logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8584196 B1

PDFFull Text
Date of Patent:
Nov. 12, 2013

Filed:

May. 05, 2008

Technique for efficiently evaluating a security policy

Applicants:

Mohammed Irfan Rafiq, Mountain View, CA (US);

Sabina Petride, Menlo Park, CA (US);

Sam Idicula, Mountain View, CA (US);

Ashwini Surpur, Cupertino, CA (US);

Nipun Agarwal, Santa Clara, CA (US);

Bhushan Khaladkar, Mountain View, CA (US);

Tim Wing Yu, Cupertino, CA (US);

Inventors:

Mohammed Irfan Rafiq, Mountain View, CA (US);

Sabina Petride, Menlo Park, CA (US);

Sam Idicula, Mountain View, CA (US);

Ashwini Surpur, Cupertino, CA (US);

Nipun Agarwal, Santa Clara, CA (US);

Bhushan Khaladkar, Mountain View, CA (US);

Tim Wing Yu, Cupertino, CA (US);

Assignee:

Oracle International Corporation, Redwood Shores, CA (US);

Attorneys:

Shun Yao

Park, Vaughan, Fleming & Dowler LLP

Primary Examiner:

Taghi Arani

Assistant Examiner:

Gregory Lane

Int. Cl.
CPC ...
G06F 21/00 (2013.01);
U.S. Cl.
CPC ...
Abstract

One embodiment of the present invention provides a system for efficiently evaluating a security policy. During operation, the system retrieves one or more roles associated with the user. Next, the system checks if a session-level cache exists for a set of Access Control Entries (ACEs) which is associated with the one or more roles. If this session-level cache exists, the system returns the set of ACEs from the session-level cache. Otherwise, the system generates the set of ACEs associated with the one or more roles from an Access Control List (ACL). During operation, the system can also update the one or more roles associated with the user and update the set of ACEs based on the updated one or more roles and the ACL. The system subsequently updates the session level cache with the updated set of ACEs and updated one or more roles.

Find Patent Forward Citations

Loading…