Browse Prior Art Database

Rule Based Certification for Access Control

IP.com Disclosure Number: IPCOM000220586D
Publication Date: 2012-Aug-08
Document File: 4 page(s) / 81K

Publishing Venue

The IP.com Prior Art Database

Abstract

This invention adds rule engine to the authentication server to deal with the access rules. It combines access key and rules together and add them to documents. When users want to access the document, only getting the key is not enough, they also need to satisfy the access rule. Access rules include public rules and private rules. Private rules can be simple security questions. Public rules will be processed by rule engine. Rule Engine can communicate with other servers like LDAP or database to do more precise control.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 4

Rule Based Certification for Access Control

the invention solve this problem:


1. Currently, we use key to control access. If user has a key to the document, then he/she can access the document regardless

who he/she is. That means other people can access the file by peculating the key.


2. We store security information in database, if the database is stolen, the files will have no security control. Sometimes, people can even find ways to bypass the database and access the file directly.


3. There are such requirements that a document is no longer active after a period of time, so when user try to access that document after the due date, it should be unavailable. But now, if user download the document to their local file system, he/she will be able to access the document forever. For these complicated requirements, we need advanced control on access.

To solve these problems, this invention add rules to the documents to deal with the complicated authentication process .

summary:


1. Traditional way to control access is to encrypt documents with key, and use the key for identity authentication. This invention expands the traditional ways. It adds an additional rule engine to the authentication server to deal with the access rules. It combines key and access rules together , even if users get the key, they also need to satisfy the access rule to access the documents.


2. According to documents' confidentiality, access rules include public rules and private rules. Private rules can be set to private files. Private rules are used as personal identification. They can be simple security questions, if user wants to access the document , he has to answer the private questions. Public rules are set to control general access. Such as the active duration of the file, or the role constrains that who can access the document. These rules will be processed by rule engine, after the user passes key authentication.


3. Rule Engine can communicate with other servers like LDAP or database. Even if user gets the key to the files, his roles or attributes also need to satisfy complex rules to access the document. Using a separate rule engine, we can add other servers or

1


Page 02 of 4

processes to deal with precise access control, and finally decide whether the user can access the document and what kind of access rights the user has.

detailed description:


1. We set access rules for every document. These access rules are combined with the document and both of them are encrypted. The rules are o...