GB2366888A - Restricting data access to data in data processing systems - Google Patents

Restricting data access to data in data processing systems Download PDF

Info

Publication number
GB2366888A
GB2366888A GB0109182A GB0109182A GB2366888A GB 2366888 A GB2366888 A GB 2366888A GB 0109182 A GB0109182 A GB 0109182A GB 0109182 A GB0109182 A GB 0109182A GB 2366888 A GB2366888 A GB 2366888A
Authority
GB
United Kingdom
Prior art keywords
data
item
user
processing system
storage device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB0109182A
Other versions
GB0109182D0 (en
Inventor
Randolph Michael Forlenza
Herman Rodriguez
Miguel Sang
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of GB0109182D0 publication Critical patent/GB0109182D0/en
Publication of GB2366888A publication Critical patent/GB2366888A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A method, in which, whenever a user or program running on a data processing system 106 requests a data item from the network, that data item is compared to a list of data items that the user of the machine is authorized or is not authorized to retrieve. Such a list of files for which the user is or is not authorized, an access control list, is distributed from one data processing system to another in the preferred embodiment by means of a secure mobile storage device, such as a smart card 124. In addition to verifying through the access control list stored on the secure mobile storage device that the user of the system requesting a file is authorized to access that file, the system can verify that the user of the secure mobile storage device is the authorized user of the secure mobile storage device by requiring the user to submit identification data such as a password or hand print scan. Further, the user can store web browser configuration and usage history data on the secure mobile storage device. Such data could include the configuration of browser preferences for the user, bookmarks, or a complete history of all sites visited. The system may be used for parental or employer control of the web.

Description

<Desc/Clms Page number 1> RESTRICTING ACCESS TO DATA IN DATA PROCESSING SYSTEMS BACKGROUND OF THE INVENTION 1. Technical Field: The present invention relates generally to restricting access to data in data processing systems and in particular to granting and restricting access to data on the basis of access control lists.
2. Description of the Related Art: Measures to combat unauth6rized access to files stored on data processing system networks have existed since the proliferation of those networks into relatively common use in the last quarter of the twentieth century. initially, these security measures centered around protecting the data stored on machines attached to a data processing system network from unauthorized access that might harm the objectives of the owners of the data in question. Security existed, initially, to prevent business or scientific data stored on data processing systems from falling into unauthorized hands. In this arena, protection centered on the damage that release of data might inflict on those attempting to prevent the release.
The age of the Internet then enlarged the scope of the purpose of security. in addition to the traditional concerns regarding access to files, owners of data processing systems now want to prohibit unauthorized users from accessing certain files stored on machines attached to a data processing system network for fear of the potential damage which might be inflicted, if access were allowed, an the entity requesting the files. The contemporary debate on Internet censorship illustrates this concern. Angry parents and community groups complain that access to sexually explicit and violent content on data processing system networks threatens the moral and psychological development of certain users, especially younger users. Employers also worry that access to sites not related to the work of employees damages the productivity of employees by encouraging them to spend time surfing recreational sites rather than working on tasks related to the missions of their firms. Employers also worry that the availability to some employees of content that could create a hostile work environment for other employees may expose'the employer to the threat of litigation. Many parties wish to limit the access of users of data processing systems to some files but no efficient system of doing so currently exists.
A plethora of inadequate or problematic solutions to the question of limiting access exist in the prior art. Some providers of Internet service
<Desc/Clms Page number 2>
employ filtering mechanisms whereby users of that service are restricted from surfing sites deemed to contain inappropriate content. While this approach works well in preventing unattended minors from accessing sites on the list of unacceptable information providers, it also prohibits adults using the service from accessing content that is blocked by the filter.
The filter does not discriminate according to the user and poses a problem for adults interested in research when articles on a given topic are provided in a magazine that also discusses items of an unacceptable nature. Moreover, the mechanical automation of the filters also prohibits users from reaching some content which is in no way offensive. A private college in the northern United States has actually considered changing its name, Beaver College, because some filtering algorithms sometimes exclude the site on the assumption that'its-frequent references to the water-dwelling mammal are actually content referring to a prurient interest. Filters of this sort create almost as many problems as -they solve.
An approach to preventing unauthorized access to web sites for the protection of the user in institutional contexts centers on configuring a particular machine to exclude users of that machine from accessing certain sites. In environments such as student computing laboratories in schools, different labs may be configured with machines allowing different content sets to be accessed by users according to age or other criteria. The obvious flaw in this approach lies in the fact that a user seeking unauthorized content need only walk to anot her machine on which the content type that the user seeks is authorized. Another problem lies in the somewhat cumbersome difficulty of reconfiguring the machine when the type of access for which it is to be used changes. If a user legitimately needs temporary access to a site that is outside of a machine's authorization, the system administrator's time must be wasted in changing the access permissions of the machine and then restoring them to their original settings when the cause of the temporary need for access disappears.
Another filtering mechanism centers on allowing browsing software to perform the filtering function. This is especially common in the homes of individual families and in smaller institutions such as public libraries. Rather than allowing system administrators to configure the sites that are allowed, this sort of filtering requires that one user of a machine, typically a parent or other adult, make decisions and institute appropriate settings for the other users, typically children. This approach allows substantial discretion and flexibility but has other problems that reduce the value of that advantage. Often, the relative data processing system illiteracy of the parents who are in charge of the filter software presents the greatest obstacle.. Filtering which relies on parental adjustments can not suffice in an environment where children are often more data processing
<Desc/Clms Page number 3>
system literate than the parents attempting to control access. With well known hackers at age 14 and parents who barely understand the technology that they are using, real difficulties surround attempts by parents to use a more customizable filter. This type of filtering arrangement leaves great opportunity for unauthorized customization by the parties whose access is supposedly being controlled.
Each approach presents weaknesses that disqualify it from some applications. In the case of filtered service providers, the lack of any form of flexibility for legitimate users whose access should not be reduced represents the primary hurdle. For users of individual- Ttachine based filtering, the ability of the prohibited user to simply move to another machine presents a real obstacle while the relative lack of flexibility also annoys persons attempting to use the system and system administrators involved in reconfiguration. Finally, the s oftware based configuration of individual browsers offers what may amount to excessive flexibility as it relies on user competence on the part of those who want to restrict access. No proposed solution provides what can be considered effective and flexible security.
It would be desirable, therefore, to be able to provide security which applies flexibly to individual users in a variety of contexts. SUMMARY OF THE INVENTION The present invention provides a solution for restricting access to data on the basis of personal identification data and access control lists carried on mobile storage devices. In this context, data, may include executables or any other system files.
In a first aspect, the invention provides a method of limiting access to data on a data processing system network, comprising: reading at least one unit of identification data and at least one access control data structure from a mobile storage device; receiving from a user or a program running on a data processing system a request for at least one item of data on a data processing system connected to the data processing system network; receiving from a user at least one item of identification data; comparing at least one item of identification data received from the user to at least one item of identification data read from the mobile storage ,device; responsive to corresponding entries in the user's at least one item of identification data and the at least one item of identification data read from the mobile storage device, comparing the request for at least one item of data to the access control data structure; and responsive to a correspondence between the request for at least one item of data and the
<Desc/Clms Page number 4>
access control data structure, requesting the at least one item of data from a server.
In a second aspect, the invention provides a method of limiting access to data on a data processing system network, comprising: reading at least one access control data structure from a mobile storage device; receiving from a user or a program running on a data processing system a request for at least one item of data on a data processing system connected to the data processing system network; responsive to a correspondence between the request for at least one item of data and the access control data structure, requesting the at -least one item of data from a server.
In a third aspect, the invention provides a system for limiting access to data on a data processing system network, comprising: means for reading at least one unit of identification data and at least one access control data structure from a mobile storage device; means for receiving from a user or a program running on a data processing system a request for at least one item of data on a data processing system connected to the data processing system network; means for receiving from a user at least one item of identification data; means for comparing the at least one item of identification data received from the user to the at least one item of identification data read from the mobile storage device; means for, responsive to corresponding entries in the use r's at least one item of identification data and the at least one item of identification data read from the mobile storage device, comparing the request for at least one item of data to the access control data structure; and means for, responsive to a correspondence between the request for at least one item of data and the access control data structure, requesting the at least one item of data from a server.
In a fourth aspect, the invention provides a system for limiting access to data on a data processing system network, comprising: means for reading at least one access control data structure from a mobile storage device; means for receiving from a user or a program running on a data processing system a request for at least one item of data on a data processing system connected to the data processing system network; means for, responsive to a correspondence between the request for at least one item of data and the access control data structure, requesting the at least one item of data from a server..
The invention allows a machine to selectively exclude content from certain users on the basis of an access control list. The security solution according to a preferred embodiment of the invention is portable to whatever machine is employed, producing a consistent set of browsing
<Desc/Clms Page number 5>
security standards without regard to the particular machine on which the user works.
A preferred embodiment of the invention will now be described. Whenever a user or program running on a data processing system requests a file from the network, that file is compared to a list of files that the user of the machine is authorized to retrieve. Such a list of files for which the user is authorized, an access control list, is distributed from one data processing system to another in the preferred embodiment by means of a secure mobile storage device, such as a SmartCard. In addition to verifying through the access control list stored on the s4#!cure mobile storage device that the user of the system requesting a file is authorized to access that file, the system-can verify that the user of the secure mobile storage device is the authorized user of the secure mobile storage device by requiring the user to submit identification data such as a password or hand print scan. Further, the user can store browser configuration and usage history data on the secure mobile storage device. Such data could include the configuration of browser preferences for the user, bookmarks, or a complete history of all sites visited.
The above described solutions may be provided by a computer program comprising program code for controlling the operation of a data processing system on which it runs.
BRIEF DESCRIPTION OF THE DRAWINGS Preferred embodiments of the present invention will now be described in more detail, by way of example only, with reference to the accompanying drawings in which: Figure 1 depicts a data processing system network in accordance with the preferred embodiment of the present invention; Figure 2 is a schematic of the basic components of a secure mobile storage device in accordance with a preferred embodiment of the present invention; Figure 3 depicts a message flow diagram for a system providing access control in accordance with a preferred embodiment of the present invention; ,and Figure 4 provides a high level flowchart for a process of providing access control in accordance with a preferred embodiment of the present invention.
<Desc/Clms Page number 6>
DETAILED DESCRIPTION OF THE INVENTION With reference now to the figures, and in particular with reference to Figure 1, a data processing system network in accordance with a preferred embodiment of the present invention is depicted. The data processing system network includes n servers 100 and 102 storing files and other data including World Wide Web (hereafter W-WW) content. These servers 100 and 102 are capable of selectively providing web page files in response to requests from n clients 104 and 106. In the preferred embodiment, such content is provided over a packetized data network such as the Internet 108. An individual client 106 might contain a variety of user applications 110 and other software programs. These could include all manner of network and non-network devendent applications ranging from spreadsheets to Internet telephony. one of the programs executing within the client 106 would typically be the operating system (hereafter OS) 112, which facilitates the interaction between a given application and the system hardware as well as the interactions between applications. Another program executing within client 106 in the preferred embodiment should be a web browser 114 or similar data access and retrieval application.
Among other constituent parts, the web browser 114 will typically have a 'file 116 for user data and preferences as well as a file 118 containing the user's bookmarks. Storage spac-e for web browser 114 may also include a file 120 containing password information useful in identifying a particular user and a file 122 containing access control lists which regulate the files that the user can download. The client 106 should also have an attached reader 124 or other input device for writing data to or reading data from a secure mobile storage device such as a "SmartCard" 126. The secure mobile storage device reader 124 will typically be connected to the client 106 by means of a communications link 134 such as a wireless data carrier or a conventional cable. Similarly, the clients 104 and 106 are connected to the Internet by analogous communications links 136 and 138 and the servers 100 and 102 are likewise connected by communications links 140 and 142. The communications links 136, 138, 140 and 142 connecting the clients and servers 100 and 102 to the Internet may actually be composed of a variety of combinations of the technologies previously mentioned.
Referring now to Figure 2, the basic components of a secure mobile storage device in accordance with a preferred embodiment of the present invention are illustrated. The secure mobile storage device 126 contains an input system 202, an output system 204, and a storage medium 206. The input system allows the reader 124 portrayed in Figure I to write data to
<Desc/Clms Page number 7>
the storage medium 206 and to read data from the storage medium 206. In implementing the preferred embodiment, the storage medium 206 should contain, as shown in the figure, a file 208 for user data and preferences, a file 210 containing access control lists that regulate the files that the user can download, and a file 212 containing the user's bookmarks and a history of the sites that the user has visited. Any or all of these can typically be sent to the client on request, enabling security details, user preferences, bookmarks, and history information to travel with the user. The storage medium 206 should also preferably contain password information 214 useful in verifying the identity of a particular user. Each of these items stored on the secure mobile-storage device could be used to update various corresponding files stored-in-the web browser 114. To the extent that storage medium 206 could contain files 208, 210, and 212 and password information for more than one user, the identity of the respective users should be associated with the respective files.
Other systems of secure access could also be used. Radio frequency badges, magnetic strip cards, and other media capable storing and making available identity data could be employed with appropriate readers. while the secure mobile storage device described as the preferred embodiment concentrates large amounts of information on the access control device carried by the user, some applications may be ser-ved more appropriately by storing only identification data on the card and holding the access control data for that identity in a client database or in a database stored on another machine connected to the client through the network. All of these design tradeoffs that may be chosen to accommodate the particular needs of particular customers fall within the spirit and scope of the invention.
With reference now to Figure 3, a message flow diagram for a system providing access control in accordance with a preferred embodiment of the present invention is depicted. The flow of data is shown between the client 106 (Figure 1) and the secure mobile storage device 126 (Figure 1) in an operation where an authorized user with a properly functioning secure mobile storage device and the appropriate identification data such as a password has requested a file. The constituent parts of the client 300 involved include the secure mobile storage device 10 unit 304 or SmartCard reader, the operating system 306, the browser 308, and the user 10 devices 310. Interaction with the server 312 is also described. The diagram shows each of the data units passing between these items in chronological order, from the top of the page at the start of the process to the bottom of the page at the end of the process.
<Desc/Clms Page number 8>
The process begins when the browser 308 sends an ACL/Security request 314 to the operating system 306. The ACL/Security request 314 is then forwarded 316 from the operating system 306 to the Secure mobile storage device 10 unit 304. The secure mobile storage device 10 unit 304 then forwards 318 the request to the Secure mobile storage device 302. In the preferred embodiment, the Secure mobile storage device 302 then sends the ACL/security data to the Secure mobile storage device 10 unit 304 of the client 300, The Secure mobile storage device 10 unit then forwards 321 the ACL/security data to the operating system 306. The operating system forwards 322 this information to the browser 308. Having,received the ACL/security data, identity verification can then begin.
In order to insure that the Secure mobile storage device 302 is not being fraudulently abused by someone other than the authorized user, the browser 308 sends a password request 324 to the operating system 306. The operating system 306 then forwards the password request 326 to the user 10 unit 310. Through the user 10 310, the user inputs a password 328 and it is relayed to the operating system 306. It is worth noting at this juncture that while a password is used in this example, other, more secure forms of identification could also be used. A scan of the user's retina, a voice frequency analysis, or a scanned thumb print would all perform as or more effectively in a situation where the additional implementation costs could be justified, In any case, the user pas-sword is forwarded 330 to the browser 308. Assuming at this point that the password given by the user for the secure mobile storage device is valid and that the access control list contains authorization for the file requested, a file request 332 is then sent from the browser 308 to the operating system 306. The operating system 306 forwards 334 the file request to the server 312. In response to the file request from the operating system 306 of the client 300, the server 312 sends the requested file 336 to the operating system 306 of the client 300 and the operating system 306 forwards 338 the requested file to the browser 308.
The discussion of files in the preferred embodiment should not he construed to exclude other forms of data provided in a manner consistent with the preferred embodiment. Content may include not only static files, but also a variety of data item types from access to applications running on the network to access to data streams for multimedia. It could also .include responses generated on the basis of a privileged user's query. All of these content forms that may be chosen to accommodate the particular needs of particular customers fall within the spirit and scope of the invention.
<Desc/Clms Page number 9>
Several forms of access control list could be used to determine that a file should or should not be provided to the user. In an environment where the user is to be allowed only to access a finite and relatively small number of sites or files, an access control list could take the form of a list of those files or sites that the user is authorized to access. Under this design, the designation such as URL or name of a particular file or site could be directly compared to an access control list to see if it occurs in the list. This is particularly appropriate where network access is to be used only for a single specific purpose such as ordering parts from a finite list of approved suppliers. Obviously, the delay in processing a request for access to a given site can be expected to grow in direct proportion to the number of sites allowed and this delay grows particularly cumbersome in the face of large numbers of sites.
A more flexible embodiment also exists. for HyperText Transmission Protocol (HTTP) based systems, granting the ability for browsers to regulate, control and restrict the browsing of Web page content according to classifications contained in the content labels embedded in web pages. The content labels within a HyperText Markup Language (HTML) document, for example, are contained within a META tag for the document such as that given in the text below: < META http-equiv="PICS-Label" content='(PICS-1.1 < service url> [option... I labels [option ... ratings ( < category> < value> (option ... ratings ( < category> < value> ... < service url> [option...
labels [option ... I ratings ( < category> < value> [option ... I ratings ( < category> < value> ... P> The "PICS-1.1" reference is to a version of the content- labeling/rating protocol established by the Platform for Internet Content Selection, a working group affiliated with the World Wide Web Consortium (W3C). The protocol is described in greater detail at www.w3.org/PICS. under this system, content labels are employed for either self-labeling by the content publisher or by a rating service such as the Internet Content ,Rating Association (www.irca.org).
Content labels for HTML documents may be transmitted within the HTML document, with the HTML document in an HTTP (or other RFC-822-style protocol) header, or separately from the HTML document from a "label
<Desc/Clms Page number 10>
bureau," which is typically just an off-the-shelf HTTP server running a special Common Gateway Interface (CGI) script. The labels from a label bureau may refer to any document that has an associated Uniform Resource Locator (URL), including those available through protocols other than HTTP, such as File Transfer Protocol (FTP), Gopher, or NetNews (see RFC-1738).
HTTP content labels are most frequently employed in filtering systems, such as those integrated with browsers to prevent children from inadvertently accessing sexually explicit or graphically violent material. Access to certain types of content identified by content label may be restricted. The access control list could, in this embodiment, contain a list of the content types to be allowed. When a page is requested, the browser could read the content type tags associated with the page and compare them to those listed in the access control list. If the content type given for the page is supported by the access control list for the requesting client, the file can then be provided. This contact labeling technology could also be extended to allow some file types to be provided automatically but to allow others to be provided only in conjunction with a password. This would allow a user, such as a juvenile surfing under the supervision of his parents, to access content which he would not normally be able to access without parental supervision.
Referring to Figure 4, which is intended-to be read in conjunction with the previous figures, a high level flow chart for a process providing access control in accordance with a preferred embodiment of the present invention is depicted. Figure 4 also illustrates additional flexible security features not illustrated in the previous diagrams. The process begins at step 400, which depicts a request for a file being received by the browser 308 from the user. The process next passes to step 402, which illustrates polling the user for a password. In order to facilitate some forms of access by all users, perhaps even those not carrying secure mobile storage devices, the user may be polled for a password in step 402 that would interact with any password data 120 shown as being stored in the browser on the client 106 in Figure 1. Therefore, if the user enters the correct password, the user's request for a file can be compared to the access control list 122 stored on the client 106. It is also possible to provide some baseline access for all users without any identification and restrict other items selectively.
This is accomplished as the process passes to step 404, which depicts comparison of the password entered by the user to the password data 120 stored in the client. As was shown in Figure. 3, the browser 308 sends a password request 324 to the operating system 306. The operating system 306
<Desc/Clms Page number 11>
then forwards the password request 326 to the user 10 unit 310. Through the user 10 310, the user inputs a password 328 and it is relayed to the operating system 306.
If this process is successful and an access control list corresponds to the password data entered by the user, the process would then pass to step 406, which illustrates the comparison of the file request to the authorized files in the access control list. If the two correspond and access is authorized, then the process proceeds to step 414, which depicts the requested page being provided to the web browser. This is accomplished as a file request 332 is then sent from the browser 308 to the operating system 306. The operating system 306 -forwards 334 the file request to the server 312. In response to the file request from the operating system 306 of the client 300, the server 312 sends the requested file 336 to the operating system 306 of the client 300 and the operating system 306 forwards 338 the requested file to the browser 308.
In the event that the decision depicted in step 404 indicates that the password given by the user 328 does not correspond to the password data 120 stored in the browser 308 on the client 300, then the security process of the preferred embodiment would proceed to step 408, which depicts the system prompting the user to insert a secure mobile storage device in the SmartCard reader 124. The process then passes to step 410, which depicts the system polling the secure mobile storage device for an access control list and password data. This action could be accomplished by the browser 308 sending an ACL/Security request 314 to the operating system 306. The ACL/Security request 314 is then forwarded 316 from the operating system 306 to the Secure mobile storage device 10 unit 304. The Secure mobile storage device 10 unit 304 then forwards 318 the request to the Secure mobile storage device 302. In the preferred embodiment, the Secure mobile storage device 302 then sends the ACL/security data to the Secure mobile storage device 10 unit 304 of the client 300. The secure mobile storage device 10 unit then forwards 321 the ACL/security data to the operating system 306. The operating system forwards 322 this information to the browser 308.
Having received the ACL/security data, identity verification can then begin. The identity verification process returns to step 402, which .depicts the system polling the user for the ACL password. The password and ACL process previously explained is repeated on the basis of the newly acquired password and access control list data from the secure mobile storage device. It is also worthy of note that the system of the preferred embodiment can contain a feature such that, whenever a secure mobile
<Desc/Clms Page number 12>
storage device is removed from its reader, access control lists that were stored on the client can be deleted and access can be suspended until the secure mobile storage device is replaced.
The process of the preferred embodiment herein presented allows a secure and flexible method of restricting access to files in data processing systems and in particular to granting access to files on the basis of access control lists. It does this by providing both default access controlled by access control lists stored on a data processing system and personalized access control lists stored on a secure mobile storage device. In the case of the default access, compa:#ison of identity data restricts the use of a set of access control lists stored on a data processing system. In the case-of personalized access, the preferred embodiment herein detailed restricts access to files on the basis of personal identification data and access cont.rol lists carried on mobile storage devices. Personalized access and personalized access restrictions can be secured through the use of a password, through mere possession of the secure mobile storage devices or a combination of the two.
It is important to note that while the present invention has been described in the context of a fully functional data processing system and/or network, those skilled in the art will appreciate that the mechanism of the present invention is capable of being distributed in the form program instructions recorded on a recording medium which is usable by a data processing system, and that the present invention applies equally regardless of the particular type of signal bearing medium used to actually carry out the distribution. Examples of such mediums include: nonvolatile, hard-coded type mediums such as read only memories (ROMs) or erasable, electrically programmable read only memories (EEPROMs), recordable type mediums such as floppy disks, hard disk drives and CD-ROMs, and transmission type mediums such as digital and analog communication links.
<Desc/Clms Page number 13>

Claims (14)

  1. CLAIMS 1. A method of limiting access to data on a data processing system network, comprising: reading at least one unit of identification data and at least one access control data structure from a mobile storage device; receiving from a user or a program running on a data processing system a request for at least one item of data on a data processing system connected to the data processing system network; receiving from a user at least one item. of identification data; comparing at least one item of identification data received from the user to at least one item of identification data read from the mobile storage device; responsive to corresponding entries in the user's at least one item of identification data and the at least one item of identification data read from the mobile storage device, comparing the request for at least one item of data to the access control data structure; and responsive to a correspondence between the request for at least one item of data and the access control data structure, requesting the at least one item of data from a server.
  2. 2. A method of limiting access to data on a data processing system network, comprising: reading at least one access control data structure from a mobile storage device; receiving from a user or a program running on a data processing system a request for at least one item of data on a data processing system connected to the data processing system network; responsive to a correspondence between the request for at least one item of data and the access control data structure, requesting the at least one item of data from a server,
  3. 3. The method of Claim 1, wherein the user's at least one item of identification data further comprises identification data entered by the user through an input device.
    <Desc/Clms Page number 14>
  4. 4. The method of Claim 1, wherein the user's at least one item of identification data further comprises imaging of a part of the user's anatomy for purpose of identification.
  5. 5. The method of Claim 1, wherein the user's at least one item of identification data further comprises multiple items of identification data.
  6. 6. The method of any one of claims 1, 3, 4 or 5, wherein the at least one item of identification data stored on a mobile storage device further comprises multiple items of identification data stored on'a mobile storage device.
  7. 7. The method of any preceding claim, wherein additional user data such as browser preferences and lists of previously requested files are stored on the mobile storage device.
  8. 8. A system for limiting access to data on a data processing system network, comprising: means for reading at least one unit of identification data and at least one access control data structure from a mobile storage device; means for receiving from a user or a program running on a data processing system a request for at least one item of data on a data processing system connected to the data processing system network; means for receiving from a user at least one item of identification data; means for comparing the at least one item of identification data received from the user to the at least one item of identification data read from the mobile storage device; means for, responsive to corresponding entries in the user's at least one item of identification data and the at least one item of identification data read from the mobile storage device, comparing the request for at least one item of data to the access control data structure; and means for, responsive to a correspondence between the request for at least one item of data and the access control data structure, requesting the at least one item of data from a server.
    <Desc/Clms Page number 15>
  9. 9. A system for limiting access to data on a data processing system network, comprising: means for reading at least one access control data structure from a mobile storage device; means for receiving from a user or a program running on a data processing system a request for at least one item of data on a data processing system connected to the data processing system network; means for, responsive to a correspondence between tiie request for at least one item of data and the acc-ess-control data structure, requesting the at least one item of data ffom a server.
  10. 10. The system of Claim 8, wherein the user's at least one item of identification data further comprises identification data entered by the user through an input device.
  11. ii. The system of Claim 8, wherein the user's at least one item of identification data further comprises imaging of a part of the user's anatomy for purpose of identification.
  12. 12. The system of Claim 8, wherein the user's at least one item of identification data further comprises multiple items of identification data.
  13. 13. The system of Claim 8, wherein the at least one item of identification data stored on a mobile storage device further comprises multiple items of identification data stored on a mobile storage device.
  14. 14. The system of Claim 8 or 9, wherein additional user data such as browser preferences and lists of previously requested data items are stored on the mobile storage device. is. A computer program comprising program code recorded on a machine-readable recording medium for controlling the operation of a data processing system for limiting access to data on a data processing system network, the program code comprising: instructions for reading at least one unit of identification data and at least one access control data structure from a mobile storage device;
    <Desc/Clms Page number 16>
    instructions for receiving from a user or a program running on a data processing system a request for at least one item of data on a data processing system connected to the data processing system network; instructions for receiving from a user at least one item of identification data. instructions for comparing the at least one item of identification data received from the user to at least one item of identification data read from the mobile storage device; instructions for, responsive to corre sponding entries in the user's at least one item of identification data and at least one item of identification data read from the mobile storage device, comparing the request for at least one item of data to the access control data structure; and instructions for, responsive to a correspondence between the request for at least one file and the access control data structure, requesting the at least one file from a server. 16. A computer program comprising program code recorded on a machine- readable recording medium for controll ing the operation of a data processing medium for limiting access to data on a data processing system network, the program code comprising: instructions for reading at least one access control data structure from a mobile storage device; instructions for receiving from a user or a program running on a data processing system a recruest for at least one item of data on a data processing system connected to the data processing system network; instructions for, responsive to a correspondence between the request for at least one item of data and the access control data structure, requesting the at least one item of data from a server. 17. The computer program of Claim 15, wherein access is suspended after the ability to read from the mobile storage device is compromised. 18. The computer program of Claim 15, wherein the ability to change a set of access privileges belonging to a user is restricted to a limited number of pre-determined parties.
GB0109182A 2000-04-14 2001-04-12 Restricting data access to data in data processing systems Withdrawn GB2366888A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US54996500A 2000-04-14 2000-04-14

Publications (2)

Publication Number Publication Date
GB0109182D0 GB0109182D0 (en) 2001-05-30
GB2366888A true GB2366888A (en) 2002-03-20

Family

ID=24195144

Family Applications (1)

Application Number Title Priority Date Filing Date
GB0109182A Withdrawn GB2366888A (en) 2000-04-14 2001-04-12 Restricting data access to data in data processing systems

Country Status (2)

Country Link
CN (1) CN1318796A (en)
GB (1) GB2366888A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004029836A2 (en) * 2002-09-30 2004-04-08 Koninklijke Philips Electronics N.V. A method for accessing an additional content with parental control
EP1598753A2 (en) * 2004-03-23 2005-11-23 NTT DoCoMo, Inc. Internet access control system and access control method in the terminal and in the server
US7616949B2 (en) 2002-12-02 2009-11-10 Nokia Corporation Privacy protection in a server
US10154041B2 (en) 2015-01-13 2018-12-11 Microsoft Technology Licensing, Llc Website access control

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4271478B2 (en) * 2003-04-08 2009-06-03 パナソニック株式会社 Relay device and server
CN100418074C (en) * 2004-03-05 2008-09-10 菲尼萨公司 Hierarchical and byte-configurable memory in an optical transceiver
JP4574327B2 (en) * 2004-11-09 2010-11-04 キヤノン株式会社 Image forming apparatus and image processing apparatus control method
CN101119207B (en) * 2007-09-21 2012-09-05 北京意科通信技术有限责任公司 Authorization control method aimed at server

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998037480A1 (en) * 1997-02-21 1998-08-27 Netgem, Societe Anonyme Method for restricting access and navigation possibilities of an internet terminal
EP0936583A1 (en) * 1998-02-16 1999-08-18 Ali Hassan Al-Khaja A method and system for providing a communication terminal device with networking access control features and in particular with internet authentication and online shopping features
GB2340704A (en) * 1998-07-28 2000-02-23 Blackcoat Limited Network communication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1998037480A1 (en) * 1997-02-21 1998-08-27 Netgem, Societe Anonyme Method for restricting access and navigation possibilities of an internet terminal
EP0936583A1 (en) * 1998-02-16 1999-08-18 Ali Hassan Al-Khaja A method and system for providing a communication terminal device with networking access control features and in particular with internet authentication and online shopping features
GB2340704A (en) * 1998-07-28 2000-02-23 Blackcoat Limited Network communication

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
http://www.cnn.com/TECH/computing/9908/24/library.ecards.idg, 24 August 1999 *
http://www8.techmall.com/techdocs/NP990617-1.html, 17 June 1999 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2004029836A2 (en) * 2002-09-30 2004-04-08 Koninklijke Philips Electronics N.V. A method for accessing an additional content with parental control
WO2004029836A3 (en) * 2002-09-30 2004-07-01 Koninkl Philips Electronics Nv A method for accessing an additional content with parental control
US7616949B2 (en) 2002-12-02 2009-11-10 Nokia Corporation Privacy protection in a server
EP1598753A2 (en) * 2004-03-23 2005-11-23 NTT DoCoMo, Inc. Internet access control system and access control method in the terminal and in the server
EP1598753A3 (en) * 2004-03-23 2005-11-30 NTT DoCoMo, Inc. Internet access control system and access control method in the terminal and in the server
US7725458B2 (en) 2004-03-23 2010-05-25 Ntt Docomo, Inc. Access control system and access control method
US8161068B2 (en) 2004-03-23 2012-04-17 Ntt Docomo, Inc. Access control system
US10154041B2 (en) 2015-01-13 2018-12-11 Microsoft Technology Licensing, Llc Website access control

Also Published As

Publication number Publication date
CN1318796A (en) 2001-10-24
GB0109182D0 (en) 2001-05-30

Similar Documents

Publication Publication Date Title
CN100474263C (en) Access control protocol for user profile management
US6928455B2 (en) Method of and apparatus for controlling access to the internet in a computer system and computer readable medium storing a computer program
CN1529863A (en) Personalized filter for web browsing
RU2576495C2 (en) System and method for global directory service
US20060179031A1 (en) Internet Web shield
GB2366888A (en) Restricting data access to data in data processing systems
EP1723487A1 (en) Method for access management
Peras et al. Influence of GDPR on social networks used by omnichannel contact center
KR100854585B1 (en) System for providing a mail-blog service by holding a e-mail in common according to authority and the method thereof
Glanert et al. The comparatist and the Illusion of Autonomy
BEST Transversal this, transversal that
Colman Privacy issues and new technologies
KR20240131943A (en) Non-deletion and modification of investment information registered on the Internet service
Hughes Political governance
Teye et al. Review of Mobile Apps Permissions and Associated Intrusive Privacy Threats
Tiisala et al. Sustainability science
Chen Data protection principles governing OBA
Vitikainen Diversity studies
Katzner The efficiency of organizational forms
Renz Rules of attribution
Aarnio et al. Animal studies
Glanert et al. About Rethinking
van Roermund Dialogue 4 Dissimultaneity
Hughes International governance
Spiro Dual citizenship

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)