ACCESS CONTROL USING IDENTIFIERS IN LINKS

US 20100228989A1
Filed: 03/03/2009
Published: 09/09/2010
Est. Priority Date: 03/03/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a resource access identifier, the resource access identifier associated with a shared computing resource;

embedding the resource access identifier into a link to the shared computing resource;

inserting the link into an information element;

associating an access control scheme with the information element to generate a protected information element; and

sending the protected information element to a destination computing device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device.

106 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving a resource access identifier, the resource access identifier associated with a shared computing resource;
  
  embedding the resource access identifier into a link to the shared computing resource;
  
  inserting the link into an information element;
  
  associating an access control scheme with the information element to generate a protected information element; and
  
  sending the protected information element to a destination computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the information element includes an e-mail, an instant message, or a file.
  - 3. The method of claim 1, wherein the resource access identifier is a cryptographic token.
  - 4. The method of claim 1, wherein the link is a uniform resource locator (URL), and wherein the resource access identifier is embedded in the URL as a parameter of the URL.
  - 5. The method of claim 1, wherein the resource access identifier includes information associated with a sender of a request for the resource access identifier comprising at least one of:
    - information associated with a computing device that sent the request for the resource access identifier and information associated with a user that sent the request for the resource access identifier.
  - 6. The method of claim 1, wherein the resource access identifier includes information regarding rights associated with the shared computing resource comprising a right to read the shared computing resource, a right to write to the shared computing resource, a right to modify the shared computing resource, or any combination thereof.
  - 7. The method of claim 1, wherein the resource access identifier includes a signature to prevent modification of the resource access identifier.
  - 8. The method of claim 1, wherein the access control scheme associated with the information element is a digital rights management (DRM) profile that includes information regarding one or more owners of the shared computing resource, information regarding one or more collaborators of the one or more owners of the shared computing resource, or one or more access restrictions associated with the shared computing resource.
  - 9. The method of claim 8, wherein the DRM profile associated with the information element is embedded in the link.
  - 10. The method of claim 1, wherein the shared computing resource is retrievable from a file server that is accessible through an access gateway.

11. A system comprising:
- a first computing device configured to;
  
  send a request for a resource access identifier that allows access to a shared resource;
  
  receive the resource access identifier;
  
  embed the resource access identifier into a link;
  
  insert the link into an information element;
  
  associate an access control scheme with the information element; and
  
  a network interface to send the information element to a second computing device that is capable of verifying that the access control scheme associated with the information element allows access to the information element.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, further comprising an access gateway capable of receiving the request for the resource access identifier from the first computing device, sending the resource access identifier to the first computing device, and facilitating access to the shared resource by the second computing device.
  - 13. The system of claim 12, further comprising an auditing engine capable of logging resource access identifier requests and shared resource access information in an audit log.
  - 14. The system of claim 13, whereinthe access gateway is further capable of:
    - maintaining an access revocation list associated with the shared resource;
      
      determining that information identifying the second computing device is listed on the access revocation list;
      
      receiving an attempt by the second computing device to access the shared resource; and
      
      denying the attempt by the second computing device to access the shared resource; and
      
      wherein the auditing engine is further capable of storing failed resource access attempts in the audit log.
  - 15. The system of claim 11, wherein the second computing device is further capable of forwarding the information element to a third computing device, wherein the access control scheme associated with the information element allows access to the information element at the third computing device, and wherein the third computing device is capable of using the resource access identifier to access the shared resource.

16. A computer-readable medium comprising instructions, that when executed by a processor of an access gateway, cause the processor to:
- receive, at the access gateway, a request from a first device for a cryptographic token that allows access, via the access gateway, to a shared resource located at a file server;
  
  send the cryptographic token from the access gateway to the first device;
  
  receive, at the access gateway, an attempt from a second device to access the shared resource using the cryptographic token; and
  
  facilitate access to the shared resource by the second device via the access gateway.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable medium of claim 16, further comprising instructions, that when executed by the processor, cause the processor to:
    - determine that the cryptographic token includes a timestamp; and
      
      deny an attempt to access the shared resource using the cryptographic token when a validity time period associated with the cryptographic token has elapsed.
  - 18. The computer-readable medium of claim 16, wherein the first device or the second device includes a desktop computer, a laptop computer, a collaboration server, a personal digital assistant, or a mobile communication device.
  - 19. The computer-readable medium of claim 16, wherein the request from the first device for the cryptographic token is initiated by a first collaboration application at the first device, and wherein the attempt from the second device to access the shared resource is initiated by a second collaboration application at the second device.
  - 20. The computer-readable medium of claim 19, wherein the first collaboration application or the second collaboration application includes an e-mail application, a word processing application, a spreadsheet application, a presentation application, a web browser, a file sharing application, or a multimedia application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Neystadt, John, Nice, Nir

Granted Patent

US 8,719,582 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6209   to a single file or object,...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

G06Q 20/341   Active cards, i.e. cards in...

G07F 7/1008   Active credit-cards provide...

H04L 2209/603   Digital right managament [DRM]

H04L 63/0428   wherein the data content is...

H04L 63/083   using passwords cryptograph...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3271   using challenge-response

H04L 9/3297   involving time stamps, e.g....

ACCESS CONTROL USING IDENTIFIERS IN LINKS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

106 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS CONTROL USING IDENTIFIERS IN LINKS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

106 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links