IDiyas

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8387111 B1

PDFFull Text
Date of Patent:
Feb. 26, 2013

Filed:

Nov. 01, 2001

Type independent permission based access control

Applicants:

Lawrence Koved, Pleasantville, NY (US);

Anthony Joseph Nadalin, Austin, TX (US);

Nataraj Nagaratnam, Morrisville, NC (US);

Marco Pistoia, Yorktown Heights, NY (US);

Bruce Arland Rich, Cedar Park, TX (US);

Inventors:

Lawrence Koved, Pleasantville, NY (US);

Anthony Joseph Nadalin, Austin, TX (US);

Nataraj Nagaratnam, Morrisville, NC (US);

Marco Pistoia, Yorktown Heights, NY (US);

Bruce Arland Rich, Cedar Park, TX (US);

Assignee:

International Business Machines Corporation, Armonk, NY (US);

Attorneys:

Yee & Associates, P.C.

Jeffrey S. LaBaw

Primary Examiner:

Kaveh Abrishamkar

Int. Cl.
CPC ...
G06F 12/14 (2006.01);
U.S. Cl.
CPC ...
Abstract

A method and apparatus for type independent permission based access control are provided. The method and apparatus utilize object inheritance to provide a mechanism by which a large group of permissions may be assigned to a codesource without having to explicitly assign each individual permission to the codesource. A base permission, or superclass permission, is defined along with inherited, or subclass, permissions that fall below the base permission in a hierarchy of permissions. Having defined the permissions in such a hierarchy, a developer may assign a base permission to an installed class and thereby assign all of the inherited permissions of the base permission to the installed class. In this way, security providers need not know all the permission types defined in an application. In addition, security providers can seamlessly integrate with many applications without changing their access control and policy store semantics. Moreover, application providers' security enforcement is no dependent on the security provider defined permissions. The method and apparatus do not require any changes to the Java security manager and do not require changes to application code.

Find Patent Forward Citations

Loading…