Application context based access control

US 8,458,770 B2
Filed: 09/14/2011
Issued: 06/04/2013
Est. Priority Date: 12/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a first command of an application to invoke a function of a user interface;

identifying, using a computer processor, a first authorization context based on a first user context and the function of the user interface invoked;

applying access criteria associated with the first authorization context to provide user access to a first portion of application data;

receiving a second command to invoke the function in a second instance of the application;

identifying a second authorization context based on a second user context and the function of the user interface invoked; and

applying access criteria associated with the second authorization context to provide user access to a second portion of the application data and restrict access to the first portion of application data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access control for an application is described. An exemplary method includes receiving a first command of an application to invoke a function of a user interface, identifying a first authorization context based on a first user context and the function of the user interface invoked, retrieving a first access policy providing access criteria associated with the first authorization context, and applying the first access policy to the accessibility of the function. The method includes receiving a second command to invoke the function in a second instance of the application and identifying a second authorization context based on a second user context and the function of the user interface invoked. The second authorization context is different than the first authorization context. The method includes retrieving a second access policy providing second access criteria associated with the second authorization context and applying the second access policy to the accessibility of the function.

20 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving a first command of an application to invoke a function of a user interface;
  
  identifying, using a computer processor, a first authorization context based on a first user context and the function of the user interface invoked;
  
  applying access criteria associated with the first authorization context to provide user access to a first portion of application data;
  
  receiving a second command to invoke the function in a second instance of the application;
  
  identifying a second authorization context based on a second user context and the function of the user interface invoked; and
  
  applying access criteria associated with the second authorization context to provide user access to a second portion of the application data and restrict access to the first portion of application data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the function is selected from a plurality of functions and the first and second authorization contexts are identified based on user criteria and which function of the plurality of functions is selected.
  - 3. The method of claim 1, wherein the first authorization context is identified based on a first location of the user, and the second authorization context is identified based on a second location of the user.
  - 4. The method of claim 1, wherein the first authorization context is associated with a first time of day.
  - 5. The method of claim 4, wherein the second authorization context is associated with a second time of day.
  - 6. The method of claim 1, wherein applying access criteria associated with the first authorization context comprises providing a first level of access to the application data.
  - 7. The method of claim 6, wherein applying access criteria associated with the second authorization context comprises providing a second level of access to the application data.
  - 8. The method of claim 1, wherein applying access criteria associated with the second authorization context comprises restricting the user to read only access of the first portion of the application data.
  - 9. The method of claim 8, wherein applying access criteria associated with the first authorization context comprises allowing the user to modify the first portion of the application data.
  - 10. The method of claim 1, wherein the function corresponds to at least one of:
    - a payroll function;
      
      a customer function; and
      
      a sales order function.

11. A method of providing access to application data, the method comprising:
- receiving a first command through a user interface to invoke a data access function of an application;
  
  identifying a first authorization context associated with the data access function invoked by the first command;
  
  retrieving a first access policy providing access criteria associated with the first authorization context;
  
  applying the first access policy to provide a first level of access to the application data using a computer processor;
  
  receiving a second command to invoke a data access function of the application;
  
  identifying a second authorization context associated with the data access function invoked by the second command;
  
  retrieving a second access policy providing second access criteria associated with the second authorization context; and
  
  applying the second access policy to provide a second level of access to the application data.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, wherein applying the first access policy comprises:
    - allowing user access to a first portion of the application data and restricting user access to a second portion of the application data.
  - 13. The method of claim 12, wherein applying the second access policy comprises:
    - allowing user access to the second portion of the application data.
  - 14. The method of claim 11, wherein applying the first access policy comprises:
    - providing read-only access to at least a portion of the application data.
  - 15. The method of claim 14, wherein applying the second access policy comprises:
    - allowing user modification of the portion of the application data.
  - 16. The method of claim 11, wherein the first and second commands invoke the same data access function.

17. A hardware computer readable storage medium storing executable instructions which, when executed using a processor, perform a method comprising:
- displaying a user interface of an application having a plurality of different data access functions selectable through the user interface;
  
  receiving a user input command through the user interface to invoke a function selected from the plurality of different data access functions;
  
  identifying, using the processor, an authorization context based on a user context and the selected function that is invoked;
  
  retrieving an access policy providing access criteria associated with the authorization context; and
  
  applying the access policy to the selected function to control user access to data in the application.
- View Dependent Claims (18, 19, 20)
- - 18. The hardware computer readable storage medium of claim 17, wherein the method comprises:
    - receiving a second command to invoke a second function selected from the plurality of different functions within the application;
      
      identifying a second authorization context based on a second user context and the selected second function that is invoked, the second authorization context being different than the first authorization context;
      
      retrieving a second access policy providing second access criteria associated with the second authorization context; and
      
      applying the second access policy to the selected second function.
  - 19. The hardware computer readable storage medium of claim 18, wherein applying the access policy comprises allowing access by the user to particular information associated with the application and wherein applying the second access policy comprises denying access by the user to the particular information.
  - 20. The hardware computer readable storage medium of claim 18, wherein a plurality of different authorization contexts are associated with the plurality of different functions within the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Olsen, Geir, Spiesman, Lee C., Smith, Michael D.
Primary Examiner(s)
SHEHNI, GHAZAL B

Application Number

US13/232,541
Publication Number

US 20120005722A1
Time in Patent Office

629 Days
Field of Search

726 2- 5
US Class Current

726/2
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Application context based access control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Application context based access control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links