METHOD, AN APPARATUS, A COMPUTER SYSTEM, A SECURITY COMPONENT AND A COMPUTER READABLE MEDIUM FOR DEFINING ACCESS RIGHTS IN METADATA-BASED FILE ARRANGEMENT

US 20150143549A1
Filed: 01/29/2015
Published: 05/21/2015
Est. Priority Date: 09/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method for a computer system storing electronic objects being defined by metadata having at least one property with a value, the method comprising:

determining effective access rights for a first object bydetermining one or more other objects being referred to by a metadata value of said first object;

retrieving security components of said one or more other objects; and

processing the security components of said one or more other objects according to a predefined set of rules to determine the effective access rights for the first object.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method for a computer system storing electronic objects being defined by metadata items. The method comprises deriving access rights from one or more security components originating from respective metadata items of at least one object, and determining the effective access rights for the object by means of the security components. The invention also relates to a method for a computer system storing electronic objects being defined by metadata items, wherein access rights for an object are determined by means of one or more pseudo-users. The invention also relates to an apparatus, a computer system and a computer readable medium comprising a computer program stored therein for carrying out the methods.

31 Citations

View as Search Results

21 Claims

1. A method for a computer system storing electronic objects being defined by metadata having at least one property with a value, the method comprising:
- determining effective access rights for a first object bydetermining one or more other objects being referred to by a metadata value of said first object;
  
  retrieving security components of said one or more other objects; and
  
  processing the security components of said one or more other objects according to a predefined set of rules to determine the effective access rights for the first object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method according to claim 1, wherein the first object comprises its own access control list, wherein the effective access rights for said first object are determined by combining the security components with a first object'"'"'s own access control list according to the predefined set of rules.
  - 3. The method according to claim 1, wherein said one or more other objects originate directly from the first object'"'"'s metadata value.
  - 4. The method according to claim 1, wherein said one or more other objects originate indirectly from the first object'"'"'s metadata value.
  - 5. The method according to claim 1, further comprising:
    - combining more than one security components, wherein the effective access rights for the first object are determined as an intersection of more than one security components.
  - 6. The method according to claim 1, further comprising:
    - combining more than one security components, wherein the effective access rights are determined according to one of the following rules;
      
      one security component overrides the other security component, each security component supplements the effective access rights, one security component restricts the other security component, one security component defines the maximum effective access rights, one security component defines the minimum effective access rights, or any combination thereof.
  - 7. The method according to claim 1, further comprising defining effective access rights by means of one or more pseudo-users.
  - 8. The method according to claim 7, further comprising:
    - identifying a person having access rights for the object by resolving a person identity from a property value of the object, which property is indicated by a pseudo-user.
  - 9. The method according to claim 7, further comprising:
    - identifying a person having access rights for the object by resolving a person identity from a property value of an object referred by the object, which property is indicated by a pseudo-user.

10. An apparatus comprising a processor, memory including computer program code, the memory and the computer program code configured to, with the processor, cause the apparatus to perform at least the following:
- to store electronic objects being defined by metadata having at least one property with value;
  
  to determine effective access rights for a first object bydetermining one or more other objects referred by a metadata value of said first object;
  
  retrieving security components of said one or more other objects; and
  
  processing the security components of said one or more other objects according to a predefined set of rules to determine the effective access rights for the first object.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus according to claim 10, wherein the first object comprises its own access control list, wherein the effective access rights for said first object are determined by combining the security components with the first object'"'"'s own access control list according to the predefined set of rules.
  - 12. The apparatus according to claim 10, wherein said one or more other objects originate directly from the first object'"'"'s metadata value.
  - 13. The apparatus according to claim 10, wherein said one or more other objects originate indirectly from the first object'"'"'s metadata value.
  - 14. The apparatus according to claim 10, further comprising computer program code configured to, with the processor, cause the apparatus to perform at least the following:
    - combine more than one security components, wherein the effective access rights for the first object are determined as an intersection of more than one security components.
  - 15. The apparatus according to claim 10, further comprising computer program code configured to, with the processor, cause the apparatus to perform at least the following:
    - combine more than one security components, wherein the effective access rights are determined according to one of the following rules;
      
      one security component overrides the other security component, each security component supplements the effective access rights, one security component restricts the other security component, one security component defines the maximum effective access rights, one security component defines the minimum effective access rights, or any combination thereof.
  - 16. The apparatus according to claim 10, further being configured to define effective access rights by means of one or more pseudo-users.
  - 17. The apparatus according to claim 16, further comprising computer program code configured to, with the processor, cause the apparatus to perform at least the following:
    - identify a person having access rights for the object by resolving a person identity from a property value of the object, which property is indicated by a pseudo-user.
  - 18. The apparatus according to claim 16, further comprising computer program code configured to, with the processor, cause the apparatus to perform at least the following:
    - identifying a person having access rights for the object by resolving a person identity from a property value of an object referred by the object, which property is indicated by a pseudo-user.

19. A computer system comprising:
- at least one processor,at least one memory including computer program code,the memory and the computer program code configured to, with said at least one processor, cause the computer system at least to perform;
  
  to store electronic objects being defined by metadata having at least one property with value;
  
  to determine effective access rights for a first object bydetermining one or more other objects referred by a metadata value of said first object;
  
  retrieving security components of said one or more other objects; and
  
  processing the security components of said one or more other objects according to a predefined set of rules to determine the effective access rights for the first object.
- View Dependent Claims (20)
- - 20. The computer system according to claim 19, further comprising a client and a server.

21. A non-transitory computer readable medium comprising computer program instructions stored thereon, wherein said instructions, when executed, are forto store electronic objects being defined by metadata having at least one property with value;
- to determine effective access rights for a first object bydetermining one or more other objects referred by a metadata value of said first object;
  
  retrieving security components of said one or more other objects; and
  
  processing the security components of said one or more other objects according to a predefined set of rules to determine the effective access rights for the first object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
M-Files Oy
Original Assignee
M-Files Oy
Inventors
Laitkorpi, Markku, Nivala, Antti, Lepola, Juha, Metsapelto, Ari, Partanen, Timo

Granted Patent

US 9,576,148 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/30
CPC Class Codes

G06F 16/13   File access structures, e.g...

G06F 16/176   Support for shared access t...

G06F 16/51   Indexing; Data structures t...

G06F 21/6218   to a system of files or obj...

G06F 2221/2145   Inheriting rights or proper...

METHOD, AN APPARATUS, A COMPUTER SYSTEM, A SECURITY COMPONENT AND A COMPUTER READABLE MEDIUM FOR DEFINING ACCESS RIGHTS IN METADATA-BASED FILE ARRANGEMENT

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, AN APPARATUS, A COMPUTER SYSTEM, A SECURITY COMPONENT AND A COMPUTER READABLE MEDIUM FOR DEFINING ACCESS RIGHTS IN METADATA-BASED FILE ARRANGEMENT

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links