System and method for data privacy in URL based context queries

US 9,805,123 B2
Filed: 11/18/2008
Issued: 10/31/2017
Est. Priority Date: 11/18/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising the steps of:

receiving a reference, over a network, to a data object from a user;

identifying, via the network, an entity that controls the data object, such that spatial, temporal, social and topical data available to the network that relates to the data object are retrieved and utilized for said identifying the entity that controls the data object;

retrieving, via the network, a permission for the data object, the permission being associated with the entity that controls the data object, said permission comprising a permission context having permission context criteria comprising spatial, temporal, social and topical criteria, and further comprising a set of associations, data axes and data values between each of the spatial, temporal, social and topical criteria, the set of associations are ordered in an order such that each of the associations of the set of associations are evaluated in the order, such that associations that are lower in the order override associations that are higher in the order where the respective associations relate to a same respective data axes and respective data values;

retrieving, via the network, spatial data, temporal data, social data and topical data available to the network that relates to the user and to the permission context;

determining, via the network, using the spatial data, temporal data, social data and topical data, that the user matches the permission context criteria;

in response to determining the user matches the permission context criteria, determining, via the network, using the permission for the data object, the user is one of;

permitted to access to the data object and not permitted to access to the data object, such thatwhere the user is permitted access to the data object, access is granted to the data object, andwhere the user is not permitted access to the data object, access is denied to the data object.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for data privacy in URL based context queries. A reference to a data object is received from a user. At least one entity that controls the data object is identified via the network. At least one permission for the data object is retrieved via the network, wherein the permission is associated with the entity that controls the data object. It is then determined, via the network, if the user is permitted to access to the data object using the permission for the data object and spatial data, temporal data social data and logical data available to the network that relates to the user and to the permission for the data object. If the user is permitted access to the data object, access is granted to the data object, and if the user is nor permitted access to the data object, access is denied to the data object.

412 Citations

21 Claims

1. A method comprising the steps of:
- receiving a reference, over a network, to a data object from a user;
  
  identifying, via the network, an entity that controls the data object, such that spatial, temporal, social and topical data available to the network that relates to the data object are retrieved and utilized for said identifying the entity that controls the data object;
  
  retrieving, via the network, a permission for the data object, the permission being associated with the entity that controls the data object, said permission comprising a permission context having permission context criteria comprising spatial, temporal, social and topical criteria, and further comprising a set of associations, data axes and data values between each of the spatial, temporal, social and topical criteria, the set of associations are ordered in an order such that each of the associations of the set of associations are evaluated in the order, such that associations that are lower in the order override associations that are higher in the order where the respective associations relate to a same respective data axes and respective data values;
  
  retrieving, via the network, spatial data, temporal data, social data and topical data available to the network that relates to the user and to the permission context;
  
  determining, via the network, using the spatial data, temporal data, social data and topical data, that the user matches the permission context criteria;
  
  in response to determining the user matches the permission context criteria, determining, via the network, using the permission for the data object, the user is one of;
  
  permitted to access to the data object and not permitted to access to the data object, such thatwhere the user is permitted access to the data object, access is granted to the data object, andwhere the user is not permitted access to the data object, access is denied to the data object.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the reference to a data object is one of a of a plurality of references in result set of a context query, the context query comprising a URL-based query comprising spatial, temporal, social and topical criteria.
  - 3. The method of claim 1 wherein a reference to the entity that controls the data object is embedded in metadata in the data object.
  - 4. The method of claim 1 wherein, the spatial, temporal, social and topical data that relates to the data object is retrieved using a global index available to the network, the global index comprising a global graph that relates entities known to the network with one another.
  - 5. The method of claim 1 such that where an object is controlled by two or more entities, permissions for all controlling entities are evaluated and the most restrictive is applied.
  - 6. The method of claim 1 such that where an object is controlled by two or more entities, permissions for all controlling entities are evaluated and the least restrictive is applied.
  - 7. The method of claim 1 such that where an object is not controlled by any entity, access is granted to the data object.

8. A system comprising:
- a processor;
  
  a non-transitory storage medium for tangibly storing thereon program logic for execution by the processor, the program logic comprising;
  
  object reference receiving logic executed by the processor for receiving a reference, over a network, to a data object from a user;
  
  controlling entity identification logic executed by the processor for identifying, via the network, an entity that controls the data object, such that spatial, temporal, social and topical data available to the network that relates to the data object are retrieved and utilized for said identifying the entity that controls the data object;
  
  permission retrieval logic executed by the processor for retrieving, via the network, a permission for the data object, the permission being associated with the entity that controls the data object, said permission comprising a permission context having permission context criteria comprising spatial, temporal, social and topical criteria, and further comprising a set of associations, data axes and data values between each of the spatial, temporal, social and topical criteria, the set of associations are ordered in an order such that each of the associations of the set of associations are evaluated in the order, such that associations that are lower in the order override associations that are higher in the order where the respective associations relate to a same respective data axes and respective data values;
  
  user data retrieval logic executed by the processor for retrieving, via the network, spatial data, temporal data, social data and topical data available to the network that relates to the user and to the permission context;
  
  user matching logic executed by the processor for determining, via the network, using the spatial data, temporal data, social data and topical data, that the user matches the permission context criteria;
  
  permission determination logic executed by the processor for, in response to determining the user matches the permission context criteria, determining, via the network, using the permission for the data object, the user is one of;
  
  permitted to access to the data object and not permitted to access to the data object, such thatwhere the user is permitted access to the data object, access is granted to the data object, andwhere the user is not permitted access to the data object, access is denied to the data object.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8 wherein the references to a data object is one of a plurality of references in result set of a context query, the context query comprising a URL-based query comprising spatial, temporal, social and topical criteria.
  - 10. The system of claim 8 wherein a reference to the entity that controls the data object is embedded in metadata in the data object.
  - 11. The system of claim 8 wherein, the object reference receiving logic retrieves the spatial, temporal, social and topical data that relates to the data object using a global index available to the network, the global index comprising a global graph that relates entities known to the network with one another.
  - 12. The system of claim 8 such that where an object is controlled by two or more entities, permissions for all controlling entities are evaluated by the permission determination logic and the most restrictive is applied.
  - 13. The system of claim 8 such that where an object is controlled by two or more entities, permissions for all controlling entities are evaluated by the permission determination logic and the least restrictive is applied.
  - 14. The system of claim 8 such that where an object is not controlled by any entity, permission determination logic grants access to the data object.

15. A non-transitory computer-readable storage medium for tangibly storing thereon computer readable instructions for a method comprising:
- receiving a reference, over a network, to a data object from a user;
  
  identifying, via the network, an entity that controls the data object, such that spatial, temporal, social and topical data available to the network that relates to the data object are retrieved and utilized for said identifying the entity that controls the data object;
  
  retrieving, via the network, a permission for the data object, the permission being associated with the entity that controls the data object, said permission comprising a permission context having permission context criteria comprising spatial, temporal, social and topical criteria, and further comprising a set of association, data axes and data values between each of the spatial, temporal, social and topical criteria, the set of associations are ordered in an order such that each of the associations of the set of associations are evaluated in the order, such that associations that are lower in the order override associations that are higher in the order where the respective associations relate to a same respective data axes and respective data values;
  
  retrieving, via the network, spatial data, temporal data, social data and topical data available to the network that relates to the user and to the permission context;
  
  retrieving, via the network, spatial data, temporal data, social data and topical data available to the network that relates to the user and to the permission context;
  
  determining, via the network, using the spatial data, temporal data, social data and topical data, that the user matches the permission context criteria;
  
  in response to determining the user matches the permission context criteria, determining, via the network, using the permission for the data object, the user is one of;
  
  permitted to access to the data object and not permitted to access to the data object, such thatwhere the user is permitted access to the data object, access is granted to the data object, andwhere the user is not permitted access to the data object, access is denied to the data object.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer-readable storage medium of claim 15 wherein the reference to a data object is one of a of a plurality of references in result set of a context query, the context query comprising a URL-based query comprising spatial, temporal, social and topical criteria.
  - 17. The non-transitory computer-readable storage medium of claim 15 wherein a reference to the entity that controls the data object is embedded in metadata in the data object.
  - 18. The non-transitory computer-readable storage medium of claim 15 the spatial, temporal, social and topical data that relates to the data object is retrieved using a global index available to the network, the global index comprising a global graph that relates entities known to the network with one another.
  - 19. The non-transitory computer-readable storage medium of claim 15 such that where an object is controlled by two or more entities, permissions for all controlling entities are evaluated and the most restrictive is applied.
  - 20. The non-transitory computer-readable storage medium of claim 15 such that where an object is controlled by two or more entities, permissions for all controlling entities are evaluated and the least restrictive is applied.
  - 21. The non-transitory computer-readable storage medium of claim 15 such that where an object is not controlled by any entity, access is granted to the data object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
R2 Solutions LLC (Acacia Research Corporation)
Original Assignee
Excalibur IP, LLC (Acacia Research Corporation)
Inventors
Nair, Rahul, Davis, Marc Eliot, Higgins, Christopher William, King, Simon P
Primary Examiner(s)
Shmatov, Alexey

Application Number

US12/273,345
Publication Number

US 20100125605A1
Time in Patent Office

3,269 Days
Field of Search
US Class Current
CPC Class Codes

A61K 31/19   Carboxylic acids, e.g. valp...

A61K 31/194   having two or more carboxyl...

C07C 69/704   Citric acid esters

C12Q 1/25   involving enzymes not class...

G06F 16/9535   Search customisation based ...

H04L 63/102   Entity profiles

H04W 12/084   using delegated authorisati...

H04W 80/08   Upper layer protocols netwo...

System and method for data privacy in URL based context queries

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

412 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for data privacy in URL based context queries

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

412 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links