Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
2006-08-22
2006-08-22
Barron, Jr., Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C713S165000, C713S167000, C726S002000, C707S793000, C709S217000
Reexamination Certificate
active
07096367
ABSTRACT:
An authorization handle is supported for each access policy determination that is likely to be repeated. In particular, an authorization handle may be assigned to access check results associated with the same discretionary access control list and the same client context. This likelihood may be determined based upon pre-set criteria for the application or service, based on usage history and the like. Once an access policy determination is assigned an authorization handle, the static maximum allowed access is cached for that policy determination. From access check to access check, the set of permissions desired by the client may change, and dynamic factors that might affect the overall privilege grant may also change; however, generally there is still a set of policies that is unaffected by the changes and common across access requests. The cached static maximum allowed access data is thus used to provide efficient operations for the evaluation of common policy sets. In systems having access policy evaluations that are repeated, authorization policy evaluations are more efficient, computer resources are free for other tasks, and performance improvements are observed.
REFERENCES:
patent: 5469556 (1995-11-01), Clifton
patent: 2001/0021926 (2001-09-01), Schneck et al.
1 An extended capability architecture to enforce dynamic access control policies, I-Lung Kao; Chow, R. ; Computer Security Applications Conference, 1996., 12th Annual , Dec. 9-13, 1996 , pp.: 148-157.
Kassab, L.L. et al., “Towards formalizing the Java security architecture of JDK 1.2,”Computer Security—ESORICS 98. 5thEuropean Symposium on Research in Computer Security,published by Springer-Verlag, Berlin, Germany, Quisquater, J-J. et al. (eds.), Louvain-la-Neuve, Belgium, Sep. 16-18, 1998, 191-207.
Sandhu, R.S. et al., “Some owner based schemes with dynamic groups in the schematic protection model,”Proceedings of the 1986 IEEE Symposium on Security and Privacy,published by IEEE Computer Soc. Press, Oakland, CA, Apr. 7-9, 1986, 61-70.
Bai, Y. et al., “A language for specifying sequences of authorization transformations and its applications,”Information and Communications Security. First International Conference, ICIS '97,published by Springer-Verlag, Berlin, Germany, Beijing, China, Nov. 11-14, 1997, 39-49.
Netegrity, “SiteMinder Delivers Industry-Leading Performance, Scalability, and Reliability,” Netegrity White Paper, Dec., 1999, 5 pages.
Dubhashi Kedarnath A.
Garg Praerit
Hamblin Jeffrey B.
Hopkins Anne C.
Reichel Robert P.
Barron Jr. Gilberto
Lemma Samson
Microsoft Corporation
Woodcock & Washburn LLP
LandOfFree
System and methods for caching in connection with... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and methods for caching in connection with..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and methods for caching in connection with... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3652085