WO2004015542A2 - Method for controlling access to informational objects - Google Patents
Method for controlling access to informational objects Download PDFInfo
- Publication number
- WO2004015542A2 WO2004015542A2 PCT/US2003/025092 US0325092W WO2004015542A2 WO 2004015542 A2 WO2004015542 A2 WO 2004015542A2 US 0325092 W US0325092 W US 0325092W WO 2004015542 A2 WO2004015542 A2 WO 2004015542A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- relationship
- access
- user
- entity
- path
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Definitions
- the invention relates generally to a method and an apparatus for regulating access to objects.
- the invention relates to a system and method for controlling access to informational objects in a database system.
- Data is power. Entities capture data about other entities. A question naturally arises as to the ownership of that data. Does the entity that captures the data own the data? Does the entity that the data is about own the data? So long as the captured data was held behind "closed" doors (i.e. on a local computer or littled intra-firm network of computers) of the capturing entity and used in isolation behind those doors the question was of limited and isolated importance. So long as a minimal set of data was captured the question had minimal importance. So long as the use of the captured data was not extensive the importance of the question was not extensive. This has all changed. Information technology has increased connectedness to captured data. This increased connectedness has moved the data from behind closed doors out into the world.
- entities protect objects by providing an access code, a key, a password, or the like, to those entities to which the owning entity would like to grant access. If an owning entity desires to grant access to the object(s) to another entity, the owning entity provides that entity an access code. Likewise, if an entity that holds an access code requires that a third party be granted access, the owning entity must issue an additional access code to the third party.
- a doctor requires that his nurse have access to a patient's medical file, either the patient must grant the nurse access or, more commonly, the doctor provides the nurse with the doctor's access code with which the nurse utilizes to gain access to the patient's medical file.
- the act of the doctor disclosing his access code is an expression of trust between the doctor and the nurse but there is no documentation of or control over this relationship of trust.
- the nurse uses the doctor's access code to access the records, an individual for whom there is no documented authorization, i.e. the nurse, has accessed the records, there is no documentation that the nurse has gained access, and there may be erroneous documentation that the doctor accessed the records. While this example illustrates a problem in the area of healthcare records, the same is true for any regulated- access object.
- the described embodiments of invention comprises a method and an apparatus for regulating access to objects by authorized entities.
- Authorized entities are entities authorized for access by either an owner entity of the regulated object or an entity authorized to authorize access to the regulated object.
- Each user which may be a physical person or another information system, is identified using standard user validation techniques.
- an object is first created or introduced to the system, that information is associated with an owner, who is one user on the system.
- the present embodiment allows the owner to define relationships with other users, either generally or regarding a particular object.
- the owner may or may not have trusted relationships with other users.
- a second user that has a trusted relationship with the owner automatically has access to the object without additional intervention by the owner. For example, a doctor would usually establish a trusted relationship with her records administrator. Thus, the administrator will have access to all records created by the doctor.
- the second user may have a trusted relationship with another user.
- the records administrator may have an assistant.
- This third user will also have access to the records.
- Another user may be the doctor's insurance claim collection service. If the claim collections service's IT system is listed as a trusted user to the records administrator, they too will have access to the records.
- This Web of Trust may link users infinitely, but such a case would create an undue risk of compromise of the information.
- the present embodiment includes a facility for the owner to designate a maximum number of trusted links from the owner to other users.
- An additional feature of the present embodiment is the ability to designate a specific user as distrusted.
- a user designated by the owner as distrusted will not be allowed access to the owner's object even though there is some chain of trusted relationships between the owner and the distrusted user. This provides an additional control on the extent of the Web of Trust. DESCRIPTION OF THE DRAWING
- Figure 1 is a chart illustrating a series of trusted relationships in one embodiment of the invention
- Figure 2 is a chart illustrating another series of trusted relationships
- Figure 3 is a chart illustrating a series of trusted relationships as in Figure 1, but also including distrusted relationships.
- the described embodiments of the present invention do not require that the method be embodied as an electronic or computer based product, however it is particularly well suited for such an embodiment.
- the method of this patent can address uses, objects, and entities that are not based in electronic environments however it is particularly well suited for the electronic uses, objects, and entities.
- An example of a an environment that is particularly well suited for the described embodiments is a network of clients and servers, such as Windows ® based personal computers and servers connected locally using a well known protocol, such as Ethernet, a externally using the Internet.
- the objects are stored on a server using a robust database program using, for example Microsoft's SQL Server ® , and users are authenticated using facilities available in the database program.
- a preferred method for distributing software including the present invention is on a magnetic or optical storage medium for installation on the servers and/or personal computers.
- the user interface to a system embodying this invention would be accessed using a standardized browser, such as Internet Explorer ® or Netscape Navigator. ®
- the reference to an owner is intended to reflect the ability of the owner entity to control the access to the object(s) for that use.
- entity refers to an individual, an organization, a company, a business, or a division of an organization, company, or business.
- entity may also be a collection of other entities such as associations, groups, or committees.
- a committee is an entity that is a collection of entities that are individuals.
- An entity may also be an abstraction such as a role.
- An example would be an entity that is the "role of nurse” employed by a physician. The physician could establish the relationships between her/his role as physician and the role of "nurse". The physician would then designate a person as the individual entity currently filling this role, hi the event the person for that role was to change, the physician would change only the designation of the individual entity currently filling that role from the old employee to the new employee.
- entity may also refer to an object.
- entity may also refer to an object.
- an application needs to have access to another object then, in that context, the application may be considered an entity and this method allows the access to the object by this entity to be regulated just as it would be for any other type of entity.
- a "user” is an entity authorized to access a system, such as a database, where an object may be accessed. Users are authenticated using known authentication techniques for that system. For example, users may be given a username and password that the user must provide to gain access. Other more robust authentication techniques, such as biometric identification, PKI distribution, identification appliances or random synchronized passwords (such as the RSA SecurlD ® ), may be used when the security needs justify the additional expense and inconvenience inherent in those techniques.
- Objects include several different concepts. Objects may comprise any data such as healthcare records, individually identifying data, financial transactions, or travel information regardless of how or where those records are stored. Objects may also comprise utilities such as computer applications, appliances, devices and hardware. Objects may also comprise areas such as physical or electronic restricted access areas or commercial/residential security systems. Objects in this method may also be collections of other objects. For example, a patient's healthcare record can be considered as an object but that record may consist of several other objects such as the laboratory records, the radiology records, the cardiology records, and the psychiatric records. Objects in this method may also be the information about the relationship between other objects.
- one object might be the individually identifying information about a patient and another object might be the result of a HIV laboratory test.
- the ability to use the individually identifying information object might simply allow you to know that there exists a person by that name.
- the ability to use the HIN test object might simply allow you to know that there was a test performed with a specific result.
- the relationship between the objects is that they both refer to the same entity.
- having the ability to use the individually identifying object, the HIN test object, and the relationship object allows you to know that a person by that name had that test result.
- a "path” is a connection of a relationship or relationships between two users.
- a path may be a simple direct path between two users or may follow relationships serially through several users. For example, if a patient has a trust relationship to a doctor and the doctor has a trust relationship to Ms nurse, there is a trusted path from the patient to the nurse, even though there is no established relationship between the patient and the nurse.
- One novel aspect of this method is based on concepts of trust and distrust.
- This method assumes that there are entities that a user, as an entity, knows and explicitly trusts; that there are entities that the user knows and explicitly distrusts; and that there are entities about which the user is neutral in that the user has explicit opinion as to trusting or distrusting.
- the vast majority of the entities in the world fall into this later category either because the user does not know them or because the user does not have an opinion about them.
- a designation of explicit trust or distrust is unidirectional. That is, a first user may designate a second user as trusted, however that does not imply that the second user trusts the first user.
- the first user may designate the second user as distrusted, however that does not imply that the second user distrusts the first user.
- the use of an object is considered a task that is performed on or with the object(s).
- a specification of trust can often be more easily understood as willingness on one user's part for the trusted entity "to be an agent acting on my behalf when it performs the task on or with the object(s).
- a specification of distrust can be considered to be a statement that the user does not trust this entity to perform this task on or with the object(s). It is worthy of note that at times tasks may themselves be objects and thus may be regulated by the same methods.
- paths of trust are sequences of trust relationship elements.
- Each element includes an indication of an entity (the "grantor") that is granting a status of trusted to another entity (the “grantee”) and may be specific to the object(s) and task(s) that are covered by the relationship.
- a path of trust is a sequence of relationship elements such that for the first element the grantor is an entity with control of the object for the task.
- a path of trust between controlling entity and an entity that is requesting the right to perform a task on or with an object would be a path wherein the grantor in the first element was the controlling entity and the grantee in the last element is the requesting entity.
- FIG. 1 An example is illustrated in Figure 1.
- user 10 is the owner of an obj ect
- User 10 has a trusted relationship 12 with user 20.
- User 20 has a trusted relationship 22 with user 30.
- User 30 has a trusted relationship 32 with user 40. Therefore user 40 would have access to the object for the uses encompassed by the most restrictive trusted relationship among relationships 12, 22 and 32.
- Figure 2 Another example is shown in Figure 2.
- User 80 has a trusted relationship 72 with user 70.
- User 70 has a trusted relationship 62 with user 60.
- User 60 has a trusted relationship 52 with user 50.
- User 50 has a trusted relationship 54 with user 20.
- User 20 has a trusted relationship 22 with user 30.
- User 30 has a trusted relationship 32 with user 40. Therefore user 40 would have access to the object for the uses encompassed by the most restrictive trusted relationship among relationships 12, 22, 32, 52, 54, 62 and 72.
- An example in healthcare of the use of these paths of trust is in the event that a patient is hospitalized.
- the patient Upon admission the patient might designate the organization of the hospital as trusted to act on behalf of the patient relative to the object of the patient's healthcare records.
- the organization of the hospital might designate the Director of Nursing as trusted to act in its behalf.
- the Director of Nursing might designate the Nurse Manager for the floor to which the patient is admitted as trusted to act on her/his behalf.
- the Nurse Manager might designate the nurse assigned to the patient on this shift as trusted to act in her/his behalf.
- each explicit designation of distrust may be further refined to determine the scope of impact of that distrust on the paths of trust.
- One refinement is the ability to designate that scope of impact is such that no element in a path of trust may include the distrusted entity (the "distrustee") as a grantee (intermediary scope). This essentially indicates that the user not only doesn't trust the distrustee, the user does not trust any other entity just because the distrustee trusts them.
- the designation could specify that the distrustee may only not be the grantee in the last element of a path of trust (terminal scope). That is, the distrustee cannot be the requesting entity.
- This specification essentially says that the user wishes to preclude the distrustee from access but if there is a path of trust that includes the distrustee that does not result in the distrustee gaining access this is acceptable.
- FIG. 3 An illustration of this is shown in Figure 3.
- users 10, 20 and 30 are specifically distrusted by user 80. Therefore, even though user 50 has is trusted via relationships 72, 62 and 52, user 20 cannot access the object owned by user 80, in spite of trusted relationship 54. Similarly, user 30 cannot access the object owned by user 80, in spite of the trusted relationship 22. If the distrusted relationship of terminal scope, then user 40 can access the object owned by user 80 because of relationships 72, 62, 52, 54, 22 and 32. However, if the distrusted relationship of users 10, 20 and 30 is of intermiary scope, user 40 cannot access the object owned by user 80 because users 20 and 30 are on the only path between users 40 and 80.
- the trust relationship designation can also include a set of conditions that must be met for that trust relationship to be valid and used in a path of trust.
- a distrust relationship can include a set of conditions that must be met for the distrust relationship to have an impact on access to the object.
- the conditional specification can also be a set of methods that are used to determine compliance rather than the conditions themselves or a combination of conditions and methods.
- the preferred embodiment of this method would also include the ability to specify conditions that must be met for a relationship element to participate in a specific path.
- a common relationship of trust specification would include the condition that the path can only extend one user beyond this user. If the controlling entity was the grantor in that specification then no path could exist that included more than two users.
- user 60 would have access to an object owned by user 80, but user 50 would not, even though user 50 has a trusted relationship with user 60.
- this limitation can consist of any selected number of users on a path, including one user.
- condition was that it was between the hours of 8 AM and 5 PM on a weekday. It is important to note that the conditions for participation in a path may be distinct from the conditions for validity of a trust or distrust relationship described in the preceding paragraph. Similar to the conditions for validity, the conditions for path participation can be any combination of conditions and methods.
- a user may establish a nominal level of trust relationship with another relating to all data objects in a set of data. For example, a physician may say, nominally my nurse may see all data within all of my patients records. Additionally, the user can also establish exceptions to this nominal rule for certain data items within the data set. For example, while the nurse may be allowed to see all data within all of the physician's patients records according to the nominal relationship, a special relationship may be established for data identifying, for example, HIN status information. This special setting for the HIN status information would, in essence, override the nominal setting which would otherwise apply as regards the nurse's access permissions.
- the special setting can also change the number of levels through which the trust may be propagated. For instance, while a physician may allow her nurse to access all data within her patient's records and while the nurse may typically allow the nurse's assistant to access all information available to the nurse, the physician may establish a restriction on certain data items within the data set as far as inheritance goes. For example, the physician may say that nominally her nurse can access all data for all patients, including special information such as HIN status information, however, even though the nurse may access this special information, the nurse may not in turn establish a trust relationship with another which can provide access to this special information. Thus, in essence, while the nominal permissions for the data set may allow, for example, two or three levels of propagation, certain data items within the group may be restricted to a more limited number of levels of propagation.
- each element in the path can have conditions that apply to it's participation in a path, the conditions that must be met for each element is the combination of all of the preceding elements in the path. This means that as paths grow longer the conditions become progressively more restrictive. It also means that just because the controlling entity did not impose any condition that does not mean that the paths from that entity will be unrestricted in terms of growth.
- the trust or distrust between entities may be extremely specific. That is, different trust or distrust specifications may exist for different objects, sets of objects, or classes of objects. For an object, a set of objects, or a class of objects different trust or distrust specifications may exist for different tasks, sets of tasks, or classes of tasks.
- a user may trust his primary care physician to view all of his healthcare records; a user may trust his primary care physician to modify his primary care records but not include the ability of his primary care physician to modify his psychiatric records; a user may trust her cardiologist to view all of her healthcare records except for her psychiatric records; a user may trust the drug interaction software application at her pharmacy to use any of her healthcare records but to only modify the medication records; and a user may trust the pharmacist to only view his medication and medication allergy records.
- the relationship of trust between the cardiologist and the physician who is on call for that cardiologist can then reference all the patients under the care of the cardiologist in a single relationship rather than one patient at a time.
- the cardiologist does not have to establish a relationship of trust with the on-call physician related to this patient since the existing relationship also applies to this patient.
- Entity A may have access to a set of objects directly as a controlling entity. That same entity might also have access to a set of objects directly controlled by another entity (entity B). Thus, this entity has access to two distinct sets of objects.
- entity A grants a relationship of trust to a third entity (entity C) it may wish to have that relationship of trust only apply to the set of objects under the control of entity B and not the objects under its own direct control, hi order to accommodate this refinement, the model provides the capability for the relationship of trust to specify the controlling entity whose set of objects are covered by this relationship, hi this case entity A would grant access to entity C relative to the objects under the control of entity B. Obviously, this would only have impact if entity B has granted access to entity A relative to the objects of entity B.
- This refinement is referred to a relationship relative to a root (the controlling entity).
- the model provides the capability of designating classes of control of an object.
- the model further provides that these classes may be organized into a hierarchy. The determination derivative from the entity with the highest class of control is then the determination that is used.
- the method provides several alternative rules. Each rule either establishes that the conflict results in granting or in denying access.
- the lowest precedence is a system wide rale for the resolution of such a conflict, followed by a system wide rale that is specific for a class of objects, and that is followed by a rule for a specific object.
- the highest precedence rule is a rule that is effectively an agreement between specific pairs of entities. This agreement rule may cover all objects, a specific class of objects, a specific object, a task, a set of tasks, or combinations of these.
- This rale may be different depending on which entity would grant access, so that it is possible that the rule is that one entity always takes precedence.
- Each of these rules may also have attached a set of conditions or methods to determine a condition, which determine if the rale is valid and if so which resolution results.
- this method provides for the ability of an object to self-regulate controlling rights for itself.
- An object may grant or revoke controlling rights to entities or classes of entities based on sets of conditions or sets of methods to determine conditions.
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/521,933 US8645422B2 (en) | 2002-08-12 | 2003-08-12 | Method for controlling access to informational objects |
AU2003268071A AU2003268071A1 (en) | 2002-08-12 | 2003-08-12 | Method for controlling access to informational objects |
EP03749022A EP1535196A4 (en) | 2002-08-12 | 2003-08-12 | Method for controlling access to informational objects |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US40280502P | 2002-08-12 | 2002-08-12 | |
US60/402,805 | 2002-08-12 |
Publications (3)
Publication Number | Publication Date |
---|---|
WO2004015542A2 true WO2004015542A2 (en) | 2004-02-19 |
WO2004015542A3 WO2004015542A3 (en) | 2004-04-08 |
WO2004015542A9 WO2004015542A9 (en) | 2004-05-21 |
Family
ID=31715901
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2003/025092 WO2004015542A2 (en) | 2002-08-12 | 2003-08-12 | Method for controlling access to informational objects |
Country Status (4)
Country | Link |
---|---|
US (1) | US8645422B2 (en) |
EP (1) | EP1535196A4 (en) |
AU (1) | AU2003268071A1 (en) |
WO (1) | WO2004015542A2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8316227B2 (en) * | 2006-11-01 | 2012-11-20 | Microsoft Corporation | Health integration platform protocol |
EP2573677A1 (en) * | 2011-09-26 | 2013-03-27 | Giesecke & Devrient GmbH | Data exchange between applications |
Families Citing this family (30)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7475020B2 (en) * | 2000-10-11 | 2009-01-06 | Malik M. Hasan | Method and system for generating personal/individual health records |
US7533030B2 (en) * | 2000-10-11 | 2009-05-12 | Malik M. Hasan | Method and system for generating personal/individual health records |
US7440904B2 (en) * | 2000-10-11 | 2008-10-21 | Malik M. Hanson | Method and system for generating personal/individual health records |
US7509264B2 (en) * | 2000-10-11 | 2009-03-24 | Malik M. Hasan | Method and system for generating personal/individual health records |
US7428494B2 (en) * | 2000-10-11 | 2008-09-23 | Malik M. Hasan | Method and system for generating personal/individual health records |
US8166101B2 (en) | 2003-08-21 | 2012-04-24 | Microsoft Corporation | Systems and methods for the implementation of a synchronization schemas for units of information manageable by a hardware/software interface system |
US8238696B2 (en) | 2003-08-21 | 2012-08-07 | Microsoft Corporation | Systems and methods for the implementation of a digital images schema for organizing units of information manageable by a hardware/software interface system |
US20050091181A1 (en) * | 2003-10-23 | 2005-04-28 | Mckee Timothy P. | System and method for the presentation of items stored on a computer |
US7908562B2 (en) * | 2003-10-23 | 2011-03-15 | Microsoft Corporation | System and a method for presenting items to a user with a contextual presentation |
US7730073B2 (en) * | 2003-10-23 | 2010-06-01 | Microsoft Corporation | System and a method for presenting related items to a user |
US20130247146A1 (en) * | 2005-03-17 | 2013-09-19 | Dennis Lyon | Authentication system and method |
US9384345B2 (en) * | 2005-05-03 | 2016-07-05 | Mcafee, Inc. | Providing alternative web content based on website reputation assessment |
US20060253584A1 (en) * | 2005-05-03 | 2006-11-09 | Dixon Christopher J | Reputation of an entity associated with a content item |
US7765481B2 (en) | 2005-05-03 | 2010-07-27 | Mcafee, Inc. | Indicating website reputations during an electronic commerce transaction |
US8566726B2 (en) * | 2005-05-03 | 2013-10-22 | Mcafee, Inc. | Indicating website reputations based on website handling of personal information |
US8438499B2 (en) * | 2005-05-03 | 2013-05-07 | Mcafee, Inc. | Indicating website reputations during user interactions |
US20060253582A1 (en) * | 2005-05-03 | 2006-11-09 | Dixon Christopher J | Indicating website reputations within search results |
US7562304B2 (en) | 2005-05-03 | 2009-07-14 | Mcafee, Inc. | Indicating website reputations during website manipulation of user information |
US7822620B2 (en) * | 2005-05-03 | 2010-10-26 | Mcafee, Inc. | Determining website reputations using automatic testing |
US11954715B2 (en) | 2006-02-27 | 2024-04-09 | Trace Produce, LLC | Methods and systems for accessing information related to an order of a commodity |
US8701196B2 (en) | 2006-03-31 | 2014-04-15 | Mcafee, Inc. | System, method and computer program product for obtaining a reputation associated with a file |
US7552467B2 (en) * | 2006-04-24 | 2009-06-23 | Jeffrey Dean Lindsay | Security systems for protecting an asset |
US20080172737A1 (en) * | 2007-01-11 | 2008-07-17 | Jinmei Shen | Secure Electronic Medical Record Management Using Hierarchically Determined and Recursively Limited Authorized Access |
US7831611B2 (en) | 2007-09-28 | 2010-11-09 | Mcafee, Inc. | Automatically verifying that anti-phishing URL signatures do not fire on legitimate web sites |
KR102125562B1 (en) | 2014-06-18 | 2020-06-22 | 삼성전자주식회사 | Method and Apparatus for Sharing Key |
US10158605B2 (en) * | 2015-11-24 | 2018-12-18 | Cisco Technology, Inc. | Delegated access control of an enterprise network |
US10389722B2 (en) * | 2016-12-30 | 2019-08-20 | Ssh Communications Security Oyj | Access relationships in a computer system |
US11700258B2 (en) * | 2016-12-30 | 2023-07-11 | Ssh Communications Security Oyj | Access relationships in a computer system |
US10942991B1 (en) * | 2018-06-22 | 2021-03-09 | Kiddofy, LLC | Access controls using trust relationships and simplified content curation |
CN112511569B (en) * | 2021-02-07 | 2021-05-11 | 杭州筋斗腾云科技有限公司 | Method and system for processing network resource access request and computer equipment |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5675782A (en) * | 1995-06-06 | 1997-10-07 | Microsoft Corporation | Controlling access to objects on multiple operating systems |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1183841A (en) * | 1995-02-13 | 1998-06-03 | 英特特拉斯特技术公司 | System and method for secure transaction management and electronic rights protection |
US7269277B2 (en) * | 1999-12-14 | 2007-09-11 | Davida George I | Perfectly secure authorization and passive identification with an error tolerant biometric system |
US6850938B1 (en) * | 2001-02-08 | 2005-02-01 | Cisco Technology, Inc. | Method and apparatus providing optimistic locking of shared computer resources |
US7062563B1 (en) * | 2001-02-28 | 2006-06-13 | Oracle International Corporation | Method and system for implementing current user links |
US20020138607A1 (en) * | 2001-03-22 | 2002-09-26 | There | System, method and computer program product for data mining in a three-dimensional multi-user environment |
US7181017B1 (en) * | 2001-03-23 | 2007-02-20 | David Felsher | System and method for secure three-party communications |
US6671696B1 (en) * | 2001-08-20 | 2003-12-30 | Pardalis Software, Inc. | Informational object authoring and distribution system |
US7634807B2 (en) * | 2003-08-08 | 2009-12-15 | Nokia Corporation | System and method to establish and maintain conditional trust by stating signal of distrust |
-
2003
- 2003-08-12 AU AU2003268071A patent/AU2003268071A1/en not_active Abandoned
- 2003-08-12 US US10/521,933 patent/US8645422B2/en active Active
- 2003-08-12 WO PCT/US2003/025092 patent/WO2004015542A2/en not_active Application Discontinuation
- 2003-08-12 EP EP03749022A patent/EP1535196A4/en not_active Withdrawn
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5675782A (en) * | 1995-06-06 | 1997-10-07 | Microsoft Corporation | Controlling access to objects on multiple operating systems |
Non-Patent Citations (1)
Title |
---|
See also references of EP1535196A2 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8316227B2 (en) * | 2006-11-01 | 2012-11-20 | Microsoft Corporation | Health integration platform protocol |
EP2573677A1 (en) * | 2011-09-26 | 2013-03-27 | Giesecke & Devrient GmbH | Data exchange between applications |
Also Published As
Publication number | Publication date |
---|---|
EP1535196A4 (en) | 2006-08-23 |
US20060117389A1 (en) | 2006-06-01 |
WO2004015542A9 (en) | 2004-05-21 |
EP1535196A2 (en) | 2005-06-01 |
US8645422B2 (en) | 2014-02-04 |
AU2003268071A8 (en) | 2004-02-25 |
WO2004015542A3 (en) | 2004-04-08 |
AU2003268071A1 (en) | 2004-02-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8645422B2 (en) | Method for controlling access to informational objects | |
US9608978B2 (en) | Relationship-based authorization | |
US7478157B2 (en) | System, method, and business methods for enforcing privacy preferences on personal-data exchanges across a network | |
US8448240B2 (en) | Role-based access control | |
Zhang et al. | A role-based delegation framework for healthcare information systems | |
Motta et al. | A contextual role-based access control authorization model for electronic patient record | |
CA2649862C (en) | Translating role-based access control policy to resource authorization policy | |
US7774827B2 (en) | Techniques for providing role-based security with instance-level granularity | |
US11636220B2 (en) | Data management systems and methods | |
WO2000026750A1 (en) | Method for controlling access to information | |
Bacon et al. | Access control and trust in the use of widely distributed services | |
Santos-Pereira et al. | A secure RBAC mobile agent access control model for healthcare institutions | |
Khan et al. | Fine-grained access control to medical records in digital healthcare enterprises | |
Taylor et al. | Implementing role based access control for federated information systems on the web | |
Galiasso et al. | Policy mediation for multi-enterprise environments | |
Kallepalli et al. | Security middleware infrastructure for DICOM images in health information systems | |
KR20100002907A (en) | System for controlling access to hospital information and method for controlling the same | |
Adamu et al. | A Robust Context and Role-Based Dynamic Access Control for Distributed Healthcare Information Systems | |
Sanzi et al. | Trust Profile based Trust Negotiation for the FHIR Standard. | |
Kohl | From social requirements to technical solutions-bridging the gap with user-oriented data security | |
dos Reis | Securing and sharing clinical data | |
GB2526054A (en) | Improved access control mechanism for databases | |
Wu et al. | Token-based dynamic trust establishment for web services | |
Wu et al. | A Privacy Preserving Enhanced Trust Building Mechanism for Web Services. | |
Milutinovic | The need for the use of XACML access control policy in a distributed EHR and some performance considerations |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
COP | Corrected version of pamphlet |
Free format text: PAGES 1/3-3/3, DRAWINGS, REPLACED BY NEW PAGE 1/1; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE |
|
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2003749022 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2003749022 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 2006117389 Country of ref document: US Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 10521933 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 10521933 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |