Policy-based data-centric access control in a sorted, distributed key-value data store

Assignee

• A9.com, Inc. · US

Inventors

• Michael R. Allen · Churchville, US
• John W. Vines · Cambridge, US
• Adam P. Fuchs · Arlington, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2145
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method, apparatus and computer program product for policy-based access control in association with a sorted, distributed key-value data store in which keys comprise n-tuple structure that includes a cell-level access control. In this approach, an information security policy is used to create a set of pluggable policies. A pluggable policy may be used during data ingest time, when data is being ingested into the data store, and a pluggable policy may be used during query time, when a query to the data store is received for processing against data stored therein. Generally, a pluggable policy associates one or more user-centric attributes (or some function thereof), to a particular data-centric label. By using pluggable policies, preferably at both ingest time and query time, the data store is enhanced to provide a seamless and secure policy-based access control mechanism in association with the cell-level access control enabled by the data store.