MULTIPLE ENTITY AUTHORIZATION MODEL

US 20080256643A1
Filed: 09/14/2007
Published: 10/16/2008
Est. Priority Date: 04/13/2007
Status: Active Grant

First Claim

Patent Images

1. A system for securing records in a web method accessible platform, comprising:

a platform component that stores at least one data record related to an entity, the data record is accessible by at least one web method exposed by the platform; and

a record access component that restricts access to the data record to one or more applications that are granted authorization to access the data record by an entity authorized to access the data record.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authorization framework is provided that protects data records in a platform, such as a service-based platform, by requiring multiple level entities to be authorized with respect to the data records. For example, the data records can have an associated owner user that can grant access to other users with respect to the data. Additionally, however, the user can also grant access to certain applications that access the platform such that the data records can be initially closed for a user requiring the user to explicitly grant desired access to applications and/or users. In this regard, applications can be forbidden from accessing the data, even on behalf of the user, unless expressly authorized to do so by the user. Thus, the user can make informed decisions regarding who is to have access to its data.

116 Citations

View as Search Results

20 Claims

1. A system for securing records in a web method accessible platform, comprising:
- a platform component that stores at least one data record related to an entity, the data record is accessible by at least one web method exposed by the platform; and
  
  a record access component that restricts access to the data record to one or more applications that are granted authorization to access the data record by an entity authorized to access the data record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, the one or more applications accesses the data record on behalf of the entity.
  - 3. The system of claim 1, the application registers with the platform component prior to requesting the data record from the platform component.
  - 4. The system of claim 3, the application communicates a minimum required data record set, for proper functionality of the application, to the platform component.
  - 5. The system of claim 4, the record access component presents the minimum required data record set for the application to the entity, the entity grants or denies authorization to the application for access to the data record based on the minimum required data record set.
  - 6. The system of claim 1, an owner entity of the data record grants authorization to access the data record to the entity.
  - 7. The system of claim 1, the data record is part of a set of data records, the entity grants or denies access to the set of data records.
  - 8. The system of claim 1, the platform component exposes one or more web methods that allow the application to request the data record from the platform component.
  - 9. The system of claim 1, the platform component exposes one or more web methods that provide administrative functionality to the entity, groups of entities are authorized to call certain web methods, impersonating the entity, to change properties of the entity'"'"'s data records.

10. A method for securing data records in a service-based web platform, comprising:
- verifying authorization for an application requesting access to one or more data records in the platform;
  
  verifying authorization for one or more users on whose behalf the request for access to the one or more data records is made; and
  
  granting or denying access to the one or more data records based in part on the authorization verifications.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method of claim 10, further comprising receiving a registration request from the application.
  - 12. The method of claim 11, further comprising receiving a minimum required data record set for proper functioning of the application.
  - 13. The method of claim 12, further comprising presenting the minimum required data record set to the one or more users to obtain informed consent to authorize the application to access the minimum required data record set for the user.
  - 14. The method of claim 12, further comprising denying access requests from the application for data records outside of the minimum required data record set.
  - 15. The method of claim 10, further comprising creating one or more sets of data records and controlling authorization for the one or more sets as a whole.
  - 16. The method of claim 15, the one or more sets are created by the system and system authorization rules for the one or more sets supersede authorization rules desired by the user for the one or more sets or individual data records in the sets.
  - 17. The method of claim 16, further comprising satisfying a real-world standard by allowing the system set authorization rules to supersede other authorization rules.
  - 18. The method of claim 10, further comprising verifying authorization for a device utilizing the application to request access to the one or more data records.

19. A system for securing one or more data records in a web-service platform, comprising:
- means for storing data records in a centralized platform and exposing one or more web methods to access the data records; and
  
  means for controlling access to data records and web methods based at least in part on one or more authorization rules related to a calling application and an associated user context.
- View Dependent Claims (20)
- - 20. The system of claim 19, further comprising means for registering the application on the platform and presenting a minimum required data record set for the application such that the user context can create the authorization rule based at least in part on the minimum required data record set.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Guarraci, Brian J., Varadan, Vijay, Nolan, Sean Patrick, White, Christopher C., Apacible, Johnson T., Jones, Jeffrey Dick

Granted Patent

US 8,327,456 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/629 to features or functions of...

MULTIPLE ENTITY AUTHORIZATION MODEL

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

116 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

MULTIPLE ENTITY AUTHORIZATION MODEL

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others