Access control for enterprise knowledge

US 10,326,768 B2
Filed: 05/28/2015
Issued: 06/18/2019
Est. Priority Date: 05/28/2015
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a data processing apparatus, comprising:

receiving documents of an enterprise, each document having a respective access control list specifying access privileges to the document for one or more members of the enterprise, and the documents including data describing entities related to the enterprise and relationships among the entities;

deriving entity facts of the entities from the documents of the enterprise, each entity fact describing at least one feature of an entity of the entities from the documents, wherein the feature of the entity is a relationship between the entity and another entity and wherein each entity fact is derived from one or more corresponding documents in which the entity fact is described, wherein deriving the entity facts comprises selecting each document from the documents, and for the selected document;

determining a first entity identified within the document;

determining a second entity identified within the document;

determining a relationship between the first entity and the second entity that is described within the document; and

generating, as the entity fact, data describing the first entity, the second entity, and the relationship between the first entity and the second entity as described in the document;

wherein multiple entity facts are derived from a selected document;

determining, for each entity fact, from the respective access control list of each document from which the entity fact is derived, an entity fact access control list, wherein;

each entity fact access control list is different from the access control lists provided for the documents of the enterprise; and

at least one entity fact access control list is determined from two or more separate access control lists that each specify access privileges to respectively separate documents from which the at least one entity fact is identified;

storing data describing the entities, entity facts and the respective entity fact access control lists in a searchable index, wherein each entity fact is associated with its corresponding entity fact access control list; and

providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts in the searchable index according to the respective entity fact access control lists.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium for access control for enterprise information. In one aspect, a method includes receiving resources of an enterprise, each resource having a respective access control list specifying access privileges to the resource for one or more members, and the resources including entities related to the enterprise and relationships; identifying entity facts of the entities from the resources; determining, for each entity fact, an entity fact access control list; storing data describing the entities, entity facts and the respective entity fact access control lists, wherein each entity fact is associated with its corresponding entity fact access control list; and providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts according to the respective entity fact access control lists.

Citations

20 Claims

1. A method implemented in a data processing apparatus, comprising:
- receiving documents of an enterprise, each document having a respective access control list specifying access privileges to the document for one or more members of the enterprise, and the documents including data describing entities related to the enterprise and relationships among the entities;
  
  deriving entity facts of the entities from the documents of the enterprise, each entity fact describing at least one feature of an entity of the entities from the documents, wherein the feature of the entity is a relationship between the entity and another entity and wherein each entity fact is derived from one or more corresponding documents in which the entity fact is described, wherein deriving the entity facts comprises selecting each document from the documents, and for the selected document;
  
  determining a first entity identified within the document;
  
  determining a second entity identified within the document;
  
  determining a relationship between the first entity and the second entity that is described within the document; and
  
  generating, as the entity fact, data describing the first entity, the second entity, and the relationship between the first entity and the second entity as described in the document;
  
  wherein multiple entity facts are derived from a selected document;
  
  determining, for each entity fact, from the respective access control list of each document from which the entity fact is derived, an entity fact access control list, wherein;
  
  each entity fact access control list is different from the access control lists provided for the documents of the enterprise; and
  
  at least one entity fact access control list is determined from two or more separate access control lists that each specify access privileges to respectively separate documents from which the at least one entity fact is identified;
  
  storing data describing the entities, entity facts and the respective entity fact access control lists in a searchable index, wherein each entity fact is associated with its corresponding entity fact access control list; and
  
  providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts in the searchable index according to the respective entity fact access control lists.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein each entity fact access control list is different from the access control lists provided for the documents of the enterprise.
  - 3. The method of claim 2, wherein:
    - the members of the enterprise belong to a plurality of groups, each group including a respective subset of members of the members of the enterprise;
      
      at least one entity fact access control list specifies access privileges for at least one group; and
      
      providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts in the searchable index according to the respective entity fact access control lists comprises providing access to each member of the at least one group according to the access privileges.
  - 4. The method of claim 1, further comprising:
    - receiving a query from a member of the enterprise;
      
      receiving, in response to a search operation on the searchable index, search result data identifying entities and entity facts responsive to the query;
      
      for each identified entity fact, determining whether the member has access to the entity fact based on the entity fact access control list;
      
      for each identified entity fact for which the member has access to the entity fact based on the entity fact access control list, providing access to data describing the entity fact to the member; and
      
      for each identified entity fact for which the member does not have access to the entity fact based on the entity fact access control list, not providing data describing the entity fact to the member.
  - 5. The method of claim 4, wherein providing access to data describing the entity fact to the member comprises providing a knowledge panel display that displays the entity facts.
  - 6. The method of claim 1, wherein determining, for each entity fact, from the respective access control list of each document, an entity fact access control list comprises replicating the access privileges specified by the access control list for the document in the entity access control list for the entity fact.
  - 7. The method of claim 1, wherein at least one resource includes a plurality of access control lists, each of the plurality of access control lists corresponding to a subset of entity facts of the document, and wherein each of the one or more members is provided access privileges to each of the subsets of entity facts for which the one or more members are included on the access control list corresponding to that respective subset of entity facts.

8. A system, comprising:
- a processor; and
  
  a non-transitory computer-readable medium coupled to the processor and having instructions stored thereon, which, when executed by the processor, cause the processor to perform operations comprising;
  
  receiving documents of an enterprise, each document having a respective access control list specifying access privileges to the document for one or more members of the enterprise, and the documents including data describing entities related to the enterprise and relationships among the entities;
  
  deriving entity facts of the entities from the documents of the enterprise, each entity fact describing at least one feature of an entity of the entities from the documents, wherein the feature of the entity is a relationship between the entity and another entity and wherein each entity fact is derived from one or more corresponding documents in which the entity fact is described, wherein deriving the entity facts comprises selecting each document from the documents, and for the selected document;
  
  determining a first entity identified within the document;
  
  determining a second entity identified within the document;
  
  determining a relationship between the first entity and the second entity that is described within the document; and
  
  generating, as the entity fact, data describing the first entity, the second entity, and the relationship between the first entity and the second entity as described in the document;
  
  wherein multiple entity facts are derived from a selected document;
  
  determining, for each entity fact, from the respective access control list of each document from which the entity fact is derived, an entity fact access control list, wherein;
  
  each entity fact access control list is different from the access control lists provided for the documents of the enterprise; and
  
  at least one entity fact access control list is determined from two or more separate access control lists that each specify access privileges to respectively separate documents from which the at least one entity fact is identified;
  
  storing data describing the entities, entity facts and the respective entity fact access control lists in a searchable index, wherein each entity fact is associated with its corresponding entity fact access control list; and
  
  providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts in the searchable index according to the respective entity fact access control lists.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein each entity fact access control list is different from the access control lists provided for the documents of the enterprise.
  - 10. The system of claim 9, wherein:
    - the members of the enterprise belong to a plurality of groups, each group including a respective subset of members of the members of the enterprise;
      
      at least one entity fact access control list specifies access privileges for at least one group; and
      
      providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts in the searchable index according to the respective entity fact access control lists comprises providing access to each member of the at least one group according to the access privileges.
  - 11. The system of claim 8, further comprising:
    - receiving a query from a member of the enterprise;
      
      receiving, in response to a search operation on the searchable index, search result data identifying entities and entity facts responsive to the query;
      
      for each identified entity fact, determining whether the member has access to the entity fact based on the entity fact access control list;
      
      for each identified entity fact for which the member has access to the entity fact based on the entity fact access control list, providing access to data describing the entity fact to the member; and
      
      for each identified entity fact for which the member does not have access to the entity fact based on the entity fact access control list, not providing data describing the entity fact to the member.
  - 12. The system of claim 11, wherein providing access to data describing the entity fact to the member comprises providing a knowledge panel display that displays the entity facts.
  - 13. The system of claim 8, wherein determining, for each entity fact, from the respective access control list of each document, an entity fact access control list comprises replicating the access privileges specified by the access control list for the document in the entity access control list for the entity fact.
  - 14. The system of claim 8, wherein at least one document includes a plurality of access control lists, each of the plurality of access control lists corresponding to a subset of entity facts of the document, and wherein each of the one or more members is provided access privileges to each of the subsets of entity facts for which the one or more members are included on the access control list corresponding to that respective subset of entity facts.

15. A non-transitory computer-readable medium having instructions stored thereon, which, when executed by a processor, cause the processor to perform operations, comprising:
- receiving documents of an enterprise, each document having a respective access control list specifying access privileges to the document for one or more members of the enterprise, and the documents including data describing entities related to the enterprise and relationships among the entities;
  
  deriving entity facts of the entities from the documents of the enterprise, each entity fact describing at least one feature of an entity of the entities from the documents, wherein the feature of the entity is a relationship between the entity and another entity and wherein each entity fact is derived from one or more corresponding documents in which the entity fact is described, wherein deriving the entity facts comprises selecting each document from the documents, and for the selected document;
  
  determining a first entity identified within the document;
  
  determining a second entity identified within the document;
  
  determining a relationship between the first entity and the second entity that is described within the document; and
  
  generating, as the entity fact, data describing the first entity, the second entity, and the relationship between the first entity and the second entity as described in the document;
  
  wherein multiple entity facts are derived from a selected document;
  
  determining, for each entity fact, from the respective access control list of each document from which the entity fact is derived, an entity fact access control list, wherein;
  
  each entity fact access control list is different from the access control lists provided for the documents of the enterprise; and
  
  at least one entity fact access control list is determined from two or more separate access control lists that each specify access privileges to respectively separate documents from which the at least one entity fact is identified;
  
  storing data describing the entities, entity facts and the respective entity fact access control lists in a searchable index, wherein each entity fact is associated with its corresponding entity fact access control list; and
  
  providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts in the searchable index according to the respective entity fact access control lists.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable medium of claim 15, wherein each entity fact access control list is different from the access control lists provided for the documents of the enterprise.
  - 17. The computer-readable medium of claim 16, wherein:
    - the members of the enterprise belong to a plurality of groups, each group including a respective subset of members of the members of the enterprise;
      
      at least one entity fact access control list specifies access privileges for at least one group; and
      
      providing, to each of the members of the enterprise, access privileges to the data describing the entities and the entity facts in the searchable index according to the respective entity fact access control lists comprises providing access to each member of the at least one group according to the access privileges.
  - 18. The computer-readable medium of claim 15, further comprising:
    - receiving a query from a member of the enterprise;
      
      receiving, in response to a search operation on the searchable index, search result data identifying entities and entity facts responsive to the query;
      
      for each identified entity fact, determining whether the member has access to the entity fact based on the entity fact access control list;
      
      for each identified entity fact for which the member has access to the entity fact based on the entity fact access control list, providing access to data describing the entity fact to the member; and
      
      for each identified entity fact for which the member does not have access to the entity fact based on the entity fact access control list, not providing data describing the entity fact to the member.
  - 19. The computer-readable medium of claim 15, wherein determining, for each entity fact, from the respective access control list of each document, an entity fact access control list comprises replicating the access privileges specified by the access control list for the document in the entity access control list for the entity fact.
  - 20. The computer-readable medium of claim 15, wherein the enterprise is a company, and wherein information within the documents is information that is exclusively controlled by the enterprise.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google LLC (Alphabet Inc.)
Inventors
VerWeyst, Brent, Cochran, Martin James, Sivathanu, Muthian
Primary Examiner(s)
Bechtel, Kevin
Assistant Examiner(s)
Farooqui, Quazi

Application Number

US14/723,760
Publication Number

US 20160352743A1
Time in Patent Office

1,482 Days
Field of Search

726 4, 726 2, 726 6, 713182
US Class Current
CPC Class Codes

G06F 16/21   Design, administration or m...

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2141   Access rights, e.g. capabil...

G06Q 10/10   Office automation; Time man...

G06Q 10/103   Workflow collaboration or p...

G06Q 10/1097   Task assignment

H04L 63/101   Access control lists [ACL]

Access control for enterprise knowledge

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Access control for enterprise knowledge

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links