CN1635439A - A user right management method - Google Patents
A user right management method Download PDFInfo
- Publication number
- CN1635439A CN1635439A CN 200310119357 CN200310119357A CN1635439A CN 1635439 A CN1635439 A CN 1635439A CN 200310119357 CN200310119357 CN 200310119357 CN 200310119357 A CN200310119357 A CN 200310119357A CN 1635439 A CN1635439 A CN 1635439A
- Authority
- CN
- China
- Prior art keywords
- user
- user role
- role
- operating right
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000007726 management method Methods 0.000 title abstract description 9
- 238000000034 method Methods 0.000 claims description 21
- 238000004321 preservation Methods 0.000 claims description 5
- 238000012217 deletion Methods 0.000 description 12
- 230000037430 deletion Effects 0.000 description 12
- 238000012795 verification Methods 0.000 description 9
- 238000013475 authorization Methods 0.000 description 8
- 238000013523 data management Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 239000012467 final product Substances 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
This invention discloses a user authority management method, which comprises the following steps: pre-setting the current operation authority user role and reserving the relationship between the user role and the current operation authority; the system judging whether the role and the relative operation authority are in the operation item when asking the operation system by user, if it is in, then it receives the user requirement, otherwise it rejects the user requirement.
Description
Technical field
The present invention relates to the user authority management technical field, relate to a kind of method that user right is managed or rather.
Background technology
All there is multiple operation item in present various systems, every kind of authority sign that operation item is corresponding unique.User in the system can have at least a operational processes authority, and the user can only carry out and the corresponding operation of owned authority sign, the user wants certain file is carried out certain operational processes, and then this user must have the authority sign of this operation item correspondence.At present, the operating right that the user had is determined by direct authority sign.
With the unix system is example.Unix system is a multi-user operating system, allows a plurality of users to use simultaneously.Be provided with a plurality of arrays in the unix system, system is assigned to certain array with this user when creating the user.
The operation of unix system has only reading and writing and carries out three kinds, identifies with R, W and X respectively.Unix system is realized by array and file are identified respectively user's authority sign.Specifically, unix system is provided with a specific operating right for each array, such as, the operating right that is provided with for array A is R--.User in the unix system need be provided with corresponding authority for this document when creating a file, this authority comprises file owner's authority, this group user's authority and other group users' authority.Such as, the owner's of certain file B authority is rwx, and this group user and other group users' authority is r-x, and then the rights management of this document can be shown as rwxr-xr-x.
If certain the user C among the array A wishes file B is carried out read operation, and the file owner does not belong to array A, promptly for file B, user C is other group users, then system is after detection user C is validated user, need to detect in the authority sign of array A under the user C and authorities sign of file B to other group users whether all have the operating right of reading, if all have, then system agrees that user C carries out read operation to file B; If the operating right of not reading in the authority of array A sign or file B the authority sign under the user C to other group users, perhaps array A and file B organize the operating right of not reading in users' the authority sign to other under the user C, and then system's refusing user's C is to the read operation of file B.
That is to say that unix system need be provided with respectively user place array and file itself when the operating right that is provided with for the user at certain file.Because the file operation of unix system has only reading and writing and carries out three kinds, therefore, adopt existing method directly to carry out authority and describe more convenient.If more operation is arranged in the unix system, then describe to get up to bother manyly.Such as, a, b, c, d, e, f, g and eight kinds of operations of h are arranged in the unix system, the owner of certain file is abcdefgh to the authority of this document, this group user is a-cdefgh to the authority of this document, other group users are a--defgh to the authority of this document, and then the rights management of this document can be shown as abcdefgha-cdefgha--defgh.Also need for user place group is described, such as, certain array has all operations authority, and then the authority of this array is set to abcdefgh.
For other system, then directly be user's setting operation authority often.Such as, p, q, r, s, t, u and seven kinds of operations of v are arranged in certain system, certain user has all operations authority to certain file, and then system need be this user ID pqrstuv.When the user in the system carried out a certain operation to file, system need judge at first whether this user has this operation permission sign, if having, then allows the operation of this user to this document, otherwise, refuse this user's current operation.
Obviously, when unix system or other system have a lot of option of operation, directly carry out authority and describe very inconvenient.Especially have under the situation of tens, hundreds of even more option of operation in system, directly carry out authority and describe then more inconvenient.That is to say that the authority describing method that prior art provided can not be easily be described user's operating right.
Summary of the invention
In view of this, fundamental purpose of the present invention is to provide a kind of method for managing user right, no matter make system what option of operation be arranged, the authority sign of its action required can both be set for the user easily.
For reaching above purpose, technical scheme of the present invention is achieved in that a kind of method for managing user right, and this method may further comprise the steps:
A. set in advance the user role that is used to identify current operating right, preserve the corresponding relation of this user role and current operating right, and have the user of this operating right with this user role sign;
B. the user is when the operation of request executive system, and system judges whether the pairing operating right of this user's user role comprises this operation item, if comprise, then accepts this user's request, otherwise, refuse this user's request.
Further comprise before the described step a: judge whether to exist the user role corresponding,, then identify this user with this user role if exist with current operating right, and direct execution in step b; Otherwise, execution in step a.
Described user role identifies by unique corresponding with it user role information.
Described user role information comprises user role ID.
Described user role information further comprises the user role name.
This method may further include, and system judges whether a user role has the corresponding identification user, if having, then keeps this user role, otherwise, delete this user role.
May further include after the described step b:
When c1. the user need change the operating right of self, system judged whether the user role of this operating right correspondence identifies other users, if identify other users, then enters step c2, if do not identify other users, then enters step c3;
C2. judge whether every other user also needs to do identical change, if desired, then enter step c3, if do not need, then system changes this operating right according to active user's needs, for the operating right after the change is provided with new user role, and the operating right after the preservation change and the corresponding relation of this newly-installed user role;
C3. system changes this operating right according to active user's needs, and the operating right after the preservation change and the corresponding relation of original user role.
Further comprise the step that system operation is decomposed into the basic operation project before the described step a.
The present invention is by being provided with corresponding user role for user's operating right, and come identifying user with this user role, make system when setting has the user of same operation authority, only need to select the user role of this operating right correspondence to come identifying user, and do not need each user is made concrete authority sign respectively.System check user's operating right is the verification to this user's respective user role, has made things convenient for the description of system to user's operating right, and has simplified the management of system to user's operating right.
Description of drawings
The process flow diagram that Fig. 1 manages user right by user role for the present invention program;
Fig. 2 is for coming the synoptic diagram of identifying user by user profile and user role in the embodiment of the invention;
Fig. 3 is the corresponding relation synoptic diagram of user and user role and respective operations project in the embodiment of the invention.
Embodiment
Below in conjunction with drawings and the specific embodiments the present invention program is described in further detail.
Referring to Fig. 1, the present invention program realizes by following steps:
The corresponding at least operation item unit of the operating right that the user had.
The user role that system set up can identify by unique corresponding with it user role information.Set user role information can be made up of user role name and user role ID, also can include only user role ID.By the common identifying user role attribute of user role name and user role ID the time, the user role name is the title of user role, for ease of using, can the user role name be set to numeral and alphabetical combination, certainly, also can adopt other set-up mode; User role ID is used for the authorization check of internal system, by system's automatic setting when creating user role.User role name and user role ID should be unique, for ease of using, can it be set to and can not be modified, and be released along with role's deletion.When only coming the identifying user role by user role ID, user role ID is by system's automatic setting when creating user role, the title of user role and the authorization check of internal system all pass through user role ID to be realized, user role ID should be unique, can not be modified, and be released along with role's deletion.
When step 105~107, user carried out a certain operation at needs, system carried out authorization check to this user, if this user passes through authorization check, then system allows this user to carry out this operation, otherwise system refuses this user and carries out this operation.
In the described step 105, system comprises user's self the verification and the verification of the operating right that the user had user's authorization check,, the verification of the operating right that the user had is verification to the pairing user role of this user here.
When by user role the user being identified, on the one hand, the user can identify by user profile and user role, and this sign situation is referring to Fig. 2, and wherein, user profile can be user name, also can be user ID etc. other be used for the information of identifying user.On the other hand, same user role can be used simultaneously by a plurality of users, each user can and can only corresponding user role, and the user can only carry out the operation item that user role had of self correspondence, and the corresponding relation of user and user role and respective operations project is referring to Fig. 3.
Be example below with the unix system.Suppose to comprise in the unix system a, b, c, d, e, f, g and eight operation items of h, then with these eight operation items regular be eight basic operation item unit.The owner of certain file C is abcdefgh to the operating right of this document, this group user is a-cdefgh to the operating right of this document, other group users are a--defgh to the operating right of this document, if the current user role that does not have these several operating right correspondences, then set up user role and preservation at these three kinds of operating rights respectively, such as, the user role of role A01 by name is set for abcdefgh, the user role of role A02 by name is set for a-cdefgh, the user role of user A03 by name is set for a--defgh, and corresponding role ID is set respectively by system, therefore, the rights management of this document can be shown as A01A02A03.If the operating right that the owner place array W of this document C has is abcdefgh, when this operating right is identified, the user role that finds this operating right correspondence exists, its role is called A01, therefore, identify this array with this user role, that is to say, the user role of this array is identical to the operating right of this document with the owner of aforementioned document.
At above-mentioned setting, unix system is user role is carried out verification when the user is carried out authorization check.Such as, need do the operation corresponding to file C with the owner user H on the same group of file C with operation item f, be the user role A01 by name of user H place array W, then unix system need be judged among this document C the pairing operating right of user role A02 to this group user, and whether the pairing operating right of user role A01 of array W all has the sign of operation item f, if have, then unix system is accepted user H file C is made the operation requests corresponding with operation item f, otherwise the operation requests of refusing user's H.
For unix system, can identify and realize by file and array being carried out operating right respectively user's operating right sign, for other system, then can directly identify the user by user role.Such as, comprise opening an account in certain operation system to the wireless user, cancellation, user data management, five kinds of operations such as system resource data management and authorization data management, if desired with certain user in this operation system, be that operator in the operation system is set to and can only handles wireless user's data, and during the rights management of management of the resource data of system level and authorization data not being managed, then can define one and comprise the user role ROLE1 of " opening an account; cancellation and user data management ", for this user role is provided with corresponding role ID, and be role ROLE1 with this operations of operators authority definition.If other operator also needs to have this operating right, then only need this operations of operators authority definition is got final product for role ROLE1.
Based on above-mentioned setting, the operator is when carrying out a certain operation, and system carries out verification to this operator self and role ID, if this operator by verification, then system allows this operator to carry out this operation, otherwise system refuses this operator and carries out this operation.System carries out verification to role ID, is the user role of judging this role ID correspondence and whether comprises this operation.
The above is sets up user role, and in fact, system can also delete and revise the user role of having set up as required.For the deletion user role,, that is to say do not have the user to come the operating right of indicating self if certain user role no longer is used by this user role, then this user role can be deleted by system.The user role information of this user role correspondence should be deleted by system when the deletion user role.
For revising user role, can describe from increasing operation item and deletion action project two aspects, to be example, both of these case is illustrated this user role A respective operations project xyz respectively below to increase of the user role A in the system or deletion action project.
When increasing operation item, if system has increased certain operation item s, and all use the user of user role A all to need to increase this operation item s in the system, then system can increase this operation item s on the basis of this original user role, and the pairing user role information of user role A that increases behind the operation item s remains unchanged.If using among the user of this user role A has only certain or certain several users need increase this operation item s, then should reset a user role, such as user role B is set, this user role B comprises original operation item xyz and newly-increased operation item s, and should be the user role information that this user role B that resets is provided with correspondence.
When the deletion action project, if system-kill the operation item y among the user role A, then this operation item can be deleted by system on the basis of original user role A, because operation item y is a system-kill, all corresponding users should remove this operation item, so the pairing user role information of the user role A of deletion action project y can remain unchanged.
For the deletion action project, if certain user need delete the operation item z among the user role A, then the operation item z among this user's respective user role deletes in system, if this user role A is only used by the active user, or other use the user of user role A also to need deletion action project z, and the user role information that then can preserve this user role A correspondence is constant.If use and have only certain several this operation item of deletion z that need among the user of this user role A, then should reset a user role, and should be the user role information that this user role of resetting is provided with correspondence at the operation item after the deletion action project z.
The above only is the present invention program's preferred embodiment, not in order to limit protection scope of the present invention.
Claims (8)
1, a kind of method for managing user right is characterized in that this method may further comprise the steps:
A. set in advance the user role that is used to identify current operating right, preserve the corresponding relation of this user role and current operating right, and have the user of this operating right with this user role sign;
B. the user is when the operation of request executive system, and system judges whether the pairing operating right of this user's user role comprises this operation item, if comprise, then accepts this user's request, otherwise, refuse this user's request.
2, method according to claim 1 is characterized in that further comprising before the described step a: judge whether to exist the user role corresponding with current operating right, if exist, then identify this user with this user role, directly execution in step b; Otherwise, execution in step a.
3, method according to claim 1 is characterized in that, described user role identifies by unique corresponding with it user role information.
4, method according to claim 3 is characterized in that, described user role information comprises user role ID.
5, method according to claim 4 is characterized in that, described user role information further comprises the user role name.
6, method according to claim 1 is characterized in that this method further comprises, system judges whether a user role has the corresponding identification user, if having, keeps this user role, otherwise, delete this user role.
7, method according to claim 1 is characterized in that, further comprises after the described step b:
When c1. the user need change the operating right of self, system judged whether the user role of this operating right correspondence identifies other users, if identify other users, then enters step c2, if do not identify other users, then enters step c3;
C2. judge whether every other user also needs to do identical change, if desired, then enter step c3, if do not need, then system changes this operating right according to active user's needs, for the operating right after the change is provided with new user role, and the operating right after the preservation change and the corresponding relation of this newly-installed user role;
C3. system changes this operating right according to active user's needs, and the operating right after the preservation change and the corresponding relation of original user role.
8, method according to claim 1 is characterized in that, further comprises the step that system operation is decomposed into the basic operation project before the described step a.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2003101193573A CN100381964C (en) | 2003-12-26 | 2003-12-26 | A user right management method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2003101193573A CN100381964C (en) | 2003-12-26 | 2003-12-26 | A user right management method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1635439A true CN1635439A (en) | 2005-07-06 |
CN100381964C CN100381964C (en) | 2008-04-16 |
Family
ID=34843883
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2003101193573A Expired - Lifetime CN100381964C (en) | 2003-12-26 | 2003-12-26 | A user right management method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100381964C (en) |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100407818C (en) * | 2006-02-23 | 2008-07-30 | 华为技术有限公司 | Method for selecting session members in PoC cluster session |
CN100459519C (en) * | 2005-10-28 | 2009-02-04 | 华为技术有限公司 | Method for controlling power of data management |
CN101034990B (en) * | 2007-02-14 | 2010-06-23 | 华为技术有限公司 | Right management method and device |
CN101217399B (en) * | 2007-12-29 | 2010-08-04 | 华为终端有限公司 | A data card background system and the corresponding operating method |
CN101399695B (en) * | 2007-09-26 | 2011-06-01 | 阿里巴巴集团控股有限公司 | Method and device for operating shared resource |
CN102195956A (en) * | 2010-03-19 | 2011-09-21 | 富士通株式会社 | Cloud service system and user right management method thereof |
CN102750473A (en) * | 2012-06-01 | 2012-10-24 | 中兴通讯股份有限公司 | Authority control method and authority control device |
CN102904877A (en) * | 2012-09-11 | 2013-01-30 | 曙光信息产业(北京)有限公司 | Binary serialization role permission management method based on cloud storage |
CN103188249A (en) * | 2011-12-31 | 2013-07-03 | 北京亿阳信通科技有限公司 | Concentration permission management system, authorization method and authentication method thereof |
CN105303084A (en) * | 2015-09-24 | 2016-02-03 | 北京奇虎科技有限公司 | Privilege management system and method |
CN105608373A (en) * | 2015-12-11 | 2016-05-25 | 曙光信息产业(北京)有限公司 | User right control method and apparatus |
CN106790060A (en) * | 2016-12-20 | 2017-05-31 | 微梦创科网络科技(中国)有限公司 | The right management method and device of a kind of role-base access control |
CN108156111A (en) * | 2016-12-02 | 2018-06-12 | 北大方正集团有限公司 | The treating method and apparatus of network service permission |
CN108958870A (en) * | 2017-07-09 | 2018-12-07 | 成都牵牛草信息技术有限公司 | shortcut function setting method |
CN109165486A (en) * | 2018-08-27 | 2019-01-08 | 四川长虹电器股份有限公司 | A kind of configurable interface access right control method |
CN111343172A (en) * | 2020-02-20 | 2020-06-26 | 中国建设银行股份有限公司 | Network access authority dynamic processing method and device |
CN112449145A (en) * | 2019-08-28 | 2021-03-05 | 杭州海康威视数字技术股份有限公司 | Camera authority management method and device |
CN113282901A (en) * | 2021-07-26 | 2021-08-20 | 中航金网(北京)电子商务有限公司 | File protection method, device, system, medium and electronic equipment |
CN113495921A (en) * | 2020-04-02 | 2021-10-12 | 北京京东振世信息技术有限公司 | Routing method and device of database cluster |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105488366B (en) * | 2014-10-13 | 2019-12-10 | 阿里巴巴集团控股有限公司 | Data authority control method and system |
CN105303119A (en) * | 2015-09-14 | 2016-02-03 | 浪潮集团有限公司 | Multi-data center privilege management method and system |
CN105243335A (en) * | 2015-09-30 | 2016-01-13 | 浪潮集团有限公司 | Rights management method and apparatus |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020178119A1 (en) * | 2001-05-24 | 2002-11-28 | International Business Machines Corporation | Method and system for a role-based access control model with active roles |
CN1437145A (en) * | 2002-02-04 | 2003-08-20 | 统一资讯股份有限公司 | Authority managing computer system and method |
CN1485746A (en) * | 2002-09-27 | 2004-03-31 | 鸿富锦精密工业(深圳)有限公司 | Management system and method for user safety authority limit |
-
2003
- 2003-12-26 CN CNB2003101193573A patent/CN100381964C/en not_active Expired - Lifetime
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100459519C (en) * | 2005-10-28 | 2009-02-04 | 华为技术有限公司 | Method for controlling power of data management |
CN100407818C (en) * | 2006-02-23 | 2008-07-30 | 华为技术有限公司 | Method for selecting session members in PoC cluster session |
CN101034990B (en) * | 2007-02-14 | 2010-06-23 | 华为技术有限公司 | Right management method and device |
CN101399695B (en) * | 2007-09-26 | 2011-06-01 | 阿里巴巴集团控股有限公司 | Method and device for operating shared resource |
CN101217399B (en) * | 2007-12-29 | 2010-08-04 | 华为终端有限公司 | A data card background system and the corresponding operating method |
CN102195956A (en) * | 2010-03-19 | 2011-09-21 | 富士通株式会社 | Cloud service system and user right management method thereof |
CN103188249A (en) * | 2011-12-31 | 2013-07-03 | 北京亿阳信通科技有限公司 | Concentration permission management system, authorization method and authentication method thereof |
CN102750473A (en) * | 2012-06-01 | 2012-10-24 | 中兴通讯股份有限公司 | Authority control method and authority control device |
CN102904877A (en) * | 2012-09-11 | 2013-01-30 | 曙光信息产业(北京)有限公司 | Binary serialization role permission management method based on cloud storage |
CN105303084A (en) * | 2015-09-24 | 2016-02-03 | 北京奇虎科技有限公司 | Privilege management system and method |
CN105608373A (en) * | 2015-12-11 | 2016-05-25 | 曙光信息产业(北京)有限公司 | User right control method and apparatus |
CN108156111A (en) * | 2016-12-02 | 2018-06-12 | 北大方正集团有限公司 | The treating method and apparatus of network service permission |
CN106790060A (en) * | 2016-12-20 | 2017-05-31 | 微梦创科网络科技(中国)有限公司 | The right management method and device of a kind of role-base access control |
CN108958870A (en) * | 2017-07-09 | 2018-12-07 | 成都牵牛草信息技术有限公司 | shortcut function setting method |
CN108958870B (en) * | 2017-07-09 | 2021-12-07 | 成都牵牛草信息技术有限公司 | Shortcut function setting method |
CN109165486A (en) * | 2018-08-27 | 2019-01-08 | 四川长虹电器股份有限公司 | A kind of configurable interface access right control method |
CN112449145A (en) * | 2019-08-28 | 2021-03-05 | 杭州海康威视数字技术股份有限公司 | Camera authority management method and device |
CN112449145B (en) * | 2019-08-28 | 2022-08-16 | 杭州海康威视数字技术股份有限公司 | Camera authority management method and device |
CN111343172A (en) * | 2020-02-20 | 2020-06-26 | 中国建设银行股份有限公司 | Network access authority dynamic processing method and device |
CN113495921A (en) * | 2020-04-02 | 2021-10-12 | 北京京东振世信息技术有限公司 | Routing method and device of database cluster |
CN113495921B (en) * | 2020-04-02 | 2023-09-26 | 北京京东振世信息技术有限公司 | Routing method and device for database cluster |
CN113282901A (en) * | 2021-07-26 | 2021-08-20 | 中航金网(北京)电子商务有限公司 | File protection method, device, system, medium and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN100381964C (en) | 2008-04-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN1635439A (en) | A user right management method | |
US8938781B1 (en) | Systems and methods for managing user permissions | |
CN1146178C (en) | Method and appts. for data processing | |
CN1234218C (en) | Processing method for case with gradation structure in communication equipment | |
CN1728149A (en) | Method, system, and apparatus for discovering and connecting to data sources | |
CN1534461A (en) | System structure used for dynamic increasing software parts in order to expand system process function and ralated method | |
CN101075254A (en) | Autonomous access control method for row-level data of database table | |
CN1598735A (en) | Method of granting drm license to support plural devices | |
CN1773417A (en) | System and method of aggregating the knowledge base of antivirus software applications | |
KR970700970A (en) | Generic Service Coordination Mechanism | |
US20110138375A1 (en) | Automated state migration while deploying an operating system | |
EP1999714A1 (en) | Management and application of entitlements | |
CN1494017A (en) | Holder selector used in global network service structure and its selection method | |
CN1928873A (en) | System and method for database access for implementing load sharing | |
CN1194408A (en) | Target management container and its managing method | |
CN1946226A (en) | Method, device for upgrading telecommunication equipment and upgrading engine unit | |
CN1975655A (en) | Method and apparatus for managing access to storage | |
CN1561035A (en) | Universal safety audit strategies customing method based on mapping table | |
CN1629810A (en) | Management system and method for distributed resource | |
US8856081B1 (en) | Single retention policy | |
CN107463371B (en) | Code management and control method and system | |
CN1698057A (en) | System and method for automatically starting a document on a workflow process | |
CN1199997A (en) | Method of modifying home location register (HLR) system database for digital wireless communication | |
CN1859158A (en) | Command line conflict detecting and service configuration realizing method | |
CN1368694A (en) | Method and system for dynamically discriminating job entity |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CX01 | Expiry of patent term |
Granted publication date: 20080416 |
|
CX01 | Expiry of patent term |