Data file access control

US 8,554,749 B2
Filed: 10/23/2006
Issued: 10/08/2013
Est. Priority Date: 10/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method of provisioning access to a data file, the method comprising:

using one or more processors to perform at least a portion of one or more of the following acts of;

generating the data file;

generating a policy, the policy including one or more unassigned accounts and an access control definition defining an access permission associated with each of the one or more unassigned accounts, the one or more unassigned accounts not having an association with a user or an entity;

associating the policy with the data file;

embedding the policy within the data file;

associating a target user with a first unassigned account of the one or more unassigned accounts; and

communicating authentication data pertaining to the first unassigned account to the target user, the authentication data used by the target user to access the data file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a data file and policy are generated. The policy is then associated with the data file, wherein the policy includes one or more unassigned accounts and an access control definition that defines an access permission associated with each of the one or more unassigned accounts.

Citations

35 Claims

1. A method of provisioning access to a data file, the method comprising:
- using one or more processors to perform at least a portion of one or more of the following acts of;
  
  generating the data file;
  
  generating a policy, the policy including one or more unassigned accounts and an access control definition defining an access permission associated with each of the one or more unassigned accounts, the one or more unassigned accounts not having an association with a user or an entity;
  
  associating the policy with the data file;
  
  embedding the policy within the data file;
  
  associating a target user with a first unassigned account of the one or more unassigned accounts; and
  
  communicating authentication data pertaining to the first unassigned account to the target user, the authentication data used by the target user to access the data file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the authentication data is a user name corresponding to the first unassigned account and a password to activate an access key associated with the access control definition defining the access permission associated with the first unassigned account.
  - 3. The method of claim 1, including receiving a contact message indicating a target user is online and has access to the data file.
  - 4. The method of claim 1, including revoking access of a target user to the data file based on determining the target user has not communicated a contact message within an offline threshold time.
  - 5. The method of claim 1, including revoking the target user access to the data file based on the target user accessing the data file beyond an access threshold.
  - 6. The method of claim 5, wherein the access threshold is a time determined by when the data file was communicated to the target user.
  - 7. The method of claim 5, wherein the access threshold is a number of times the target user has accessed the data file.
  - 8. The method of claim 1, wherein the access permission associated with access to the data file includes at least one selected from a group including view, print, edit, distribute, and copy.
  - 9. The method of claim 1, including receiving a request from the target user to access to the data file.
  - 10. The method of claim 9, wherein the request from the target user to access to the data file includes payment information for accessing the data file.
  - 11. The method of claim 9, including receiving a second request from the target user to renew access to the data file.
  - 12. The method of claim 11, including renewing access to the data file and maintaining the association of the target user to the first unassigned account.
  - 13. The method of claim 1, including receiving a request from a data file administrator to provision a target user access to the data file.
  - 14. The method of claim 1, including communicating authentication data pertaining to the first unassigned account to the target user, the authentication data used by the target user to access the data file.

15. A system configured to provision access to a data file, the system comprising:
- at least one processor; and
  
  a memory in communication with the at least one processor, the memory being configured to store a file creation module and a policy creation module that are executable by the at least one processor,the file creation module having instructions, that when executed by the at least one processor, cause operations to be performed, comprising generating the data file; and
  
  a policy creation module having instructions, that when executed by the at least one processor, cause operations to be performed, comprising;
  
  creating a policy including one or more unassigned accounts and an access control definition defining an access permission associated with each of the one or more unassigned accounts, the one or more unassigned accounts not having an association with a user or an entity;
  
  associating the policy with the data file; and
  
  embedding the policy within the data file.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The system of claim 15, including a mapping module to map a target user with a first unassigned account of the one or more unassigned accounts.
  - 17. The system of claim 16, wherein prior to the mapping module to map, the broker module to receive a request from a data file administrator to permit the target user access to the data file.
  - 18. The system of claim 16, including an authentication module to communicate authentication data for the first unassigned account to a target user of a client machine used to access the data file according to the access permission associated with the first unassigned account.
  - 19. The system of claim 18, including an authentication module to communicate new authentication data to provide a target user with a new level of access to the data file.
  - 20. The system of claim 18, including a broker module to receive a request from the target user to continue provisional access to the data file.
  - 21. The system of claim 18, wherein the authentication data includes a user name corresponding to the first unassigned account and a password to access an access key to access the data file.
  - 22. The system of claim 15, including a broker module to receive a request to communicate the data file to a target user.
  - 23. The system of claim 15, including a broker module to receive a request from a target user to access to the data file.
  - 24. The system of claim 15, including the broker module to receive a contact message indicating the target user has access to the data file.
  - 25. The system of claim 15, including the broker module to determine the target user has not communicated a contact message within an offline threshold time and to revoke access to the data file.
  - 26. The system of claim 15, including the broker module to determine the target user accessed the data file beyond an access threshold and to revoke access to the data file.
  - 27. The system of claim 26, wherein the access threshold is a time determined by when the data file was communicated to the target user.
  - 28. The system of claim 26, wherein the access threshold is a number of times the target user has accessed the data file.

29. A machine-readable medium embodying instructions to provision access to a data file, the instructions, when executed by a machine, cause the machine to:
- generate the data file;
  
  create a policy and to associate the policy with the data file, the policy including one or more unassigned accounts, one or more assigned accounts, and an access control definition defining an access permission associated with each of the one or more unassigned accounts and the one or more assigned accounts, the one or more unassigned accounts not having an association with a user or an entity and the one or more assigned accounts having an association with another user or another entity; and
  
  embed the policy within the data file.
- View Dependent Claims (30, 31, 32, 33)
- - 30. The machine-readable medium of claim 29, the instructions to further cause the machine to map a target user with a first unassigned account of the one or more unassigned accounts.
  - 31. The machine-readable medium of claim 30, the instructions to further cause the machine to communicate authentication data for the first unassigned account to a target user of a client machine used to access the data file according to the access permission associated with the first unassigned account.
  - 32. The machine-readable medium of claim 31, the instructions to further cause the machine to determine the target user has not communicated a contact message within an offline threshold time and to revoke access to the data file.
  - 33. The machine-readable medium of claim 31, the instructions to further cause the machine to determine the target user accessed the data file beyond an access threshold and to revoke access to the data file.

34. A method of provisioning access to a data file, the method comprising:
- using one or more processors to perform at least a portion of one or more of the following acts of;
  
  associating a policy with the data file to be accessed by a target user, the policy being embedded within the data file, the policy including one or more unassigned accounts and an access control definition defining an access permission associated with each of the one or more unassigned accounts, the one or more unassigned accounts not having an association with a user or an entity; and
  
  associating the target user with a first unassigned account of the one or more unassigned accounts.

35. A computer-readable medium having stored thereon a data structure configured to provision access to a data file, the data structure comprising:
- a first data field containing data representing one or more unassigned accounts, the one or more unassigned accounts not having an association with a user or an entity; and
  
  a second data field containing data representing an access control definition defining an access permission associated with each of the one or more unassigned accounts,wherein the first data field and the second data field are embedded in the data file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Herbach, Jonathan D.
Primary Examiner(s)
CHANNAVAJJALA, SRIRAMA T

Application Number

US11/585,418
Publication Number

US 20080097998A1
Time in Patent Office

2,542 Days
Field of Search

707/1, 707 9- 10, 707/200, 707/694, 707782-783, 707/786, 713165-166, 713/168, 713169-170, 713/154, 713/189, 726/2, 726/5, 726 8- 9, 726/10, 709220-229, 705 26- 27, 715/743
US Class Current

707/694
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 16/122   using management policies b...

G06F 17/00   Digital computing or data p...

G06F 3/00   Input arrangements for tran...

G06F 9/00   Arrangements for program co...

Data file access control

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Data file access control

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links