What technology area does this patent fall under?

Primary CPC classification H04L63/105. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Oct 01 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Access controls through node-based effective policy identifiers

US10432469B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10432469-B2
Application number	US-201816009120-A
Country	US
Kind code	B2
Filing date	Jun 14, 2018
Priority date	Jun 29, 2017
Publication date	Oct 1, 2019
Grant date	Oct 1, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Techniques for implementing a node-based access control system are described herein. In an embodiment, a server computer stores a node based policy system wherein each node identifies a resource and a policy for the resource. The server computer identifies a policy for a first node and an identifier of a second node wherein the second node is a parent node to the first node. The server computer maps an effective policy identifier to the policy for the first node and the identifier of the second node. The server computer stores data associating the effective policy identifier with the first node. The server computer identifies a policy for a third node and an identifier of the second node, wherein the second node is a parent node to the third node and wherein the policy for the third node is equivalent to the policy for the first node. The server computer then stores data associating the effective policy identifier with the third node.

First claim

Opening claim text (preview).

What is claimed is: 1. A data processing method comprising: receiving an update to a first node that changes a policy of the first node, the first node initially comprising an effective policy identifier mapped to the policy of the first node and an identifier of a second node that is a parent node of the first node; in response to receiving the update, generating a new effective policy identifier for the changed policy of the first node and the identifier of the second node; invalidating data associating user identifiers with effective policy identifiers corresponding to nodes that are descendant nodes of the first node. 2. The method of claim 1 , further comprising: identifying a policy for a third node and an identifier of the second node, wherein the second node is a parent node to the third node and wherein the policy for the third node is equivalent to the policy for the first node; in response to the second node being a parent node to the third node and the policy for the third node being equivalent to the policy for the first node, storing data associating the effective policy identifier with the third node. 3. The method of claim 1 , further comprising: storing data associating one or more user identifiers with the effective policy identifier; receiving a request for a particular resource identified by the first node from a client computing device, wherein the request includes a particular user identifier; determining that the one or more user identifiers include the particular user identifier; in response to determining, responding to the request for the particular resource with the particular resource. 4. The method of claim 1 , further comprising: identifying a null policy for a third node; in response to identifying the null policy for the third node, traversing through one or more parent nodes of the third node until a particular node is identified with a non-null policy; mapping a second effective policy identifier to the policy for the particular node and an identifier of a fourth node, wherein the fourth node is a parent node of the particular node; storing data associating the second effective policy identifier with the third node. 5. The method of claim 1 , further comprising: identifying a policy for a third node; identifying a null policy for a fourth node, wherein the fourth node is a parent of the fourth node; in response to identifying the null policy for the fourth node, traversing through one or more parent nodes of the fourth node until a particular node is identified with a non-null policy; mapping a second effective policy identifier to the policy for the third node and an identifier of the particular node; storing data associating the second effective policy identifier with the third node. 6. The method of claim 1 , further comprising: identifying a null policy for a third node; in response to identifying the null policy for the third node, traversing through one or more parent nodes of the third node until a first particular node is identified with a non-null policy; identifying a null policy for a fourth node, wherein the fourth node is a parent of the first particular node; in response to identifying the null policy for the fourth node, traversing through one or more parent nodes of the fourth node until a second particular node is identified with a non-null policy; mapping a second effective policy identifier to the policy for the first particular node and an identifier of the second particular node; storing data associating the second effective policy identifier with the fourth node. 7. A system comprising: one or more processors; one or more storage media; one or more instructions stored in the storage media which, when executed by the one or more processors, cause performance of: receiving an update to a first node that changes a policy of the first node, the first node initially comprising an effective policy identifier mapped to the policy of the first node and an identifier of a second node that is a parent node of the first node; in response to receiving the update, generating a new effective policy identifier for the changed policy of the first node and the identifier of the second node; invalidating data associating user identifiers with effective policy identifiers corresponding to nodes that are descendant nodes of the first node. 8. The system of claim 7 , wherein the instructions, when executed by the one or more processors, further cause performance of: identifying a policy for a third node and an identifier of the second node, wherein the second node is a parent node to the third node and wherein the policy for the third node is equivalent to the policy for the first node; in response to the second node being a parent node to the third node and the policy for the third node being equivalent to the policy for the first node, storing data associating the effective policy identifier with the third node. 9. The system of claim 7 , wherein the instructions, when executed by the one or more processors, further cause performance of: storing data associating one or more user identifiers with the effective policy identifier; receiving a request for a particular resource identified by the first node from a client computing device, wherein the request includes a particular user identifier; determining that the one or more user identifiers include the particular user identifier; in response to determining, responding to the request for the particular resource with the particular resource. 10. The system of claim 7 , wherein the instructions, when executed by the one or more processors, further cause performance of: identifying a null policy for a third node; in response to identifying the null policy for the third node, traversing through one or more parent nodes of the third node until a particular node is identified with a non-null policy; mapping a second effective policy identifier to the policy for the particular node and an identifier of a fourth node, wherein the fourth node is a parent node of the particular node; storing data associating the second effective policy identifier with the third node. 11. The system of claim 7 , wherein the instructions, when executed by the one or more processors, further cause performance of: identifying a policy for a third node; identifying a null policy for a fourth node, wherein the fourth node is a parent of the fourth node; in response to identifying the null policy for the fourth node, traversing through one or more parent nodes of the fourth node until a particular node is identified with a non-null policy; mapping a second effective policy identifier to the policy for the third node and an identifier of the particular node; storing data associating the second effective policy identifier with the third node. 12. The system of claim 7 , wherein the instructions, when executed by the one or more processors, further cause performance of: identifying a null policy for a third node; in response to identifying the null policy for the third node, traversing through one or more parent nodes of the third node until a first particular node is identified with a non-null policy; identifying a null policy for a fourth node, wherein the fourth node is a parent of the first particular node; in response to identifying the null policy for the fourth node, traversing through one or more parent nodes of the fourth node until a second particular node is identified with a non-null policy; mapping a second effective policy identifier to the policy for the first particular node and an identifier of the second particular node; storing data

Assignees

Palantir Technologies Inc

Inventors

Classifications

H04L41/0894
Policy-based network configuration management · CPC title
H04L67/10
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
H04L63/104
Grouping of entities · CPC title
G06F21/6218
to a system of files or objects, e.g. local or distributed file system or database · CPC title
G06F21/604
Tools and structures for managing or administering access control systems · CPC title

Patent family

Related publications grouped by family.

View patent family 62837343

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10432469B2 cover?: Techniques for implementing a node-based access control system are described herein. In an embodiment, a server computer stores a node based policy system wherein each node identifies a resource and a policy for the resource. The server computer identifies a policy for a first node and an identifier of a second node wherein the second node is a parent node to the first node. The server computer…
Who is the assignee on this patent?: Palantir Technologies Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/105. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Oct 01 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).