Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
1999-04-27
2002-06-11
Alam, Hosain T. (Department: 2172)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C707S793000, C709S219000, C709S225000, C711S163000
Reexamination Certificate
active
06405202
ABSTRACT:
TECHNICAL FIELD
This invention relates generally to an improved method for object oriented programming and more particularly, to a system and method for adding property level security to an Object Oriented Database (OODB).
BACKGROUND OF THE INVENTION
In recent years, the use of object oriented programming (OOP) languages to build software applications has increased. An object is a distinct unit in a program that is made up of a plurality of properties having attributes, relationships or methods. Based on these properties, objects can have certain characteristics and can perform certain actions. An object oriented programming language encapsulates an object's characteristics and behaviors within a single block of source code. Thus, programmers can simply create a new object that inherits many of its features from existing objects. This approach makes OOP more efficient than conventional programming techniques for developing software applications.
As the use of OOP languages has increased, so has the use of Object Oriented Databases (OODBs). OODBs allow objects created in these applications to be stored, managed, and retrieved more efficiently than standard relational databases. Due to the popularity of OOP, demand has risen for larger sized OODBs with the capacity to handle multiple users. As OODBs grow in size and more users are added, the need for regulating access to the databases arises. To regulate how the information in the database is modified or deleted, developers have implemented different types of database security (also referred to as “user access control”). Currently, OODBs use two types of user access controls: database level access and conventional object level access. Database level access control gives the user either complete access or no access to any of the information in the database. Current object level access controls regulate user access to each object individually, however requiring additional overhead.
Database users often access related pieces of information. An access domain is a group of properties containing data that is related in such a way that a user would want to access the group all at once. For example, in a database containing requirements for the construction of a naval vessel, all information regarding electrical requirements would be located in one access domain. An electrical engineer would be interested in only those requirements having to do with electrical systems. To this end, database and object level security provides a flexible means to control access to information as long as the access domains are organized so that a domain covers a single object or groups of objects. As described below, solutions restricting a user to specific properties of an object are inefficient.
In general, each object contains information that covers multiple domains, such as cost, physical, electrical, performance, power, and human related attributes as well as interconnections (relationships) with other objects in the system.
FIGS. 1A-1C
show conventional methods for providing object level user access control to OODBs.
FIG. 1A
shows an object
100
having properties P
1
-P
8
. Object
100
further has domains A, B, and C, where domain A contains properties P
1
-P
4
, domain B contains properties P
5
-P
8
and domain C contains properties P
3
-P
6
.
To provide object level security, using conventional techniques, object
100
is partitioned into sub-objects
101
-
104
as shown in FIG.
1
B. As further shown in
FIG. 1
b
sub-object
101
contains properties P
1
-P
2
, sub-object
102
contains properties P
3
-P
4
, sub-object
103
contains properties P
5
-P
6
and sub-object
104
contains properties P
7
-P
8
. Accordingly, access is controlled by object level security through limiting each user's access to, for example, sub-object
101
, then
102
. To the user, access to specific properties is intended to appear as domain A. Using this technique precludes the control of a fourth domain, for example, domain D, after object
100
has been partitioned. Since a fixed number of domains must be determined up front, modification of the partitioned object
100
becomes extremely difficult.
To overcome the above-described problem, one product COR, has attempted to provide security access at the property level. Using a second conventional object level security approach, each property P
1
to P
8
is partitioned into sub-objects
100
-
1
to
100
-
8
, as shown in FIG.
1
C. Although this approach is more flexible, the division of objects into a plurality of sub-objects further increases the complexity of object management using conventional methods. Instead of managing just one object, the database must manage multiple sub-objects as well. Here, the database must determine which objects have the information it needs while maintaining track of all objects. As the number of objects increase, the system becomes bogged down with the increased overhead. Thus, conventional object level security approaches are disadvantageous.
As specialization continues to increase with system complexity, individual professionals will access only selected domains of information, some of which will span subsets of multiple objects. For example, a network engineer may require access to electrical and performance domains as well as relationships specifying interconnections, but not necessarily to cost information. Therefore, there is a need to control access at the domain level. Since domains consist of a group of one or more properties and domains can overlap, there is a need to efficiently control access at the property level. There is also a need for improved object level access control for cases where an object contains properties that cover multiple domains. OODB vendors, for example, Versant Corp., Object Design, Computer Associates, GemStone Systems, Inc. and Ardent Software, Inc. have not provided this level of access control or security. Accordingly, there is a need for property level access control that can be implemented in a flexible and efficient manner.
SUMMARY OF THE INVENTION
Embodiments of the present invention solve the problems encountered in the prior art by providing flexible property level security for controlling user access to information within a single object. Property level access control specifies who can access each piece of information (property) within an object of an OODB. Embodiments of the present invention include a database comprising at least one object, the object containing at least one property and a property access control list comprising at least one property level permissions set. The property access control list may be used to control user access at the property level of an OODB. The present invention may further include a group access list including the identity of groups that have access to the property.
Other embodiments of the present invention may comprise a database comprising at least one object, and at least one object level permissions control number. The object level permissions control number may be used to control user access at the object level of an OODB. The present invention may further include a group access list including the identity of groups that have access to the object. Further, the present invention may be embodied in an ontology management system (OMS) supporting an OODB.
Accordingly, the present invention overcomes the deficiencies of the prior art by providing a system and method for applying property level controls to properties of OODB objects. Further, the present invention provides enhanced and efficient user access control at the object level.
REFERENCES:
patent: 5826268 (1998-10-01), Schaefer et al.
patent: 5857180 (1999-01-01), Hallmark et al.
patent: 5878415 (1999-03-01), Olds
patent: 6088717 (2000-07-01), Reed et al.
patent: 6141679 (2000-10-01), Schaefer et al.
patent: 6192370 (2001-02-01), Primsch
patent: 6192405 (2001-02-01), Bunnell
patent: 6126135 (2001-04-01), Brodersen et al.
patent: 6289382 (2001-09-01), Bowman-Amuah
Milen, Jonathan K. et al., “Security for Object-Oriented Databa
Britton David E.
Karangelen Nicholas E.
Alam Hosain T.
Alam Shahid
Hunton & Williams
Trident Systems, Inc.
LandOfFree
System and method for adding property level security to an... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for adding property level security to an..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for adding property level security to an... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2898493