WO2002073376A1 - Verification of the consistency of conditions for subjects to access objects in a data processing means - Google Patents
Verification of the consistency of conditions for subjects to access objects in a data processing means Download PDFInfo
- Publication number
- WO2002073376A1 WO2002073376A1 PCT/FR2002/000845 FR0200845W WO02073376A1 WO 2002073376 A1 WO2002073376 A1 WO 2002073376A1 FR 0200845 W FR0200845 W FR 0200845W WO 02073376 A1 WO02073376 A1 WO 02073376A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- given
- group
- rule
- access
- found
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Definitions
- the present invention relates generally to the verification of access conditions by first elements, such as subjects constituting users or software modules of a data processing means, to second elements such as data implemented in the means of data processing. More particularly, the invention relates to conditions of access to application data implemented in a smart card, also known as a microcontroller or integrated circuit card, which comprises several applications relating to various services, such as applications e-commerce, electronic wallet, loyalty service, etc. The invention is thus particularly directed towards the management of the conditions of access to a multi-application smart card, that is to say towards the definitions and modifications of the conditions of access to applications.
- each application has its own data for which the supplier of the application defines access rights specific to the application.
- the access conditions are means of connection between external accesses which can be users of the card or else software modules, such as user interfaces, and internal accesses to the card such as applications, possibly via other applications or other application software elements in the card.
- the control of access conditions is based on the authentication of subjects, such as users, which are "active" elements which manipulate information contained in objects, such as application data, which are "passive" elements. "containing data.
- the conditions of access of subjects to objects are governed by rules of access control between subjects and objects. Each rule includes a right of access, i.e. a link between a subject and an object in the form of an action which can be performed by the subject on the object.
- the matrix MA relates to three subjects SI, S2 and S3, such as three users, and to three objects 01, 02 and 03, such as files and programs.
- Each box of the matrix at the intersection of a row and a column contains access rights, that is to say privileged actions which can be performed by the respective subject on the respective object.
- Access rights can be positive to authorize a predetermined action of a subject on an object, or can be negative to prohibit a predetermined action of a subject on an object.
- subject S2 can read and execute object 02 but cannot write to this object
- subject S3 can save and read object 03 but cannot execute object 03.
- the first approach consists of access control lists ACL (Access Control List) corresponding to the rows of the access matrix MA and each specifying the access rights of subjects to the object associated with the row.
- ACL Access Control List
- ACLs define user access to files included in the card.
- the second approach consists of capacities corresponding to the columns of the MA matrix and each specifying the access rights of the subject associated with the column on the objects.
- access control relates to applet methods for multi-application smart cards of the JavaCard type in which programs in Java language have been written.
- the capacities are in the form of pointers making it possible to make calls to objects, in predetermined applets constituting subjects.
- the group Gl has read rights to object 03. If the entity in charge of modifying access rights wishes to delete the right to reading to the whole group Gl, it removes the reading rule from the group Gl on object 03. But this will not be sufficient: the subject SI has read rights on object 03 and on the other hand subject S2 belongs to the G2 group which has read rights to object 03.
- a method for verifying a set of rules for accessing first elements to second elements in a data processing means each rule defining at least one right of a first element to perform an action on a second element, is characterized in that it comprises, after any modification of access from a first given element to a second given element, a search for rules applied to the first and second given elements among all the access rules, and a proposal to delete each rule found by the search in order to delete or maintain the rule found.
- an access control system comprises first elements which are for example subjects such as users, and second elements which are for example objects, such as application data, in a multi-application smart card constituting the data processing means.
- Some of the first elements can each belong to one or more first element groups.
- a first element in a group has all the access rights granted to the group.
- a modification of access from a first given element to a second given element can be i) a modification of a group, that is to say an addition or a deletion of a first element in the group; ii) an addition of a rule in the set of rules, that is to say an addition of a positive or negative rule relating to a first element, or else a addition of a positive or negative rule relating to a group; iii) a deletion of a rule in the set of rules, that is to say a deletion of a positive or negative rule relating to a first element, or else a deletion of a positive or negative rule relating to a group ; iv) addition of a first element or group in the access control system; and v) deletion of a first element or group in the access control system.
- the search embraces all the rules applied to the first given group.
- the verification process may further comprise, when the rule applied directly to the first given element deleted from the given group has been deleted or when this rule has not been found, a search for the first given element in the groups and, if the first given element is found in one of the groups, a search for a rule which is applied to said group and to said second given element and which has in common the action with the rule previously applied to the first element so as to signal this rule selected if it is found in said group.
- the search when the modification relates to the deletion of a given rule applied to a given group and to a second given element, the search embraces all the first elements belonging to the given group.
- the method may further include when a rule which is applied directly to a first element of the given group and said second element given and which has in common the action with the given rule deleted, has been deleted or when this rule has not been found, a search for the first given element in the groups and, if the first element given is found in one of the groups, a search for a rule which is applied to said group and to said second given element and which has in common the action with the rule previously applied to the first element so as to signal this selected rule if she is found in said group.
- the verification method further comprises a proposal to delete the first given element of a group when a rule applied to the first and second given elements has been found in order to select the suppression or the maintenance of the first element given in the group. More particularly, when negative rules are present in all of the rules, and when the modification concerns the addition of a given rule defining a right of a given group to perform an action on a given object, research can include all the negative rules applied to the first elements belonging to the given group and to the second given element and which has in common the action with the added rule.
- the method then further comprises, when a negative rule applied directly to a first element of the given group has been deleted or when a first element of the given group has been deleted from said group or when the negative rule has not been found , a search for the first given element in groups and, if the first given element is found in one of the groups, a search for the negative rule applied to said group and said second element, and a proposal to delete the negative rule or the first given element from said group if the negative rule is found in order to delete the first given element in said group or rule negative relating to said group or to report the negative rule relating to said group.
- FIG. 2 is an algorithm of a first embodiment of the verification method according to the invention relating to the deletion of a subject in a group, in the absence of negative access rights;
- FIG. 3 is an algorithm of a second embodiment of the verification method according to the invention relating to the removal of an access right in a given subject group, in the absence of negative access right;
- FIG. 4 is an algorithm of a third embodiment of the verification method according to the invention relating to the addition of a positive right for a given group of subject, in the presence of negative access rights.
- EG ⁇ G1, ... Gp, ... GP ⁇ , a subject in a group having all the rights granted to this group, and
- ER ⁇ RI, ... Re, ... RE ⁇ with 1 ⁇ e ⁇ E.
- the access control system only includes the following two types of rules if no negative rights are authorized:
- default rule a rule which applies when a right is not specified
- priority rule means a rule which applies when a positive right and a negative right are simultaneously defined
- direct right of the subject Su on the object Ob, a right obtained directly by the rule (SuROb), that is to say without going through a group
- indirect right of the subject Su on the object Ob, a right obtained by the rule (GpROb) through a group Gp in which the subject Su is included.
- the two embodiments of the method for verifying the access conditions according to the invention relate to an access control system without negative access rights. It is recalled that, in the absence of a negative access right, a subject is authorized to access an object as soon as the corresponding access right, by positive definition, is determined. Conversely, the absence of the right of access to a given object can be interpreted as the prohibition to access this object (default rule).
- the method of verifying the access conditions according to the invention then makes it possible to maintain the consistency of the access rights when the composition of existing subject groups is modified, such as the deletion of a subject directly or of a subject. in a group with reference to Figure 2, or as the removal of an access right for a subject or for a group with reference to Figure 3.
- the verification of access rights after the deletion of a given subject Su belonging to a given group, for example the group Gl, comprises steps ET0 to ET15, as shown in FIG. 2.
- the method of the invention aims in particular to list the rights lost for the deleted subject Su and to check whether the lost rights are not maintained by other rules relating to the subject Su considered individually or included in d other groups than the given group Gl, so as to indicate indirect rules common to the given group Gl and to other groups containing the given subject Su.
- the access control system comprises the four sets defined above ES, EO, EG and ER.
- step ET1 An increment e corresponding to the index of the rules Re of the set ER is set to 0.
- step ET2 at each value of the increment e, as long as it is strictly less than the integer E, the method increments the increment e by one and selects the corresponding rule Re in step ET2.
- step ET3 verifies that the selected rule concerns the given group Gl, that is to say is of the form (GIROb) where R denotes a predetermined right of access to "activate" a given object Ob according to the rule Re. If the rule Re is not of the form (GIROb), the process returns to step ET1 and ends in step ET15 if the increment e is greater than or equal to the integer E.
- step ET4 verifies that the predetermined access right R according to the rule Re is directly applicable to the given subject Su deleted in the group Gl. If the rule (SuROb) exists in the ER rule set, the method proposes to the entity in charge of modifying the access conditions and therefore ES, EO, EG and ER sets, to delete the rule (SuROb), for example by transmitting a message to the entity. If in step ET5, the entity decides not to delete the previous rule, that is to say to maintain the rule (SuROb) in step ET6, the process returns to step ET1.
- the entity decides to delete the rule (SuROb) corresponding to the selected rule Re, as indicated in step ET7, or if the rule (SuROb) is not found in the rule set ER in step ET4, the predetermined access right R applied to the given subject Su is sought in the groups of the set EG from step ET8, by setting an increment p to 0 corresponding to the current index of Gl to GP groups.
- step ET9 is the start of an analysis loop of all the groups as long as the increment p is strictly less than P; if p ⁇ P, the process goes to step ET10 to indicate that the right R of the subject Su on the object Ob corresponding to an indirect right and possibly to a direct right concerning the subject Su is lost, step ET10 being followed by step ET1.
- step ET9 when the increment p is strictly less than the integer P, the method iteratively chooses a group G1 to GP in the step ET11 by incrementing the increment p by one.
- step ET12 if the subject Su does not belong to the current group Gp, the method returns to step ET9. If the subject Su belongs to the current group Gp, the method checks in step ET13 that the rule (GpROb) which is applied to the group Gp and to the given object Ob and which has in common a right R with the rule (SuROb ) previously applied to the given subject Su deleted in the group Gl, exists in the ER rule set. If this is not the case, the method proceeds to step ET9.
- the rule (GpROb) which is applied to the group Gp and to the given object Ob and which has in common a right R with the rule (SuROb ) previously applied to the given subject Su deleted in the group Gl, exists in the ER rule set. If this is not the case, the method proceeds to step ET9.
- step ET14 If the rule (GpROb) is found in the ER set, step ET14 signals the indirect right R of the subject Su on the object Ob obtained by belonging to the group Gp, even if the requested deletion of the rule (SuROb ) in step ET5. The method then returns to step ET1 to increment the increment e by a unit and to choose another rule in step ET2 as described above, if the increment e is strictly less than the integer E.
- the entity in charge of modifying the access conditions can decide whether or not to maintain an existing rule relating to a given subject Su which is deleted in a given group Gl.
- the entity is informed of the maintenance for the given subject Su of indirect access to a given object Ob by means of its belonging to another group Gp, while the entity ignored or had forgotten this indirect access.
- the step ET14 retains rights R common to the given group Gl and to at least one other group of the set EG which are applicable to the given subject Su, and thus does not remove accesses otherwise authorized for the subject Su.
- the entity can then, at a step subsequent to step ET14, decide to delete the subject Su from the group Gp according to the algorithm of FIG. 2, or else to delete the rule (GpROb) according to the algorithm of FIG. 3.
- FIG. 2 with the deletion of the step ET3 and the linking of the steps ET2 and ET4 is also applicable for a given subject Su deleted individually in the set ES.
- the verification of the access rights after the deletion of a given rule (GIROb) concerning for example the first group Gl of the set EG and a given object Ob aims to propose that the rights for each subject Su of the group Gl be maintained or deleted, the index u being considered here as relating to the subjects belonging to the given group Gl and not to the set of subject ES. It is therefore a question of deciding to maintain or delete direct rights relating to rules of the type (SuROb) which are applied to subjects Su belonging to the given group Gl and who have in common an action R with the given rule
- the method according to FIG. 3 presents, after initial steps ETOa, ETla and ET2a analogous respectively to steps ETO, ET1 and ET2 of FIG. 2, steps ET4 to ET7 identical to those shown in FIG. 2 relating to the maintenance or to the deletion of a rule (SuROb) and of steps ET9 to ET14 respectively identical to those of FIG. 2 and relating mainly to the reporting of an indirect right of the type (GpROb).
- the increment u relative only to the subjects Su belonging to the group Gl is set to 0.
- the method checks the updating of the access conditions generated by the deletion of the rule (GIROb) for the given object Ob; the process ends in step ET15 when the increment u has been incremented in step ET2a to be greater than or equal to the integer U after the search for direct and indirect rights related to all the subjects of the given group Gl and relating to the determined right R on the given object Ob.
- the step ET2a chooses the current subject Su in the given group Gl so that the next step ET4 checks whether there is a rule (SuROb) which directly applies the predetermined access right R about Su from group Gl. Then if the rule (SuROb) is found in the ER set, the entity in charge of modifying the access conditions expresses at step ET5 its desire to maintain this rule by continuing the process through steps ET6 and ETla , or else delete this rule by continuing the process with step ET7 and checking whether an indirect right is not maintained for the subject Su by another group in steps ET8 to ET14.
- a rule SuROb
- a group increment p is set to 0 at step ET8.
- the increment p is incremented by one unit in step ET11 to successively analyze the groups Gl to GP in steps ET12 and ET13 until to find a group Gp which contains the subject Su chosen in step ET2a and such that the rule (GpROb) has in common the action R with the deleted rule (GIROb).
- step ET14 signals that the indirect rule GpROb is maintained even if the removal of the direct rule (SuROb) had been decided in step ET5.
- the entity can then, in a later step, choose to delete the subject in the Gp group, or else to delete the rule (GpROb).
- the method according to FIG. 3 allows the entity having in charge of defining the access rights to verify whether the removal of the right R on the object Ob selectively for each of the subjects belonging to the group Gl is effective or not.
- FIG. 3 is also applicable for the removal of a direct right R applied to a given subject Su by removing the steps ETla and ET2a relating to the incrementation u, and by directly linking the step ETOa to the step ET4 and the stages ET6, ET10 and ET14 at the end stage ET15.
- the third embodiment shown in FIG. 4 relates to the verification of the access conditions after the addition of a predetermined positive right R on a given object Ob according to the rule (GIROb) for a given group, for example the group Gl, when the access control system includes negative access rights coexisting with positive access rights.
- GIROb the rule for a given group, for example the group Gl
- the method according to the invention verifies that, for any subject belonging to the given group Gl, there will not be both a positive access right and a negative access right on a given object Ob, and if this were the case, proposes to the entity responsible for access rights to delete the negative access rule.
- the method according to FIG. 4 first invites the entity to express its will to delete an existing negative right which corresponds to the positive right to be added and which is either direct on the object Ob for a subject in the given group Gl, or indirect on the object Ob for a subject in at least one group of the set EG.
- Adding a positive right for a group according to the process shown in Figure 4 includes steps ET20 to ET38 and checks the consistency of the conditions which are modified by this addition of positive law by proposing to delete certain direct or indirect negative rules on the Ob object for subjects of group Gl or to use priority rules.
- the four sets ES, EO, EG and ER are defined and an increment u corresponding to the index of subjects Su belonging only to the given group Gl is set to 0.
- the following stage ET201 immediately and simply search for a rule of non negative law (GIROb) in the rule set
- a subject Su is chosen from the group Gl, by incrementing the index u by one unit in step ET22. Then the negative law rule no (SuROb) is sought in the rule set ER at step ET23.
- the microcontroller of the smart card offers the entity in charge of the modification of the access rights, first of all deleting the no negative direct law rule (SuROb) in step ET24, then if this deletion is not accepted, proposes to delete the subject Su in the group given Gl to step ET25. If both the deletion of the non negative law rule (SuROb) and the deletion of the subject Su in the group Gl are refused in steps ET24 and ET25, a priority rule is applied in the next step ET28 which is followed by step ET21.
- the priority rule is for example a priority choice of the rules of negative law not (SuROb) and not (GpROb) over the rule of positive law (GIROb) to be added.
- step ET24 the deletion of the negative right for the subject Su has been accepted, as indicated in step ET26, or if in step ET25 the deletion of the subject Su has been accepted, as indicated in l step ET27, the method proceeds to step ET29.
- Step E29 is also carried out after step ET23 if no negative rule no (SuROb) exists.
- step ET29 verify that the requested suppression is compatible with the presence or not of a rule relating to the predetermined negative right R in the groups Gl to GP containing the subject Su.
- step ET29 an increment p corresponding to the index p of the groups G1 to GP of the set EG is set to zero, then is compared to the integer P in step ET30.
- the subject Su is sought in all the EG groups as long as the increment p is strictly less than the integer P, and as long as the entity responsible for the conditions of access rights has the will to delete a right negative relating to the subject Su or the subject Su itself, as will be seen below. Otherwise the process goes from step ET30 in step ET21 when the increment p is greater than or equal to the integer P.
- step ET31 succeeding step ET30 when the increment p is strictly less than the integer P, the current group Gp different from the given group Gl is selected from the set EG, by incrementing the index p of a unit. If in the following steps ET32 and ET33, the subject Su was not found in the current group Gp, and / or if the non negative law rule (GpROb) was not found in the rule set ER , the method returns to steps ET30 and ET31 so as to select the following group.
- GpROb non negative law rule
- Step ET33 If after the step ET33, the subject Su was found in the group Gp and the rule of negative law not (GpROb) was found in the set ER, the microcontroller of the smart card invites the entity first to delete the no negative law rule (GpROb) in step ET34, then if this deletion is refused, to delete the subject Su in the group Gp in step ET35, in a similar manner to steps ET24 and ET25.
- Step ET28 is also requested to apply the priority rule if the two deletions reported in steps ET34 and ET35 are refused.
- step ET34 the deletion of the non negative law rule (GpROb) is decided, as indicated in step ET36, or if after step ET35, the subject Su in the current group Gp is deleted as indicated in step ET37, the process continues by returning to step ET30 to decide whether the subject Su or a corresponding negative law rule should be deleted in the next group G (p + 1).
- Figure 4 is also applicable for the addition of a negative law rule of the type no (GlROb), after correcting steps ET201, ET202, ET23, ET24, ET26, ET33, ET34 and ET36 which are now related to searches and deletions of positive rules (SuROb) and (GpROb); in this case, the priority rule applied in step ET28 gives, for example, priority to the existing positive law rules SuROb, GIROb and GpROb over the negative law rule to add no (GIROb) to ensure the coexistence of rights positive and negative access.
- a negative law rule of the type no GlROb
- the priority rule applied in step ET28 gives, for example, priority to the existing positive law rules SuROb, GIROb and GpROb over the negative law rule to add no (GIROb) to ensure the coexistence of rights positive and negative access.
- Figure 4 is still applicable for the addition of a positive direct law rule (SuROb) by deleting the steps ET21 and ET22 and by directly linking the step ET201 and ET202 to the step ET23 and the step ET28 to the 'end step ET38.
- SaROb positive direct law rule
Abstract
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP02713021A EP1374014A1 (en) | 2001-03-13 | 2002-03-08 | Verification of the consistency of conditions for subjects to access objects in a data processing means |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR01/03487 | 2001-03-13 | ||
FR0103487A FR2822257B1 (en) | 2001-03-13 | 2001-03-13 | CHECKING THE CONSISTENCY OF CONDITIONS FOR ACCESSING SUBJECTS TO OBJECTS IN A DATA PROCESSING MEANS |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2002073376A1 true WO2002073376A1 (en) | 2002-09-19 |
Family
ID=8861129
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2002/000845 WO2002073376A1 (en) | 2001-03-13 | 2002-03-08 | Verification of the consistency of conditions for subjects to access objects in a data processing means |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP1374014A1 (en) |
FR (1) | FR2822257B1 (en) |
WO (1) | WO2002073376A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US11108780B2 (en) * | 2019-09-27 | 2021-08-31 | Aktana, Inc. | Systems and methods for access control |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5173939A (en) * | 1990-09-28 | 1992-12-22 | Digital Equipment Corporation | Access control subsystem and method for distributed computer system using compound principals |
US5224163A (en) * | 1990-09-28 | 1993-06-29 | Digital Equipment Corporation | Method for delegating authorization from one entity to another through the use of session encryption keys |
WO1997044762A1 (en) * | 1996-05-17 | 1997-11-27 | Gemplus, S.C.A. | Communication system for managing safely and independently a plurality of applications by each user card and corresponding user card and management method |
EP0913966A2 (en) * | 1997-10-31 | 1999-05-06 | Sun Microsystems, Inc. | Distributed system and method for controlling acces to network resources |
-
2001
- 2001-03-13 FR FR0103487A patent/FR2822257B1/en not_active Expired - Lifetime
-
2002
- 2002-03-08 EP EP02713021A patent/EP1374014A1/en not_active Withdrawn
- 2002-03-08 WO PCT/FR2002/000845 patent/WO2002073376A1/en not_active Application Discontinuation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5173939A (en) * | 1990-09-28 | 1992-12-22 | Digital Equipment Corporation | Access control subsystem and method for distributed computer system using compound principals |
US5224163A (en) * | 1990-09-28 | 1993-06-29 | Digital Equipment Corporation | Method for delegating authorization from one entity to another through the use of session encryption keys |
WO1997044762A1 (en) * | 1996-05-17 | 1997-11-27 | Gemplus, S.C.A. | Communication system for managing safely and independently a plurality of applications by each user card and corresponding user card and management method |
EP0913966A2 (en) * | 1997-10-31 | 1999-05-06 | Sun Microsystems, Inc. | Distributed system and method for controlling acces to network resources |
Non-Patent Citations (1)
Title |
---|
KARJOTH G: "INTEGRATED ACCESS CONTROL MANAGEMENT", BRINGING TELECOMMUNICATION SERVICES TO THE PEOPLE - ISS & N 1995. THIRD INTERNATIONAL CONFERENCE ON INTELLIGENCE IN BROADBAND SERVICES AND NETWORKS, HERAKLION, CRETE, OCT. 16 - 19, 1995. PROCEEDINGS, PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON INT, vol. CONF. 3, 16 October 1995 (1995-10-16), pages 64 - 74, XP000593469, ISBN: 3-540-60479-0 * |
Also Published As
Publication number | Publication date |
---|---|
FR2822257B1 (en) | 2003-05-30 |
EP1374014A1 (en) | 2004-01-02 |
FR2822257A1 (en) | 2002-09-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1849066B1 (en) | Secure dynamic loading | |
FR2800480A1 (en) | Security system for protection of files in smart cards, uses rules sets for file access to maintain both confidentiality and integrity of data by controlling access and file operations | |
US8675828B2 (en) | Authentication of a user to a telephonic communication device | |
CN100593786C (en) | Sytem and method for providing access to OMA DRM protected files from JAVA applications | |
CN110071924A (en) | Big data analysis method and system based on terminal | |
WO2002065254A1 (en) | Dynamic management of access rights lists in a portable electronic object | |
FR2728980A1 (en) | DEVICE FOR SECURING INFORMATION SYSTEMS ORGANIZED AROUND MICROPROCESSORS | |
EP1700218A2 (en) | Method for determining operational characteristics of a program | |
FR2833374A1 (en) | METHOD AND DEVICE FOR CONTROLLING ACCESS IN AN ONBOARD SYSTEM | |
WO2003032136A1 (en) | Method and system for identifying and verifying content of multimedia documents | |
WO2002073552A1 (en) | Verification of access compliance of subjects with objects in a data processing system with a security policy | |
EP1374014A1 (en) | Verification of the consistency of conditions for subjects to access objects in a data processing means | |
EP3937049B1 (en) | Method for labelling objects in an environment for processing large volumes of data using binary codes and associated labelling system | |
CN113542238B (en) | Zero trust-based risk judging method and system | |
EP3350745B1 (en) | Management of a display of a view of an application on a screen of an electronic data input device, corresponding method, device and computer program product | |
EP3470999B1 (en) | Securing conditional branching instructions in a computer program written in intermediate code | |
WO2008084154A2 (en) | Processing of data associated with a digital service | |
FR2923041A1 (en) | METHOD OF OPENING SECURED TO THIRDS OF A MICROCIRCUIT CARD. | |
FR2882210A1 (en) | METHOD FOR PROTECTING A DIGITAL RIGHTS FILE | |
FR2820847A1 (en) | Controlling access to objects or applications on a chip card using a system of access indicators that can be used to explicitly declare both positive and negative access rights | |
CN106886709A (en) | A kind of application program dynamic credit method in file encryption | |
EP3937464B1 (en) | Method for labelling objects in an environment for processing large volumes of data and associated labelling system | |
WO2003003317A1 (en) | Method for verifying access rights to computer files | |
CN106411866A (en) | Privacy information sending method and device | |
FR2835331A1 (en) | PROCESS FOR MONITORING THE USE OF DIGITAL CONTENT BY A SECURITY MODULE OR A CHIP CARD INCLUDING LEDIT MODULE |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2002713021 Country of ref document: EP |
|
WWW | Wipo information: withdrawn in national office |
Ref document number: 2002713021 Country of ref document: EP |
|
WWP | Wipo information: published in national office |
Ref document number: 2002713021 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |