System for Managing Access Control

US 20080282319A1
Filed: 11/06/2006
Published: 11/13/2008
Est. Priority Date: 11/17/2005
Status: Active Grant

First Claim

Patent Images

1. Method for managing access control in a content distribution system having access control according to a predefined data access format, the system comprisingat least one organization (32) for providing content data and related meta data,a rendering device (39) for rendering the content data and related meta data and executing the application, andat least one application for manipulating the content data and related meta data, which method comprises the steps ofsetting an access policy for the organization according to the predefined data access format, the access policy comprising access parameters for controlling access to resources of the rendering device and to said content data and related meta data,providing at least one organization application (35) complying with the access policy of the organization,providing content data and related meta data complying with the access policy of the respective organization,for enabling the rendering device to execute the organization application while accessing the resources of the rendering device according to the access policy of the organization,wherein method further comprises the steps ofmaintaining a user access policy that restricts, for the organization application, access to the resources of the rendering device relative to the access policy of the organization, andadjusting the user access policy for the organization based on additional trust data for selectively allowing the organization application to access the resources according to the access policy of the organization.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A content distribution system (300) has access control according to a predefined data access format. The system has organizations (32) for providing content data and related meta data on record carriers (34), and a rendering device (39), and applications for manipulating the content data and related meta data. An access policy for the organization is set according to the predefined data access format, and has access parameters for controlling access to resources of the rendering device and to said content data and related meta data. An organization application (35) complying with the access policy of the organization for accessing said data is executed while accessing the resources of the rendering device according to the access policy of the organization. According to the invention a user access policy is maintained that restricts, for the organization application, access to the resources of the rendering device relative to the access policy of the organization. The user access policy is adjusted based on additional trust data for selectively allowing the organization application to access the resources according to the access policy of the organization. Hence the user controls the access that applications have to resources of the rendering device.

190 Citations

10 Claims

1. Method for managing access control in a content distribution system having access control according to a predefined data access format, the system comprisingat least one organization (32) for providing content data and related meta data,a rendering device (39) for rendering the content data and related meta data and executing the application, andat least one application for manipulating the content data and related meta data, which method comprises the steps ofsetting an access policy for the organization according to the predefined data access format, the access policy comprising access parameters for controlling access to resources of the rendering device and to said content data and related meta data,providing at least one organization application (35) complying with the access policy of the organization,providing content data and related meta data complying with the access policy of the respective organization,for enabling the rendering device to execute the organization application while accessing the resources of the rendering device according to the access policy of the organization,wherein method further comprises the steps ofmaintaining a user access policy that restricts, for the organization application, access to the resources of the rendering device relative to the access policy of the organization, andadjusting the user access policy for the organization based on additional trust data for selectively allowing the organization application to access the resources according to the access policy of the organization.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. Method as claimed in claim 1, wherein the method comprisesmaintaining a set of trust data at a remote database entity, andretrieving trust data from the set for the adjusting of the user access policy, and in a particular case the method further comprising accessing the remote database entity via a network.
  - 3. Method as claimed in claim 1, wherein the additional trust data comprises a limited number of trust levels.
  - 4. Method as claimed in claim 3, wherein the trust levels comprise:
    - a fully trusted level for allowing the organization application to fully access to said resources according to the access policy of the organization;
      
      a partly trusted level for allowing the organization application to access a predefined subset of resources; and
      
      a non-trusted level for not allowing the organization application access to said resources.
  - 5. Method as claimed in claim 1, wherein the user access policy comprises initially setting a non-trusted level for organizations that are not known in the rendering device (39), the non-trusted level not allowing the organization application to access said resources.
  - 6. Method as claimed in claim 1, wherein the resources of the rendering device comprise at least one of:
    - a network connection;
      
      memory locations for storing data;
      
      system or device parameters;
      
      personal user data, such as a name or credit card data.
  - 7. Computer program product for managing access control in a device for rendering data and related meta data, which program is operative to cause a processor to perform maintaining and adjusting the user access policy as claimed in the method of claim 1.

8. Device for rendering content data and related meta data for use in a content distribution system having access control according to a predefined data access format, the system further comprisingat least one organization (32) for providing content data and related meta data,at least one application for manipulating the content data and related meta data, and the system being arranged forsetting an access policy for the organization according to the predefined data access format, the access policy comprising access parameters for controlling access to resources of the rendering device and to said content data and related meta data,providing at least one organization application complying with the access policy of the organization for accessing said data,providing content data and related meta data complying with the access policy of the respective organization,which device comprisesrendering means (30) for generating a media signal for rendering the data and related meta data,access control means (31) for executing the organization application while accessing the resources of the rendering device according to the access policy of the organization,wherein the access control means (31) are arranged formaintaining a user access policy that restricts, for the organization application, access to the resources of the rendering device relative to the access policy of the organization, andadjusting the user access policy for the organization based on additional trust data for selectively allowing the organization application to access the resources according to the access policy of the organization.
- View Dependent Claims (9)
- - 9. Device as claimed in claim 8, wherein the access control means (31) are arranged foraccessing a remote database entity via a network, which entity is arranged for maintaining a set of trust data, andretrieving trust data from the set for the adjusting of the user access policy.

10. Database entity for use in a content distribution system having access control according to a predefined data access format, the system further comprisingat least one organization (32) for providing content data and related meta data,a rendering device (39) for rendering the content data and related meta data, andat least one application for manipulating the content data and related meta data, and the system being arranged forsetting an access policy for the organization according to the predefined data access format, the access policy comprising access parameters for controlling access to resources of the rendering device and to said content data and related meta data,providing at least one organization application complying with the access policy of the organization for accessing said data,providing said content data and related meta data according to the access policy of the respective organization,which database entity comprisesdatabase means (45) for storing data,wherein database means (45) are arranged for maintaining a set of trust data, andtransferring the trust data from the set to the rendering device for the adjusting of the user access policy for the organization based on the trust data for selectively allowing the organization application to access the resources according to the access policy of the organization.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Original Assignee
Koninklijke Philips Electronics N.V. (Koninklijke Philips N.V.)
Inventors
Newton, Philip Steven, Fontijn, Wilhelmus Franciscus Johannes, Talstra, Johan Cornelis, Holtman, Koen Johanna Guillaume

Granted Patent

US 9,202,045 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/53 by executing in a restricte...

System for Managing Access Control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

190 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

System for Managing Access Control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

190 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links