发明名称 Stored data access controller
摘要 A stored data access controller, configured to control access to data items, stored in a data storage apparatus, composed of data values encoding a labelled link between a subject graph node and an object graph node. The stored data access controller comprising: a query module, configured to receive a query requesting a specified subset of the data items and further configured to obtain the specified subset of the data items as a preliminary query result. The stored data access controller further comprising: a suppression module, configured to obtain the preliminary query result from the query module, and to generate a revised version of the preliminary query result by selectively suppressing the data value of one or more graph nodes in accordance with access control information attributed to the label of a labelled link between the subject graph node and the object graph node.
申请公布号 US9507956(B2) 申请公布日期 2016.11.29
申请号 US201414467187 申请日期 2014.08.25
申请人 FUJITSU LIMITED 发明人 Snelling David
分类号 G06F21/62;G06F17/30 主分类号 G06F21/62
代理机构 Staas & Halsey LLP 代理人 Staas & Halsey LLP
主权项 1. A stored data access controller, configured to control access to data items encoding graph data and stored in a data storage apparatus, each data item encoding a labelled link between a subject graph node and an object graph node and being composed of a data value for each of the three elements, the three triple elements being: a subject, identifying the subject graph node linked by the labelled link encoded by the data item; an object, identifying the object graph node linked by the labelled link encoded by the data item; and a predicate, being the label of the labelled link encoded by the data item; the stored data access controller comprising a processor, a memory, and a data input/output unit, configured to: receive a query requesting, as a query result, a specified subset of the data items stored in the data storage apparatus, and configured to obtain data items belonging to the specified subset from the data storage apparatus as a preliminary query result;store the label of each of a plurality of labelled links from the encoded graph data in association with access control information attributed to the label, wherein access control information attributed to the label of a labelled link is identified by a data item having the form of a triple including the label of the labelled link as subject and data identifying the access control information as object;obtain the preliminary query result from the query module, to generate a revised version of the preliminary query result by selectively suppressing information from the preliminary query result, and to output, as the requested query result in response to the received query, the revised version of the preliminary query result;wherein selectively suppressing information comprises, for the or each of one or more graph nodes, suppressing the data value representing the graph node in accordance with the stored access control information attributed to the label of a labelled link between the graph node and another graph node, the graph node being either the subject graph node or the object graph node linked by the labelled link.
地址 Kawasaki JP