Patent application number | Description | Published |
20080204243 | Tag Identification System - The present invention relates to a tag identification system comprising: a plurality of tags, each tag being identifiable by an associated tag identifier, and at least one tag comprising at least one link to at least one other tag in said group. | 08-28-2008 |
20080316001 | Detecting a blocker RFID tag - For detecting a blocker RFID tag, the following steps are conducted. First, a random identifier of a given bit length is created. Alternatively, an identifier is selected out of a probing set, which is stored on a data storage device. The probing set comprises of identifiers, which are not being used as identifiers for a given set of RFID tags. In a second step, a response from all RFID tags is requested having an identifier matching the random identifier or, respectively, the selected identifier. In a third step, it is determined, depending on receiving or not receiving a response, whether the blocker RFID tag is present. | 12-25-2008 |
20090178107 | ACCESS CONTROL POLICY CONVERSION - Methods and apparatus are provided for generating an access control policy data structure for a single-authorization-query access control system from a source policy data structure of an access control system in which primary authorizations can be subject to auxiliary constraints. Authorizations in the data structures are defined in terms of subject, resource and action elements. For each resource in a set of resources in the source policy data structure, the data structure is analyzed to identify primary authorizations relating to that resource. For each primary authorization, policy data which represents a policy defining an access rule expressing that authorization is generated and stored in system memory and analyzed to identify any auxiliary constraints associated with that primary authorization. For each auxiliary constraint so identified, policy data is generated and stored in system memory. | 07-09-2009 |
20100211989 | METHOD AND APPARATUS FOR AUTOMATED ASSIGNMENT OF ACCESS PERMISSIONS TO USERS - Given a new user U or a user whose role in the organization changed, an automated method of the present disclosure in one aspect determines the new or revised access permissions the user should have. In one aspect, the method of the present disclosure automatically determines access rights based on the access rights held by similar users. This general idea, including a formalization of similarity between users, the details of how access rights are determined, and an algorithm to test if the presented methods are safe to use are provided. | 08-19-2010 |
20110035241 | Anonymous Separation of Duties with Credentials - A system for anonymous separation of duties with credentials includes an identity provider, the identity provider configured to issue anonymous credentials to a user based on one or more attributes of the user; a service provider, the service provider configured to issue a pseudonym to the user based on the user's anonymous credentials, and to associate the user's pseudonym with a step of an instance of a business process hosted on the service provider, the step being completed by the user; and an auditor, the auditor configured to determine if the completion of the step of the instance of the business process by the user is compliant with a separation of duties policy. | 02-10-2011 |
Patent application number | Description | Published |
20110247046 | Access control in data processing systems - A policy data structure defines predetermined authorizations, each relating to authorization of at least one user to access at least one resource as well as to dynamic access requests. Each dynamic access request indicates a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request. If the structure does not define an authorization for a request to access a resource, it is determined whether the structure defines a dynamic access requirement determinative for the request, and if so, whether to grant the request in accordance with the respective set of attributes associated with the request. For at least one request, after determining whether to grant the request, a dynamic authorization relating to authorization to access the resource within the request is added to the structure. | 10-06-2011 |
20120203588 | TASK ASSIGNMENT IN A WORKFLOW SYSTEM - A computer-implemented method for assigning a task in a workflow system to a user of the workflow system includes receiving the task; determining, by a computer, a set of users who are authorized to perform the received task; selecting from the set a user who has the lowest flexibility to perform other tasks in the workflow system; and assigning the task to the selected user. | 08-09-2012 |
20120216247 | Access control in data processing system - A policy data structure defines predetermined authorizations, each relating to authorization of at least one user to access at least one resource as well as to dynamic access requests. Each dynamic access request indicates a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request. If the structure does not define an authorization for a request to access a resource, it is determined whether the structure defines a dynamic access requirement determinative for the request, and if so, whether to grant the request in accordance with the respective set of attributes associated with the request. For at least one request, after determining whether to grant the request, a dynamic authorization relating to authorization to access the resource within the request is added to the structure. | 08-23-2012 |
20120296684 | TASK ASSIGNMENT IN A WORKFLOW SYSTEM - A computer-implemented method for assigning a task in a workflow system to a user of the workflow system includes receiving the task; determining, by a computer, a set of users who are authorized to perform the received task; selecting from the set a user who has the lowest flexibility to perform other tasks in the workflow system; and assigning the task to the selected user. | 11-22-2012 |
20150046973 | Access control in data processing system - A policy data structure defines predetermined authorizations, each relating to authorization of at least one user to access at least one resource as well as to dynamic access requests. Each dynamic access request indicates a condition to be satisfied by a respective set of attributes associated with a user request to access a resource and for the request to be granted in absence of an authorization determinative of the request. If the structure does not define an authorization for a request to access a resource, it is determined whether the structure defines a dynamic access requirement determinative for the request, and if so, whether to grant the request in accordance with the respective set of attributes associated with the request. For at least one request, after determining whether to grant the request, a dynamic authorization relating to authorization to access the resource within the request is added to the structure. | 02-12-2015 |