System and Method of Controlling Access to Information in a Virtual Computing Environment

US 20110099608A1
Filed: 10/22/2009
Published: 04/28/2011
Est. Priority Date: 10/22/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of controlling access to information in a virtual computing environment comprising:

storing authorization data on a first client computer system;

accessing virtual computing software from the first client computer system;

accessing a virtual object in the virtual computing software in response to instructions received from the first client computer system;

sending the authorization data from the first client computer system to a second computer system, wherein the authorization data specifies access rights on the second computer system; and

accessing the second computer system using the authorization data and determining access rights on the second computer system based on said authorization data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment the present invention includes a computer-implemented method comprising storing authorization data on a first client computer system, accessing virtual computing software from the first client computer system, accessing a virtual object in the virtual computing software in response to instructions received from the first client computer system, sending the authorization data from the first client computer system to a second computer system, wherein the authorization data specifies access rights on the second computer system, and accessing the second computer system using the authorization data and determining access rights on the second computer system based on said authorization data.

63 Citations

View as Search Results

20 Claims

1. A computer-implemented method of controlling access to information in a virtual computing environment comprising:
- storing authorization data on a first client computer system;
  
  accessing virtual computing software from the first client computer system;
  
  accessing a virtual object in the virtual computing software in response to instructions received from the first client computer system;
  
  sending the authorization data from the first client computer system to a second computer system, wherein the authorization data specifies access rights on the second computer system; and
  
  accessing the second computer system using the authorization data and determining access rights on the second computer system based on said authorization data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the authorization data is sent to the second computer system without being received by the virtual computing software.
  - 3. The method of claim 1 wherein the authorization data is sent based on a first location of the virtual object and a second location of a virtual representation of a user in the virtual computing software.
  - 4. The method of claim 3 wherein the authorization data is sent if the virtual object and the virtual representation of the user are both in a predefined space in the virtual computing software.
  - 5. The method of claim 3 wherein the authorization data is sent if a personal space associated with the virtual representation of the user encompasses the virtual object in the virtual computing software.
  - 6. The method of claim 1 wherein the authorization data is sent based on authorization rights for a user in the virtual computing software that are associated with a particular virtual space in the virtual computing software.
  - 7. The method of claim 6 wherein the authorization data is sent if a virtual representation of the user has associated authorization rights in the virtual computing software to enter a particular virtual space and if the virtual object is in the particular virtual space.
  - 8. The method of claim 6 wherein the authorization data is sent if authorization rights associated with a first personal space for a first virtual representation of the user allow a second virtual representation of a second user to enter the first personal space.
  - 9. The method of claim 1 wherein the authorization data comprises a public key certificate and an attribute certificate, the method further comprising:
    - determining authorization rights in the virtual computing software based on a user'"'"'s public key certificate and an attribute certificate, wherein different attribute certificates are issued to different users based on a location of a virtual object in a hierarchically organized virtual space, and wherein the virtual object is located in the hierarchically organized virtual space.
  - 10. The method of claim 9 further comprising sending the attribute certificate to a certificate authority, wherein the certificate authority authorizes users to enter virtual spaces in the hierarchically organized virtual space to access virtual objects.

11. A computer-readable medium containing instructions for controlling a computer system to perform a method, the method comprising:
- storing authorization data on a first client computer system;
  
  accessing virtual computing software from the first client computer system;
  
  accessing a virtual object in the virtual computing software in response to instructions received from the first client computer system;
  
  sending the authorization data from the first client computer system to a second computer system, wherein the authorization data specifies access rights on the second computer system; and
  
  accessing the second computer system using the authorization data and determining access rights on the second computer system based on said authorization data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer-readable medium of claim 11 wherein the authorization data is sent to the second computer system without being received by the virtual computing software.
  - 13. The computer-readable medium of claim 11 wherein the authorization data is sent based on a first location of the virtual object and a second location of a virtual representation of a user in the virtual computing software.
  - 14. The computer-readable medium of claim 13 wherein the authorization data is sent if the virtual object and the virtual representation of the user are both in a predefined virtual space in the virtual computing software.
  - 15. The computer-readable medium of claim 13 wherein the authorization data is sent if a personal space associated with the virtual representation of the user encompasses the virtual object in the virtual computing software.
  - 16. The computer-readable medium of claim 11 wherein the authorization data is sent based on authorization rights for a user in the virtual computing software that are associated with a particular virtual space in the virtual computing software.
  - 17. The computer-readable medium of claim 16 wherein the authorization data is sent if a virtual representation of the user has associated authorization rights in the virtual computing software to enter a particular virtual space and if the virtual object is in the particular virtual space.
  - 18. The computer-readable medium of claim 16 wherein the authorization data is sent if authorization rights associated with a first personal space for a first virtual representation of the user allow a second virtual representation of a second user to enter the first personal space.
  - 19. The computer-readable medium of claim 11 wherein the authorization data comprises a public key certificate and an attribute certificate, the method further comprising:
    - determining authorization rights in the virtual computing software based on a user'"'"'s public key certificate and an attribute certificate, wherein different attribute certificates are issued to different users based on a location of a virtual object in a hierarchically organized virtual space, and wherein the virtual object is located in the hierarchically organized virtual space.
  - 20. The computer-readable medium of claim 19 further comprising sending the attribute certificate to a certificate authority, wherein the certificate authority authorizes users to enter virtual spaces in the hierarchically organized virtual space to access virtual objects.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Queck, Tobias, Steinhauer, Sebastian

Granted Patent

US 8,510,806 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6209 to a single file or object,...

System and Method of Controlling Access to Information in a Virtual Computing Environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and Method of Controlling Access to Information in a Virtual Computing Environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others