Enterprise security management system using hierarchical organization and multiple ownership structure

US 8,126,920 B2
Filed: 11/18/2004
Issued: 02/28/2012
Est. Priority Date: 07/02/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising the steps of:

a) providing at least one table of network resource access rules and access privileges, by assigning a user identifier and password to a network user;

assigning a group identifier to the network user;

specifying a parent group identifier for the group assigned to the network user, the parent group identifier identifying a parent group containing one or more superior network users;

storing the user identifier, password, and group identifier information for the network user in a network user descriptor table;

storing the group identifier and parent group identifier information in a group descriptor table for each group in the enterprise; and

establishing a hierarchical relationship in the group descriptor table among the groups based on the group and parent group identifier information such that members of a parent group inherit all access rights and privileges of at least the child group, and grandchild group, if any;

(b) making a network resource with a label available on the network;

(c) upon request for access to the network resource by the network user, determining whether the network user should be granted access to the network resource by comparing the network user identification data with the at least one table of access rules and access privileges including the network user'"'"'s inherited access rights and privileges under a relevant sub-tree of the hierarchy of groups, and with the network resource label;

(d) when access to the network resource is granted to the network user, determining which privileges the network user is given relative to the network resource in response to the access request by comparing the network user identification data with the at least one table of access rules and access privileges including the network user'"'"'s inherited access rights and privileges under a relevant sub-tree of the hierarchy of groups, and with the network resource label; and

,(e) providing the network user qualified in step (c) with the requested network resource according to the access privileges determined in the privilege determining step(d).

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hierarchical security model for networked computer users is described. Files and resources are controlled or created by users within the network. Each user within the network has an account that is managed by a network administrator. The account specifies the user identifier and password. Users are grouped into organizations depending upon function or other organizational parameter. The groups within the network are organized hierarchically in terms of access and control privileges. Users within a higher level group may exercise access and control privileges over files or resources owned by users in a lower level group. The account for each user further specifies the group that the owner belongs to and an identifier for any higher level groups that have access privileges over the user'"'"'s group. All users within a group inherit the rights and restrictions of the group.

Citations

15 Claims

1. A method comprising the steps of:
- a) providing at least one table of network resource access rules and access privileges, by assigning a user identifier and password to a network user;
  
  assigning a group identifier to the network user;
  
  specifying a parent group identifier for the group assigned to the network user, the parent group identifier identifying a parent group containing one or more superior network users;
  
  storing the user identifier, password, and group identifier information for the network user in a network user descriptor table;
  
  storing the group identifier and parent group identifier information in a group descriptor table for each group in the enterprise; and
  
  establishing a hierarchical relationship in the group descriptor table among the groups based on the group and parent group identifier information such that members of a parent group inherit all access rights and privileges of at least the child group, and grandchild group, if any;
  
  (b) making a network resource with a label available on the network;
  
  (c) upon request for access to the network resource by the network user, determining whether the network user should be granted access to the network resource by comparing the network user identification data with the at least one table of access rules and access privileges including the network user'"'"'s inherited access rights and privileges under a relevant sub-tree of the hierarchy of groups, and with the network resource label;
  
  (d) when access to the network resource is granted to the network user, determining which privileges the network user is given relative to the network resource in response to the access request by comparing the network user identification data with the at least one table of access rules and access privileges including the network user'"'"'s inherited access rights and privileges under a relevant sub-tree of the hierarchy of groups, and with the network resource label; and
  
  ,(e) providing the network user qualified in step (c) with the requested network resource according to the access privileges determined in the privilege determining step(d).
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the network resources comprises one or more data files.
  - 3. The method of claim 1 wherein the network resources comprises one or more devices coupled to the networked computer operated by the network user.
  - 4. The method of claim 1 wherein the access privileges include read/write privileges.
  - 5. The method of claim 1 wherein in the at least one table providing step, the network user is further assigned a persona, the persona indicating a functional role performed by the user in the enterprise, and further wherein the persona of the network user is stored in the network user descriptor table.
  - 6. The method of claim 1 wherein the networked computers operated by the network users are coupled to a loan broker computer network coupling a server computer to a loan officer client computer, a loan processor client computer, and a manager client computer.
  - 7. The method of claim 6 wherein the persona comprises one of a manager, a loan broker, a loan officer, and a loan processor.
  - 8. The method of claim 7 wherein the loan broker computer network includes an officer client computer, a processor client computer, and a manager client computer, wherein each computer of the loan broker computer network executing one or more modules of a loan origination program.

9. A method comprising:
- (a) providing a network user account for a network user on a network, the account associated with a user ID and user password, with a network user group and a parent network user group, the parent network user group inheriting all of the access rights and access privileges of at least the child network user groups, if any;
  
  (b) associating network resource access rights and network resource access privileges with the network user account based upon the user ID and user password, upon the network user group and upon the child network user group, directly or indirectly;
  
  (c) making a network resource with label available on the network;
  
  (d) requesting access to the network resource with label available on the network;
  
  (e) determining a response to the request for access to the network resource by comparing the label associated with the network resource to the access rights associated with that user account;
  
  in the event that access is grantable in response to the request, determining the access privileges associated with the user account relative to the network resource with label; and
  
  ,(f) providing access to the network resource to a network user qualified in accordance with step (e) with the access privileges determined in step (f).
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9 wherein the network resource comprises one or more data files.
  - 11. The method of claim 9 wherein the network resource comprises one or more devices coupled to the network.
  - 12. The method of claim 9 wherein the access privileges include read/write privileges.
  - 13. The method of claim 9 wherein the associating step also includes the assignment of at least one persona to the network user account.
  - 14. The method of claim 9 wherein the network comprises a loan broker computer network, a server computer, a loan officer client computer, a loan processor client computer and a manager client computer.
  - 15. The method of claim 13 wherein the persona is selected from the group consisting of a manager, a loan broker, a loan officer and a loan processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ICE Mortgage Technology, Inc. (Intercontinental Exchange, Inc.)
Original Assignee
Ellie Mae Incorporated (Intercontinental Exchange, Inc.)
Inventors
Hu, Limin, Wu, Ting-Hu, Han, Ching-Chih Jason
Primary Examiner(s)
NGUYEN, KIM T

Application Number

US10/991,829
Publication Number

US 20060005036A1
Time in Patent Office

2,658 Days
Field of Search

707/9, 707/784, 707/786
US Class Current

707/784
CPC Class Codes

G06F 3/04842   Selection of displayed obje...

G06Q 40/02   Banking, e.g. interest calc...

G06Q 40/03   Credit; Loans; Processing t...

H04L 63/083   using passwords cryptograph...

H04L 63/104   Grouping of entities

H04L 67/01   Protocols

Enterprise security management system using hierarchical organization and multiple ownership structure

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Enterprise security management system using hierarchical organization and multiple ownership structure

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links