Access Control in a Hybrid Cloud Infrastructure - Cloud Technology

US 20180337929A1
Filed: 05/17/2017
Published: 11/22/2018
Est. Priority Date: 05/17/2017
Status: Active Application

First Claim

Patent Images

1. An apparatus, comprising:

a user interface operable to receive a request to share a file on a cloud server over a network, and one or more privacy settings, wherein the privacy settings comprise a privacy group and at least one privacy subcategory for the privacy group;

a memory operable to store the request and the privacy settings;

a network interface operable to communicate with the network;

a processor communicatively coupled to the user interface, the memory, and the network interface, the processor operable to;

receive the privacy settings;

register the privacy group according to privacy settings;

receive the request to share the file over the network from a first user;

determine, based on a characteristic of the file, the privacy subcategory of the registered privacy group to associate with the file;

assign the associated privacy subcategory to the file;

grant, in response to a subsequent request for the file, access to the file based on the assigned privacy subcategory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access control in a hybrid cloud infrastructure may include receiving privacy settings with privacy groups and constituent privacy subcategories, registering the privacy groups and privacy subcategories according to the privacy settings, receiving a request to share files over the network, determining a privacy subcategory to associate with the files based on characteristics of the files, and assigning the privacy subcategory to the files. In particular embodiments, the system may receive subsequent access requests for any of the files and implement access control by granting or denying access to the file based on the assigned privacy groups or privacy subcategories.

Citations

20 Claims

1. An apparatus, comprising:
- a user interface operable to receive a request to share a file on a cloud server over a network, and one or more privacy settings, wherein the privacy settings comprise a privacy group and at least one privacy subcategory for the privacy group;
  
  a memory operable to store the request and the privacy settings;
  
  a network interface operable to communicate with the network;
  
  a processor communicatively coupled to the user interface, the memory, and the network interface, the processor operable to;
  
  receive the privacy settings;
  
  register the privacy group according to privacy settings;
  
  receive the request to share the file over the network from a first user;
  
  determine, based on a characteristic of the file, the privacy subcategory of the registered privacy group to associate with the file;
  
  assign the associated privacy subcategory to the file;
  
  grant, in response to a subsequent request for the file, access to the file based on the assigned privacy subcategory.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The apparatus of claim 1, wherein the processor is further operable to populate the privacy subcategory of the privacy group with a member, wherein the member identifies a second user with access to files assigned to the privacy subcategory.
  - 3. The apparatus of claim 2, wherein populating the privacy subcategory comprises the first user assigning the member to the privacy subcategory.
  - 4. The apparatus of claim 2, wherein populating the privacy subcategory comprises automatically assigning the member to the privacy subcategory based on a detected relationship between the first user and the second user.
  - 5. The apparatus of claim 1, wherein the characteristic of the file for determining the privacy subcategory of the registered privacy group to associate with the file comprises metadata associated with the file.
  - 6. The apparatus of claim 1, wherein the characteristic of the file for determining the privacy subcategory of the registered privacy group to associate with the file comprises contents of the file.
  - 7. The apparatus of claim 1, wherein granting access to the file based on the assigned privacy subcategory further comprises determining whether a timer associated with the document has expired and granting access to the file only if the timer has not expired.

8. A method, comprising:
- receiving privacy settings, wherein the privacy settings comprise a privacy group and at least one privacy subcategory for the privacy group;
  
  registering, in a memory, the privacy group according to privacy settings;
  
  receiving a request to share the file over a network from a first user;
  
  determining, using a processor, the privacy subcategory of the registered privacy group to associate with the file based on a characteristic of the file;
  
  assigning the associated privacy subcategory to the file;
  
  granting, in response to a subsequent request for the file, access to the file based on the assigned privacy subcategory.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, further comprising populating the privacy subcategory of the privacy group with a member, wherein the member identifies a second user with access to files assigned to the privacy subcategory.
  - 10. The method of claim 9, wherein populating the privacy subcategory comprises the first user assigning the member to the privacy subcategory.
  - 11. The method of claim 9, wherein populating the privacy subcategory comprises automatically assigning the member to the privacy subcategory based on a detected relationship between the first user and the second user.
  - 12. The method of claim 8, wherein the characteristic of the file for determining the privacy subcategory of the registered privacy group to associate with the file comprises metadata associated with the file.
  - 13. The method of claim 8, wherein the characteristic of the file for determining the privacy subcategory of the registered privacy group to associate with the file comprises contents of the file.
  - 14. The method of claim 8, wherein granting access to the file based on the assigned privacy subcategory further comprises determining whether a timer associated with the document has expired and granting access to the file only if the timer has not expired.

15. An system, comprising:
- a client device associated with a user and coupled to a network, the client device operable to request to share a file on a cloud server over a network and provide one or more privacy settings, wherein the privacy settings comprise a privacy group and at least one privacy subcategory for the privacy group;
  
  a data server comprising a memory and a processor, the processor operable to;
  
  receive the privacy settings;
  
  register the privacy group according to privacy settings;
  
  receive the request to share the file over the network from a first user on the client device;
  
  determine, based on a characteristic of the file, the privacy subcategory of the registered privacy group to associate with the file;
  
  assign the associated privacy subcategory to the file;
  
  grant, in response to a subsequent request for the file, access to the file based on the assigned privacy subcategory.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the processor is further operable to populate the privacy subcategory of the privacy group with a member, wherein the member identifies a second user with access to files assigned to the privacy subcategory.
  - 17. The system of claim 16, wherein populating the privacy subcategory comprises automatically assigning the member to the privacy subcategory based on a detected relationship between the first user and the second user.
  - 18. The system of claim 15, wherein the characteristic of the file for determining the privacy subcategory of the registered privacy group to associate with the file comprises metadata associated with the file.
  - 19. The system of claim 15, wherein the characteristic of the file for determining the privacy subcategory of the registered privacy group to associate with the file comprises contents of the file.
  - 20. The system of claim 15, wherein granting access to the file based on the assigned privacy subcategory further comprises determining whether a timer associated with the document has expired and granting access to the file only if the timer has not expired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Kurian, Manu J.

Application Number

US15/597,601
Publication Number

US 20180337929A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/104   Grouping of entities

H04L 63/108   when the policy decisions a...

Access Control in a Hybrid Cloud Infrastructure - Cloud Technology

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Access Control in a Hybrid Cloud Infrastructure - Cloud Technology

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links