Anonymously sharing resources based on social network user data

US 10,225,258 B2
Filed: 10/31/2014
Issued: 03/05/2019
Est. Priority Date: 11/01/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, by a social networking system operatively coupled to a processor, a requestor token and an owner token from a resource computer system communicatively coupled to the social networking system, wherein the requestor token comprises an encrypted resource requester identity generated for a second user requesting access to a resource owned by a first user on the resource computer system, and the owner token comprises an encrypted resource owner identity generated for the first user and an encrypted access control policy;

determining by the social networking system, whether access to the resource by the second user is to be granted based on the encrypted resource requester identity, the encrypted resource owner identity, and the encrypted access control policy;

sending, by the social networking system, a signal to the resource computer system indicating a result of the determining whether the access to the resource by the second user on is to be granted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for controlling access to a resource of an owner of the resource is provided. The owner can be a user of a resource computer system. The access control can be based on social network data of a social network system and/or on an owner token relating to the owner or a requester token relating to a requester requesting access to the resource and an access control policy. The owner token and the requester token can be received by the system to determine by the social networking system whether access to the resource is to be granted based on the content of the owner token and the requester token. A social network identity of the owner and a social network identity of the requester may only be determinable by the social network system.

14 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- receiving, by a social networking system operatively coupled to a processor, a requestor token and an owner token from a resource computer system communicatively coupled to the social networking system, wherein the requestor token comprises an encrypted resource requester identity generated for a second user requesting access to a resource owned by a first user on the resource computer system, and the owner token comprises an encrypted resource owner identity generated for the first user and an encrypted access control policy;
  
  determining by the social networking system, whether access to the resource by the second user is to be granted based on the encrypted resource requester identity, the encrypted resource owner identity, and the encrypted access control policy;
  
  sending, by the social networking system, a signal to the resource computer system indicating a result of the determining whether the access to the resource by the second user on is to be granted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method of claim 1, wherein the access control policy is not decryptable by the resource computer system.
  - 3. The computer-implemented method of claim 1, further comprising:
    - generating, by the social networking system, the owner token; and
      
      sending, by the social networking system, the owner token to an owner system associated with the first user.
  - 4. The computer-implemented method of claim 1, further comprising:
    - decrypting, by the social networking system, the encrypted resource owner identity, the encrypted resource requester identity, and the encrypted access control policy;
      
      evaluating the decrypted access control policy on the basis of the decrypted resource owner identity and the decrypted resource requester identity to determine whether access to the resource by the second user is to be granted.
  - 5. The computer-implemented method of claim 3, further comprising:
    - encrypting, by the social networking system, a resource owner identity using a first secret group signing key to generate the encrypted resource owner identity; and
      
      encrypting, by the social networking system, an access control policy using the first secret group signing key to generate the encrypted access control policy.
  - 6. The computer-implemented method of claim 1, further comprising:
    - generating, by the social networking system, the requester token; and
      
      sending, by the social networking system, the requester token to a requester system associated with the second user.
  - 7. The computer-implemented method of claim 6, further comprising encrypting, by the social networking system, a resource requester identity using a second secret group signing key to generate the encrypted resource requester identity.
  - 8. The computer-implemented method of claim 1, further comprising:
    - receiving, by the social networking system, a linking token from the resource computer system, wherein the linking token comprises information verifying that the owner token and the requester token are related to the resource; and
      
      wherein the determining whether access to the resource by the second user is to be granted comprises authenticating the linking token.

9. A social networking system, comprising:
- a memory that stores computer executable components; and
  
  a processor that executes the computer executable components stored in the memory, wherein the computer executable components comprise;
  
  an access controller configured to;
  
  receive a requestor token and an owner token from a resource computing system communicatively coupled to the social networking system, wherein the requestor token comprises an encrypted resource requester identity generated for a second user requesting access to a resource owned by the first user on the resource computer system, and the owner token comprises an encrypted resource owner identity generated for the first user and an encrypted access control policy;
  
  determine whether access to the resource by the second user is to be granted based on the encrypted resource requester identity, the encrypted resource owner identity, and the encrypted access control policy;
  
  send a signal to the resource computer system indicating a result of the determination of whether the access to the resource by the second user on is to be granted.
- View Dependent Claims (10)
- - 10. The social networking system of claim 9, wherein the access controller is further configured to:
    - receive a linking token from the resource computer system, wherein the linking token comprises information verifying that the owner token and the requester token are related to the resource; and
      
      authenticate the linking token as part of the determination of whether access to the resource by the second user is to be granted.

11. A computer program product facilitating controlling access to a resource of a resource computer system, wherein the resource is owned by a first user, the computer program product comprising a non-transitory computer readable medium having program instructions embodied therewith, the program instructions executable by a social networking system communicatively coupled to the resource computer system to cause the social networking system to:
- receive a requestor token from a resource computing system communicatively coupled to the social networking system, wherein the requestor token comprises an encrypted resource requester identity generated for a second user requesting access to a resource owned by the first user on the resource computer system, and the owner token comprises an encrypted resource owner identity generated for the first user and an encrypted access control policy;
  
  determine whether access to the resource by the second user is to be granted based on the encrypted resource requester identity, the encrypted resource owner identity, and the encrypted access control policy;
  
  send a signal to the resource computer system indicating a result of the determination of whether the access to the resource by the second user on is to be granted.
- View Dependent Claims (12)
- - 12. The computer program product of claim 11, wherein the program instructions are further executable to cause the social networking system to:
    - receive a linking token from the resource computer system, wherein the linking token comprises information verifying that the owner token and the requester token are related to the resource; and
      
      authenticate the linking token as part of the determination of whether access to the resource by the second user is to be granted.

13. A computer program product facilitating controlling access to a resource of a resource computer system, wherein the resource is owned by a first user, the computer program product comprising a non-transitory computer readable medium having program instructions embodied therewith, the program instructions executable by the resource computer system communicatively coupled to a social networking system to cause the resource computer system to:
- send a requestor token and an owner token to the social networking system, wherein the requestor token comprises an encrypted resource requester identity generated for the second user requesting access to the resource owned by the first user, and the owner token comprises an encrypted resource owner identity generated for the first user and an encrypted access control policy;
  
  receive a signal from the social networking system indicating whether access to the resource by the second user is to be granted based on the encrypted resource requester identity, the encrypted resource owner identity, and the encrypted access control policy;
  
  control access to the resource by the second user based on the signal.
- View Dependent Claims (14)
- - 14. The computer program product of claim 13, wherein the program instructions are further executable to cause the resource computer system to:
    - receive a requestor token from a requestor system communicatively coupled to the resource computer system, wherein the requestor token comprises an encrypted resource requester identity generated for the second user requesting access to the resource owned by the first user.

15. A resource computer system, comprising:
- a memory that stores computer executable components; and
  
  a processor that executes the computer executable components stored in the memory to;
  
  send a requestor token and an owner token to a social networking system communicatively coupled to the resource computer system, wherein the requestor token comprises an encrypted resource requester identity generated for the second user requesting access to the resource owned by the first user, and the owner token comprises an encrypted resource owner identity generated for the first user and an encrypted access control policy;
  
  receive a signal from the social networking system indicating whether access to the resource by the second user is to be granted based on the encrypted resource requester identity, the encrypted resource owner identity, and the encrypted access control policy;
  
  control access to the resource by the second user based on the signal.
- View Dependent Claims (16, 17)
- - 16. The resource computer system of claim 15, wherein the processor further executes the computer executable components stored in the memory to:
    - authenticate the requester token;
      
      generate a linking token that comprises information verifying that the owner token and the requester token are related to the resource;
      
      send the linking token to the social networking system.
  - 17. The resource computer system of claim 15, wherein the processor further:
    - receives the requester token and the owner token from a requestor system communicatively coupled to the resource computer system, wherein the requestor token comprises an encrypted resource requester identity generated for the second user requesting access to the resource owned by the first user.

18. A computer-implemented method comprising:
- sending, by a resource computer system operatively coupled to a processor, a requestor token and an owner token to a social networking system communicatively coupled to the resource computer system wherein the requestor token comprises an encrypted resource requester identity generated for the second user requesting access to the resource owned by the first user, and the owner token comprises an encrypted resource owner identity generated for the first user and an encrypted access control policy;
  
  receiving, by the resource computer system, a signal from the social networking system indicating whether access to the resource by the second user is to be granted based on the encrypted resource requester identity, the encrypted resource owner identity, and the encrypted access control policy;
  
  controlling, by the resource computer system, access to the resource by the second user based on the signal.
- View Dependent Claims (19, 20)
- - 19. The computer-implemented method of claim 18, further comprising receiving, by the resource computer system, a requester token from a requestor system communicatively coupled to the resource computer system, wherein the requestor token comprises an encrypted resource requester identity generated for the second user requesting access to the resource owned by the first user.
  - 20. The computer-implemented method of claim 18, further comprising:
    - authenticating, by the resource computer system, the requester token;
      
      generating, by the resource computer system, a linking token that comprises information verifying that the owner token and the requester token are related to the resource;
      
      sending, by the resource computer system, the linking token to the social networking system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Camenisch, Jan, Karjoth, Guenter, Neven, Gregory, Preiss, Franz-Stefan
Primary Examiner(s)
Hoffman, Brandon S

Application Number

US15/033,128
Publication Number

US 20160269416A1
Time in Patent Office

1,586 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/065   for group communications cr...

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04L 63/126   the source of the received ...

Anonymously sharing resources based on social network user data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Anonymously sharing resources based on social network user data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links