WO2012071552A3 - System and method for access control and identity management - Google Patents

System and method for access control and identity management Download PDF

Info

Publication number
WO2012071552A3
WO2012071552A3 PCT/US2011/062118 US2011062118W WO2012071552A3 WO 2012071552 A3 WO2012071552 A3 WO 2012071552A3 US 2011062118 W US2011062118 W US 2011062118W WO 2012071552 A3 WO2012071552 A3 WO 2012071552A3
Authority
WO
WIPO (PCT)
Prior art keywords
persona
function
access
membership
derived
Prior art date
Application number
PCT/US2011/062118
Other languages
French (fr)
Other versions
WO2012071552A2 (en
Inventor
Charles E. Henderson
Original Assignee
Coral Networks, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Coral Networks, Inc. filed Critical Coral Networks, Inc.
Priority to CA2856524A priority Critical patent/CA2856524A1/en
Publication of WO2012071552A2 publication Critical patent/WO2012071552A2/en
Publication of WO2012071552A3 publication Critical patent/WO2012071552A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Abstract

A mechanism for access flow by derivation is provided. There are typically different types of access, including read, right, and membership. The membership access relationship is typically represented as a subtype of the general/abstract access relationship. When a membership access relationship is created, typically an associated persona function is generated, representing the new identity created for the access recipient function while serving as a member of the access point function. This persona may have a plurality of derived personas. Since these derived personas are based on the first persona, if it is deleted, these derived personas may also be deleted. So, a new technique is provided whereby a function may be invited to participate in a plurality of other functions. When a persona function is invited to be a member in another function, that generates a membership and a second persona derived from the first persona, resulting in identity derivation.
PCT/US2011/062118 2010-11-24 2011-11-23 System and method for access control and identity management WO2012071552A2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CA2856524A CA2856524A1 (en) 2010-11-24 2011-11-23 System and method for access control and identity management

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US41688110P 2010-11-24 2010-11-24
US61/416,881 2010-11-24

Publications (2)

Publication Number Publication Date
WO2012071552A2 WO2012071552A2 (en) 2012-05-31
WO2012071552A3 true WO2012071552A3 (en) 2012-08-02

Family

ID=46127543

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2011/062118 WO2012071552A2 (en) 2010-11-24 2011-11-23 System and method for access control and identity management

Country Status (3)

Country Link
US (3) US8826407B2 (en)
CA (1) CA2856524A1 (en)
WO (1) WO2012071552A2 (en)

Families Citing this family (42)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8555378B2 (en) * 2009-03-11 2013-10-08 Sas Institute Inc. Authorization caching in a multithreaded object server
US20120180115A1 (en) * 2011-01-07 2012-07-12 John Maitland Method and system for verifying a user for an online service
US8996548B2 (en) * 2011-01-19 2015-03-31 Inmar Analytics, Inc. Identifying consuming entity behavior across domains
WO2012135851A2 (en) * 2011-03-31 2012-10-04 Coral Networks, Inc. System and method for the structuring and interpretation of organic computer programs
US8918424B2 (en) * 2011-10-31 2014-12-23 Advanced Community Services Managing homeowner association messages
JP5868149B2 (en) * 2011-12-06 2016-02-24 キヤノン株式会社 Data migration device
KR101295209B1 (en) * 2012-02-01 2013-09-12 엔에이치엔(주) Group messaging system, method and computer readable recording medium for providing file sharing through bidirectional interlock with a cloud server
US9460303B2 (en) * 2012-03-06 2016-10-04 Microsoft Technology Licensing, Llc Operating large scale systems and cloud services with zero-standing elevated permissions
WO2013142290A1 (en) * 2012-03-22 2013-09-26 Socialogue, Inc. Internet identity management
US9363270B2 (en) * 2012-06-29 2016-06-07 Vce Company, Llc Personas in application lifecycle management
US20150288762A1 (en) * 2013-03-22 2015-10-08 Hitachi, Ltd. File storage system and method for managing user data
US9378391B2 (en) * 2013-10-11 2016-06-28 Centrify Corporation Method and apparatus for creating switchable desktops with separate authorizations
US10122717B1 (en) 2013-12-31 2018-11-06 Open Text Corporation Hierarchical case model access roles and permissions
US9679125B2 (en) 2014-04-29 2017-06-13 PEGRight, Inc. Characterizing user behavior via intelligent identity analytics
US9405929B1 (en) * 2014-07-31 2016-08-02 Emc Corporation Hierarchical permissions model within a document
US9762585B2 (en) 2015-03-19 2017-09-12 Microsoft Technology Licensing, Llc Tenant lockbox
US11030332B1 (en) * 2015-04-13 2021-06-08 Wells Fargo Bank, N.A. Database controlled web service type architecture
CN106156198B (en) * 2015-04-22 2019-12-27 阿里巴巴集团控股有限公司 Task execution method and device based on distributed database
US11503035B2 (en) * 2017-04-10 2022-11-15 The University Of Memphis Research Foundation Multi-user permission strategy to access sensitive information
US10671747B2 (en) 2015-06-02 2020-06-02 Dipankar Dasgupta Multi-user permission strategy to access sensitive information
US10931682B2 (en) 2015-06-30 2021-02-23 Microsoft Technology Licensing, Llc Privileged identity management
US9888007B2 (en) * 2016-05-13 2018-02-06 Idm Global, Inc. Systems and methods to authenticate users and/or control access made by users on a computer network using identity services
US10635160B2 (en) * 2016-05-16 2020-04-28 Tibco Software Inc. Stepback mechanism to develop and diagnose process applications
US10542010B2 (en) * 2016-05-27 2020-01-21 Microsoft Technology Licensing, Llc Account verification in deferred provisioning systems
SG11201901779PA (en) * 2016-09-02 2019-03-28 Futurevault Inc Systems and methods for sharing documents
CN108092945B (en) * 2016-11-22 2022-02-22 中兴通讯股份有限公司 Method and device for determining access authority and terminal
US10536465B2 (en) 2017-01-18 2020-01-14 Microsoft Technology Licensing, Llc Security for accessing stored resources
US10542088B2 (en) 2017-01-18 2020-01-21 Microsoft Technology Licensing, Llc Modifying data resources within party-partitioned storage areas
US10838819B2 (en) 2017-01-18 2020-11-17 Microsoft Technology Licensing, Llc Including personal relationship metadata within duplicated resources shared across partitioned storage
CN108255588A (en) * 2017-03-13 2018-07-06 平安科技(深圳)有限公司 A kind of automation layout method for scheduling task and device
WO2018191195A1 (en) * 2017-04-10 2018-10-18 Dipankar Dasgupta Multi-user permission strategy to access sensitive information
US10965668B2 (en) 2017-04-27 2021-03-30 Acuant, Inc. Systems and methods to authenticate users and/or control access made by users based on enhanced digital identity verification
US11520606B2 (en) * 2017-09-22 2022-12-06 Vmware, Inc. Dynamic generation of user interface components based on hierarchical component factories
CN109284598B (en) * 2018-07-23 2020-11-10 深圳点猫科技有限公司 Method for generating electronic identity card on education cloud platform page and electronic equipment
US10938566B2 (en) 2018-08-08 2021-03-02 Keir Finlow-Bates Blockchain based identity and access management
EP3614323A1 (en) * 2018-08-20 2020-02-26 Nallian NV Apparatus and method for sharing data in a value chain collaboration process
WO2020215317A1 (en) * 2019-04-26 2020-10-29 Hewlett Packard Enterprise Development Lp Multitenant network device management
CN110602068B (en) * 2019-08-29 2022-08-09 深圳市新系区块链技术有限公司 Data authority management method and related product
US11669597B1 (en) * 2020-08-24 2023-06-06 Hubbert Smith Multi-party data science collaboration
CN112257104A (en) * 2020-10-10 2021-01-22 北京字跳网络技术有限公司 Authority control method and device and electronic equipment
US20220261761A1 (en) * 2021-02-17 2022-08-18 Atlassian Pty Ltd. Displaying content in a collaborative work environment
US20230409558A1 (en) * 2022-06-20 2023-12-21 Data Sentinel AI, Inc. Systems, methods, and storage media for verifying data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060195575A1 (en) * 2000-12-22 2006-08-31 Oracle International Corporation Determining a user's groups
US20070180493A1 (en) * 2006-01-24 2007-08-02 Citrix Systems, Inc. Methods and systems for assigning access control levels in providing access to resources via virtual machines
US20090089413A1 (en) * 2007-09-27 2009-04-02 Hitoshi Kamei Intermediate nas apparatus having acl inheritance funciton for namespace integration

Family Cites Families (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5173939A (en) * 1990-09-28 1992-12-22 Digital Equipment Corporation Access control subsystem and method for distributed computer system using compound principals
US6202066B1 (en) * 1997-11-19 2001-03-13 The United States Of America As Represented By The Secretary Of Commerce Implementation of role/group permission association using object access type
JPH11313102A (en) * 1998-02-27 1999-11-09 Fujitsu Ltd Access control list generation method and its device
WO2001046804A1 (en) * 1999-08-16 2001-06-28 Z-Force Corporation System of reusable software parts for implementing concurrency and hardware access, and methods of use
US20020026592A1 (en) * 2000-06-16 2002-02-28 Vdg, Inc. Method for automatic permission management in role-based access control systems
US7349912B2 (en) * 2000-12-22 2008-03-25 Oracle International Corporation Runtime modification of entries in an identity system
US7937655B2 (en) * 2000-12-22 2011-05-03 Oracle International Corporation Workflows with associated processes
US7581011B2 (en) * 2000-12-22 2009-08-25 Oracle International Corporation Template based workflow definition
US7363339B2 (en) * 2000-12-22 2008-04-22 Oracle International Corporation Determining group membership
US7475151B2 (en) * 2000-12-22 2009-01-06 Oracle International Corporation Policies for modifying group membership
US6816871B2 (en) * 2000-12-22 2004-11-09 Oblix, Inc. Delivering output XML with dynamically selectable processing
US7016907B2 (en) * 2001-05-29 2006-03-21 Sun Microsystems, Inc. Enumerated roles in a directory system
US6785686B2 (en) * 2001-05-29 2004-08-31 Sun Microsystems, Inc. Method and system for creating and utilizing managed roles in a directory system
US20030078937A1 (en) * 2001-05-29 2003-04-24 David Boreham Method and system for nesting roles in a directory system
US7380271B2 (en) * 2001-07-12 2008-05-27 International Business Machines Corporation Grouped access control list actions
US7814025B2 (en) * 2002-05-15 2010-10-12 Navio Systems, Inc. Methods and apparatus for title protocol, authentication, and sharing
US8375113B2 (en) * 2002-07-11 2013-02-12 Oracle International Corporation Employing wrapper profiles
US7206851B2 (en) * 2002-07-11 2007-04-17 Oracle International Corporation Identifying dynamic groups
US7334018B2 (en) * 2003-03-11 2008-02-19 Sap Aktiengesellschaft Unified network resources
US7698346B2 (en) 2003-03-18 2010-04-13 Coral Networks, Inc. Network operating system and method
US7350237B2 (en) * 2003-08-18 2008-03-25 Sap Ag Managing access control information
US7644432B2 (en) * 2003-10-10 2010-01-05 Bea Systems, Inc. Policy inheritance through nested groups
US20050251852A1 (en) * 2003-10-10 2005-11-10 Bea Systems, Inc. Distributed enterprise security system
US20050257245A1 (en) * 2003-10-10 2005-11-17 Bea Systems, Inc. Distributed security system with dynamic roles
US20050102536A1 (en) * 2003-10-10 2005-05-12 Bea Systems, Inc. Dynamically configurable distributed security system
US20050262362A1 (en) * 2003-10-10 2005-11-24 Bea Systems, Inc. Distributed security system policies
US20050091535A1 (en) * 2003-10-24 2005-04-28 Microsoft Corporation Application identity for software products
US20050278294A1 (en) * 2004-05-20 2005-12-15 Bea Systems, Inc. Systems and methods for a collaboration presence framework
JP4706262B2 (en) * 2004-05-21 2011-06-22 日本電気株式会社 Access control system, access control method, and access control program
WO2008060320A2 (en) * 2006-03-30 2008-05-22 Major Gadget Software, Inc. Method and system for enterprise network access control and management for government and corporate entities
US20080016546A1 (en) * 2006-07-13 2008-01-17 Li Tong L Dynamic profile access control
US8195215B2 (en) * 2008-12-18 2012-06-05 Motorola Solutions, Inc. Method and system for forming a communication group for content distribution related to an event
US8150876B2 (en) * 2009-02-11 2012-04-03 Oracle International Corporation Simplifying determination of the groups to which users belong when using dynamic groups
US8332525B2 (en) * 2010-02-05 2012-12-11 Telefonaktiebolaget L M Ericsson (Publ) Dynamic service groups based on session attributes

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060195575A1 (en) * 2000-12-22 2006-08-31 Oracle International Corporation Determining a user's groups
US20070180493A1 (en) * 2006-01-24 2007-08-02 Citrix Systems, Inc. Methods and systems for assigning access control levels in providing access to resources via virtual machines
US20090089413A1 (en) * 2007-09-27 2009-04-02 Hitoshi Kamei Intermediate nas apparatus having acl inheritance funciton for namespace integration

Also Published As

Publication number Publication date
CA2856524A1 (en) 2012-05-31
US20120137360A1 (en) 2012-05-31
US8826407B2 (en) 2014-09-02
WO2012071552A2 (en) 2012-05-31
US20140337999A1 (en) 2014-11-13
US20170011226A1 (en) 2017-01-12

Similar Documents

Publication Publication Date Title
WO2012071552A3 (en) System and method for access control and identity management
WO2018102308A3 (en) Detecting computer security risk based on previously observed communications
WO2018176049A3 (en) Social media system with navigable, artificial-intelligence-based graphical user interface with broadcasting
WO2014007947A3 (en) Creating social group events
WO2013173395A3 (en) Social platform with enhanced privacy and integrated customization features
WO2014002041A3 (en) Privacy control in a social network
WO2014181191A3 (en) Systems and methods for collaborative document review
EP2693284A3 (en) Systems and method for haptic remote control gaming
WO2014164839A3 (en) Systems and methods of flexibility activating temporary attended delivery/pickup locations
WO2011139563A3 (en) Systems and methods for distributed electronic signature documents including version control
MX2010005509A (en) Configuring an access point of a femto cell.
WO2009028921A3 (en) Apparatus and method for providing feedback for three-dimensional touchscreen
WO2013012863A3 (en) Protecting privacy in audience creation
WO2014018556A3 (en) Messaging between web applications
WO2012159940A3 (en) Method and control unit for detecting manipulations of a vehicle network
MX343875B (en) Method and system for determining image similarity.
WO2015116998A3 (en) Electronic transfer and obligation enforcement system
MX2013001141A (en) Web community pre-population method and system.
WO2014062578A3 (en) Persona chooser
IN2014DN11230A (en)
EP2491992A3 (en) Communication system, communication method, program, and information storage medium
EP2511497A3 (en) Methods and systems for loading a steam turbine
GB2508542A (en) Application switching in graphical operating system
WO2010047888A3 (en) Computer-implemented self-advertising system and method thereof
WO2013126073A3 (en) Context-based content list generation

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11843439

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC DATED 03.09.13 (FORM 1205A)

122 Ep: pct application non-entry in european phase

Ref document number: 11843439

Country of ref document: EP

Kind code of ref document: A2

ENP Entry into the national phase

Ref document number: 2856524

Country of ref document: CA