System for managing access control

US 9,202,045 B2
Filed: 11/06/2006
Issued: 12/01/2015
Est. Priority Date: 11/17/2005
Status: Active Grant

First Claim

Patent Images

1. A method for managing access control in a content distribution system, the system comprising:

an organization for providing content data and related meta data; and

a rendering device for rendering the content data and related meta data and executing an application, said rendering device having controlled access to resources for supplying necessary information for the rendering device to effect performance of predetermined rendering operations;

said method comprising the steps of;

setting an access policy required to be adhered to by the organization according to a predefined data access format, the access policy comprising access parameters for controlling access by the rendering device to said necessary information;

providing, in accordance with an access policy actually adhered to by the organization, content data and related meta data and an organization application for manipulating the content data and related meta data, said access policy actually adhered to providing authorization for the rendering device to access said necessary information;

regardless of whether the access policy actually adhered to by the organization complies with the access policy required to be adhered to, setting a user policy for the rendering device that, while executing the organization application, further restricts access by the rendering device to said necessary information relative to the access policy actually adhered to by the organization; and

adjusting the user access policy, based on trust data applicable to the organization, for selectively determining what, if any, of said necessary information will be made accessible to the rendering device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A content distribution system (300) has access control according to a predefined data access format. The system has organizations (32) for providing content data and related meta data on record carriers (34), and a rendering device (39), and applications for manipulating the content data and related meta data. An access policy for the organization is set according to the predefined data access format, and has access parameters for controlling access to resources of the rendering device and to said content data and related meta data. An organization application (35) complying with the access policy of the organization for accessing said data is executed while accessing the resources of the rendering device according to the access policy of the organization. According to the invention a user access policy is maintained that restricts, for the organization application, access to the resources of the rendering device relative to the access policy of the organization. The user access policy is adjusted based on additional trust data for selectively allowing the organization application to access the resources according to the access policy of the organization. Hence the user controls the access that applications have to resources of the rendering device.

34 Citations

View as Search Results

10 Claims

1. A method for managing access control in a content distribution system, the system comprising:
- an organization for providing content data and related meta data; and
  
  a rendering device for rendering the content data and related meta data and executing an application, said rendering device having controlled access to resources for supplying necessary information for the rendering device to effect performance of predetermined rendering operations;
  
  said method comprising the steps of;
  
  setting an access policy required to be adhered to by the organization according to a predefined data access format, the access policy comprising access parameters for controlling access by the rendering device to said necessary information;
  
  providing, in accordance with an access policy actually adhered to by the organization, content data and related meta data and an organization application for manipulating the content data and related meta data, said access policy actually adhered to providing authorization for the rendering device to access said necessary information;
  
  regardless of whether the access policy actually adhered to by the organization complies with the access policy required to be adhered to, setting a user policy for the rendering device that, while executing the organization application, further restricts access by the rendering device to said necessary information relative to the access policy actually adhered to by the organization; and
  
  adjusting the user access policy, based on trust data applicable to the organization, for selectively determining what, if any, of said necessary information will be made accessible to the rendering device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method as claimed in claim 1, wherein the method further comprises the steps of:
    - maintaining a set of trust data at a remote database entity; and
      
      retrieving the trust data applicable to the organization from the set of trust data.
  - 3. The method as claimed in claim 1, wherein the trust data comprises a limited number of trust levels.
  - 4. The method as claimed in claim 3, wherein the trust levels comprise:
    - a fully trusted level allowing the organization application full access to said resources of the rendering device, subject to the access policy for the organization;
      
      a partly trusted level allowing the organization application to access a predefined subset of said resources of the rendering device; and
      
      a non-trusted level not allowing the organization application access to said resources.
  - 5. The method as claimed in claim 1, wherein the user access policy comprises initially setting a non-trusted level for organizations that are not known in the rendering device, the non-trusted level not allowing the organization application to access said resources subject to said adjusting the user access policy.
  - 6. The method as claimed in claim 1, wherein the resources of the rendering device comprise at least one of:
    - a network connection;
      
      memory locations for storing data;
      
      system or device parameters; and
      
      personal user data, such as a name or credit card data.

7. A non-transitory computer-readable storage medium having stored thereon a computer program for causing a processor to manage access control in a content distribution system, the system comprising:
- an organization for providing content data and related meta data; and
  
  a rendering device for rendering the content data and related meta data and executing an application, said rendering device having controlled access to resources for supplying necessary information for the rendering device to effect performance of predetermined rendering operations;
  
  said computer program causing the processor to perform the steps of;
  
  setting an access policy required to be adhered to by the organization according to a predefined data access format, the access policy comprising access parameters for controlling access by the rendering device and to said necessary information;
  
  providing, in accordance with an access policy actually adhered to by the organization, content data and related meta data and an organization application for manipulating the content data and related meta data, said access policy actually adhered to providing authorization for the rendering device to said necessary information;
  
  regardless of whether the access policy actually adhered to by the organization complies with the access policy required to be adhered to, setting a user access policy for the rendering device that, while executing the organization application, further restricts access by the rendering device to said necessary information relative to the access policy actually adhered to the organization; and
  
  adjusting the user access policy, based on trust data applicable to the organization, for selectively determining what, if any, of said necessary information will be made accessible to the rendering device.

8. A rendering device for rendering content data and related meta data for use in a content distribution system, the system comprising an organization for providing content data and related meta data;
- said system being arranged for;
  
  setting an access policy required to be adhered to by the organization according to a predefined data access format, the access policy comprising access parameters for controlling access by the rendering device to necessary information for performing predetermined rendering operations;
  
  providing, in accordance with an access policy actually adhered to by the organization, content data and related meta data and an organization application for manipulating the content data and related meta data, said access policy actually adhered to providing authorization for the rendering device to access said necessary information;
  
  said rendering device further comprising an access control device for;
  
  regardless of whether the access policy actually adhered to by the organization complies with the access policy required to be adhered to, setting a user access policy for the rendering device that further restricts access by the rendering device to said necessary information relative to the access policy actually adhered to by the organization; and
  
  adjusting the user access policy, based on trust data applicable to the organization, for selectively determining what, if any, of said necessary information will be made accessible to the rendering device.
- View Dependent Claims (9)
- - 9. The rendering device as claimed in claim 8, wherein the access control means:
    - accesses a remote database entity via a network, which entity is arranged for maintaining a set of trust data; and
      
      retrieves trust data from the set for the adjusting of the user access policy.

10. A database entity for use in a content distribution system comprising:
- an organization for providing content data and related meta data; and
  
  a rendering device for rendering the content data and related meta data, said rendering device having controlled access to resources for supplying necessary information for the rendering device to effect performance of predetermined rendering operations;
  
  the system being arranged for;
  
  setting an access policy required to be adhered to by the organization according to a predefined data access format, the access policy comprising access parameters for controlling access by the rendering device to said necessary information;
  
  providing, in accordance with an access policy actually adhered to by the organization, content data and related meta data and an organization application for manipulating the content data and related meta data, said access policy actually adhered to providing authorization for the rendering device to access said necessary information;
  
  regardless of whether the access policy actually adhered to by the organization complies with the access policy required to be adhered to, setting a user access policy for the rendering device that, while executing the organization application, further restricts access by the rendering device to said necessary information relative to the access policy actually adhered to by the organization; and
  
  adjusting the user access policy, based on trust data applicable to the organization, for selectively determining what, if any, of said necessary information will be made accessible to the rendering device;
  
  said database entity maintaining said trust data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Koninklijke Philips N.V.
Original Assignee
Koninklijke Philips N.V.
Inventors
Fontijn, Wilhelmus Franciscus Johannes, Talstra, Johan Cornelis, Newton, Philip Steven, Holtman, Koen Johanna Guillaume
Primary Examiner(s)
WANG, HARRIS C

Application Number

US12/093,465
Publication Number

US 20080282319A1
Time in Patent Office

3,312 Days
Field of Search

726 1- 2, 713/182
US Class Current

1/1
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/53 by executing in a restricte...

System for managing access control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

System for managing access control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links