Control and enforcement of access of user data

US 9,449,181 B1
Filed: 10/19/2012
Issued: 09/20/2016
Est. Priority Date: 10/19/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, via an access manager at one or more computing devices, a request from one of a plurality of third-party applications to access data associated with a user;

determining, using the one or more computing devices, that a first service profile and a second service profile are associated with the user, wherein the first service profile includes at least one data service specified by the user and controls access of the third party application to the data associated with the user, based on a user-defined categorization of the data into one or more groups for the at least one data service and a user-defined association of the first service profile with the third-party application, and the second service profile includes at least another data service specified by the user;

identifying, via at least one of the access manager and an access information manager at the one or more computing devices, that the first service profile is associated, by the user, with at least the third-party application;

determining, via the access manager at the one or more computing devices, whether the data requested by the third-party application is provided by the at least one data service included in the first service profile, based on the user-defined categorization and the user-defined association of the first service profile, as identified by the access manager or the access information manager;

performing, via the access manager at the one or more computing devices, an action with respect to an access by the third-party application to the data, based on a result of the determining; and

providing, by the one or more computing devices, a user interface that displays an identity of the third-party applications and an indication of whether each of the third-party applications are associated with each of the first service profile and the second service profile, wherein the user interface provides a first option for the user to associate or disassociate the third-party applications with respect to the first service profile or the second service profile, and a second option for the user to define a boundary of a data stream to limit the access by the third party applications associated with the first service profile or the second service profile to the data, based on a type of the access or a degree of the access.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Control and enforcement of access of user data are described, including receiving a request from an application to access data associated with a user; determining that a service profile and another service profile are associated with the user, the service profile includes at least one data service specified by the user and the another service profile includes at least another data service specified by the user; identifying the service profile being associated, by the user, with at least the application; determining whether the data requested by the application are provided by the at least one data service included in the service profile; and performing an action with respect to access by the application to the data requested, based on a result of the determining.

27 Citations

View as Search Results

21 Claims

1. A computer-implemented method comprising:
- receiving, via an access manager at one or more computing devices, a request from one of a plurality of third-party applications to access data associated with a user;
  
  determining, using the one or more computing devices, that a first service profile and a second service profile are associated with the user, wherein the first service profile includes at least one data service specified by the user and controls access of the third party application to the data associated with the user, based on a user-defined categorization of the data into one or more groups for the at least one data service and a user-defined association of the first service profile with the third-party application, and the second service profile includes at least another data service specified by the user;
  
  identifying, via at least one of the access manager and an access information manager at the one or more computing devices, that the first service profile is associated, by the user, with at least the third-party application;
  
  determining, via the access manager at the one or more computing devices, whether the data requested by the third-party application is provided by the at least one data service included in the first service profile, based on the user-defined categorization and the user-defined association of the first service profile, as identified by the access manager or the access information manager;
  
  performing, via the access manager at the one or more computing devices, an action with respect to an access by the third-party application to the data, based on a result of the determining; and
  
  providing, by the one or more computing devices, a user interface that displays an identity of the third-party applications and an indication of whether each of the third-party applications are associated with each of the first service profile and the second service profile, wherein the user interface provides a first option for the user to associate or disassociate the third-party applications with respect to the first service profile or the second service profile, and a second option for the user to define a boundary of a data stream to limit the access by the third party applications associated with the first service profile or the second service profile to the data, based on a type of the access or a degree of the access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the second service profile is associated with at least another third-party application, which is mutually exclusive from the at least the third-party application associated with the first service profile.
  - 3. The method of claim 1, further comprising:
    - passing through, via the access manager at the one or more computing devices, the request from the third-party application to a server after the receiving the request from the third-party application.
  - 4. The method of claim 1, wherein the identifying, using the one or more computing devices, the first service profile, comprises the access manager receiving the first service profile based on an identifier associated with the at least the third-party application.
  - 5. The method of claim 1, wherein the identifying, using the one or more computing devices, the first service profile, comprises the access manager identifying the first service profile from a cache.
  - 6. The method of claim 1, wherein the at least one data service includes one or more boundaries defined by the user and can be redefined by the user.
  - 7. The method of claim 1, wherein the performing, using the one or more computing devices, the action with respect to the access by the third-party application to the data requested comprises passing through, via the access manager at the one or more computing devices, the request from the third-party application to a server controlling access to the data requested.
  - 8. The method of claim 1, wherein the performing, using the one or more computing devices, the action with respect to the access by the third-party application to the data requested comprises returning an error code to the third-party application.
  - 9. The method of claim 1, wherein the performing the action comprises:
    - granting access by the third-party application to the data requested when the data requested by the third-party application are provided by the at least one data service;
      
      ordenying access by the third-party application to the data requested when the data requested by the third-party application are not provided by the at least one data service.
  - 10. The method of claim 1, further comprising providing an interface for the user to create, define, view, modify or delete the first service profile associated with the third-party application and the second service profile associated with another third-party application.

11. A non-transitory computer readable medium having stored therein computer executable instructions for:
- receiving, via an access manager at one or more computing devices, a request from a third-party application to access data associated with a user;
  
  determining, using the one or more computing devices, that a service profile and second service profile are associated with the user, wherein the first service profile includes at least one data service specified by the user and controls access of the third party application to the data associated with the user, based on a user-defined categorization of the data into one or more groups for the at least one data service and a user-defined association of the first service profile with the third-party application, and the second service profile includes at least another data service specified by the user;
  
  identifying, via at least one of the access manager and an access information manager at the one or more computing devices, that the first service profile has been associated, by the user, with at least the third-party application;
  
  determining, via the access manager at the one or more computing devices, whether the data requested by the third-party application is provided by the at least one data service included in the first service profile, based on the user-defined categorization and the user-defined association of the first service profile, as identified by the access manager or the access information manager;
  
  performing, via the access manager at the one or more computing devices, an action with respect to an access by the third-party application to the data, based on a result of the determining; and
  
  providing, by the one or more computing devices, a user interface that displays an identity of the third-party applications and an indication of whether each of the third-party applications are associated with each of the first service profile and the second service profile, wherein the user interface provides a first option for the user to associate or disassociate the third-party applications with respect to the first service profile or the second service profile, and a second option for the user to define a boundary of a data stream to limit the access by the third party applications associated with the first service profile or the second service profile to the data, based on a type of the access or a degree of the access.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer readable medium of claim 11, wherein the second service profile is associated with at least another third-party application, which is mutually exclusive from the at least the third-party application associated with the first service profile.
  - 13. The computer readable medium of claim 11, wherein the identifying, using the one or more computing devices, the first service profile comprises the access manager receiving the first service profile based on an identifier associated with the at least the third-party application.
  - 14. The computer readable medium of claim 11, wherein the at least one data service includes one or more boundaries defined by the user and can be redefined by the user.
  - 15. The computer readable medium of claim 11, wherein the performing, using the one or more computing devices, the action with respect to the access by the third-party application to the data requested comprises passing through, via the access manager at the one or more computing devices, the request from the third-party application to a server controlling access to the data requested.
  - 16. The computer readable medium of claim 11, wherein the performing, using the one or more computing devices, the action with respect to the access by the third-party application to the data requested comprises the access manager returning an error code to the third-party application.

17. At least one computing device comprising:
- storage and at least one hardware processor configured to perform;
  
  receiving, via an access manager at the at least one computing device, a request from a third-party application to access data associated with a user;
  
  determining, using the at least one computing device, that a service profile and second service profile are associated with the user, wherein the first service profile includes at least one data service specified by the user and controls access of the third party application to the data associated with the user, based on a user-defined categorization of the data into one or more groups for the at least one data service and a user-defined association of the first service profile with the third-party application, and the second service profile includes at least another data service specified by the user;
  
  identifying, via at least one of the access manager and an access information manager at the at least one computing device, the first service profile has been associated, by the user, with at least the third-party application;
  
  determining, via the access manager at the at least one computing device, whether the data requested by the third-party application is provided by the at least one data service included in the first service profile, based on the user-defined categorization and the user-defined association of the first service profile, as identified by the access manager or the access information manager;
  
  performing, via the access manager at the at least one computing device, an action with respect to an access by the third-party application to the data, based on a result of the determining; and
  
  providing, by the one or more computing devices, a user interface that displays an identity of the third-party applications and an indication of whether each of the third-party applications are associated with each of the first service profile and the second service profile, wherein the user interface provides a first option for the user to associate or disassociate the third-party applications with respect to the first service profile or the second service profile, and a second option for the user to define a boundary of a data stream to limit the access by the third party applications associated with the first service profile or the second service profile to the data, based on a type of the access or a degree of the access.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The at least one computing device of claim 17, wherein the second service profile is associated with at least another third-party application, which is mutually exclusive from the at least the third-party application associated with the first service profile.
  - 19. The at least one computing device of claim 17, wherein the identifying, via at least one of the access manager and an access information manager at the at least one computing device, the first service profile comprises receiving the first service profile based on an identifier associated with the at least the third-party application.
  - 20. The at least one computing device of claim 17, wherein the at least one data service includes one or more boundaries defined by the user and can be redefined by the user.
  - 21. The at least one computing device of claim 17, wherein the performing, using the at least one computing device, the action with respect to the access by the third-party application to the data requested comprises passing through, via the access manager at the one or more computing devices, the request from the third-party application to a server controlling access to the data requested.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Umapathy, Vijay, Bachman, Michael, Grigera, Alejo, Rodrigues, Vitor
Primary Examiner(s)
Smithers, Matthew

Application Number

US13/656,065
Time in Patent Office

1,432 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/62   Protecting access to data v...

G06F 21/6272   by registering files or doc...

H04L 63/102   Entity profiles

Control and enforcement of access of user data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Control and enforcement of access of user data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links