SCALABLE ACCESS CONTROL MECHANISM

Organization Name

dell products l.p.

Inventor(s)

Ching-Yun Chao of Austin TX (US)

Timothy Gilman of Cross Plains TN (US)

SCALABLE ACCESS CONTROL MECHANISM - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240095390 titled 'SCALABLE ACCESS CONTROL MECHANISM

Simplified Explanation

The patent application describes a system that manages permissions for user accounts to access resources based on both first associations between subjects and attributes, as well as second associations between attributes and permissions.

• The system maintains a first data store for first associations between subjects and attributes, and a second data store for second associations between attributes and permissions.
• When receiving a query for a user account and a resource, the system determines first permissions based on the user account's context and first data store, as well as second permissions based on the second data store and context.
• The system then evaluates whether there is an overlap between the first and second permissions to decide whether to approve the query.
• The system responds to the query based on the approval decision.

Potential Applications

This technology can be applied in various industries where access control and permission management are crucial, such as cybersecurity, data privacy, and information security.

Problems Solved

This technology addresses the challenge of managing permissions for user accounts to access resources efficiently and securely, ensuring that only authorized users can access specific resources.

Benefits

The system provides a comprehensive approach to permission management, considering both user-specific attributes and general permissions associated with resources. This helps in enhancing security and access control in organizations.

Potential Commercial Applications

"Enhancing Access Control and Permission Management System for Improved Security"

Possible Prior Art

One possible prior art could be traditional access control systems that rely solely on user roles and permissions without considering contextual information or attribute-based access control.

Unanswered Questions

How does this system handle dynamic changes in permissions or attributes over time?

The system's ability to adapt to changes in permissions or attributes is crucial for maintaining security and access control. This could be addressed through regular updates to the data stores and real-time monitoring of changes.

Can this system be integrated with existing access control systems or databases?

Integration with existing systems is essential for seamless implementation and adoption of this technology. Compatibility with different platforms and databases should be considered during the development and deployment phases.

Original Abstract Submitted

a system can maintain a first data store that stores first associations between subjects and first attributes, and a second data store that stores second associations between second attributes and permissions. the system can receive a query that identifies a user account and a resource. the system can determine, from the first data store and a context of the user account in initiating the query, first permissions for the user account with respect to the resource and given the context. the system can determine, from the second data store and the context, second permissions that are a precondition to access the resource given the context. the system can determine, based on whether there is an overlap between the first permissions and the second permissions, whether to approve the query. the system can respond to the query based on a result of the determining whether to approve the query.