User interface driven access control system and method

US 20040239700A1
Filed: 03/17/2004
Published: 12/02/2004
Est. Priority Date: 03/17/2003
Status: Active Grant

First Claim

Patent Images

1. A graphical user interface for representing and facilitating user manipulation of access control settings for a resource comprising:

one or more display regions for graphical representations of access control settings for the resource which result from transformations applied to the structured data which defines the access control settings for the resource; and

one or more display regions for representation of the resource;

wherein the set of display regions for representations of the settings and the display region for representation of the resource appear to the operator as in an integrated graphical user interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

User Interface Driven Access Control Display regions for representations of results of transformations applied to access control settings for a resource appear integrated with a familiar representation of the resource, e.g. word processor, or Web browser. A number of functions modify layout and transformations, and those functions are available for invocation, e.g. through mouse gestures or key combinations. Users are graphically represented by displays comprising photographic likenesses. Groups can be shown as individual users. Giving someone access to a resource can be as easy as dragging that person'"'"'s likeness. Access log information can be shown together with access control settings. Reviewing the subset of resources available to a user is made easier. Overflow indicators replace scroll bars. Macros effect snapshots of volatile sets of users. Sections within documents can be omitted automatically if a user lacks authorization. Access control settings for one resource can be linked to be dependent on settings for other resources.

186 Citations

27 Claims

1. A graphical user interface for representing and facilitating user manipulation of access control settings for a resource comprising:
- one or more display regions for graphical representations of access control settings for the resource which result from transformations applied to the structured data which defines the access control settings for the resource; and
  
  one or more display regions for representation of the resource;
  
  wherein the set of display regions for representations of the settings and the display region for representation of the resource appear to the operator as in an integrated graphical user interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The graphical user interface of claim 1, wherein one or more functions modify the spatial layout of the display regions.
  - 3. The graphical user interface of claim 1, wherein one or more functions modify the number of the display regions.
  - 4. The graphical user interface of claim 1, wherein one or more functions modify the transformations that are applied to the structured data.
  - 5. The graphical user interface of claim 1, wherein a user is graphically represented by a display element comprising, at least in part, a likeness of the user.
  - 6. The graphical user interface of claim 5, wherein the likeness comprises, at least in part, a digital photograph, processed by a method including at least one step selected from the set of:
    - adjusting image color saturation toward a predetermined target saturation level;
      
      converting to grayscale;
      
      adjusting image brightness toward a predetermined target brightness level;
      
      adjusting image contrast toward a predetermined target contrast level;
      
      adjusting image sharpness toward a predetermined target sharpness level; and
      
      masking with a shape selected from a set comprising ovals and outlines of a bust.
  - 7. The graphical user interface of claim 1, wherein the set of display regions further comprises:
    - a display region for a graphical representation of a set of groups and users and their respective access privileges as defined by existing structured data for the resource; and
      
      a display region for a graphical representation of the result of transforming the set of groups and users and their respective access privileges into a corresponding set of individual users only and their respective effective access privileges.
  - 8. The graphical user interface of claim 1, further comprising a first display region for a graphical representation of at least one set of known users and groups, wherein the operator can designate indicia for the known users and groups and visually associate the designated indicia with a second display region to change the structured data which defines the access control settings for the resource.
  - 9. The graphical user interface of claim 8, wherein the first display region is reduced in size until activated by the user, and the first display region is increased in size upon activation.

10. A graphical user interface for representing access log information and access control settings for a resource, wherein at least one display region contains a graphical representation of a set comprising one or more individual users, and wherein each of the individual users is graphically represented by a visual element which comprises:
- the identity of the individual user having read privilege for the resource; and
  
  a differing visual element for indicating that the user has write privilege for the resource; and
  
  one or more of the following visual elements;
  
  the time of the most recent read access by the user to the resource;
  
  the time of the most recent write access by the user to the resource;
  
  indication whether the most recent write access by the user to the resource is the most recent write access by any user to the resource;
  
  indication whether the most recent read access by the user to the resource has been before the most recent write access by any user to the resource;
  
  indication whether the most recent read access by the user to the resource has been since the most recent write access by any user to the resource; and
  
  indication whether the user currently is without read privilege for the resource.
- View Dependent Claims (11, 12)
- - 11. The graphical user interface of claim 10, wherein the set of individual users consists of:
    - the set of users who have any access privilege at all for the resource; and
      
      the set of users who have accessed the resource in the past although they currently are without any access privilege for the resource.
  - 12. The graphical user interface of claim 10, further comprising a display region for a representation of the resource, wherein the display region for representation of the set of users and the display region for representation of the resource appear to the operator as an integrated graphical user interface.

13. A graphical user interface for representing access privileges for a user for one or more member resources in a collection of resources, wherein at least one display region contains a navigable structured graphical representation of the collection of resources, and wherein each member resource is graphically represented by a visual element which identifies the resource and which, by applying a predetermined set of steps, indicates the user'"'"'s effective access privileges for the resource by variations in at least one appearance parameter selected from the set comprising:
- indicative icons;
  
  color;
  
  transparency;
  
  height;
  
  width; and
  
  font parameters, and wherein in the visual element representing the resource can be designated by the operator, regardless of variations in appearance, and wherein dynamic graphic feedback for a visual element designated by the operator indicates information comprising the identity of the selected resource; and
  
  dynamic graphical feedback for a resource approached for being designated by the operator indicates information comprising the identity of the approached resource.
- View Dependent Claims (14, 15, 16)
- - 14. The graphical user interface of claim 13, wherein the collection of resources is organized as a hierarchy of resources and the navigable structured graphical representation is a graphical tree.
  - 15. The graphical user interface of claim 13, wherein the collection of resources is a set of resources and the navigable structured graphical representation is a table view.
  - 16. The graphical user interface of claim 13, wherein the variations in appearance comprise a reduction in height for each resource for which the user is without any access privilege and the dynamic graphical feedback comprises using regular height for indicating identity.

17. A graphical user interface for representing a set of a variable number of items in limited display space comprising:
- a visible region, a virtual plane, and overflow indicators, wherein each of the represented items is graphically represented by a predetermined visual element;
  
  each of the visual elements is positioned in the virtual plane;
  
  the virtual plane is masked by the visible region, permitting display of only a part of the virtual plane;
  
  the overflow indicators are located inside the visible region;
  
  the overflow indicators are located near such edges of the visible region beyond which more of the item displays are not visible;
  
  the number of overflow indicators is zero in case all of the item displays fit inside the visible region;
  
  a plurality of functions are implemented which change the position of the virtual plane relative to the visible region;
  
  a context dependent subset of the functions is available for selection by the operator for immediate and subsequent use;
  
  the visible region remains constant in size and shape, even when the number and locations of the overflow indicators are changing; and
  
  the overflow indicators are graphically represented by using at least one method selected from the group of transparency, color change, saturation change, brightness change and anti-aliasing, whereby there is a smooth transition between the appearance of the user interface when all items fit and the appearance when there is overflow.
- View Dependent Claims (18, 19, 20)
- - 18. The graphical user interface of claim 17, wherein the item displays are predominantly of low color saturation;
    - and the overflow indicators are of distinctively higher color saturation, whereby the operator is visually alerted in case there is overflow.
  - 19. The graphical user interface of claim 17, wherein the overflow indicators near an edge of the visible region by variations in their graphical appearance convey information about the number of the item displays which are not visible.
  - 20. The graphical user interface of claim 17, wherein the represented items are entities that have access privileges for a resource.

21. A user interface for representing and manipulating access control settings for a resource, comprising structured data representing access control settings for users related to the resource, and stored executable macros for invoking steps to manipulate the structured data, wherein the structured data also contains data that results from expansion of one or more of the macros.

22. A method for controlling access to one or more elements from a document encoded in a markup language, comprising the steps of:
- (a) determining the identity of a user attempting to access the document;
  
  (b) processing the document by recursively (1) parsing each element of the document, comprising an evaluation of access control function attributes which may be present within an element using attribute values that reference resources to determine access privileges of the determined user for the referenced resources; and
  
  (2) permitting or denying access to the element based on the determined access privileges.
- View Dependent Claims (23)
- - 23. The method of claim 22, comprising the additional step of creating copies of the encoded documents and transmitting the copies to the accessing user, wherein the original encoded documents are not modified by the processing step.

24. A method for access control to resources wherein the step of permitting access to a resource comprises evaluation of whether a user has the right to access a resource that references the requested resource, and is currently accessing the referencing resource, and if so, permitting access to the requested resource.

25. A system for access control for resources in a branching hierarchy of resources, comprising structured data that defines access control settings for a resource which may optionally contain references to other resources within the hierarchy of resources;
- wherein access control settings of the referenced other resources are merged by a predetermined algorithm with the structured data to determine effective access control settings.
- View Dependent Claims (26, 27)
- - 26. The system of claim 25, wherein the predetermined algorithm performs unions of sets of entities which make up the access control settings of the referenced other resources and corresponding sets of entities which are defined by the structured data.
  - 27. The system of claim 25, wherein inheritance within the hierarchy of resources defines access control settings for a resource for which there is no directly defining structured data, and a plurality of inheriting resources can share a single instance of defining structured data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Niresip LLC
Original Assignee
Niresip LLC
Inventors
Baschy, Leo Martin

Granted Patent

US 9,003,295 B2
Time in Patent Office

Days
Field of Search
US Class Current

715/781
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/62   Protecting access to data v...

G06F 9/451   Execution arrangements for ...

User interface driven access control system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

186 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

User interface driven access control system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

186 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others