70 results about "Discretionary access control" patented technology

The present invention provides systems and methods for secure transaction management and electronic rights protection. The invention is a software permission control wrapper that is used to encrypt and encapsulate digital information for the purpose of enforcing discretionary access control rights to the data contained in the wrapper. The permission control wrapper enforces rules associated with users, and their rights to access the data. Those rights are based on deterministic security behavior of the permission wrapper based on embedded security policies and rules contained therein and that are based, in part, on the user type, network connectivity state, and the user environment in which the data is accessed.

A database encryption system and method, the Structure Preserving Database Encryption (SPDE), is presented. In the SPDE method, each database cell is encrypted with its unique position. The SPDE method permits to convert a conventional database index into a secure one, so that the time complexity of all queries is maintained. No one with access to the encrypted database can learn anything about its content without the encryption key. Also a secure index for an encrypted database is provided. Furthermore, secure database indexing system and method are described, providing protection against information leakage and unauthorized modifications by using encryption, dummy values and pooling, and supporting discretionary access control in a multi-user environment.

An electronic device for a mechanical blocking and power mechanisms on its basis, intended for use in electronic locks, hydraulic/pneumatic automation, electronically controlled valve(tap), electronically controlled power electrical switches and commutators, electro-mechanical clutches and couplings, etc. The devices based on invention are compact, have a simple design and are rather reliable in conditions of shocks and vibrations. Low electric power consumption and corresponding long battery life have been obtained at the prototypes of these devices. It will be effectively used in the systems of autonomous access control.

The invention discloses a device and method for controlling mandatory access based on a Windows platform. The device comprises a monitoring module and is characterized in that access control on progresses, files and register lists can be realized on the Windows platform, access requests of a subject of the access control on an object are intercepted and provided for a core safety server to be used for safety judgment; and the core safety server carries out authority judgment according to safety rules of mandatory access control and returns a result to the monitoring module so that the mandatory access control is realized. According to the device and method for controlling the mandatory access based on the Windows platform, disclosed by the invention, an access control decision of a windows system does not depend on the subject, and whether access is allowed or not is determined by comparing safety identifiers of the subject and the object through a safety policy; and the device for controlling the mandatory access based on the Windows platform, disclosed by the invention, is compatible with a windows-self-attached discretionary access control mechanism and also has higher safety grade compared with the original mechanism.

A method for controlling active access of line grade data in databank table includes adding a control authority column of line grade access for enabling to use each databank table of line grade access control in order to record access control authority information of this line, granting relevant access authority and access type in databank table to user of databank, carrying out line grade access control on user according to line grade access authority granted to said user and control policy of said line grade access.

The invention provides a device and a method of local oscillator leakage fast calibration. The device and the method of local oscillator leakage fast calibration comprises a mixer, an analog to digital converter (ADC) circuit, field programmable gate array (FPGA), and a processor and a discretionary access control (DAC) register. The mixer is used for frequency conversion of a feedback signal formed by a local oscillator signal transmitted from a transmitter to generate an intermediate frequency signal. The ADC circuit is used for converting the intermediate frequency signal to a digital signal. The FPGA is used for collecting the digital signal and meanwhile calculating and accumulating in-phase/quadrature (I/Q) data. The processor is used for calculating local oscillator power according to results of calculating and accumulating. The DAC register is used for correcting local oscillator leakage direct current according to the local oscillator power. Through the device and the method of local oscillator leakage fast calibration, interference and miscalculation of feedback direct current leakage to transmitted direct current leakage can be avoided, and correction time of local oscillator leakage direct current can be shortened greatly.

The invention discloses a resource access method of an Android system, and belongs to the technical field of a mobile system. The resource access method of the Android system aims at solving the technical problem that in the existing Android system, the security and the completeness of resources of a user can be threatened. The resource access method of the Android system comprises the following steps of: sequentially performing DAC (Discretionary Access Control) permission checking and MAC (Mandatory Access Control) permission checking on a resource accessing process; if the process passes the DAC permission checking and the MAC permission checking, obtaining a security label of the process and a security label of the resources; matching the security label of the process and the security label of the resources; and if the security label of the process and the security label of the resources are matched, allowing the process to access the resources.

Techniques of improving the safety of an information processing system at low cost are provided, the information processing system having an OS provided with an access control function based upon discretionary access control for preventing illegal accesses to files. A method and apparatus for providing the information processing system with functions and areas usable only by a specific user different from a system administrator. The areas are provided with an access control function in order to prevent the access control function from being tampered.

A method employing a software application for operation for analyzing conversational patterns between people and teams within an organization, locating inconsistencies in the required and actual access level to knowledge repositories, which ultimately results in dynamically updating access control lists of the knowledge repositories, and having the originator and anticipated users being prompted to further enable informed, fact-based manual control of the access control lists.

The invention discloses a mobile phone Bluetooth-based auto-induction access control system and an implementation method thereof and belongs to the field of access control systems. The system comprises a Bluetooth terminal and a Bluetooth receiving module. The Bluetooth receiving module is connected to an access control unit. The access control unit is connected to an unlocking executive device. The Bluetooth terminal is connected to a background server through a network. The Bluetooth terminal is used for acquiring an unlocking data packet from the background server and transmitting a Bluetooth broadcast signal with the unlocking data packet for long time in a holding state. The Bluetooth terminal transmits a Bluetooth broadcast signal with the unlocking data packet for long time so that when the Bluetooth terminal is close to the Bluetooth receiving module, the access control unit can automatically open the access control system without hand-held Bluetooth terminal operation, and a user carrying the Bluetooth terminal can smoothly open the access control system even if the user holds a heavy object or takes care of infants so that the system is free of both hands and improves user experience.

A group change lockout system for protecting the configuration of a securable object in an operating system from members of a locally privileged group, such as the local administrators group, when a security descriptor exists for the securable object that includes a discretionary access control list (DACL). A copy of the security descriptor is made. Then a new access control entry (ACE) is added to the DACL in the copy. This new ACE specifies denying the local administrators group an access right to the securable object. Then the security descriptor in the operating system is overwritten with the copy.

The invention provides a cloud storage fine grit access control method. The method is compatible to access control of a Hadoop assembly in a Plugin way and access control is performed through a central authorization server. Requests intercepted and sent to the central authorization server from the Plugins are accessed to a strategy engine by accessing a binding layer. Authority strategies are encrypted/decrypted through a strategy encryption/decryption layer, finally, through an engine background, storage and reading of the authority strategies are finished, and the storage form is authority encryption ciphers. The decrypted authority strategies are analyzed by the strategy engine, and authorities which can be identified by each Plugin are obtained through the analysis and returned to thecorresponding Plugins. Verification of the authorities is finished by the Plugins and whether user requests of this time are permitted is judged through the Plugins. According to the invention, by introducing autonomous access control, access control authorization of data by a data uploader is achieved; and by introducing a method based on attribute-based encryption, self-description of an accesscontrol structure is performed through attribute labels of data.

The invention discloses multi-instance GIS (Geographic Information System) platform unified user management system and method. By adopting the system and the method which are disclosed by the invention, technical personnel in the field can establish a unified user management view for a GIS including a plurality of rear-end database instances, and user one-to-one mapping between the application layer and the database rear end of the GIS is created to enable rich security functions (such as autonomous access control, enforced access control, security audit and the like) provided by the database rear end to be fully utilized and enhance the security of the GIS. Meanwhile, by adopting the system and the method, only one user identification and user authentication information duplicate is saved in an authentication server, so that synchronization problem of user data among the plurality of rear-end database instances is solved, and the expandability and the flexibility of the whole GIS are ensured.

Systems and apparatuses for real time, bi-directional communications between an access control management host and one or more access control devices. The access control devices can be structured to make certain decisions at the access control device and communicate, in real time, information to, as well as receive in real time information from, the access control management host via a networked gateway. The access control device and networked gateway can communicate via a first wireless protocol that at least assists in minimizing the energy of an electrical energy source, such as, for example, a battery, that is coupled to the access control device. Examples of the first wireless protocol can include low latency, low-power wireless technologies or protocols. The networked gateway can communicate with the access control management host using a second protocol via a wired or wireless connection.

An authorization handle is supported for each access policy determination that is likely to be repeated. In particular, an authorization handle may be assigned to access check results associated with the same discretionary access control list and the same client context. This likelihood may be determined based upon pre-set criteria for the application or service, based on usage history and the like. Once an access policy determination is assigned an authorization handle, the static maximum allowed access is cached for that policy determination. From access check to access check, the set of permissions desired by the client may change, and dynamic factors that might affect the overall privilege grant may also change; however, generally there is still a set of policies that is unaffected by the changes and common across access requests. The cached static maximum allowed access data is thus used to provide efficient operations for the evaluation of common policy sets. In systems having access policy evaluations that are repeated, authorization policy evaluations are more efficient, computer resources are free for other tasks, and performance improvements are observed.

A method is provided for implementing a mandatory access control model in operating systems which natively use a discretionary access control scheme. A method for implementing mandatory access control in a system comprising a plurality of computers, the system comprising a plurality of information assets, stored as files on the plurality of computers, and a network communicatively connecting the plurality of computers, wherein each of the plurality of computers includes an operating system that uses a discretionary access control policy, and wherein each of a subset of the plurality of computers includes a software agent component operable to perform the steps of intercepting a request for a file operation on a file from a user of one of the plurality of computers including the software agent, determining whether the file is protected, if the file is protected, altering ownership of the file from the user to another owner, and providing access to the file based on a mandatory access control policy.

A computer implemented method, apparatus, and computer program product for access control in a mixed discretionary access control and role based access control environment. In one embodiment, an execution access for a command is determined using a set of role based authorizations for a user invoking the command. In response to a determination that the user invoking the command is authorized based on the set of role based authorizations, a privilege in a set of privileges associated with the command is raised. Raising the privilege in the set of privileges bypasses discretionary access control checks. In response to a determination that the user invoking the command is unauthorized based on the set of role based authorizations, an execution access for the command is determined using a set of discretionary access mode bits associated with the command.

A medical waste treatment device for health-care facility includes a frame, a waste disposal device and a control system; wherein the waste disposal device comprises three or more waste disposal boxes which are arranged in a row; a feeding conveyor belt is disposed at one side of the waste disposal boxes and the feeding conveyor belt extends to positions above each of the waste disposal boxes; the feeding conveyor belt is driven by a motor; each of the waste disposal boxes is provided with a waste label identification component, a pushing component which is configured to push waste container into the waste disposal box, and a sealing component; a feeding access is opened on the top of each of the waste disposal boxes and a discharge access is opened on the bottom of each of the waste disposal boxes; a feeding access control system is provided at each of the feeding access and a discharge access control system is provided at each of the discharge access; a branch conveyor belt is disposed below the discharge access of the waste disposal boxes and a major conveyor belt is disposed adjacent to the branch conveyor belts; the control terminal of the motor, the waste label identification component, the pushing component, the sealing component, the feeding access control system and the discharge access control system are coupled with the central controller of the control system. The medical waste treatment device for health-care facility could avoid the collateral contamination caused by incineration, and further avoid the production of Dioxin. The medical waste treatment device could automatically identify and classify waste containers, and treat medical waste according to its category and then package and seal it.

An IP distributed bandwidth process method relating to electric communication technology is to carry out a certain access control to every nexus on the IP ring applying dual-ring topological structure, a flow control packet controls data transfer according to congestion nexus information on IP ring and its situated relative position to finish the flow control on each nexus by fair algorithm with weight to transfer flow information mutually, solving the problem of line head blocking

The invention discloses an information storage and sharing platform applied to medical data, which comprises an application layer, an identity layer, a data flow layer and a network layer. The application layer includes graphical interface and application layer interface, which provide information service to users in the form of application. The identity layer is used to achieve secure identity authentication and user management through HIBBE encryption scheme and discretionary access control. The data stream layer is used to control the flow of all user information data in the storage marketand the retrieval market. The network layer is used to store and share all data on the distributed cloud by recording and tracking all data storage and retrieval transactions on the decentralized block chain network. The device can not only solve the problem of isolated island of current medical data, but also effectively protect the security of sensitive data, ensure the integrity, recyclability,confidentiality and public verifiability of the data, so as to realize the safe and efficient storage and sharing of medical data.