Images

Classifications

• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F11/00—Error detection; Error correction; Monitoring
  • G06F11/30—Monitoring
  • G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
  • G06F11/3466—Performance evaluation by tracing or monitoring
  • G06F11/3476—Data logging
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F21/60—Protecting data
  • G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY?PURPOSES, NOT OTHERWISE PROVIDED FOR
  • G06Q20/00—Payment architectures, schemes or protocols
  • G06Q20/38—Payment protocols; Details thereof
  • G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
• • G—PHYSICS
  • G06—COMPUTING; CALCULATING OR COUNTING
  • G06F—ELECTRIC DIGITAL DATA PROCESSING
  • G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
  • G06F2221/2101—Auditing as a secondary aspect

Definitions

• the present invention relates to the field of application administration and more particularly to the field of data capturing and logging during application administration.
• Administering a larger, distributed application often can involve the capture and logging of data produced in association with the operation of the application.
• application administrators can collect the data in order to confirm the proper operation of the application, and to troubleshoot application execution problems.
• the data collected by the administrator can be of a sensitive nature.
• Mechanisms presently exist to secure access to sensitive data by limiting access to sensitive data to particular users or user classifications. However, these mechanisms are developed in conjunction with the application itself and without consideration for those who administer the application.
• the determination of whether or not to capture and log application data can be based upon the data itself. Yet, in some applications it can be desirable to log data selectively based upon the user associated with the data. Also, changes to the desirability of logging data, when hard coded, is limited to decision making performed by the application developer and bears no relationship to the preferences of the user. Finally, hard coding the data logging function does not permit changes in the capturing and logging decision without also requiring a recoding of the application.
• Embodiments of the present invention address deficiencies of the art in respect to application data logging and provide a novel and non-obvious method, system and computer program product for capturing and logging application data.
• a method for capturing and logging application data can include consulting both administrative permissions for capturing and logging application data, and also user permissions for capturing and logging application data. Subsequently, application data can be captured and logged only if permitted by the administrative permissions and the user permissions. In this regard, it can be determined from either or both of the permissions whether capturing and logging of application data is permitted generally, and also a type or portion of the application data that is permitted to be captured and logged.
• a data processing system for capturing and logging application data can include a data log configured to stored logged application data.
• the system also can include a set of dual permissions comprising administrative permissions and user permissions specifying whether logging application data from an application is permitted.
• the system can include data capturing and logging logic configured for coupling to each of the data log, an application, and the set of dual permission.
• the data capturing and logging logic can include program code enabled to log captured application data from the application only if permitted by the set of dual permission.
• FIG. 1 is a schematic illustration of a data processing system configured for dynamic dual-permissions based data capturing and logging;
• FIG. 2 is a flow chart illustrating a process for dynamic dual-permissions based data capturing and logging.
• Embodiments of the present invention provide a method, system and computer program product for dynamic dual-permissions based data capturing and logging.
• data capturing and logging can be selectively performed for data based upon dynamically applied permissions specified both by an application administrator and an application user associated with the data. Specifically, initially it can be determined whether application data capturing and logging is permitted according to the preferences of the application administrator. Subsequently, only if application data capturing and logging is permitted by the administrator preferences, it can be determined whether privacy preferences for a user associated with the data permit the capturing and logging of associated data. If so, data associated with the user can be captured and logged.
• FIG. 1 is a schematic illustration of a data processing system configured for dynamic dual-permissions based data capturing and logging.
• the system can include an application 150 hosted within one or more host computing platforms 120 (only a single host computing platform shown for illustrative simplicity).
• the application 150 can be a stand-alone application, or the application 150 can be a distributed application as shown in the illustration which can be accessed by one or more end users 110 over a data communications network 130 . In either circumstance, the application 150 can produce and manage application data stored within a data store of application data 160 .
• Data capturing and logging logic 200 hosted within a host computing platform 140 can be communicatively coupled to the application 150 .
• the data capturing and logging logic 200 can be coupled to the application 150 in a number of ways, for example from within the same, host operating environment, across different process address spaces in the same or different computing platforms, or through inter-process communications across the data communications network 130 as shown in the illustration.
• the data capturing and logging logic 200 can be configured to selectively capture and log data 180 in a data log 170 for use in application administration according to dual permissions specified by administrated permissions 190 A and user permissions 190 B.
• the data capturing and logging logic 200 can consult the administrative permissions 190 A to determine whether logging and capturing of the data 180 is permitted generally.
• the administrative permissions 190 A further can specify what types of the data 180 are to be captured and logged and which types of the data 180 are not to be captured and logged.
• the data capturing and logging logic 200 further can consult the user permissions 190 B for the users to determine whether logging and capturing of those portions of the data 180 associated with respective users is permitted.
• the user permissions 190 B further can specify what types of the data 180 are to be captured and logged and which types of the 180 are not to be captured and logged.
• FIG. 2 is a flow chart illustrating a process for dynamic dual-permissions based data capturing and logging.
• a data capture request can be received to capture and log data for a coupled application.
• the administrative permissions for data capturing and logging can be consulted to determine whether data capturing and logging is permitted, and further what portions or types of the application data can be captured and logged.
• decision block 230 if the administrative permissions do not permit the capturing and logging of the data for the application, the process can end in block 300 . Otherwise, the process can continue through block 240 .
• data for the application can be captured.
• an associated user or user class can be determine for the captured data and in block 260 the user permissions for the user or user class can be retrieved.
• decision block 270 it can be determined whether the user permissions allow for the logging and capturing of data associated with the user or user class.
• the data capturing and logging process can continue through decision block 290 returning to block 240 until it is decided to no longer capture and log data.
• the determination of whether to log captured data for a particular user can change dynamically and globally merely by modifying the user permissions, the administrative permissions, or both. No re-coding of the application will be required. Furthermore, the underlying application can change without impacting the capturing and logging process. Also, the dual nature of the permissions allows both the end users and the application administrator to control access to the logging of sensitive data. Finally, the dual permissions apply not to the data exclusively, but to the users of the data which is more closely aligned with the privacy interests addressed herein which can vary for the same application data from user to user.
• Embodiments of the invention can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment containing both hardware and software elements.
• the invention is implemented in software, which includes but is not limited to firmware, resident software, microcode, and the like.
• the invention can take the form of a computer program product accessible from a computer-usable or computer-readable medium providing program code for use by or in connection with a computer or any instruction execution system.
• a computer-usable or computer readable medium can be any apparatus that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
• the medium can be an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation medium.
• Examples of a computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, a random access memory (RAM), a read-only memory (ROM), a rigid magnetic disk and an optical disk.
• Current examples of optical disks include compact disk—read only memory (CD-ROM), compact disk—read/write (CD-R/W) and DVD.
• a data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus.
• the memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
• I/O devices including but not limited to keyboards, displays, pointing devices, etc.
• Network adapters may also be coupled to the system to enable the data processing system to become coupled to other data processing systems or remote printers or storage devices through intervening private or public networks. Modems, cable modem and Ethernet cards are just a few of the currently available types of network adapters.

Landscapes

• Engineering & Computer Science (AREA)
• Theoretical Computer Science (AREA)
• Physics & Mathematics (AREA)
• Business, Economics & Management (AREA)
• General Physics & Mathematics (AREA)
• General Engineering & Computer Science (AREA)
• Computer Hardware Design (AREA)
• Computer Security & Cryptography (AREA)
• Accounting & Taxation (AREA)
• Software Systems (AREA)
• Health & Medical Sciences (AREA)
• General Health & Medical Sciences (AREA)
• Bioethics (AREA)
• Finance (AREA)
• Strategic Management (AREA)
• General Business, Economics & Management (AREA)
• Quality & Reliability (AREA)
• Debugging And Monitoring (AREA)

Abstract

Description

Claims (3)

Priority Applications (2)

Applications Claiming Priority (1)

Related Child Applications (1)

Publications (2)

Family

ID=37569049

Family Applications (2)

Family Applications After (1)

Country Status (1)

Families Citing this family (8)

Citations (26)

• 2005
  • 2025-08-07 US US11/167,533 patent/US7788706B2/en active Active
• 2010
  • 2025-08-07 US US12/871,797 patent/US8353014B2/en not_active Expired - Fee Related

Patent Citations (26)

Also Published As

Similar Documents

Legal Events