Browse Prior Art Database

Controlled access to the content of an XML document with the security level

IP.com Disclosure Number: IPCOM000019872D
Original Publication Date: 2003-Oct-03
Included in the Prior Art Database: 2003-Oct-03
Document File: 7 page(s) / 97K

Publishing Venue

IBM

Abstract

The objective of this research disclosure is to disclose a method handling the access control to the content of an XML document with the security level.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 42% of the total text.

Page 1 of 7

Controlled access to the content of an XML document with the security level

Controlled access to the content of an XML document with the security level

I. Introduction.

XML (eXtensible Markup Language) is widely used to communicate structured information in B2B (Business-to-business) applications. XML is versatile to handle various types of structured information including inventory records, personnel data, customer data, supplier data, or sensitive corporate financial data. An XML document is a valuable corporate asset that needs protection. Current practice allows one to access all the content of an XML document if the XML document is retrieved. There is no mechanism of handling the access control of the content in an XML document based on a security level. An ideal scenario is to allow a partial content of an XML document to be retrieved based on a given security level.

A fine granular access control of the content in an XML document is desired. For example, an XML document containing personnel information of an employee may have 3 security levels
(i.e., high, medium, and low) designated to different parts in the content of the document. A human resource manager has the high security level allowing him to access all the content in the XML document. A department manage has a medium security level allowing him to access the data of the employee plus evaluation information. The employee has a low security level, and is only allowed to access his own data.

II. Disclosure details:

The disclosed method consists of two elements to handle the access control to the content of an XML document with the security level:
1. Format of a combined key with two types of information: "XML Decryption key", and "Security Level"
2. An special attribute in the tag for specifying the security level in the content of an XML document

The use of a combined key provides a two-layer protection: one for overall XML document and, the other for allowed parts in the XML document with a proper security level. The use of a special attribute in the tag provides the flexibility in determine which parts of the XML content need protection.

Let's use a sender/receiver scenario to elaborate how the research disclosure works in Figure 1. The sender of an XML document will perform the following steps:
1. Prepare an XML document with various security levels for different parts of the document using the special security level attribute in the tag (100)
2. Encrypt the XML document (110)
3. Send the encrypted combined key and the encrypted XML document to the receiver (120)

1

Page 2 of 7

The receiver will perform the following steps:
1. Receive the data from the sender (130)
2. Decrypt the combined key to get the decryption key for the XML document and the allowable security level and decrypt the XML document with the decryption key (140)
3. Construct the DOM (Document Object Model) from the XML document based on the security level (150)
4. The receiver will only retrieve the conten...