System, method, and policy engine for granting temporary access to electronic content

US 8,931,034 B2
Filed: 06/25/2010
Issued: 01/06/2015
Est. Priority Date: 06/25/2010
Status: Active Grant

First Claim

Patent Images

1. A method of granting a first user temporary, limited access to a second user'"'"'s electronic content, the method comprising the steps of:

receiving by a hardware processor controlling a Policy Engine, a request originating from the first user to access the second user'"'"'s electronic content stored on a server, wherein the second user is distinct from the server;

retrieving by the hardware processor controlling the Policy Engine from a relationship database, relationship information regarding a relationship between the first and second users;

applying by the hardware processor controlling the Policy Engine, an access rule matching the relationship information, the access rule specifying a portion of the second user'"'"'s electronic content and a period of time the portion of the second user'"'"'s electronic content is available, wherein different access rules specify different portions of the second user'"'"'s electronic content or different periods of time the portions of the second user'"'"'s electronic content are available, depending on the relationship between the first and second users;

when the specified period of time has not expired, the hardware processor controlling the Policy Engine granting the first user access to only the specified portion of the second user'"'"'s electronic content; and

when the specified period of time has expired, the hardware processor controlling the Policy Engine denying the first user access to the specified portion of the second user'"'"'s electronic content, and sending from the hardware processor controlling the Policy Engine to the second user, a notification that the first user attempted to access the second user'"'"'s electronic content after the specified period of time expired;

wherein the first user has at least one identifiable characteristic, and the access rule also specifies that all users having the at least one identifiable characteristic can access the specified portion of the second user'"'"'s electronic content during the specified period of time without requesting access from the second user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and Policy Engine for granting a first user temporary access to a second user'"'"'s electronic content. The Policy Engine receives a request originating from the first user to access the second user'"'"'s content, and retrieves from a relationship database, relationship information regarding a relationship between the two users. If an access rule matching the relationship information is stored in the Policy Engine, the Policy Engine applies the access rule to control access by the first user for a period of time specified in the rule. If an access rule is not stored, the Policy Engine obtains the access rule from the second user. The Policy Engine allows access when the matching rule grants access and the matching rule has not expired, and denies access when there is no matching rule, when the matching rule does not allow access, or when the matching rule has expired.

10 Citations

View as Search Results

15 Claims

1. A method of granting a first user temporary, limited access to a second user'"'"'s electronic content, the method comprising the steps of:
- receiving by a hardware processor controlling a Policy Engine, a request originating from the first user to access the second user'"'"'s electronic content stored on a server, wherein the second user is distinct from the server;
  
  retrieving by the hardware processor controlling the Policy Engine from a relationship database, relationship information regarding a relationship between the first and second users;
  
  applying by the hardware processor controlling the Policy Engine, an access rule matching the relationship information, the access rule specifying a portion of the second user'"'"'s electronic content and a period of time the portion of the second user'"'"'s electronic content is available, wherein different access rules specify different portions of the second user'"'"'s electronic content or different periods of time the portions of the second user'"'"'s electronic content are available, depending on the relationship between the first and second users;
  
  when the specified period of time has not expired, the hardware processor controlling the Policy Engine granting the first user access to only the specified portion of the second user'"'"'s electronic content; and
  
  when the specified period of time has expired, the hardware processor controlling the Policy Engine denying the first user access to the specified portion of the second user'"'"'s electronic content, and sending from the hardware processor controlling the Policy Engine to the second user, a notification that the first user attempted to access the second user'"'"'s electronic content after the specified period of time expired;
  
  wherein the first user has at least one identifiable characteristic, and the access rule also specifies that all users having the at least one identifiable characteristic can access the specified portion of the second user'"'"'s electronic content during the specified period of time without requesting access from the second user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as recited in claim 1, wherein the step of retrieving relationship information from a relationship database includes the hardware processor controlling the Policy Engine retrieving the relationship information from an internal database in the Policy Engine if an internal database exists, or from an Active Address Book (AAB) external to the Policy Engine, if an internal database does not exist.
  - 3. The method as recited in claim 1, further comprising, before applying the access rule, the steps of:
    - determining by the hardware processor controlling the Policy Engine, whether an access rule matching the relationship information is stored within the Policy Engine; and
      
      when there is not an access rule matching the relationship information stored within the Policy Engine, the hardware processor obtaining the access rule from the second user.
  - 4. The method as recited in claim 3, wherein the first and second users are online with a social media network, and the step of obtaining the access rule from the second user includes:
    - sending a request for the access rule from the hardware processor controlling the Policy Engine to the second user through the social media network; and
      
      receiving the access rule by the hardware processor from the second user through the social media network.
  - 5. The method as recited in claim 3, wherein the first user requests access to the second user'"'"'s electronic content through a social media network when the second user is not online with the social media network, and the step of obtaining the access rule from the second user includes:
    - sending from the hardware processor controlling the Policy Engine to the second user, an e-mail message requesting the access rule; and
      
      receiving the access rule by the hardware processor from the second user in an e-mail response message.
  - 6. The method as recited in claim 1, further comprising sending from the hardware processor controlling the Policy Engine to the second user, a notification of the first user'"'"'s access to the second user'"'"'s electronic content during the specified period of time.

7. A Policy Engine for controlling access by a first user to a second user'"'"'s electronic content, the Policy Engine comprising a control hardware processor for controlling a plurality of units, the units including:
- a communication unit for receiving a request originating from the first user to access the second user'"'"'s electronic content stored on a server, wherein the second user is distinct from the server;
  
  a relationship retrieval unit for retrieving from a relationship database, relationship information regarding a relationship between the first and second users;
  
  a matching unit for applying an access rule matching the relationship between the first and second users, the access rule specifying a portion of the second user'"'"'s electronic content and a period of time the second user'"'"'s electronic content is available, wherein different access rules specify different portions of the second user'"'"'s electronic content or different periods of time the portions of the second user'"'"'s electronic content are available, depending on the relationship between the first and second users; and
  
  a timer for determining whether the specified period of time has expired;
  
  wherein when the specified period of time has not expired, the communication unit is configured to send a response toward the first user indicating that only the specified portion of the second user'"'"'s electronic content is available to the first user; and
  
  wherein when the specified period of time has expired, the communication unit sends a response toward the first user indicating that the specified portion of the second user'"'"'s electronic content is no longer available, and the communication unit sends to the second user, a notification that the first user attempted to access the second user'"'"'s electronic content after the specified period of time expired;
  
  wherein the first user has at least one identifiable characteristic, and the access rule also specifies that all users having the at least one identifiable characteristic can access the specified portion of the second user'"'"'s electronic content during the specified period of time without requesting access from the second user.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The Policy Engine as recited in claim 7, wherein the relationship database is implemented in the Policy Engine.
  - 9. The Policy Engine as recited in claim 7, wherein the relationship database is implemented in an Active Address Book (AAB) external to the Policy Engine, and the relationship retrieval unit includes means for retrieving the relationship information from the AAB.
  - 10. The Policy Engine as recited in claim 7, further comprising:
    - a rules database for storing access rules, the rules database being accessible by the matching unit for determining whether an access rule matching the relationship information is stored within the rules database; and
      
      a rules retrieval unit for obtaining the access rule from the second user when there is not an access rule matching the relationship information stored within the rules database.
  - 11. The Policy Engine as recited in claim 10, wherein when the first and second users are online with a social media network, the rules retrieval unit is configured to obtain the access rule from the second user through the social media network.
  - 12. The Policy Engine as recited in claim 10, wherein when the first user requests access to the second user'"'"'s electronic content through a social media network when the second user is not online with the social media network, the rules retrieval unit is configured to obtain the access rule from the second user through e-mail messaging.
  - 13. The Policy Engine as recited in claim 7, wherein the communication unit is configured to send to the second user, a notification of the first user'"'"'s access to the second user'"'"'s electronic content during the specified period of time.

14. A system for controlling access by a first user to a second user'"'"'s electronic social content, the system comprising:
- a Social Media Portal (SMP) for providing the first user with access to a social media network;
  
  a Policy Engine in communication with the SMP for storing and applying access rules for controlling access to electronic social content of a plurality of users; and
  
  an Active Address Book (AAB) in communication with the Policy Engine for storing relationship information regarding relationships between the plurality of users;
  
  wherein the SMP includes means for forwarding to the Policy Engine, a request originating from the first user to access the second user'"'"'s electronic social content stored on a server in the social media network, wherein the second user is distinct from the server;
  
  wherein the Policy Engine includes a control hardware processor for controlling a plurality of units, the units including;
  
  a relationship retrieval unit for retrieving from the AAB, relationship information regarding a relationship between the first and second users;
  
  a matching unit for applying an access rule matching the relationship between the first and second users, the access rule specifying a portion of the second user'"'"'s electronic content and a period of time the second user'"'"'s electronic content is available, wherein different access rules specify different portions of the second user'"'"'s electronic content or different periods of time the portions of the second user'"'"'s electronic content are available, depending on the relationship between the first and second users;
  
  a timer for determining whether the specified period of time has expired; and
  
  a communication unit configured to;
  
  send a response to the SMP allowing access when the matching rule grants access and the matching rule has not expired; and
  
  send a response to the SMP denying access when there is no matching rule, when the matching rule does not allow access, or when the matching rule has expired, wherein the communication unit sends to the second user, a notification that the first user was denied access, and when the matching rule has expired, the communication unit is configured to send a response toward the first user indicating that the specified portion of the second user'"'"'s electronic content is no longer available, and to send to the second user, a notification that the first user attempted to access the second user'"'"'s electronic content after the matching rule expired; and
  
  wherein the first user has at least one identifiable characteristic, and the access rule also specifies that all users having the at least one identifiable characteristic can access the specified portion of the second user'"'"'s electronic content during the specified period of time without requesting access from the second user.
- View Dependent Claims (15)
- - 15. The system as recited in claim 14, wherein the Policy Engine also includes means for obtaining an access rule from the second user when a matching rule is not stored in the Policy Engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Burgers, Stefan, van Slingerland, Florin
Primary Examiner(s)
SHAW, BRIAN F

Application Number

US12/823,304
Publication Number

US 20110321132A1
Time in Patent Office

1,656 Days
Field of Search

726/1, 726/4, 709/226, 705/51, 705/27, 707/104.1, 707/740
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

H04L 51/52   for supporting social netwo...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 63/12   Applying verification of th...

H04L 67/02   based on web technology, e....

H04N 21/2541   Rights Management protectin...

H04N 21/25891   being end-user preferences ...

H04N 21/4788   communicating with other us...

System, method, and policy engine for granting temporary access to electronic content

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

10 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System, method, and policy engine for granting temporary access to electronic content

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links