METHOD AND SYSTEM FOR DYNAMICALLY ASSOCIATING ACCESS RIGHTS WITH A RESOURCE

US 20080109912A1
Filed: 11/08/2006
Published: 05/08/2008
Est. Priority Date: 11/08/2006
Status: Active Grant

First Claim

Patent Images

1. A method for dynamically associating, by a server, access rights with a resource, the method comprising the steps of:

(a) receiving, by a server, a request for a resource from a client;

(b) requesting, by the server, from a policy engine, an identification of a plurality of access rights to associate with the resource, the plurality of access rights identified responsive to an application of a policy to the client;

(c) associating, by the server, the resource with the plurality of access rights via a rights markup language;

(d) transmitting, by the server, the resource to the client with an identification of the associated plurality of access rights;

(e) making, by an application program on the client, an access control decision responsive to the associated plurality of access rights; and

(f) providing, by the application program, restricted access to the resource responsive to the access control decision.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for dynamically associating, by a server, access rights with a resource includes the step of receiving, by the server, a request for a resource from a client. The server requests, from a policy engine, an identification of a plurality of access rights to associate with the resource, the plurality of access rights identified responsive to an application of a policy to the client. The server associates the resource with the plurality of access rights via a rights markup language. The server transmits the resource to the client with the identification of the associated plurality of access rights. An application program on the client makes an access control decision responsive to the associated plurality of access rights. The application program provides restricted access to the resource responsive to the access control decision.

161 Citations

43 Claims

1. A method for dynamically associating, by a server, access rights with a resource, the method comprising the steps of:
- (a) receiving, by a server, a request for a resource from a client;
  
  (b) requesting, by the server, from a policy engine, an identification of a plurality of access rights to associate with the resource, the plurality of access rights identified responsive to an application of a policy to the client;
  
  (c) associating, by the server, the resource with the plurality of access rights via a rights markup language;
  
  (d) transmitting, by the server, the resource to the client with an identification of the associated plurality of access rights;
  
  (e) making, by an application program on the client, an access control decision responsive to the associated plurality of access rights; and
  
  (f) providing, by the application program, restricted access to the resource responsive to the access control decision.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein step (b) further comprises gathering information about the client.
  - 3. The method of claim 2, wherein step (b) further comprises applying a policy to the gathered information.
  - 4. The method of claim 1, wherein step (b) further comprises receiving, by the server, an identification of a plurality of access rights including a right to retrieve a file.
  - 5. The method of claim 1, wherein step (b) further comprises receiving, by the server, an identification of a plurality of access rights including a right to view a version of a file displayed using the Hypertext Markup Language (HTML).
  - 6. The method of claim 1, wherein step (b) further comprises receiving, by the server, an identification of a plurality of access rights including a right to receive output data generated by an execution of the resource on an application server.
  - 7. The method of claim 1, wherein step (b) further comprises receiving, by the server, an identification of a plurality of access rights including a right to print a copy of the resource.
  - 8. The method of claim 1, wherein step (b) further comprises receiving, by the server, an identification of a plurality of access rights including a right to save a local copy of the resource.
  - 9. The method of claim 1, wherein step (b) further comprises receiving, by the server, an identification of a plurality of access rights including a right to transmit via electronic mail a copy of the resource.
  - 10. The method of claim 1, wherein step (f) further comprises denying, by the application program, a request to retrieve the resource.
  - 11. The method of claim 1, wherein step (f) further comprises denying, by the application program, a request to modify the resource.
  - 12. The method of claim 1, wherein step (f) further comprises the step of denying, by the application program, a request to receive output data generated by an execution of the resource on an application server.
  - 13. The method of claim 1, wherein step (f) further comprises allowing, by the application program, a request to retrieve the resource.
  - 14. The method of claim 1, wherein step (f) further comprises displaying, by the application program, a version of the resource displayed using the Hypertext Markup Language (HTML), responsive to a request to retrieve the resource.
  - 15. The method of claim 1, wherein step (f) further comprises allowing, by the application program, a request to receive output data generated by an execution of the resource on an application server.
  - 16. The method of claim 1, wherein step (d) comprises transmitting, by the server, the resource and the associated plurality of access rights to an application program executing on a second server.
  - 17. The method of claim 16, wherein step (e) comprises making, by the application program executing on the second server, an access control decision responsive to the identified at least one access right.
  - 18. The method of claim 16, wherein step (f) comprises providing, by the application program executing on the second server, restricted access to the resource responsive to the access control decision.
  - 19. The method of claim 16, wherein step (f) further comprises transmitting, by the second server, output data generated by executing the application program, access to the output data restricted responsive to the access control decision.

20. A system for dynamically associating access rights with a resource comprising:
- a server receiving a request for access to a resource from a client;
  
  a policy engine receiving a request from the server for an identification of a plurality of access rights to associate with the resource, the plurality of access rights identified responsive to an application of a policy to the client; and
  
  an application program receiving, from the server, a copy of the resource associated with the identified plurality of access rights via a rights markup language, and an identification of the associated plurality of access rights.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 21. The system of claim 20, wherein the policy engine further comprises a collection agent gathering information about the client.
  - 22. The system of claim 21, wherein the policy engine further comprises a policy database, the policy engine applying a policy from the policy database to the gathered information.
  - 23. The system of claim 21, wherein the server further comprises a means for transmitting the collection agent to the client.
  - 24. The system of claim 20, wherein the server further comprises a means for associating the resource with an access right using a rights markup language.
  - 25. The system of claim 20, wherein the server further comprises a means for associating the resource with an access right using an extensible rights markup language (XRML).
  - 26. The system of claim 20, wherein the server further comprises a means for signing the resource using an extensible rights markup language (XRML).
  - 27. The system of claim 20, wherein the server further comprises a means for associating the resource with a right to retrieve the resource.
  - 28. The system of claim 20, wherein the server further comprises a means for associating the resource with a requirement to view a version of a file displayed using the Hypertext Markup Language (HTML).
  - 29. The system of claim 20, wherein the server further comprises a means for associating the resource with a right to receive output data generated by an execution of the resource on an application server.
  - 30. The system of claim 20, wherein the server further comprises a means for associating the resource with a right to print a copy of the resource.
  - 31. The system of claim 20, wherein the server further comprises a means for associating the resource with a right to save a local copy of the resource.
  - 32. The system of claim 20, wherein the server further comprises a means for associating the resource with a right to transmit via electronic mail a copy of the resource.
  - 33. The system of claim 20, wherein the application program is configured to make an access control decision responsive to the identification of the associated plurality of access rights.
  - 34. The system of claim 20, wherein the application program further comprises a means for making an access control decision responsive to the identification of the associated plurality of access rights.
  - 35. The system of claim 20, wherein the application program further comprises a component for applying an access right in the associated plurality of access rights to the request for the resource.
  - 36. The system of claim 20, wherein the application program further comprises a means for denying a request to retrieve the resource.
  - 37. The system of claim 20, wherein the application program further comprises a means for allowing a request to retrieve the resource.
  - 38. The system of claim 20, wherein the application program further comprises a means for viewing a version of the resource displayed using the Hypertext Markup Language (HTML).
  - 39. The system of claim 20, wherein the application program further comprises a connection to a client agent displaying on the client received output data generated by an execution of the resource on an application server.
  - 40. The system of claim 20, wherein the server further comprises a transmitter sending the resource and the identification of the associated plurality of access rights to an application program executing on a second server.
  - 41. The system of claim 40, wherein the application program executing on the second server further comprises a means for making an access control decision responsive to an access right in the associated plurality of access rights.
  - 42. The system of claim 40, wherein the application program executing on the second server further comprises a means for providing restricted access to the resource responsive to the access control decision.
  - 43. The system of claim 40, wherein the application program executing on the second server further comprises an agent for transmitting output data generated by the application program to the client and providing restricted access to the output data responsive to the access control decision.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Rivera, Juan

Granted Patent

US 8,533,846 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/30
CPC Class Codes

G06F 21/6209 to a single file or object,...

H04L 63/20 for managing network securi...

METHOD AND SYSTEM FOR DYNAMICALLY ASSOCIATING ACCESS RIGHTS WITH A RESOURCE

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

161 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR DYNAMICALLY ASSOCIATING ACCESS RIGHTS WITH A RESOURCE

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

161 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links