efficiency is effectively improved by the aid of data batch processing technology.

Provided are methods and systems for integrating the access controls of computer resources into a namespace or domain. For a remote user, a computer network or system is a namespace represented by a URL. In order to enforce the access controls of the computer network being accesses, a remote user is impersonated by a server of the computer system such that access requests to the resources of a system are made by the server in the security context of the remote user. By impersonating the remote user, the actual rights of the remote user are being presented to the access controls rather than the rights of the server. In this manner, the access control of the system can be enforced directly on the remote user and the access control is effectively extended to the namespace.

The invention discloses a fine-grained access control method for data in cloud storage. The method includes the steps: firstly, a data owner blocking files and formulating an external access strategy of file blocks and an internal access strategy of the file blocks according an access control policy, and a trusted third party generating a public key and a master key according to an attribute password mechanism; the data owner utilizing a symmetric password mechanism to encipher the file blocks, utilizing the attribute password mechanism to encipher a symmetric key, and sending a cypher text of the file blocks and a cypher text of a secret key to the cloud; the data owner and the trusted third party utilizing the attribute password mechanism to authorize a user, and generating an attribute key and an attribute processed by an attribute encryption function for each attribute of the user; the data owner sending an user permission change statement to the trusted third party; and the trusted third party judging whether adding or deleting the user permission or not for the user according to the user permission change statement. Compared with the prior art, the method for the fine-grained data access control in the cloud storage has the access control with more fine-grained data under the condition of not increasing additional costs.

An “audience” object describes a collection of users who are known to or expected to view a display. Access control and processing of access dependent contents for an audience are implemented so that information before being displayed is limited to what is authorized for every member in the audience to access. An operator can preview what an expected audience would see. The operator is aided in determining what the effects would be of a newcomer joining an audience. The operator is aided in determining who in an audience causes a difference in authorization. Hardware can be tied in with the access control software.

A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.

A data authentication technique is provided for a data access control function of an integrated system. The technique includes passing a data request from a functional master of the integrated system through the data access control function, and responsive to the data request, selectively authenticating requested data. The selective authentication, which can occur transparent to the functional master initiating the data request, includes employing integrity value generation on the requested data when originally stored and when retrieved, in combination with encryption and decryption thereof to ensure the authenticity of the requested data. As an enhancement, cascading integrity values may be employed to facilitate data authentication.

An access control technique to limit access to information content such as available on the Internet. The technique is implemented within a network device such as a proxy server, router, switch, firewall, bridge or other network gateway. The access control process analyzes data in each request from the clients and determines if the request should be forwarded for processing by a server to which it is destined. Access control may be determined by comparing client source information against a database of Uniform Resource Locators (URLs), IP addresses, or other resource identification data specifying the data requested by the client. The invention therefore provides access control not based only upon content, but rather, based primarily upon the identity of the computers or users making the requests. The technique further avoids the problems of the prior art which categories or filters the content of only web pages based solely upon objectionable words. This is because a category database is used by the network device to control access and is created via a process involving human editors who assist in the creation and maintenance of the category database.

An SD memory card contains an RF circuit, a controller LSI and a flash memory. The RF circuit is connected to an antenna module attached to the SD memory card. The controller LSI executes radio interface control and interface control for the SD memory card. By running a protocol control program and an SD memory card interface control program stored in a ROM, using an MPU, the controller LSI executes upper-protocol control and SD memory card interface control (security data access control, flash memory access control).

A mechanism for access control based on remote procedure calls is established whereby server management costs for the processing associated with the authentication of client access rights and the provision of requested resources can be reduced by distributing these costs among clients. A first client, which has an access right to a server via a network, can issue a remote procedure call to the server. The first client can also communicate with a second client, which doesn't have an access right to the server. The first client requests the server to issue a token, which is a data set for permitting the second client a limited access to the server, and subsequently the token prepared by the server is transmitted to the second client. The second client originally has no access rights relative to the server. However, if the second client transmits a remote procedure call using the received token, limited access is granted. The server performs a process designated by the remote procedure call from the second client. The token includes operating information for designating an operation to be performed based on the remote procedure call, and identification information for identifying the second client.

The invention relates to an Internet of Things data privacy protection method based on a block chain and the trusted hardware. The method comprises three stages of secret key management and data generation, data access control strategy definition and intelligent contract deployment and data access and intelligent contract execution, and Internet of Things data is encrypted by a hardware trusted entity IDA and uploaded to a cloud for storage; when there is an operation request, the trusted entity calls an access control authentication interface of the smart contract to carry out authority authentication; after the authority authentication passes, the trusted entity carries out security authentication on the operation execution server and sends the secret key to the data operation executionserver through a security channel; and the server downloads the data from the cloud, then decrypts the data and executes the operation, and writes the data use record into the block chain after the data analysis operation is completed. According to the scheme, the block chain is combined with the trusted entity, the data is effectively operated under the condition that the original data privacy isnot leaked, and the integrity and the safety of the data use records are guaranteed.

A system providing methodology for access control with cooperative enforcement is described. In one embodiment, for example, a method is described for authorizing a client to access a service based on compliance with a policy required for access to the service, the method comprises steps of: specifying a policy required for access to the service; detecting a request for access to the service from a client; attempting authentication of the client based on credentials presented by the client; if the client is authenticated based on the credentials, determining whether the client is in compliance with the policy based, at least in part, on attributes of the client; and if the client is determined to be in compliance with the policy, providing access to the service.

Identity context-based access control is implemented by generating an identity context expression from user identity data. In particular, users are clustered based on combinations of one or more attributes. These clusters comprise one or more identity context(s). Preferably, an intersection of attribute sets of each user in the cluster is formed. In addition, an intersection of attribute sets of each user not in the cluster also is formed. If the attribute set that is common across the cluster of users is not a subset of the attribute set that is common across the rest of the users, then the attribute set forms a unique identity context expression. To reduce the number of roles used in role-based access control (RBAC), at least one role is replaced with an identity context expression. Run-time access control is then enabled.