Integrating security by obscurity with access control lists
First Claim
Patent Images
1. At least one computer storage medium storing computer-executable instructions that, when executed by a computer, cause the computer to perform a method comprising:
- providing, by the computer, information that identifies content and a first user, wherein the information includes a uniform resource locator (URL) that is associated with the content by a value of the URL, and wherein the value comprises an encryption of a content identifier and of a user identifier, and wherein the content identifier identifies the content, and wherein the user identifier identifies the first user;
updating, by the computer, a data structure to indicate that the first user has rights to access to the content;
receiving, in a request in response to the providing, at least a portion of the information from a second user;
determining, in response to the receiving, whether the second user desires to access the content anonymously or based on a second user identifier of the second user;
if anonymously, then granting the second user access to the content according to the rights of the first user; and
if based on the second user identifier, then;
obtaining the second user identifier of the second user,updating, in response to the request and the obtaining, the data structure to indicate that the second user has rights to access to the content based on the value of the URL and based on a second user identifier of the second user,granting the second user access to the content according to rights that are most permissive of the rights of the first user and the rights of the second user.
2 Assignments
0 Petitions
Accused Products
Abstract
Aspects of the subject matter described herein relate to providing and restricting access to content. In aspects, information (e.g., a URL) that identifies content and a user is provided to a user. In conjunction with providing the information to a user, a data structure (e.g., an access control list) is updated to indicate that the user has access to the content. The user may use the information to access the content and/or may send this information to other users. The other users may use the information (e.g., by pasting it into a browser) to access the content and may be added to the data structure so that they may subsequently access the content without the use of the information. Access to the content via using the information may be subsequently revoked.
29 Citations
16 Claims
-
1. At least one computer storage medium storing computer-executable instructions that, when executed by a computer, cause the computer to perform a method comprising:
-
providing, by the computer, information that identifies content and a first user, wherein the information includes a uniform resource locator (URL) that is associated with the content by a value of the URL, and wherein the value comprises an encryption of a content identifier and of a user identifier, and wherein the content identifier identifies the content, and wherein the user identifier identifies the first user; updating, by the computer, a data structure to indicate that the first user has rights to access to the content; receiving, in a request in response to the providing, at least a portion of the information from a second user; determining, in response to the receiving, whether the second user desires to access the content anonymously or based on a second user identifier of the second user; if anonymously, then granting the second user access to the content according to the rights of the first user; and if based on the second user identifier, then; obtaining the second user identifier of the second user, updating, in response to the request and the obtaining, the data structure to indicate that the second user has rights to access to the content based on the value of the URL and based on a second user identifier of the second user, granting the second user access to the content according to rights that are most permissive of the rights of the first user and the rights of the second user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
receiving, by a computer, an indication that a user desires to share content with a set of users; updating, by the computer, a data structure that associates identifiers with access rights to the content; providing, by the computer, a link to each of the set of users, wherein the link is associated with the content by a value of the link, and wherein the value comprises an encryption of a content identifier and of a user identifier, and wherein the content identifier identifies the content, and wherein the user identifier identifies the user; receiving, in response to the providing, the value in conjunction with a request from one of the set of users to access the content; determining, in response to the receiving, that the one of the set of users desires to access the content based on an identifier of the one of the set of users; updating, in response to the request and the determining, the data structure to indicate that the one of the set of users has rights to access the content based on the value of the URL and based on the identifier of the one of the set of users; and granting the one of the set of users access to the content according to rights that are most permissive of the rights of the user and the rights of the one of the set of users. - View Dependent Claims (11, 12, 13)
-
-
14. In a computing environment, an apparatus comprising:
-
a memory device configured to store identifiers and access rights, wherein each of the identifiers uniquely identifies a user, and wherein each of the identifiers is associated with at least one access right, and wherein each access right indicates rights granted to a corresponding user; a permissions component configured to determine that a requestor is allowed to access content based on a value of a link, wherein the value comprises an encryption of a content identifier and of a user identifier, and wherein the content identifier identifies the content, and wherein the user identifier identifies a user; a communications mechanism configured for receiving the value in conjunction with a request from the requestor to access the content; the permissions component further configured for determining, in response to the receiving, that the requestor desires to access the content based on an identifier of the requestor; a data sharing component configured for updating, in response to the request and the determining, the data structure to indicate that the requestor has rights to access the content based on the value of the URL and based on the identifier of the requestor; the permissions component further configured for granting the requestor access to the content according to rights that are most permissive of the rights of the user and the rights of the requestor; and a page builder configured to create a page for display based at least in part on the content and based on the value of the link and based on a requestor identifier of the requestor. - View Dependent Claims (15, 16)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMicrosoft Technology Licensing LLC (Microsoft Corporation)
-
Original AssigneeMicrosoft Corporation
-
InventorsBono, Joseph Andrew, Torres, Michael I, Flaks, Jason Scott, Schwartz, Jordan L. K.
-
Primary Examiner(s)Shiferaw; Eleni A
-
Application NumberUS11/762,885Publication NumberTime in Patent Office1,496 DaysField of Search726/2, 726 26- 29, 705/57, 380/201US Class Current726/28CPC Class CodesG06F 16/955 using information identifie...G06F 16/9574 of access to content, e.g. ...G06F 16/972 Access to data in other rep...G06F 21/6218 to a system of files or obj...H04L 63/101 Access control lists [ACL]
