Access control systems and methods using visibility tokens with automatic propagation
First Claim
1. A method for sharing content items among a plurality of users, the method comprising:
- defining a first user token and a first content token, the first user token and the first content token each representing a first visibility policy for determining which of the plurality of users are granted access to content items posted by a first one of the plurality of users, wherein the first user token and the first content token are matching tokens;
associating the first user token with each user who is granted access to content items according to the first visibility policy;
receiving a visibility instruction for a first content item from the first user, the visibility instruction indicating that the first content item should be shared according to the first visibility policy; and
in response to the visibility instruction, associating the first content token with the first content item in an index of content items, wherein when one of the plurality of users requests access to the first content item, the request is granted or denied based on whether the first content token matches a user token associated with the requesting user.
12 Assignments
0 Petitions
Accused Products
Abstract
Access control systems and methods regulate access to shared content items in a corpus using visibility tokens. A user provides other users with access to a content item by associating a content token with the content item and associating a matching user token with each user who is to be granted access. A user who attempts to access the content item succeeds only if that user has a user token matching the content token associated with the content item. User tokens can be propagated automatically from one user to another, e.g., based on trust relationships among the users. Content tokens can be indexed with content items so that when a user searches the corpus, a search engine can detect matches between user tokens and content tokens and filter the search results based on whether they are visible to the querying user.
-
Citations
24 Claims
-
1. A method for sharing content items among a plurality of users, the method comprising:
-
defining a first user token and a first content token, the first user token and the first content token each representing a first visibility policy for determining which of the plurality of users are granted access to content items posted by a first one of the plurality of users, wherein the first user token and the first content token are matching tokens;
associating the first user token with each user who is granted access to content items according to the first visibility policy;
receiving a visibility instruction for a first content item from the first user, the visibility instruction indicating that the first content item should be shared according to the first visibility policy; and
in response to the visibility instruction, associating the first content token with the first content item in an index of content items, wherein when one of the plurality of users requests access to the first content item, the request is granted or denied based on whether the first content token matches a user token associated with the requesting user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of searching a corpus of shared content items posted by a plurality of users, the method comprising:
-
receiving a query from a querying one of the plurality of users, wherein the querying user is associated with a set of user tokens, each user token representing a visibility policy under which the querying user is granted access to content items posted by one of the plurality of users;
accessing an index of the shared content items, wherein each shared content item in the index is associated with a content token that represents a visibility policy for determining which of the plurality of users are granted access to content items posted by one of the plurality of users;
identifying, from the index, at least one of the shared content items as a search hit that satisfies the query, applying a visibility filter to each of the search hits, wherein the visibility filter is satisfied in the event that the search hit is associated with a content token that matches a user token in the set of user tokens associated with the querying user, and returning to the querying user a list of search hits that satisfy the visibility filter. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A method of searching a corpus of shared content items posted by a plurality of users, the method comprising:
-
receiving a query from a querying one of the plurality of users, wherein the querying user is associated with a set of user tokens, each user token representing a visibility policy under which the querying user is granted access to content items posted by one of the plurality of users;
reformulating the query to include the received query and a logical OR of the one or more user tokens associated with the querying user;
accessing an index of the corpus of shared content items, wherein each shared content item in the index is associated with a content token that represents a visibility policy for determining which of the plurality of users are granted access to content items posted by one of the plurality of users;
processing the reformulated query by reference to the index, thereby identifying one or more visible search hits from the corpus of shared content items, wherein each visible search hit is a content item from the corpus that satisfies the received query and that is associated with a content token that matches a user token in the set of user tokens associated with the querying user; and
retiring a listing of the visible search hits to the user. - View Dependent Claims (21)
-
-
22. A computer system for sharing content items among a plurality of users, the system comprising:
-
a user data store configured to store a user record for each of the plurality of users, wherein the user record for each user includes one or more user tokens associated with that user, each user token representing a visibility policy under which that user is granted access to content items posted by one of the plurality of users;
a content data store configured to store an item record for each of the shared content items, wherein each item record includes one or more content tokens, each content token representing a visibility policy for determining which of the plurality of users are granted access to content items posted by one of the plurality of users;
posting control logic configured to receive a visibility instruction for a first one of the shared content items from a first one of the plurality of users, the visibility instruction indicating that the first content item should be shared according to a first visibility policy, and to store a first content token in the item record for the first shared content item, the first content token representing the first visibility policy; and
access control logic configured to receive a request from a requesting one of the plurality of users to access the first shared content item and to grant access in the event that one of the user tokens in the user record for the requesting user matches a content token associated with the first content item. - View Dependent Claims (23)
-
-
24. A computer system for searching a corpus of shared content items posted by a plurality of users, the system comprising:
-
a user data store configured to store a user record for each of the plurality of users, wherein the user record for each user includes one or more user tokens associated with that user, each user token representing a visibility policy under which that user is granted access to content items posted by one of the plurality of users;
a content data store configured to store an item record for each of the shared content items, wherein each item record includes one or more content tokens, each content token representing a visibility policy for determining which of the plurality of users are granted access to content items posted by one of the plurality of users;
a front end module configured to receive a query from a querying one of the plurality of users, to extract from the user data store a set of user tokens associated with the querying user, and to return a search report including a listing of search hits to the querying user; and
a search engine communicably coupled to the front end module and configured to receive the query and the set of user tokens from the front end module, to identify content items that satisfy the query and that are visible to the querying user, and to return the identified content items as search hits to the front end module, wherein the search engine is further configured to determine whether a content item is visible to the querying user by determining whether the content item is associated with a content token that matches a user token in the set of user tokens.
-
Specification