System and method of controlling access to information in a virtual computing environment
First Claim
1. A computer-implemented method of controlling access to information in a virtual computing environment comprising:
- storing authorization data on a first client computer system, wherein the authorization data comprises a public key certificate and an attribute certificate for a user of a plurality of users;
accessing virtual computing software from the first client computer system;
accessing a virtual object in the virtual computing software in response to instructions received from the first client computer system;
sending the authorization data from the first client computer system to a second computer system, wherein the authorization data specifies access rights on the second computer system;
accessing the second computer system using the authorization data and determining access rights to data related to accessing the virtual object on the second computer system based on said authorization data; and
determining authorization rights in the virtual computing software based on the public key certificate and the attribute certificate of the user, wherein different attribute certificates are issued to different users based on a location of a virtual object in a hierarchically organized virtual space, and wherein the virtual object is located in the hierarchically organized virtual space, including;
granting the user access to a first portion of the data according to the access rights of the user according to the authorization data, anddenying the user access to the data other than the first portion according to the access rights of the user according to the authorization data.
2 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment the present invention includes a computer-implemented method comprising storing authorization data on a first client computer system, accessing virtual computing software from the first client computer system, accessing a virtual object in the virtual computing software in response to instructions received from the first client computer system, sending the authorization data from the first client computer system to a second computer system, wherein the authorization data specifies access rights on the second computer system, and accessing the second computer system using the authorization data and determining access rights on the second computer system based on said authorization data.
-
Citations
19 Claims
-
1. A computer-implemented method of controlling access to information in a virtual computing environment comprising:
-
storing authorization data on a first client computer system, wherein the authorization data comprises a public key certificate and an attribute certificate for a user of a plurality of users; accessing virtual computing software from the first client computer system; accessing a virtual object in the virtual computing software in response to instructions received from the first client computer system; sending the authorization data from the first client computer system to a second computer system, wherein the authorization data specifies access rights on the second computer system; accessing the second computer system using the authorization data and determining access rights to data related to accessing the virtual object on the second computer system based on said authorization data; and determining authorization rights in the virtual computing software based on the public key certificate and the attribute certificate of the user, wherein different attribute certificates are issued to different users based on a location of a virtual object in a hierarchically organized virtual space, and wherein the virtual object is located in the hierarchically organized virtual space, including; granting the user access to a first portion of the data according to the access rights of the user according to the authorization data, and denying the user access to the data other than the first portion according to the access rights of the user according to the authorization data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable medium containing instructions for controlling a computer system to execute processing comprising:
-
storing authorization data on a first client computer system, wherein the authorization data comprises a public key certificate and an attribute certificate for a user of a plurality of users; accessing virtual computing software from the first client computer system; accessing a virtual object in the virtual computing software in response to instructions received from the first client computer system; sending the authorization data from the first client computer system to a second computer system, wherein the authorization data specifies access rights on the second computer system; and accessing the second computer system using the authorization data and determining access rights to data related to accessing the virtual object on the second computer system based on said authorization data; and determining authorization rights in the virtual computing software based on the public key certificate and the attribute certificate of the user, wherein different attribute certificates are issued to different users based on a location of a virtual object in a hierarchically organized virtual space, and wherein the virtual object is located in the hierarchically organized virtual space, including; granting the user access to a first portion of the data according to the access rights of the user according to the authorization data, and denying the user access to the data other than the first portion according to the access rights of the user according to the authorization data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for controlling access to information in a virtual computing environment, comprising:
-
a first client computer system that is configured to store authorization data and to communicate with a first computer system and a second computer system, wherein the authorization data comprises a public key certificate and an attribute certificate for a user of a plurality of users, wherein the first computer system is configured to execute virtual computing software to implement the virtual computing environment, and wherein the second computer system is configured to store data, wherein the first client computer system is further configured to access the virtual computing software, to access a virtual object in the virtual computing software, and to send the authorization data from the first client computer system to the second computer system, wherein the authorization data specifies access rights on the second computer system, wherein the first client computer system is further configured to access the second computer system using the authorization data, wherein the second computer system is configured to determine access rights to data related to accessing the virtual object on the second computer system based on said authorization data, wherein different attribute certificates are issued to different users based on a location of a virtual object in a hierarchically organized virtual space, and wherein the virtual object is located in the hierarchically organized virtual space, wherein the second computer system is configured to determine access rights including; granting the user access to a first portion of the data according to the access rights of the user according to the authorization data, and denying the user access to the data other than the first portion according to the access rights of the user according to the authorization data.
-
Specification