Access control for a document management and collaboration system

US 10,567,382 B2
Filed: 09/19/2016
Issued: 02/18/2020
Est. Priority Date: 11/11/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

determining an access control policy associated with at least one document maintained by a document management and collaboration service, the access control policy indicates that one or more users have permission to access the at least one document;

obtaining a similarity measure based at least in part on the at least one document and one or more other users, wherein the similarity measure indicates interest by the one or more other users in the at least one document;

generating a request to expand a set of privileges associated with the one or more other users based at least in part on the similarity measure and the access control policy, the set of privileges defining access to the at least one document maintained by the document management and collaboration service for the one or more other users;

receiving a response to the request via a user interface; and

setting the set of privileges associated with the one or more other users to a privilege level specified in the response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for controlling access to documents retained by a document management and collaboration system is disclosed. The document management and collaboration system may generate one or more suggested privileges associated with one or more users. An access control policy may specify whether system-generated user privileges may be enforced. If they are enforced, access to one or more document may be made subject to the generated privileges.

123 Citations

21 Claims

1. A computer-implemented method, comprising:
- determining an access control policy associated with at least one document maintained by a document management and collaboration service, the access control policy indicates that one or more users have permission to access the at least one document;
  
  obtaining a similarity measure based at least in part on the at least one document and one or more other users, wherein the similarity measure indicates interest by the one or more other users in the at least one document;
  
  generating a request to expand a set of privileges associated with the one or more other users based at least in part on the similarity measure and the access control policy, the set of privileges defining access to the at least one document maintained by the document management and collaboration service for the one or more other users;
  
  receiving a response to the request via a user interface; and
  
  setting the set of privileges associated with the one or more other users to a privilege level specified in the response.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-implemented method of claim 1, wherein the computer-implemented method further comprises obtaining information indicating interactions of the one or more users with a set of services provided by a computing resource service provider of which the document management and collaboration service is a member.
  - 3. The computer-implemented method of claim 2, wherein the information obtained further comprise an indication that the one or more users interacted with the at least one document using computing resources of a particular service of the set of services.
  - 4. The computer-implemented method of claim 1, wherein the computer-implemented method further comprises obtaining user affinity values for the at least one document, the user affinity values measures significance of the document to the one or more users based at least in part on interactions with the at least one document performed by the one or more users.
  - 5. The computer-implemented method of claim 1, wherein the computer-implemented method further comprises providing a suggestion to modify the access control policy as a result of information obtained associated with the similarity measure.

6. A system, comprising:
- one or more processors; and
  
  memory that includes instructions that, as a result of execution by the one or more processors, cause the system to;
  
  receive a request to expand privileges for accessing a particular document, the privileges enabling access to the particular document and the particular document maintained by the system by at least;
  
  determining a set of privileges for a set of user devices for accessing the particular document;
  
  obtaining a calculated similarity measure associated with the particular document and the set of user devices, wherein the similarity measurement indicates interest by the set of user devices in the particular document;
  
  transmitting an approval request of the set of privileges to a particular user device having privileges to approve access to the particular document in accordance with the similarity measure indicated by an access control policy associated with the particular document;
  
  receiving a response to the approval request; and
  
  applying the set of privileges to the set of user devices to access the particular document.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The system of claim 6, wherein the memory further includes instructions that, as a result of being executed by the one or more processors, cause the system to modify the set of privileges based at least in part on a modification to the set of privileges included in the response.
  - 8. The system of claim 6, wherein expanding privileges further comprises determining the set of user devices based at least in part on a set of attributes.
  - 9. The system of claim 8, wherein the set of attributes further comprises at least one attribute indicating a significance measure associated with characters utilized by the set of user devices.
  - 10. The system of claim 8, wherein the set of attributes further comprises at least one attribute indicating an interaction of the set of user devices with a service.
  - 11. The system of claim 10, wherein determining the set of user devices is based at least in part on an indication that the set of user devices interacted with the service.
  - 12. The system of claim 6, wherein the memory further includes instructions that, as a result of being executed by the one or more processors, cause the system to receive, from an administrator associated with the particular document, an indication that the set of privileges are not to be enforced.
  - 13. The system of claim 6, the memory further includes instructions that, as a result of being executed by the one or more processors, cause the system to:
    - receive, from a user device associated with a first user of the set of user devices, a request to access the particular document; and
      
      provide the user device with access to the particular document based at least in part on the set of privileges.

14. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
- receive an access control policy specifying that expanding privileges of one or more users for accessing at least one document maintained by a document management and collaboration system by a first user is performed based at least in part on a calculated similarity measure between the at least one document and the one or more users, wherein the similarity measure indicates interest by the one or more users in the at least one document;
  
  modify a user interface displayed to the first user to display a request to expand the privileges of the one or more users; and
  
  in response to the request, based at least in part on the access control policy, set the privileges of the one or more users to a privilege level specified by the first user through the user interface.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the computer system to, on a condition that the first user does not specify the privilege level through the user interface, set the privileges of the one or more users to a second privilege level specified by the access control policy.
  - 16. The non-transitory computer-readable storage medium of claim 14, wherein the access control policy further specifies that expanding the privileges of the one or more users is to be performed periodically, due to an occurrence of a trigger or according to a time schedule.
  - 17. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the computer system to identify at least one user of the one or more users based at least in part on the at least one user having an expanded privilege level from a privilege level specified in the access control policy.
  - 18. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the computer system to identify at least one user of the one or more users due at least in part to an access interval of the at least one user to a document exceeding a threshold.
  - 19. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the computer system to:
    - receive a request to access a document from a user device operated by a user of the one or more users; and
      
      evaluate the request based at least in part on the privilege level specified by the first user through the user interface.
  - 20. The non-transitory computer-readable storage medium of claim 14, the privilege level specified by the first user specifies that at least one user of the one or more users is permitted to view a document but not annotate the document, modify the document, or provide feedback on the document.
  - 21. The non-transitory computer-readable storage medium of claim 14, wherein the instructions further comprise instructions that, as a result of being executed by the one or more processors, cause the computer system to modify the privilege level based at least in part on a second privilege level specified by an administrator associated with the first user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Dang, Wei Lien Stephen, Taylor, Cynthia Zhang, Sethuramalingam, Arun Ponniah, Harrell, Catherine Emily, Kala, Sharad, Wang, Liangliang, Gillett, Kevin, Nandiwada Santhanam, Nandhini, Cadabam, Nagesh Pradhan, Eisner, Noah Anthony, Oakley, Stephen Joseph, Khurana, Himanshu
Primary Examiner(s)
Pearson, David J

Application Number

US15/269,867
Publication Number

US 20170012984A1
Time in Patent Office

1,247 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/13   File access structures, e.g...

G06F 16/16   File or folder operations, ...

G06F 16/178   Techniques for file synchro...

G06F 16/182   Distributed file systems

G06F 16/183   Provision of network file s...

G06F 16/1873   Versioning file systems, te...

G06F 16/192   Implementing virtual folder...

G06F 16/93   Document management systems

G06F 16/9535   Search customisation based ...

G06F 21/62   Protecting access to data v...

G06Q 10/101   Collaborative creation, e.g...

H04L 51/04   Real-time or near real-time...

H04L 51/42   Mailbox-related aspects, e....

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

Access control for a document management and collaboration system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

123 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Access control for a document management and collaboration system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links