Data processing: generic control systems or specific application – Generic control system – apparatus or process – Sequential or selective
Reexamination Certificate
2001-02-21
2004-06-15
Patel, Ramesh (Department: 2121)
Data processing: generic control systems or specific application
Generic control system, apparatus or process
Sequential or selective
C700S023000, C700S079000, C700S048000, C713S152000, C713S152000, C713S166000, C713S167000, C709S223000, C709S224000, C709S241000, C709S241000
Reexamination Certificate
active
06751509
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to access control for a data aggregation, and more particularly to access control for an organized information aggregation such as forms.
BACKGROUND OF THE INVENTION
Form-type (i.e. document) data is mostly created with the following hierarchical structures. For example, a “form” is composed of one or more “records”, and a “record” is composed of one or more “fields”. The information such as a form, which has an hierarchically arranged structure, is likely to have different security levels depending on whether it exists alone or plurality of them are aggregated. Such a form-type data is utilized in companies whether utilizing a paper or an electronic infrastructure. This form-type data has the following features.
EData has a strong association between rows and columns.
EData is located two-dimensionally, so that it is possible to know the tendency of respective data once obtaining the information about entire form or whole or part of rows and columns.
EThough data in one cell, as such, is less important, when they aggregate they become more important.
According to these features, it is believed that form-type data needs particular security countermeasures that are different from normal documents. That is exactly access control (security) for an “information aggregation”.
In banks, for example, requests for monetary processing are brought in from companies with a form-type document. For example, they are a request for salary deposits using plural entry documents. (Table
1
in
FIG. 11
, being not a salary deposit, is a simple example of plural entry documents.) Though the document shown by Table
1
is a very simple example, on actual documents are listed names of employees subject to a salary deposit, names of banks, names of bank branches, account numbers, salary amount, etc. Among this information, viewing only a cell in a column of “names of banks” alone (for example XYZ bank is written), is common information and is not considered to be so important in terms of security. However, once it is associated with an employee number, a name of bank branch, an account number, and the salary amount, it becomes private information, and makes the security level very high. Hereinafter, we will refer to a lateral row as a “record”, a longitudinal column as a “column”, and a cell (rectangular area) of each table as a “field”.
Also in case of the salary amount, the sole existence of the figure may not become private information because which employee it belongs to is not known, so it's security level is not considered to be so high. However, an aggregation of salary amounts of all members can become important information as an index representing the company's circumstances, even though it isn't known which employee respective salaries belong to, so that it's security level becomes much higher compared to the salary amount alone.
In banks, many employees can access to this information based on business necessity. However, necessary information varies according to business affairs, and the accessible authority for information or an information aggregation should vary according to a duty position. For example, consider the case of inputting a request for salary deposits for a company to a host database of a bank. In terms of security, even the operators preferably should not see the private information and information showing the scale of business. However, minimum information for an operation necessarily needs to be seen.
Required minimum information for an operator is the information written in one cell. Therefor, the operator necessarily has the authority to read a cell. From the point of view of those who manage the input affairs, they want to avoid operators unnecessarily seeing the information with a high security level. Thus they append access control referred such as “unreadable to an operator” to a record, a column, and a form with higher security levels. This access control method is effective if an operator requests access in units of record, column and form, etc. However, if the operator requests access to several cells, which would result in information equal to that of a record, a column or a form, proper access control can not be done.
Conventional access control lists the information showing what operations the “subject” allows the “object” (this is called “access control list”), and access is controlled by referring to that list. However, with these methods it was difficult to represent different access control than for an object alone.
Alternatively there is a technique for posting fields of a form. Posting fields of a form is, for example, an operation to create one form (a plural entry form) from plural forms (such as single entry forms) according to a particular rule. With the conventional posting technique, a security level of a complete form is not particularly considered. More specifically, the security level of the form of the posting side is dependent on the security management function of the database saving it, and there could not be found a function for setting a security level based on the security level of the posting side, in terms of an information aggregation such as records and columns of a complete form.
Also in the field of database, research has been done on the difference of security levels between a primitive operation and an operation by a composite function. The primitive operation has a higher security level, thus when an operator with a lower security level than a predetermined level wants to perform a primitive operation on data, the operation can only be performed through a composite function encapsulating it. Namely, this is the management for operations, but not the management for the security level of a data aggregation.
OBJECTS OF THE INVENTION
It is therefor an object of the present invention to provide a method and system for access control for an information aggregation in order to solve problems mentioned above.
It is another object of the invention to provide a method and system for performing access control for plural objects which is different from access control for an object alone.
It is a further object of the invention to provide a method and system for performing the management of security levels for a data aggregation.
It is a further object of the invention to provide a method for setting a security level for an information aggregation to perform proper security enforcement.
It is a further object of the invention to provide a program storage media for storing a program for performing a method for management of access control and security levels described above.
SUMMARY OF THE INVENTION
In a first aspect of the present invention, an information offering system for providing a controlled information aggregation according to the security level of the information requester, comprises (1) a class manager for storing the information by dividing it into hierarchical classes, wherein each class includes a policy for showing how to treat the information according to the security level, and information generating rules showing how to generate the information; (2) a shared data space for temporarily storing information; (3) an instance generator for generating new information based on the information generating rules and writing it in the shared data space; (4) security enforcement for providing the information with control for complying with the policy relating to the information in the shared data space; and (5) a monitor means for monitoring the writing and generation of the information in the shared data space, wherein the monitor means acquires the information generating rules associated with new information from the class manager and sends the rules to the instance generator when new writing is detected, the monitor means acquires the policy of written information from the class manager based on the class of the information and sends the policy to the security enforcement when the generation is not detected despite the occurance of new writing in the shared d
Carstens, Yee & Cahoon
Herndon Jerry W.
International Business Machines - Corporation
LandOfFree
Method for access control of aggregated data does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for access control of aggregated data, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for access control of aggregated data will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3342786