Over network operation restriction enforcement

US 9,424,436 B2
Filed: 10/30/2014
Issued: 08/23/2016
Est. Priority Date: 10/30/2014
Status: Active Grant

First Claim

Patent Images

1. A computer system, comprising:

one or more processors;

one or more network interfaces;

one or more storage devices; and

one or more computer-readable media having stored thereon computer-executable instructions that are executable by the one or more processors to cause the computer system to utilize locale information when permitting or denying requested operations on a plurality of files stored at the one or more storage devices, the computer-executable instructions including instructions that are executable to cause the computer system to perform at least the following;

receive, over the one or more network interfaces, a request from a remote computer system requesting performance of a requested operation on a particular file that is stored at the one or more storage devices;

based at least on receiving the request, identify a geographical locale of the remote computer system;

access data that is associated with the particular file, the data including one or more territory fields, each territory field being associated with a corresponding locale and including one or more operation fields, each operation field specifying (i) a corresponding type of operation that can be performed on the particular file by remote computer systems requesting the particular file from the corresponding locale and (ii) an operation expiry indicator defining a time period during which the corresponding operation can be performed;

based at least on accessing the data, identify that the data includes a particular territory field that is associated with the identified geographical locale of the remote computer system;

permit or deny performance of the requested operation on the particular file, including one of;

based at least on there being a particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on a particular time period defined by a particular operation expiry indicator of the particular operation field having not expired, determining to permit performance of the requested operation on the particular file, and performing the requested operation on the particular file;

based at least on there being the particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on the particular time period defined by the particular operation expiry indicator of the particular operation field having expired, determining to deny performance of the requested operation on the particular file;

orbased at least on there being no particular operation field in the identified particular territory field that is associated with the requested operation, determining to deny performance of the requested operation on the particular file; and

send, over the over the one or more network interfaces, a response to the remote computer system indicating whether the requested operation was permitted or denied.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The enforcement of operation restriction on a file system entity over a network. The file system entity exists on a server (which could be a single machine, a cluster of servers, or a cloud computing environment). The server facilitates setting up of a session over a network with a client. As part of this facilitation, the server receives from the client a locale of the client. Upon subsequent receipt from the client of a request to perform an operation on the file system entity, the client consults supplemental data to determine whether the requested operation is permitted on the file system entity. The supplemental data may comprise at least one of the locality information or operation expiry data.

Citations

20 Claims

1. A computer system, comprising:
- one or more processors;
  
  one or more network interfaces;
  
  one or more storage devices; and
  
  one or more computer-readable media having stored thereon computer-executable instructions that are executable by the one or more processors to cause the computer system to utilize locale information when permitting or denying requested operations on a plurality of files stored at the one or more storage devices, the computer-executable instructions including instructions that are executable to cause the computer system to perform at least the following;
  
  receive, over the one or more network interfaces, a request from a remote computer system requesting performance of a requested operation on a particular file that is stored at the one or more storage devices;
  
  based at least on receiving the request, identify a geographical locale of the remote computer system;
  
  access data that is associated with the particular file, the data including one or more territory fields, each territory field being associated with a corresponding locale and including one or more operation fields, each operation field specifying (i) a corresponding type of operation that can be performed on the particular file by remote computer systems requesting the particular file from the corresponding locale and (ii) an operation expiry indicator defining a time period during which the corresponding operation can be performed;
  
  based at least on accessing the data, identify that the data includes a particular territory field that is associated with the identified geographical locale of the remote computer system;
  
  permit or deny performance of the requested operation on the particular file, including one of;
  
  based at least on there being a particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on a particular time period defined by a particular operation expiry indicator of the particular operation field having not expired, determining to permit performance of the requested operation on the particular file, and performing the requested operation on the particular file;
  
  based at least on there being the particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on the particular time period defined by the particular operation expiry indicator of the particular operation field having expired, determining to deny performance of the requested operation on the particular file;
  
  orbased at least on there being no particular operation field in the identified particular territory field that is associated with the requested operation, determining to deny performance of the requested operation on the particular file; and
  
  send, over the over the one or more network interfaces, a response to the remote computer system indicating whether the requested operation was permitted or denied.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer system of claim 1, wherein the data is stored at the one or more storage devices.
  - 3. The computer system of claim 2, wherein the data is stored as an alternate data stream associated with the particular file.
  - 4. The computer system of claim 2, wherein the data is stored as an extended property of the particular file.
  - 5. The computer system of claim 1, wherein identifying the geographical locale of the remote computer system comprises identifying a locale that was specified in the request.
  - 6. The computer system of claim 1, wherein the data that is associated with the particular file defines an expiration time period for the particular file.
  - 7. The computer system of claim 6, the computer-executable instructions also including instructions that are executable to cause the computer system to delete the particular file based at least on the expiration time period having lapsed.
  - 8. The computer system of claim 1, wherein the data that is associated with the particular file also defines at least one of (i) a signature identifying the data as pertaining to time-restricted access, (ii) a version of the data, and (ii) a locale from which the particular file originated.

9. A method, implemented at a computer system that includes one or more processors, for utilizing locale information when permitting or denying requested operations on a plurality of files stored at one or more storage devices, the method comprising:
- receiving, over one or more network interfaces, a request from a remote computer system requesting performance of a requested operation on a particular file that is stored at one or more storage devices that are accessible to the computer system;
  
  based at least on receiving the request, identifying a geographical locale of the remote computer system;
  
  accessing data that is associated with the particular file, the data including one or more territory fields, each territory field being associated with a corresponding locale and including one or more operation fields, each operation field specifying (i) a corresponding type of operation that can be performed on the particular file by remote computer systems requesting the particular file from the corresponding locale and (ii) an operation expiry indicator defining a time period during which the corresponding operation can be performed;
  
  based at least on accessing the data, identifying that the data includes a particular territory field that is associated with the identified geographical locale of the remote computer system;
  
  permitting or denying performance of the requested operation on the particular file, including one of;
  
  based at least on there being a particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on a particular time period defined by a particular operation expiry indicator of the particular operation field having not expired, determining to permit performance of the requested operation on the particular file, and performing the requested operation on the particular file;
  
  based at least on there being the particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on the particular time period defined by the particular operation expiry indicator of the particular operation field having expired, determining to deny performance of the requested operation on the particular file;
  
  orbased at least on there being no particular operation field in the identified particular territory field that is associated with the requested operation, determining to deny performance of the requested operation on the particular file; and
  
  sending, over the over the one or more network interfaces, a response to the remote computer system indicating whether the requested operation was permitted or denied.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein the data is stored at the one or more storage devices.
  - 11. The method of claim 10, wherein the data is stored as an alternate data stream associated with the particular file.
  - 12. The method of claim 10, wherein the data is stored as an extended property of the particular file.
  - 13. The method of claim 9, wherein identifying the geographical locale of the remote computer system comprises identifying a locale that was specified in the request.
  - 14. The method of claim 9, wherein the data that is associated with the particular file defines an expiration time period for the particular file.
  - 15. The method of claim 14, further comprising deleting the particular file based at least on the expiration time period having lapsed.
  - 16. The method of claim 9, wherein the data that is associated with the particular file also defines at least one of (i) a signature identifying the data as pertaining to time-restricted access, (ii) a version of the data, and (ii) a locale from which the particular file originated.

17. One or more computer readable devices having stored thereon computer-executable instructions that are executable by one or more processors of a computer system to cause the computer system to utilize locale information when permitting or denying requested operations on a plurality of files stored at one or more storage devices, the computer-executable instructions including instructions that are executable to cause the computer system to perform at least the following:
- receive, over one or more network interfaces, a request from a remote computer system requesting performance of a requested operation on a particular file that is stored at one or more storage devices that are accessible to the computer system;
  
  based at least on receiving the request, identify a geographical locale of the remote computer system;
  
  access data that is associated with the particular file, the data including one or more territory fields, each territory field being associated with a corresponding locale and including one or more operation fields, each operation field specifying (i) a corresponding type of operation that can be performed on the particular file by remote computer systems requesting the particular file from the corresponding locale and (ii) an operation expiry indicator defining a time period during which the corresponding operation can be performed;
  
  based at least on accessing the data, identify that the data includes a particular territory field that is associated with the identified geographical locale of the remote computer system;
  
  permit or deny performance of the requested operation on the particular file, including one of;
  
  based at least on there being a particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on a particular time period defined by a particular operation expiry indicator of the particular operation field having not expired, determining to permit performance of the requested operation on the particular file, and performing the requested operation on the particular file;
  
  based at least on there being the particular operation field in the identified particular territory field that is associated with the requested operation, and based at least on the particular time period defined by the particular operation expiry indicator of the particular operation field having expired, determining to deny performance of the requested operation on the particular file;
  
  orbased at least on there being no particular operation field in the identified particular territory field that is associated with the requested operation, determining to deny performance of the requested operation on the particular file; and
  
  send, over the over the one or more network interfaces, a response to the remote computer system indicating whether the requested operation was permitted or denied.
- View Dependent Claims (18, 19, 20)
- - 18. The one or more computer readable devices of claim 17, wherein the data is stored as an alternate data stream associated with the particular file.
  - 19. The one or more computer readable devices of claim 17, wherein the data is stored as an extended property of the particular file.
  - 20. The one or more computer readable devices of claim 17, the computer-executable instructions also including instructions that are executable to cause the computer system to delete the particular file based at least on an expiration time period defined in the data having lapsed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Plumb, Graham Charles
Primary Examiner(s)
Rahman, Shawnchoy

Application Number

US14/529,067
Publication Number

US 20160125195A1
Time in Patent Office

663 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/107   wherein the security polici...

H04L 9/0872   using geo-location informat...

Over network operation restriction enforcement

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Over network operation restriction enforcement

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links