CN103975324B - 访问权限管理系统及方法 - Google Patents
访问权限管理系统及方法 Download PDFInfo
- Publication number
- CN103975324B CN103975324B CN201280029360.3A CN201280029360A CN103975324B CN 103975324 B CN103975324 B CN 103975324B CN 201280029360 A CN201280029360 A CN 201280029360A CN 103975324 B CN103975324 B CN 103975324B
- Authority
- CN
- China
- Prior art keywords
- access rights
- redundancy
- data element
- act system
- exclusive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims description 7
- 239000000470 constituent Substances 0.000 claims 15
- 239000000523 sample Substances 0.000 claims 4
- 238000013523 data management Methods 0.000 claims 3
- 238000004590 computer program Methods 0.000 claims 2
- 238000012790 confirmation Methods 0.000 claims 2
- 238000013517 stratification Methods 0.000 abstract description 12
- 238000007726 management method Methods 0.000 description 18
- 238000010586 diagram Methods 0.000 description 6
- 238000010276 construction Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Automation & Control Theory (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
一种访问权限管理系统,包括:层次化访问权限存储库,包括与以数据元素层次结构布置的数据元素相关的访问权限,其中,数据元素中的一些仅具有继承自祖先的数据元素的访问权限;多重数据元素中的一些被阻止具有继承的访问权限,并且因此仅具有非继承的独有访问权限;以及数据元素中的一些未被阻止具有继承的访问权限,并且不仅具有继承的访问权限,还具有非继承的独有访问权限,独有访问权限中的一些与继承的访问权限可能是冗余的;以及访问权限冗余阻止引擎,操作为确定哪些独有访问权限与继承的访问权限是冗余的,并且响应于此,不在存储库中存储与继承的访问权限冗余的独有访问权限。
Description
相关申请的交叉引用
引用了于2011年4月21日提交的题为“ACCESS PERMISSIONS MANAGEMENT SYSTEMAND METHOD”的美国临时专利申请第61/477,662号,其公开内容通过引用结合于此,并且依照37CFR1.78(a)(4)和(5)(i)要求其优先权。
还引用了于2011年6月14日提交的题为“ACCESS PERMISSIONS MANAGEMENTSYSTEM AND METHOD”的美国专利申请第13/159,903号,其公开内容通过引用结合于此,并且依照37CFR1.78(a)(1)和(2)(i)要求其优先权.
还引用了受让人所拥有的以下专利和专利申请,其公开内容通过引用结合于此:
美国专利第7,555,482和7,606,801号;
美国公开专利申请第2007/0244899,2008/0271157,2009/0100058,2009/0119298,2009/0265780,2011/0060916和2011/0061111号;以及
美国专利申请第12/673,691&13/014,762号。
技术领域
本发明涉及访问权限管理。
背景技术
以下专利公开被认为是代表本领域的当前状态:
美国专利第5,465,387;5,899,991;6,338,082;6,393,468;6,928,439;7,031,984;7,068,592;7,403,925;7,421,740;7,555,482;7,606,801和7,743,420号;以及
美国公开专利申请第2003/0051026;2004/0249847;2005/0108206;2005/0203881;2005/0086529;2006/0064313;2006/0184530;2006/0184459;2007/0203872;2007/0244899;2008/0271157;2009/0100058;2009/0119298;2009/0265780;2011/0060916和2011/0061111号。
发明内容
本发明提供了用于防止访问权限冗余的改进的系统和方法。
因此,根据本发明的优选实施方式,提供了一种访问权限管理系统,包括:层次化访问权限存储库,该层次化访问权限存储库包括与以数据元素层次结构布置的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些仅与继承自其祖先的数据元素的访问权限相关联,多重数据元素中的一些被阻止与继承的访问权限相关联,并且因此仅与非继承的独有访问权限相关联,以及多重数据元素中的一些未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,该独有访问权限中的一些与继承的访问权限可能是冗余的;以及访问权限冗余阻止引擎,操作为确定哪些独有访问权限与继承的访问权限是冗余的,并且响应于此,不在存储库中存储与继承的访问权限冗余的独有访问权限。
根据本发明的另一优选实施方式,还提供了一种访问权限管理系统,包括:层次化访问权限存储库,包括与以数据元素层次结构布置的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些是继承的数据元素,其仅与继承自其祖先的数据元素的访问权限相关联,多重数据元素中的一些是受保护的数据元素,其被阻止与继承的访问权限相关联并且因此仅与非继承的独有访问权限相关联,以及多重数据元素中的一些是混合数据元素,其未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,该独有访问权限中的一些与继承的访问权限可能是冗余的;以及访问权限重叠阻止引擎,操作为确定与受保护的数据元素相关联的哪些独有访问权限是与层次结构中该受保护的数据元素的直接上级的数据元素相关联的访问权限相同的,并且响应于此,不存储与受保护的数据元素相关联的独有访问权限。
仍根据本发明的另一优选实施方式,进一步提供了一种访问权限管理方法,包括:保持(maintain)层次化访问权限存储库,该层次化访问权限存储库包括与以数据元素层次结构布置的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些仅与继承自其祖先的数据元素的访问权限相关联,多重数据元素中的一些被阻止与继承的访问权限相关联,并且因此仅与非继承的独有访问权限相关联,以及多重数据元素中的一些未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,该独有访问权限中的一些与继承的访问权限可能是冗余的;以及通过确定哪些独有访问权限与继承的访问权限是冗余的并且响应于此不在存储库中存储与继承的访问权限冗余的独有访问权限,来阻止访问权限冗余。
仍根据本发明的另一优选实施方式,更进一步地提供了一种访问权限管理方法,包括:保持层次化访问权限存储库,该层次化访问权限存储库包括与以数据元素层次结构布置的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些是继承的数据元素,其仅与继承自其祖先的数据元素的访问权限相关联,多重数据元素中的一些是受保护的数据元素,其被阻止与继承的访问权限相关联并且因此仅与非继承的独有访问权限相关联,以及多个数据元素中的一些是混合数据元素,其未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,该独有访问权限中的一些与继承的访问权限可能是冗余的;以及通过确定与受保护的数据元素相关联的哪些独有访问权限是与层次结构中直接在该受保护的数据元素上方的数据元素相关联的访问权限相同的,并且响应于此,不存储与受保护的数据元素相关联的独有访问权限,来阻止访问权限重叠。
附图说明
通过以下结合附图的详细描述将更全面地理解和认识本发明,附图中:
图1是示出了根据本发明优选实施方式构造和操作的访问权限管理系统的简化框图;
图2是指示图1的访问权限管理系统的操作中的步骤的简化流程图;
图3是示出了根据本发明另一优选实施方式构造和操作的访问权限管理系统的简化框图;以及
图4是指示图3的访问权限管理系统的操作中的步骤的简化流程图。
具体实施方式
现在参考图1和图2,图1是示出了根据本发明优选实施方式构造和操作的访问权限管理系统的简化框图,图2是指示图1的访问权限管理系统的操作中的步骤的简化流程图。图1和图2的访问权限管理系统优选地适合于在包括多个不同的客户端、计算机硬件资源和计算机软件资源的企业计算机网络以及包括数据元素层次结构的文件系统中操作。
优选地,图1&图2的系统包括层次化访问权限存储库,该层次化访问权限存储库包括与以数据元素层次结构排列的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些仅与继承自其祖先的数据元素的访问权限相关联,多重数据元素中的一些被阻止与继承的访问权限相关联并且因此仅与非继承的独有访问权限相关联,以及多重数据元素中的一些未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,独有访问权限中的一些可能与继承的访问权限是冗余的。应当理解,例如,可以通过诸如由IT管理员将数据元素配置为不允许从其任一祖先继承访问权限的数据元素来实现阻止继承的访问权限与数据元素相关联。
根据本发明的优选实施方式,图1&图2的系统还包括访问权限冗余阻止引擎,操作为确定哪些独有访问权限与继承的访问权限是冗余的,并且响应于此,而不在存储库中存储与继承的访问权限冗余的独有访问权限。
如图2所示,对于数据元素层次结构中的每个数据元素,系统确定数据元素是否具有与其相关联的独有访问权限。此后,该系统确定数据元素是否也具有与其相关联的继承的访问权限。此后,该系统确定与数据元素相关联的任一独有访问权限是否与关联于数据元素的任一继承的访问权限相冗余。此后,对于每个数据元素,系统在存储库中仅存储与任一继承的访问权限都不冗余的独有访问权限。
现在参照图3和图4,图3是示出了根据本发明另一优选实施方式构造和操作的访问权限管理系统的简化框图,图4是指示在图3的访问权限管理系统的操作中的步骤的简化流程图。图3&图4的访问权限管理系统优选地适合于在包括多个不同客户端、计算机硬件资源和计算机软件资源的企业级计算机网络以及包括数据元素层次结构的文件系统中操作。
优选地,图3&图4的系统包括层次化访问权限存储库,该层次化访问权限存储库包括与以数据元素层次排列的多重数据元素相关的多重访问权限,并且其中,多重数据元素中的一些是继承的数据元素,其仅与自其祖先的数据元素继承的访问权限相关联;多重数据元素中的一些是受保护的数据元素,其被阻止与继承的访问权限相关联并且因此仅与非继承的独有访问权限相关联,并且多重数据元素中的一些是混合数据元素,其未被阻止与继承的访问权限相关联,并且不仅与继承的访问权限相关联而且还与非继承的独有访问权限相关联,独有访问权限中的一些与继承的访问权限可能是冗余的(redundant)。
根据本发明的优选实施方式,图3&图4的系统还包括访问权限重叠阻止引擎,操作为确定与受保护的数据元素相关联的哪些独有访问权限是与在层次结构中受保护的数据元素的直接上级的数据元素相关联的访问权限相同的,并且响应于此而不存储与受保护的数据元素相关联的独有访问权限。
如在图4中所示,对于数据元素层次结构中的每个受保护的数据元素,系统确定与其相关联的独有访问权限是否是与层次结构中受保护的数据元素的直接上级的数据元素相关联的访问权限相同的。此后,仅对于与其相关联的独有访问权限不同于与层次结构中的受保护的数据元素的直接上级的数据元素相关联的访问权限的受保护的数据元素,系统将与该受保护的数据元素相关联的独有访问权限存储在存储库中。
本领域中的普通技术人员将会理解,本发明不限于上文中具体示出和描述的内容。相反,本领域普通技术人员在阅读前述内容时,会想到本发明还包括上文中所描述的特征的各种组合和子组合及其变形和改变,并且其不在现有技术中。
Claims (2)
1.一种数据管理系统,用于供现有的组织文件系统使用,所述数据管理系统包括存储有计算机程序指令的非临时性有形的计算机可读介质,所述计算机程序指令在被计算机读取时,使所述计算机自动管理访问权限,所述数据管理系统包括:
探针引擎,与所述组织文件系统进行通信并用于以在线的方式从所述组织文件系统收集访问权限信息;
冗余减少引擎,从所述探针引擎接收输出并且提供冗余减少的信息流;以及
冗余减少信息数据库,接收并存储所述冗余减少的信息流;
所述冗余减少信息数据库存储与所述组织文件系统的一组访问许可的子组相关的信息,所述子组由所述冗余减少引擎创建,
所述冗余减少引擎用于:
确认对所述组织文件系统的多重访问权限中的哪些是独有访问权限,所述独有访问权限是不被继承的访问权限;
确认对所述组织文件系统的所述多重访问权限中的哪些是继承的访问权限;
确认所述独有访问权限的任一个与所述继承的访问权限中的任一个是否是冗余的;以及
响应于确认所述独有访问权限的任一个与所述继承的访问权限中的任一个是冗余的,从对所述组织文件系统的所述多重访问权限中去除所述组织文件系统的、与所述继承的访问权限是冗余的所述独有访问权限。
2.一种数据管理方法,包括:
通过探针引擎与组织文件系统进行通信并用于以在线的方式从所述组织文件系统收集访问权限信息;
通过冗余减少引擎从所述探针引擎接收输出并且提供冗余减少的信息流;以及
通过冗余减少信息数据库接收并存储所述冗余减少的信息流;
通过所述冗余减少信息数据库存储与所述组织文件系统的一组访问许可的子组相关的信息,所述子组由所述冗余减少引擎创建,
所述数据管理方法还包括通过所述冗余减少引擎执行的以下步骤:
确认对所述组织文件系统的多重访问权限中的哪些是独有访问权限,所述独有访问权限是不被继承的访问权限;
确认对所述组织文件系统的所述多重访问权限中的哪些是继承的访问权限;
确认所述独有访问权限的任一个与所述继承的访问权限中的任一个是否是冗余的;以及
响应于确认所述独有访问权限的任一个与所述继承的访问权限中的任一个是冗余的,从对所述组织文件系统的所述多重访问权限中去除所述组织文件系统的、与所述继承的访问权限是冗余的所述独有访问权限。
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201161477662P | 2011-04-21 | 2011-04-21 | |
US61/477,662 | 2011-04-21 | ||
US13/159,903 US9680839B2 (en) | 2011-01-27 | 2011-06-14 | Access permissions management system and method |
US13/159,903 | 2011-06-14 | ||
PCT/IL2012/000163 WO2012143920A2 (en) | 2011-04-21 | 2012-04-18 | Access permissions management system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103975324A CN103975324A (zh) | 2014-08-06 |
CN103975324B true CN103975324B (zh) | 2017-03-15 |
Family
ID=47022107
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201280029360.3A Expired - Fee Related CN103975324B (zh) | 2011-04-21 | 2012-04-18 | 访问权限管理系统及方法 |
Country Status (4)
Country | Link |
---|---|
US (4) | US9680839B2 (zh) |
EP (1) | EP2700028A4 (zh) |
CN (1) | CN103975324B (zh) |
WO (1) | WO2012143920A2 (zh) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10296596B2 (en) | 2010-05-27 | 2019-05-21 | Varonis Systems, Inc. | Data tagging |
US9680839B2 (en) | 2011-01-27 | 2017-06-13 | Varonis Systems, Inc. | Access permissions management system and method |
EP2668562A4 (en) * | 2011-01-27 | 2015-05-20 | Varonis Systems Inc | SYSTEM AND METHOD FOR MANAGING ACCESS RIGHTS |
US8909673B2 (en) | 2011-01-27 | 2014-12-09 | Varonis Systems, Inc. | Access permissions management system and method |
US9515999B2 (en) | 2011-12-21 | 2016-12-06 | Ssh Communications Security Oyj | Automated access, key, certificate, and credential management |
US9613052B2 (en) * | 2012-06-05 | 2017-04-04 | International Business Machines Corporation | Establishing trust within a cloud computing system |
US11151515B2 (en) | 2012-07-31 | 2021-10-19 | Varonis Systems, Inc. | Email distribution list membership governance method and system |
US9251363B2 (en) | 2013-02-20 | 2016-02-02 | Varonis Systems, Inc. | Systems and methodologies for controlling access to a file system |
US10277601B1 (en) | 2015-05-11 | 2019-04-30 | Google Llc | System and method for recursive propagating application access control |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6772350B1 (en) * | 1998-05-15 | 2004-08-03 | E.Piphany, Inc. | System and method for controlling access to resources in a distributed environment |
CN101316273A (zh) * | 2008-05-12 | 2008-12-03 | 华中科技大学 | 一种分布式安全存储系统 |
Family Cites Families (131)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5465387A (en) | 1993-10-08 | 1995-11-07 | At&T Corp. | Adaptive fraud monitoring and control |
US5956715A (en) | 1994-12-13 | 1999-09-21 | Microsoft Corporation | Method and system for controlling user access to a resource in a networked computing environment |
US5761669A (en) | 1995-06-06 | 1998-06-02 | Microsoft Corporation | Controlling access to objects on multiple operating systems |
US5889952A (en) | 1996-08-14 | 1999-03-30 | Microsoft Corporation | Access check system utilizing cached access permissions |
US6023765A (en) | 1996-12-06 | 2000-02-08 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role-based access control in multi-level secure systems |
DE69818008T2 (de) | 1997-01-20 | 2004-08-05 | British Telecommunications P.L.C. | Datenzugriffssteuerung |
US6178505B1 (en) | 1997-03-10 | 2001-01-23 | Internet Dynamics, Inc. | Secure delivery of information in a network |
US5899991A (en) | 1997-05-12 | 1999-05-04 | Teleran Technologies, L.P. | Modeling technique for system access control and management |
US6735701B1 (en) | 1998-06-25 | 2004-05-11 | Macarthur Investments, Llc | Network policy management and effectiveness system |
US6446077B2 (en) | 1998-09-21 | 2002-09-03 | Microsoft Corporation | Inherited information propagator for objects |
US7305562B1 (en) | 1999-03-09 | 2007-12-04 | Citibank, N.A. | System, method and computer program product for an authentication management infrastructure |
US6338082B1 (en) | 1999-03-22 | 2002-01-08 | Eric Schneider | Method, product, and apparatus for requesting a network resource |
JP2001188699A (ja) | 1999-12-28 | 2001-07-10 | Ibm Japan Ltd | アクセス制御機構を備えたデータ処理システム |
AU6985601A (en) | 2000-06-16 | 2002-01-02 | Mindport Usa | Methods and systems to distribute content via a network utilizing distributed conditional access agents and secure agents, and to perform digital rights management (drm) |
US20020026592A1 (en) | 2000-06-16 | 2002-02-28 | Vdg, Inc. | Method for automatic permission management in role-based access control systems |
US7185192B1 (en) * | 2000-07-07 | 2007-02-27 | Emc Corporation | Methods and apparatus for controlling access to a resource |
US20030051026A1 (en) | 2001-01-19 | 2003-03-13 | Carter Ernst B. | Network surveillance and security system |
US7185364B2 (en) | 2001-03-21 | 2007-02-27 | Oracle International Corporation | Access system interface |
US6622220B2 (en) | 2001-03-15 | 2003-09-16 | Hewlett-Packard Development Company, L.P. | Security-enhanced network attached storage device |
US20030048301A1 (en) | 2001-03-23 | 2003-03-13 | Menninger Anthony Frank | System, method and computer program product for editing supplier site information in a supply chain management framework |
US7068592B1 (en) | 2001-05-10 | 2006-06-27 | Conexant, Inc. | System and method for increasing payload capacity by clustering unloaded bins in a data transmission system |
US7017183B1 (en) | 2001-06-29 | 2006-03-21 | Plumtree Software, Inc. | System and method for administering security in a corporate portal |
US7260555B2 (en) | 2001-12-12 | 2007-08-21 | Guardian Data Storage, Llc | Method and architecture for providing pervasive security to digital assets |
JP2003242123A (ja) | 2002-02-21 | 2003-08-29 | Hitachi Ltd | 合議型アクセス制御方法 |
US6996577B1 (en) | 2002-02-25 | 2006-02-07 | Novell, Inc. | Method and system for automatically grouping objects in a directory system based on their access patterns |
US20030231207A1 (en) | 2002-03-25 | 2003-12-18 | Baohua Huang | Personal e-mail system and method |
GB0207354D0 (en) | 2002-03-28 | 2002-05-08 | Ibm | Inheritance of access controls within a hierarchy of data processing system resources |
US7007032B1 (en) | 2002-07-01 | 2006-02-28 | Cisco Technology, Inc. | Method and apparatus for removing redundancies from a list of data structures |
US7219234B1 (en) | 2002-07-24 | 2007-05-15 | Unisys Corporation | System and method for managing access rights and privileges in a data processing system |
JP4393762B2 (ja) | 2002-12-19 | 2010-01-06 | 株式会社日立製作所 | データベース処理方法及び装置並びにその処理プログラム |
US7779247B2 (en) | 2003-01-09 | 2010-08-17 | Jericho Systems Corporation | Method and system for dynamically implementing an enterprise resource policy |
US7403925B2 (en) | 2003-03-17 | 2008-07-22 | Intel Corporation | Entitlement security and control |
US7124272B1 (en) | 2003-04-18 | 2006-10-17 | Symantec Corporation | File usage history log for improved placement of files in differential rate memory according to frequency of utilizations and volatility of allocation space |
US20070276823A1 (en) | 2003-05-22 | 2007-11-29 | Bruce Borden | Data management systems and methods for distributed data storage and management using content signatures |
EP1480104A3 (en) * | 2003-05-22 | 2007-05-30 | Ricoh Company, Ltd. | Information processing apparatus entry information management method, certification function control method, a computer program and a computer readable storage medium |
EP1627286A1 (en) | 2003-05-28 | 2006-02-22 | Belarc, Inc. | Secure user access subsystem for use in a computer information database system |
US20040249847A1 (en) | 2003-06-04 | 2004-12-09 | International Business Machines Corporation | System and method for identifying coherent objects with applications to bioinformatics and E-commerce |
US20040254919A1 (en) | 2003-06-13 | 2004-12-16 | Microsoft Corporation | Log parser |
US7350237B2 (en) | 2003-08-18 | 2008-03-25 | Sap Ag | Managing access control information |
US7421555B2 (en) | 2003-08-22 | 2008-09-02 | Bluearc Uk Limited | System, device, and method for managing file security attributes in a computer file storage system |
US20050065823A1 (en) | 2003-09-23 | 2005-03-24 | Siemens Medical Solutions Usa, Inc. | Method and apparatus for privacy checking |
US20050086529A1 (en) | 2003-10-21 | 2005-04-21 | Yair Buchsbaum | Detection of misuse or abuse of data by authorized access to database |
US7251822B2 (en) | 2003-10-23 | 2007-07-31 | Microsoft Corporation | System and methods providing enhanced security model |
US20050108206A1 (en) | 2003-11-14 | 2005-05-19 | Microsoft Corporation | System and method for object-oriented interaction with heterogeneous data stores |
US8600920B2 (en) | 2003-11-28 | 2013-12-03 | World Assets Consulting Ag, Llc | Affinity propagation in adaptive network-based systems |
US7743420B2 (en) | 2003-12-02 | 2010-06-22 | Imperva, Inc. | Dynamic learning method and adaptive normal behavior profile (NBP) architecture for providing fast protection of enterprise applications |
US8078481B2 (en) | 2003-12-05 | 2011-12-13 | John Steinbarth | Benefits administration system and methods of use and doing business |
JP2005242586A (ja) | 2004-02-25 | 2005-09-08 | Fuji Xerox Co Ltd | 文書ビュー提供のためのプログラム、装置、システム及び方法 |
US20050203881A1 (en) | 2004-03-09 | 2005-09-15 | Akio Sakamoto | Database user behavior monitor system and method |
JP4390263B2 (ja) | 2004-03-18 | 2009-12-24 | 日立ソフトウエアエンジニアリング株式会社 | セキュアosにおけるプロセスのアクセス権限可視化表示方法 |
US20050246762A1 (en) | 2004-04-29 | 2005-11-03 | International Business Machines Corporation | Changing access permission based on usage of a computer resource |
US7568230B2 (en) | 2004-06-09 | 2009-07-28 | Lieberman Software Corporation | System for selective disablement and locking out of computer system objects |
US7421740B2 (en) | 2004-06-10 | 2008-09-02 | Sap Ag | Managing user authorizations for analytical reporting based on operational authorizations |
US20050289127A1 (en) | 2004-06-25 | 2005-12-29 | Dominic Giampaolo | Methods and systems for managing data |
US20060037062A1 (en) | 2004-08-09 | 2006-02-16 | International Business Machines Corporation | Method, system and program product for securing resources in a distributed system |
JP4455239B2 (ja) * | 2004-09-10 | 2010-04-21 | キヤノン株式会社 | 情報処理方法及び装置 |
CN1291569C (zh) | 2004-09-24 | 2006-12-20 | 清华大学 | 一种附网存储设备中用户访问行为的异常检测方法 |
US7669244B2 (en) | 2004-10-21 | 2010-02-23 | Cisco Technology, Inc. | Method and system for generating user group permission lists |
US20060184459A1 (en) | 2004-12-10 | 2006-08-17 | International Business Machines Corporation | Fuzzy bi-clusters on multi-feature data |
US8200700B2 (en) | 2005-02-01 | 2012-06-12 | Newsilike Media Group, Inc | Systems and methods for use of structured and unstructured distributed data |
US8245280B2 (en) | 2005-02-11 | 2012-08-14 | Samsung Electronics Co., Ltd. | System and method for user access control to content in a network |
EP1873650A4 (en) | 2005-04-21 | 2010-11-10 | Mitsubishi Electric Corp | COMPUTERS, METHOD OF CONTROLLING ACCESS TO COMPUTER DEVICES AND ACCESS CONTROL PROGRAM |
US20090320088A1 (en) | 2005-05-23 | 2009-12-24 | Jasvir Singh Gill | Access enforcer |
US7664737B2 (en) * | 2005-05-31 | 2010-02-16 | Sap, Ag | Method for generating documents using layer-specific inheritance rules |
US7606801B2 (en) | 2005-06-07 | 2009-10-20 | Varonis Inc. | Automatic management of storage access control |
US20070011147A1 (en) | 2005-06-22 | 2007-01-11 | Affiniti, Inc. | Systems and methods for retrieving data |
US8365254B2 (en) | 2005-06-23 | 2013-01-29 | Microsoft Corporation | Unified authorization for heterogeneous applications |
US8341345B2 (en) | 2005-08-08 | 2012-12-25 | International Business Machines Corporation | System and method for providing content based anticipative storage management |
JP2007075950A (ja) | 2005-09-14 | 2007-03-29 | Kobe Steel Ltd | マイクロ流体デバイスおよびその製法 |
JP4208086B2 (ja) | 2005-09-27 | 2009-01-14 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 情報の機密性を管理する装置、および、その方法 |
US20070136603A1 (en) * | 2005-10-21 | 2007-06-14 | Sensis Corporation | Method and apparatus for providing secure access control for protected information |
US8180826B2 (en) | 2005-10-31 | 2012-05-15 | Microsoft Corporation | Media sharing and authoring on the web |
US20070156693A1 (en) | 2005-11-04 | 2007-07-05 | Microsoft Corporation | Operating system roles |
US7529748B2 (en) | 2005-11-15 | 2009-05-05 | Ji-Rong Wen | Information classification paradigm |
US7707178B2 (en) | 2005-11-28 | 2010-04-27 | Commvault Systems, Inc. | Systems and methods for classifying and transferring information in a storage network |
US7652990B2 (en) | 2005-11-29 | 2010-01-26 | Alcatel-Lucent Usa Inc. | Method and apparatus for providing quality of service level in broadband communications systems |
US8321437B2 (en) | 2005-12-29 | 2012-11-27 | Nextlabs, Inc. | Detecting behavioral patterns and anomalies using activity profiles |
US7716240B2 (en) | 2005-12-29 | 2010-05-11 | Nextlabs, Inc. | Techniques and system to deploy policies intelligently |
US8447829B1 (en) * | 2006-02-10 | 2013-05-21 | Amazon Technologies, Inc. | System and method for controlling access to web services resources |
US20070214497A1 (en) * | 2006-03-10 | 2007-09-13 | Axalto Inc. | System and method for providing a hierarchical role-based access control |
US8561146B2 (en) | 2006-04-14 | 2013-10-15 | Varonis Systems, Inc. | Automatic folder access management |
US8769604B2 (en) | 2006-05-15 | 2014-07-01 | Oracle International Corporation | System and method for enforcing role membership removal requirements |
US7552126B2 (en) | 2006-06-02 | 2009-06-23 | A10 Networks, Inc. | Access record gateway |
US20080031447A1 (en) | 2006-08-04 | 2008-02-07 | Frank Geshwind | Systems and methods for aggregation of access to network products and services |
US20080034402A1 (en) | 2006-08-07 | 2008-02-07 | International Business Machines Corporation | Methods, systems, and computer program products for implementing policy-based security control functions |
US7685194B2 (en) * | 2006-08-31 | 2010-03-23 | Microsoft Corporation | Fine-grained access control in a database by preventing information leakage and removing redundancy |
US8554749B2 (en) | 2006-10-23 | 2013-10-08 | Adobe Systems Incorporated | Data file access control |
JP4882671B2 (ja) * | 2006-11-01 | 2012-02-22 | 富士通株式会社 | アクセス制御方法及びアクセス制御システム並びにプログラム |
US7849496B2 (en) | 2006-12-28 | 2010-12-07 | International Business Machines Corporation | Providing enterprise management of amorphous communities |
US20080162707A1 (en) | 2006-12-28 | 2008-07-03 | Microsoft Corporation | Time Based Permissioning |
US20080172720A1 (en) | 2007-01-15 | 2008-07-17 | Botz Patrick S | Administering Access Permissions for Computer Resources |
US20080184330A1 (en) | 2007-01-25 | 2008-07-31 | Lal Rakesh M | Levels of access to medical diagnostic features based on user login |
CN101282330B (zh) | 2007-04-04 | 2013-08-28 | 华为技术有限公司 | 网络存储访问权限管理方法及装置、网络存储访问控制方法 |
US20080270451A1 (en) | 2007-04-24 | 2008-10-30 | Interse A/S | System and Method of Generating a Metadata Model for Use in Classifying and Searching for Information Objects Maintained in Heterogeneous Data Stores |
US8239925B2 (en) | 2007-04-26 | 2012-08-07 | Varonis Systems, Inc. | Evaluating removal of access permissions |
US8239351B2 (en) * | 2007-06-07 | 2012-08-07 | Apple Inc. | Methods and systems for managing permissions data |
US8621610B2 (en) | 2007-08-06 | 2013-12-31 | The Regents Of The University Of Michigan | Network service for the detection, analysis and quarantine of malicious and unwanted files |
US7983264B2 (en) * | 2007-08-21 | 2011-07-19 | Cyber Operations, Inc. | Access control list management system |
US8438611B2 (en) | 2007-10-11 | 2013-05-07 | Varonis Systems Inc. | Visualization of access permission status |
US20090249446A1 (en) | 2007-10-22 | 2009-10-01 | Paul Thomas Jenkins | Method and system for managing enterprise content |
US8438612B2 (en) | 2007-11-06 | 2013-05-07 | Varonis Systems Inc. | Visualization of access permission status |
US8132231B2 (en) | 2007-12-06 | 2012-03-06 | International Business Machines Corporation | Managing user access entitlements to information technology resources |
US8032485B2 (en) | 2008-02-01 | 2011-10-04 | American Express Travel Related Services Company, Inc. | Rapid caching and data delivery system and method |
US20090265780A1 (en) | 2008-04-21 | 2009-10-22 | Varonis Systems Inc. | Access event collection |
US8224873B1 (en) * | 2008-05-22 | 2012-07-17 | Informatica Corporation | System and method for flexible security access management in an enterprise |
US8196195B2 (en) * | 2008-07-11 | 2012-06-05 | International Business Machines Corporation | Role-based privilege management |
US8286255B2 (en) | 2008-08-07 | 2012-10-09 | Sophos Plc | Computer file control through file tagging |
US9213849B2 (en) * | 2008-08-28 | 2015-12-15 | International Business Machines Corporation | Hierarchical access control administration preview |
US8527522B2 (en) | 2008-09-05 | 2013-09-03 | Ramp Holdings, Inc. | Confidence links between name entities in disparate documents |
US20100070881A1 (en) | 2008-09-12 | 2010-03-18 | At&T Intellectual Property I, L.P. | Project facilitation and collaboration application |
US20100262625A1 (en) | 2009-04-08 | 2010-10-14 | Glenn Robert Pittenger | Method and system for fine-granularity access control for database entities |
JP2010287171A (ja) | 2009-06-15 | 2010-12-24 | Nippon Telegr & Teleph Corp <Ntt> | アクセス制御可視化装置、アクセス制御可視化方法、及びそのプログラム |
US9641334B2 (en) | 2009-07-07 | 2017-05-02 | Varonis Systems, Inc. | Method and apparatus for ascertaining data access permission of groups of users to groups of data elements |
US8639724B1 (en) | 2009-07-31 | 2014-01-28 | Amazon Technologies, Inc. | Management of cached object mapping information corresponding to a distributed storage system |
US8578507B2 (en) | 2009-09-09 | 2013-11-05 | Varonis Systems, Inc. | Access permissions entitlement review |
US20110061093A1 (en) | 2009-09-09 | 2011-03-10 | Ohad Korkus | Time dependent access permissions |
US9904685B2 (en) | 2009-09-09 | 2018-02-27 | Varonis Systems, Inc. | Enterprise level data management |
CN101692278A (zh) | 2009-10-30 | 2010-04-07 | 北京阿林网络信息服务有限公司 | 由服务器实现物品赠送信息或受赠信息的传播与控制的方法及系统 |
WO2011063269A1 (en) * | 2009-11-20 | 2011-05-26 | Alert Enterprise, Inc. | Method and apparatus for risk visualization and remediation |
US9870480B2 (en) | 2010-05-27 | 2018-01-16 | Varonis Systems, Inc. | Automatic removal of global user security groups |
EP2577445A4 (en) | 2010-05-27 | 2014-04-02 | Varonis Systems Inc | DATA MARK |
US8533787B2 (en) | 2011-05-12 | 2013-09-10 | Varonis Systems, Inc. | Automatic resource ownership assignment system and method |
CN108920502B (zh) | 2010-05-27 | 2021-11-23 | 瓦欧尼斯系统有限公司 | 数据分类 |
US8959115B2 (en) * | 2010-07-09 | 2015-02-17 | Symantec Corporation | Permission tracking systems and methods |
US9147180B2 (en) | 2010-08-24 | 2015-09-29 | Varonis Systems, Inc. | Data governance for email systems |
US8996575B2 (en) | 2010-09-29 | 2015-03-31 | M-Files Oy | Method, an apparatus, a computer system, a security component and a computer readable medium for defining access rights in metadata-based file arrangement |
JP2012132276A (ja) | 2010-12-24 | 2012-07-12 | Sougokaihatsu Co Ltd | 暗渠疎水材投入装置 |
US8683560B1 (en) * | 2010-12-29 | 2014-03-25 | Amazon Technologies, Inc. | Techniques for credential generation |
US9680839B2 (en) | 2011-01-27 | 2017-06-13 | Varonis Systems, Inc. | Access permissions management system and method |
US8909673B2 (en) * | 2011-01-27 | 2014-12-09 | Varonis Systems, Inc. | Access permissions management system and method |
EP2668562A4 (en) | 2011-01-27 | 2015-05-20 | Varonis Systems Inc | SYSTEM AND METHOD FOR MANAGING ACCESS RIGHTS |
-
2011
- 2011-06-14 US US13/159,903 patent/US9680839B2/en active Active
- 2011-11-24 US US13/378,115 patent/US10721234B2/en active Active
-
2012
- 2012-04-18 CN CN201280029360.3A patent/CN103975324B/zh not_active Expired - Fee Related
- 2012-04-18 WO PCT/IL2012/000163 patent/WO2012143920A2/en active Application Filing
- 2012-04-18 EP EP12774249.2A patent/EP2700028A4/en not_active Withdrawn
-
2016
- 2016-12-16 US US15/381,239 patent/US10102389B2/en active Active
-
2018
- 2018-09-07 US US16/124,658 patent/US10476878B2/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6772350B1 (en) * | 1998-05-15 | 2004-08-03 | E.Piphany, Inc. | System and method for controlling access to resources in a distributed environment |
CN101316273A (zh) * | 2008-05-12 | 2008-12-03 | 华中科技大学 | 一种分布式安全存储系统 |
Also Published As
Publication number | Publication date |
---|---|
US20170098091A1 (en) | 2017-04-06 |
US9680839B2 (en) | 2017-06-13 |
WO2012143920A2 (en) | 2012-10-26 |
WO2012143920A3 (en) | 2015-06-18 |
US20190007413A1 (en) | 2019-01-03 |
US10102389B2 (en) | 2018-10-16 |
US20120272294A1 (en) | 2012-10-25 |
US20120271853A1 (en) | 2012-10-25 |
EP2700028A4 (en) | 2016-06-01 |
US10476878B2 (en) | 2019-11-12 |
US10721234B2 (en) | 2020-07-21 |
EP2700028A2 (en) | 2014-02-26 |
CN103975324A (zh) | 2014-08-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103975324B (zh) | 访问权限管理系统及方法 | |
EP3195556B1 (de) | Verteilte datenspeicherung mittels berechtigungstoken | |
US8474012B2 (en) | Progressive consent | |
EP1625691B1 (en) | System and method for electronic document security | |
EP1770546A1 (en) | Electronic document management system | |
CA2636810C (en) | Anticipatory changes to resources managed by locks | |
EP1513075A2 (en) | Method and apparatus for protecting regions of an electronic document | |
US20100036861A1 (en) | Method and System for Implementing Parallel Transformations of Records | |
US8166472B2 (en) | Installation utility system and method | |
US20080244738A1 (en) | Access control | |
US10789423B2 (en) | Controlling a collaborative data preparation process | |
US20110307457A1 (en) | Integrated duplicate elimination system, data storage device, and server device | |
US8856467B2 (en) | Management of metadata in a storage subsystem | |
US20130219470A1 (en) | Systems and methods for integration of business applications with enterprise content management systems | |
JP5072550B2 (ja) | 情報処理装置及び情報処理方法及びプログラム | |
CN105630418A (zh) | 一种数据存储方法及装置 | |
CN103514216B (zh) | 基于数据库系统的流水号生成方法 | |
US20110004583A1 (en) | Database system, database update method, database, and database update program | |
WO2007013983A2 (en) | Access based file system directory enumeration | |
CN102436633A (zh) | 数据管理方法及系统、数据库系统 | |
US8019729B2 (en) | System and method for updating file | |
US9977912B1 (en) | Processing backup data based on file system authentication | |
KR101661789B1 (ko) | 양방향 동기 중에 자기 참조 필드의 동기 | |
CN102792273B (zh) | 双模式读写锁 | |
CN112883105A (zh) | 共享数据的差异访问控制的系统和方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20170315 |
|
CF01 | Termination of patent right due to non-payment of annual fee |