Abstractions and automation for enhanced sharing and collaboration

US 7,908,663 B2
Filed: 04/20/2004
Issued: 03/15/2011
Est. Priority Date: 04/20/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A system that facilitates information access control, comprising:

at least one processor coupled to memory, the at least one processor executes;

a component that receives an access request for a data item from a requesting user;

an access control component that;

assigns one or more members to a dynamically created group of users, each member being assigned to the dynamically created group of users based on;

a characteristic for the dynamically created group of users, the characteristic comprising at least one activity performed by the one or more members of the dynamically created group of users, a location of the one or more members, and availability of the one or more members; and

the member'"'"'s association with the at least one activity, the location and the availability, wherein the member'"'"'s association with the at least one activity is determined based on a current activity of the member, and wherein the member'"'"'s association with the location is determined based on accessibility to the member, at a current location of the member, of at least one communication means to communicate with members of the dynamically created group of users; and

processes the data item access request via utilization of at least one access policy stored on the memory based, at least in part, on membership of the requesting user in the dynamically created group of users and at least one content property associated with the data item that indicates access rights for the members of the dynamically created group; and

an access policy agent component that constructs the at least one access policy utilizing, at least in part, at least one selected from the group consisting of multiple dimensions of trust, machine learning techniques, and cost-benefit analysis;

whereinthe access policy agent component further employs at least one selected from the group consisting of a logical clustering of users and a statistical clustering of users, the clustering based, at least in part, on at least one information sharing profile employed by the users, the information sharing profile comprising a profile of settings disseminated among the users for at least one selected from the group consisting of utilization by the users and modification by the users.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides methods for using abstractions of people, including dynamic and static groups of people, to enhance the efficiency of the specification and automation of policies for sharing information between users with a “need-to-know.” An instance of the present invention can also provide these users information based on a “time-to-know.” By providing access to information based on group affiliation and properties of the content of the information, the present invention maintains optimal information privacy while minimizing encumbrances to sharing data with appropriate users and even at appropriate times. The present invention can be integrated with other communication technologies to facilitate access to information in a time appropriate manner. Other instances of the present invention employ automated and semi-automated, mixed-initiative techniques, to make information-sharing decisions. Additional instances of the present invention include the employment of machine-learning techniques to facilitate construction of access policies from the actions or profile of a single user or a community of users, including the construction of automated sharing agents that work in an automated or mixed-initiative manner to respond to real-time requests for information.

Citations

41 Claims

1. A system that facilitates information access control, comprising:
- at least one processor coupled to memory, the at least one processor executes;
  
  a component that receives an access request for a data item from a requesting user;
  
  an access control component that;
  
  assigns one or more members to a dynamically created group of users, each member being assigned to the dynamically created group of users based on;
  
  a characteristic for the dynamically created group of users, the characteristic comprising at least one activity performed by the one or more members of the dynamically created group of users, a location of the one or more members, and availability of the one or more members; and
  
  the member'"'"'s association with the at least one activity, the location and the availability, wherein the member'"'"'s association with the at least one activity is determined based on a current activity of the member, and wherein the member'"'"'s association with the location is determined based on accessibility to the member, at a current location of the member, of at least one communication means to communicate with members of the dynamically created group of users; and
  
  processes the data item access request via utilization of at least one access policy stored on the memory based, at least in part, on membership of the requesting user in the dynamically created group of users and at least one content property associated with the data item that indicates access rights for the members of the dynamically created group; and
  
  an access policy agent component that constructs the at least one access policy utilizing, at least in part, at least one selected from the group consisting of multiple dimensions of trust, machine learning techniques, and cost-benefit analysis;
  
  whereinthe access policy agent component further employs at least one selected from the group consisting of a logical clustering of users and a statistical clustering of users, the clustering based, at least in part, on at least one information sharing profile employed by the users, the information sharing profile comprising a profile of settings disseminated among the users for at least one selected from the group consisting of utilization by the users and modification by the users.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the access policy comprises an optimistic policy comprising at least one policy selected from the group consisting of a policy of sharing with logging, a policy of sharing with logging with at least one message to at least one user that actions of the at least one user are being logged, and a policy of alerting the at least one user when indicated data items are accessed.
  - 3. The system of claim 1, wherein the access policy comprises a mixed-initiative policy comprising at least one policy selected from the group consisting of a policy of informing at least one user of at least one real-time request and a policy of informing at least one user of at least one store-forward request.
  - 4. The system of claim 1, the at least one access policy comprising a policy based on automatic and mixed-initiative type policies;
    - a type of policy utilized is based on, in part, at least one selected from the group consisting of a cost of alerting and a cost of delays with requiring a user response.
  - 5. The system of claim 4, the cost of alerting and delays comprising, at least in part, a cost associated with a current availability of a user.
  - 6. The system of claim 5, the current availability of the user comprising availability based on, at least in part, at least one selected from the group consisting of location of the user, accessibility of communications by the user, and workload of the user.
  - 7. The system of claim 1, the at least one access policy comprising a policy created via at least one sharing agent that automates policies based on at least one selected from the group consisting of identity of a user, context of a user, and content of an access data item.
  - 8. The system of claim 1, the at least one access policy comprising a policy based on, at least in part, at least one selected from the group consisting of standard notions of file system folders and content properties as indicated by a file handling system.
  - 9. The system of claim 1, the access policy agent component further comprising a profile setting dissemination component that employs at least one selected from the group consisting of a direct profile setting dissemination tool that directly disseminates setting information to the users and a profile setting recommendation engine that provides recommendations to the users.
  - 10. The system of claim 9, the profile recommendation engine comprising, at least in part, an inferential model that predicts a user'"'"'s profile settings based on at least one parameter obtained from a setting subset of the disseminated profile settings.
  - 11. The system of claim 10, the inferential model comprising a collaborative filtering model.
  - 12. The system of claim 10, the inferential model employed to provide at least one selected from the group consisting of a recommendation for profile settings for a user and a sorted list of similar profiles as a starting point for a user.

13. A method facilitating information access control, comprising:
- with at least one processor executing components, from memory configured for;
  
  receiving an access request for a data item from a requesting user;
  
  creating a dynamically created group of users by assigning users to the dynamically created group of users based on at least one of at least one activity to be performed by one or more members of the dynamically created group of users, at least one location of the one or more members, and availability of the one or more members, users being assigned to the dynamically created group of users based on participation in the at least one activity, association with the at least one location or the availability; and
  
  processing the data item access request via utilization of at least one access policy based, at least in part, on membership of the requesting user in the dynamically created group of users and at least one content property associated with the data item that indicates access rights for members of the dynamically created group to the data item, whereinthe at least one access policy further employs at least one selected from the group consisting of a logical clustering of users and a statistical clustering of users, the clustering based, at least in part, on at least one information sharing profile employed by the users, the information sharing profile comprising a profile of settings disseminated among the users for at least one selected from the group consisting of utilization by the users and modification by the users.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 14. The method of claim 13, the availability comprising an availability based, at least in part, on a determination of at least one selected from the group consisting of cost of interruption and availability of communication channels.
  - 15. The method of claim 13, the at least one activity comprising an activity based, at least in part, on a determination of at least one selected from the group consisting of live monitoring and calendar information.
  - 16. The method of claim 13, wherein the dynamically created group of users is created based on, at least in part, users that attend at least one collaborative function with a first user;
    - the first user utilized as a basis for the dynamically created group of users.
  - 17. The method of claim 16, the least one collaborative function comprising a communications relationship with the first user for at least one specified period of time.
  - 18. The method of claim 17, the communications relationship comprising at least one selected from the group consisting of a conference call, a meeting, and a joint activity with the first user.
  - 19. The system of claim 18, the availability comprising an availability based, at least in part, on a determination of at least one selected from the group consisting of cost of interruption and availability of communication channels.
  - 20. The system of claim 18, the at least one activity comprising an activity based, at least in part, on a determination of at least one selected from the group consisting of live monitoring and calendar information.
  - 21. The system of claim 18, the dynamically created group further comprising a group based on, at least in part, users that attend at least one collaborative function with a first user;
    - the first user utilized as a basis to determine which group to dynamically create.
  - 22. The system of claim 21, the collaborative function comprising a communications relationship with the first user for at least one specified period of time.
  - 23. The system of claim 22, the communications relationship comprising at least one selected from the group consisting of a conference call, a meeting, and a joint activity with the first user.
  - 24. The method of claim 13, wherein the at least one access policy comprises an optimistic policy comprising at least one policy selected from the group consisting of a policy of sharing with logging, a policy of sharing with logging with at least one message to at least one user that their actions are being logged, and a policy of alerting at least one user when indicated data items are accessed.
  - 25. The method of claim 13, wherein the at least one access policy comprises a mixed-initiative policy comprising at least one policy selected from the group consisting of a policy of informing at least one user of at least one real-time request and a policy of informing at least one user of at least one store-forward request.
  - 26. The method of claim 13, the at least one access policy comprising a policy based on automatic and mixed-initiative type policies;
    - the type of policy utilized is based on, in part, at least one selected from the group consisting of a cost of alerting and a cost of delays with requiring a user response.
  - 27. The method of claim 26, the cost of alerting and delays comprising, at least in part, a cost associated with a current availability of a user.
  - 28. The method of claim 27, the current availability of the user comprising availability based on, at least in part, at least one selected from the group consisting of location of the user, accessibility of communications by the user, and workload of the user.
  - 29. The method of claim 13, further comprising:
    - constructing the at least one access policy with at least one sharing agent that automates policies based on at least one selected from the group consisting of identity of a user, context of a user, and content of an access data item.
  - 30. The method of claim 13, further comprising:
    - constructing the at least one access policy based on, at least in part, at least one selected from the group consisting of standard notions of file system folders and content properties as indicated by a file handling system.
  - 31. The method of claim 13, further comprising:
    - constructing the access policy utilizing, at least in part, at least one selected from the group consisting of multiple dimensions of trust, cost-benefit analyses, and machine learning techniques.
  - 32. The method of claim 31, the access policy further comprising disseminating profile settings via at least one selected from the group consisting of a directly disseminating profile settings to the users and recommending profile settings to the users by employing a profile recommendation engine.
  - 33. The method of claim 32, the profile recommendation engine comprising, at least in part, an inferential model that predicts a user'"'"'s profile settings based on at least one parameter obtained from a setting subset of the disseminated profile settings.
  - 34. The method of claim 33, the inferential model comprising a collaborative filtering model.
  - 35. The method of claim 33, the inferential model providing at least one selected from the group consisting of a recommendation for profile settings for a user and a sorted list of similar profiles as a starting point for a user.

36. A system that facilitates information access control, comprising:
- at least one processor;
  
  memory coupled to the at least one processor; and
  
  information access control component executed by the at least one processor comprising;
  
  means for receiving an access request for a data item;
  
  means for processing the data item access request via utilization of at least one access policy stored on the memory selected from at least one;
  
  an optimistic policy, a pessimistic policy, or a mixed-initiative policy, the access policy based, at least in part, on at least one collaborative group of users and at least one content property associated with the data item, the collaborative group of users comprising a group created via at least one selected from the group consisting of a statically created group and a dynamically created group, and the dynamically created group comprising a group created based on, at least in part, at least one selected from the group consisting of an activity associated with a user, a location associated with a user, and availability of a user, andmeans for constructing the access policy utilizing, at least in part, at least one selected from a group consisting of multiple dimensions of trust, cost-benefit analyses, and machine learning techniques, wherein the means for constructing the access policy access policy employs at least one selected from a group consisting of a logical clustering of users and a statistical clustering of users;
  
  the clustering based, at least in part, on at least one information sharing profile employed by the users, the information sharing profile comprising a profile of settings disseminated among the users for at least one selected from the group consisting of utilization by the users and modification by the users.

37. A computer implemented system that facilitates information access control performed by at least one processor, comprising:
- an interface adapted to communicate data access parameters to a requesting user; and
  
  at least one input associated with the interface to provide information related to accessing data via an access policy, the access policy is based, at least in part, on membership of the requesting user in a dynamically created group of users and at least one content property associated with the data item that indicates access rights for members of the dynamically created group, the at least one input identifying one or more members of the dynamically created group of users, wherein the dynamically created group of users is created by assigning each identified member to the dynamically created group of users based on;
  
  a characteristic for the dynamically created group, the characteristic comprising at least one activity to be performed by the one or more members, a location of the one or more members, and availability of the one or more members; and
  
  the identified member'"'"'s association with the at least one activity, the location and the availability, wherein the identified member'"'"'s association with the at least one activity is determined based on a current activity of the identified member, and wherein the member'"'"'s association with the location is determined based on accessibility to the identified member, at a current location of the identified member, of at least one communication means to communicate with the members of the dynamically created group of users;
  
  whereinwhen the one or more members comprise the requesting user, the interface provides at least one output related to at least one parameter associated with the access policy that is used to convey information relating to accessing the data by the requesting user, andthe access policy further employs at least one selected from the group consisting of a logical clustering of users and a statistical clustering of users, the clustering based, at least in part, on at least one information sharing profile employed by the users, the information sharing profile comprising a profile of settings disseminated among the users for at least one selected from the group consisting of utilization by the users and modification by the users.
- View Dependent Claims (38, 39, 40)
- - 38. The interface of claim 37, the at least one output comprising at least one selected from the group consisting of a request granted indication, a request denied indication, and a reason for request indication.
  - 39. The interface of claim 37, the at least one output comprising at least one selected from the group consisting of an indication that an access attempt is occurring, a request for an access, and a request for communication regarding a request for access.
  - 40. The interface of claim 37, the at least one output comprising at least one selected from the group consisting of frequency of access, duration of access, time of access, and attempted accesses.

41. In a computer comprising a processor and memory, a computer implemented method to facilitate information access control comprising:
- executing, by the processor, computer-executable instructions stored in the memory, that, when executed, perform a method comprising;
  
  transmitting a data packet that facilitates information access control between two or more computer components, the data packet comprising, at least in part, information relating to an information access control system that utilizes, at least in part, an access control process that facilitates access requests for a data item from a requesting user via utilization of at least one access policy selected from at least one of an optimistic policy, a pessimistic policy, or a mixed-initiative policy, the access policy further based, at least in part, on membership of the requesting user in a dynamically created group of users and at least one content property associated with the data item that indicates access rights for members of the dynamically created group, the information access control system identifying one or more members of the dynamically created group of users, wherein the dynamically created group of users is created by assigning each identified member to the dynamically created group of users based on;
  
  a characteristic for the dynamically created group, the characteristic comprising at least one activity which the one or more members of the dynamically created group of users will perform in a predetermined period of time and a location of the one or more members that determines availability of the one or more members to perform the at least one activity; and
  
  the identified member'"'"'s association with the at least one activity and the location, wherein the identified member'"'"'s association with the at least one activity is determined based on a current activity of the identified member, and wherein the member'"'"'s association with the location is determined based on accessibility to the identified member, at a current location of the identified member, of at least one communication means to communicate with the members of the dynamically created group of users;
  
  whereinthe at least one access policy further employs at least one selected from the group consisting of a logical clustering of users and a statistical clustering of users;
  
  the clustering based, at least in part, on at least one information sharing profile employed by the users, the information sharing profile comprising a profile of settings disseminated among the users for at least one selected from the group consisting of utilization by the users and modification by the users.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dewan, Prasun, Horvitz, Eric J, Grudin, Jonathan T
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
Louie; Oscar A

Application Number

US10/827,732
Publication Number

US 20050232423A1
Time in Patent Office

2,520 Days
Field of Search

726/27
US Class Current

726/27
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06Q 10/10   Office automation; Time man...

H04L 12/1827   Network arrangements for co...

Abstractions and automation for enhanced sharing and collaboration

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Abstractions and automation for enhanced sharing and collaboration

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links