Patents by Inventor David Mun-Hien Choy
David Mun-Hien Choy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9455990Abstract: Embodiments of the present invention provide an efficient and scalable scheme for role-based access control to resources. The resources are assigned a protection class. Resources in the same protection class share the same access control policy. Permissions granted to various roles are then defined based on privilege sets and protection classes. Accordingly, the permissions of a role can be dynamically determined at runtime. Furthermore, as new resources are added, they can be assigned to a pre-existing protection class. The new resource may thus automatically inherit the various permissions and roles attached to the protection class.Type: GrantFiled: July 21, 2006Date of Patent: September 27, 2016Assignee: International Business Machines CorporationInventors: Ganesha Beedubail, David Mun-Hien Choy, Hui-I Hsiao, Sriram Raghavan, Ganesh Vaideeswaran
-
Patent number: 7761404Abstract: Access to system and user defined entities (objects, data items, or the like) is managed by a content manager. A privilege grants a user an ability to access system such controlled entities. An item is an atomic user data entity stored in the CM library server. A privileges table is used to store system and user defined privileges. A privilege is represented by a row in the table. Each privilege has a unique privilege code, with codes 0 to 999 reserved to store system-defined privileges and codes beyond 999 open for user-defined privileges thus allowing application specific privileges to be added without limit.Type: GrantFiled: July 15, 2005Date of Patent: July 20, 2010Assignee: International Business Machines CorporationInventors: An Feng-I Chen, David Mun-Hien Choy, Tawei Hu, Jy-Jine James Lin, Kenneth Carlin Nelson, Yuping Wang, Alan Tsu-I Yaung
-
Publication number: 20080022370Abstract: Embodiments of the present invention provide an efficient and scalable scheme for role-based access control to resources. The resources are assigned a protection class. Resources in the same protection class share the same access control policy. Permissions granted to various roles are then defined based on privilege sets and protection classes. Accordingly, the permissions of a role can be dynamically determined at runtime. Furthermore, as new resources are added, they can be assigned to a pre-existing protection class. The new resource may thus automatically inherit the various permissions and roles attached to the protection class.Type: ApplicationFiled: July 21, 2006Publication date: January 24, 2008Inventors: Ganesha Beedubail, David Mun-Hien Choy, Hui-I Hsiao, Sriram Raghavan, Ganesh Vaideeswaran
-
Patent number: 7284265Abstract: System and method for authorizing access to an entity by a user, by binding an access control list to each entity; specifying for the user a set of user privileges; intersecting the access control list and set of user privileges in a compiled ACL table; incrementally refreshing the compiled ACL table responsive to run time modification of relevant tables containing the access control list and set of user privileges; and referencing the compiled access control list to authorize a user request to access an entity.Type: GrantFiled: April 23, 2002Date of Patent: October 16, 2007Assignee: International Business Machines CorporationInventors: David Mun-Hien Choy, Tawei Hu, Jy-Jine James Lin, Yuping Wang, Alan Tsu-I Yaung
-
Patent number: 7216126Abstract: A system and method are provided for an information management system (IMS) having an underlying relational database management system (RDBMS) that allows applications to access the RDBMS directly for improved performance without going through the IMS, while maintaining access control. An access control list (ACL) is generated, with tables in the RDBMS being bound using codes in the ACL. At run time or, more preferably, pre-run time, user-defined functions (UDF) evaluate access control attributes and generate an access authorization table, which is joined with the appropriate information table(s) in response to a query against a view on the table. The view is presented to the querying user. Thus, access control rules are encapsulated in the view that is presented to the user.Type: GrantFiled: April 4, 2003Date of Patent: May 8, 2007Assignee: International Business Machines CorporationInventor: David Mun-Hien Choy
-
Patent number: 7099899Abstract: A content management system provides versioning capability that can either be controlled by the client application or be transparent thereto. Control of document versions depends on the root and child component attributes that are defined by the hierarchical structure of the document. When a document is updated, the present system performs any or all of the following scenarios as desired by the user: replace the existing attribute values stored in the root component instance for a specified document; replace the existing attribute values stored in a specified child component instance for the specified document; add a new child component instance into the hierarchical structure for the specified document; or delete an existing child component instance from the hierarchical structure for the specified document.Type: GrantFiled: April 23, 2002Date of Patent: August 29, 2006Assignee: International Business Machines CorporationInventors: David Mun-Hien Choy, Sudipta Deb Deb, Tawei Hu, Lily Liang, Kenneth Carlin Nelson, Edward Joseph Perry, Mayank Vipin Shah, I-Shin Andy Wang, Howard Hao Zhang
-
Patent number: 7080085Abstract: A system and method are provided for an information management system (IMS) to manage heterogenous references in the system, to ensure “referential integrity”, without changing the underlying relational database management system (RDBMS) of the IMS. One or more system tables are kept that are not visible to system users. In one embodiment, the RDBMS' mechanisms to ensure referential integrity for homogenous references is used in conjunction with the system table to extend referential integrity to heterogenous references. In another embodiment, the triggers of the RDBMS, in conjunction with the system table, are used to ensure referential integrity of heterogenous references.Type: GrantFiled: July 12, 2000Date of Patent: July 18, 2006Assignee: International Business Machines CorporationInventors: David Mun-Hien Choy, Sriram Raghavan
-
Patent number: 6976023Abstract: Access to system and user defined entities (objects, data items, or the like) is managed by a content manager. A privilege grants a user an ability to access system such controlled entities. An item is an atomic user data entity stored in the CM library server. A privileges table is used to store system and user defined privileges. A privilege is represented by a row in the table. Each privilege has a unique privilege code, with codes 0 to 999 reserved to store system-defined privileges and codes beyond 999 open for user-defined privileges thus allowing application specific privileges to be added without limit.Type: GrantFiled: April 23, 2002Date of Patent: December 13, 2005Assignee: International Business Machines CorporationInventors: An Feng-I Chen, David Mun-Hien Choy, Tawei Hu, Jy-Jine James Lin, Kenneth Carlin Nelson, Yuping Wang, Alan Tsu-I Yaung
-
Patent number: 6873995Abstract: Managing a content management system. The content management system is one that is configured and controlled to establish a connection between a client and a library server, generate a transaction identifier and insert, a record for the transaction in a tracking table associated with the library server, pass transaction data from the client to a resource manager, process the transaction at the resource manager and record transaction data in a tracking table associated with the resource manager. The resource manager returns transaction success/failure data to the client, compares activity recorded in the tracking tables, and takes corrective action based upon the activity comparison.Type: GrantFiled: April 23, 2002Date of Patent: March 29, 2005Assignee: International Business Machines CorporationInventors: Donald Edward Benson, Karen W. Brannon, David Mun-Hien Choy, Gerald R. Clarke, Edward Joseph Gallagher, Hui-I Hsiao, Tawei Hu, Gerald Edward Kozina, Matthew R. Laue, Lily Liang, Kenneth Carlin Nelson, Deb Sudipta
-
Patent number: 6757680Abstract: A system and method are provided for an information management system (IMS) having an underlying relational database system (RDBMS) that allows an item to be associated with plural containers, and one of the containers is designated as the item's primary container. Inheritance of the primary container's access control rules can be activated, and when it is, the container's access control rules are automatically used to access the item. Otherwise, the item's access control rules are used. The container's rules can be propagated through many levels of containers/items.Type: GrantFiled: July 3, 2000Date of Patent: June 29, 2004Assignee: International Business Machines CorporationInventor: David Mun-Hien Choy
-
Patent number: 6697818Abstract: Methods and apparatus for providing a multi-tier object-relational database architecture are disclosed. In one illustrative embodiment of the present invention, a multi-tier database architecture comprises an object-relational database engine as a top tier, one or more domain-specific extension modules as a bottom tier, and one or more universal extension modules as a middle tier. The individual extension modules of the bottom tier operationally connect with the one or more universal extension modules which, themselves, operationally connect with the database engine. The domain-specific extension modules preferably provide such functions as search, index, and retrieval services of images, video, audio, time series, web pages, text, XML, spatial data, etc. The domain-specific extension modules may include one or more IBM DB2 extenders, Oracle data cartridges and/or Informix datablades, although other domain-specific extension modules may be used.Type: GrantFiled: June 14, 2001Date of Patent: February 24, 2004Assignee: International Business Machines CorporationInventors: Chung-Sheng Li, John R. Smith, Yuan-Chi Chang, Anant D. Jhingran, Sriram K. Padmanabhan, Hui-I Hsiao, David Mun-Hien Choy, Jy-Jine James Lin, Gene Y. C. Fuh, Robin Williams, Lawrence D. Bergman
-
Publication number: 20030200467Abstract: System and method for authorizing access to an entity by a user, by binding an access control list to each entity; specifying for the user a set of user privileges; intersecting the access control list and set of user privileges in a compiled ACL table; incrementally refreshing the compiled ACL table responsive to run time modification of relevant tables containing the access control list and set of user privileges; and referencing the compiled access control list to authorize a user request to access an entity.Type: ApplicationFiled: April 23, 2002Publication date: October 23, 2003Inventors: David Mun-Hien Choy, Tawei Hu, Jy-Jine James Lin, Yuping Wang, Alan Tsu-I Yaung
-
Publication number: 20030200235Abstract: An item versioning implementation in a content management system provides versioning capability that can either be controlled by the client application or be transparent thereto. Versioning is controlled by the user. The user also defines the manner in which old versions are maintained. The number of previous versions of the document may be limited by the user. The present system provides enhanced server capability for managing version control by document type, reduces client application complexity, reduces the number of required data parameters transmitted across network communications, allows flexibility in control of document versioning, and maintains compatibility with content management systems that do not have versioning control. Control of document versions depends on the root and child component attributes that are defined by the hierarchical structure of the document.Type: ApplicationFiled: April 23, 2002Publication date: October 23, 2003Applicant: International Business Machines CorporationInventors: David Mun-Hien Choy, Sudipta Deb Deb, Tawei Hu, Lily Liang, Kenneth Carlin Nelson, Edward Joseph Perry, Mayank Vipin Shah, I-Shin Andy Wang, Howard Hao Zhang
-
Publication number: 20030200212Abstract: Managing a content management system. The content management system is one that is configured and controlled to establish a connection between a client and a library server, generate a transaction identifier and insert, a record for the transaction in a tracking table associated with the library server, pass transaction data from the client to a resource manager, process the transaction at the resource manager and record transaction data in a tracking table associated with the resource manager. The resource manager returns transaction success/failure data to the client, compares activity recorded in the tracking tables, and takes corrective action based upon the activity comparison.Type: ApplicationFiled: April 23, 2002Publication date: October 23, 2003Applicant: International Business Machiness CorporationInventors: Donald Edward Benson, Karen W. Brannon, David Mun-Hien Choy, Gerald R. Clarke, Edward Joseph Gallagher, Hui-I Hsiao, Tawei Hu, Gerald Edward Kozina, Matthew R. Laue, Lily Liang, Kenneth Carlin Nelson, Deb Sudipta
-
Publication number: 20030200215Abstract: Access to system and user defined entities (objects, data items, or the like) is managed by a content manager. A privilege grants a user an ability to access system such controlled entities. An item is an atomic user data entity stored in the CM library server. A privileges table is used to store system and user defined privileges. A privilege is represented by a row in the table. Each privilege has a unique privilege code, with codes 0 to 999 reserved to store system-defined privileges and codes beyond 999 open for user-defined privileges thus allowing application specific privileges to be added without limit.Type: ApplicationFiled: April 23, 2002Publication date: October 23, 2003Applicant: International Business Machines CorporationInventors: An Feng-I Chen, David Mun-Hien Choy, Tawei Hu, Jy-Jine James Lin, Kenneth Carlin Nelson, Yuping Wang, Alan Tsu-I Yaung
-
Publication number: 20030191768Abstract: A system and method are provided for an information management system (IMS) having an underlying relational database management system (RDBMS) that allows applications to access the RDBMS directly for improved performance without going through the IMS, while maintaining access control. An access control list (ACL) is generated, with tables in the RDBMS being bound using codes in the ACL. At run time or, more preferably, pre-run time, user-defined functions (UDF) evaluate access control attributes and generate an access authorization table, which is joined with the appropriate information table(s) in response to a query against a view on the table. The view is presented to the querying user. Thus, access control rules are encapsulated in the view that is presented to the user.Type: ApplicationFiled: April 4, 2003Publication date: October 9, 2003Applicant: International Business Machines Corp.Inventor: David Mun-Hien Choy
-
Patent number: 6581060Abstract: A system and method are provided for an information management system (IMS) having an underlying relational database management system (RDBMS) that allows applications to access the RDBMS directly for improved performance without going through the IMS, while maintaining access control. An access control list (ACL) is generated, with tables in the RDBMS being bound using codes in the ACL. At run time or, more preferably, pre-run time, user-defined functions (UDF) evaluate access control attributes and generate an access authorization table, which is joined with the appropriate information table(s) in response to a query against a view on the table. The view is presented to the querying user. Thus, access control rules are encapsulated in the view that is presented to the user.Type: GrantFiled: June 21, 2000Date of Patent: June 17, 2003Assignee: International Business Machines CorporationInventor: David Mun-Hien Choy
-
Publication number: 20020198891Abstract: Methods and apparatus for providing a multi-tier object-relational database architecture are disclosed. In one illustrative embodiment of the present invention, a multi-tier database architecture comprises an object-relational database engine as a top tier, one or more domain-specific extension modules as a bottom tier, and one or more universal extension modules as a middle tier. The individual extension modules of the bottom tier operationally connect with the one or more universal extension modules which, themselves, operationally connect with the database engine. The domain-specific extension modules preferably provide such functions as search, index, and retrieval services of images, video, audio, time series, web pages, text, XML, spatial data, etc. The domain-specific extension modules may include one or more IBM DB2 extenders, Oracle data cartridges and/or Informix datablades, although other domain-specific extension modules may be used.Type: ApplicationFiled: June 14, 2001Publication date: December 26, 2002Applicant: International Business Machines CorporationInventors: Chung-Sheng Li, John R. Smith, Yuan-Chi Chang, Anant D. Jhingran, Sriram K. Padmanabhan, Hui-I Hsiao, David Mun-Hien Choy, Jy-Jine James Lin, Gene Y.C. Fuh, Robin Williams, Lawrence D. Bergman
-
Patent number: 6321374Abstract: A heterogeneous information system such as a digital library often uses a database manager together with other data resource manager(s), such as an object server or a video server, to manage digital content. Such a system often needs to maintain an application-specific database and/or to handle application-specific operational requirements. To facilitate system integration and application development, an application-independent reusable product is created which generates a custom system component or utility, such as a loader, according to a specification provided by a system integrator or an application developer.Type: GrantFiled: November 7, 1997Date of Patent: November 20, 2001Assignee: International Business Machines CorporationInventor: David Mun-Hien Choy
-
Patent number: 6256636Abstract: A digital library is comprised of a library server and at least one object server. The library server stores tables describing the digital library. An object server stores objects referenced by the tables describing the digital library. An application is coupled to the library server and the object server(s). It accesses objects via a file system or other native storage manager API under the control of the library server.Type: GrantFiled: November 26, 1997Date of Patent: July 3, 2001Assignee: International Business Machines CorporationInventor: David Mun-Hien Choy