Distributed administration of access to information and interface for same

US RE46,439 E1
Filed: 08/31/2006
Issued: 06/13/2017
Est. Priority Date: 03/10/1997
Status: Expired due to Term

First Claim

Patent Images

1. A graphical user interface for an An access control system that controls access by users to information resources according to an access policy that is defined using definitions of user subsets of the users made explicitly for access control, definitions of information subsets of the information resources made explicitly for access control, and explicit access policy definitions indicating which user subsets may access which information subsets, the graphical user interface system comprising:

a processor;

a computing device configured to display upon which is displayed a graphical user interface via a display device, the graphical user interface comprising;

a list of previously-defined user subsets, a list of previously-defined information subsets, and a list of previously-defined access policies, and at least an indication of a create status of the previously-defined access policy operation policies, the indication visually indicating whether the policies are currently active; and

a selection device for selecting a user subset from the list thereof, an information subset from the list thereof, and the indication at least one of the create previously-defined access policy operation policies, the access control system responding to the selection of the user subset, the information subset, and the indication of the create access at least one policy operation by defining applying the at least one policy to at least one of the previously-defined access policies to define a new access policy for the selected user subset and the selected information subset.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A scalable access filter that is used together with others like it in a virtual private network to control access by users at clients in the network to information resources provided by servers in the network. Each access filter use a local copy of an access control data base to determine whether an access request made by a user. Changes made by administrators in the local copies are propagated to all of the other local copies. Each user belongs to one or more user groups and each information resource belongs to one or more information sets. Access is permitted or denied according to of access policies which define access in terms of the user groups and information sets. The rights of administrators are similarly determined by administrative policies. Access is further permitted only if the trust levels of a mode of identification of the user and of the path in the network by which the access is made are sufficient for the sensitivity level of the information resource. If necessary, the access filter automatically encrypts the request with an encryption method whose trust level is sufficient. The first access filter in the path performs the access check and encrypts and authenticates the request; the other access filters in the path do not repeat the access check.

186 Citations

16 Claims

1. A graphical user interface for an An access control system that controls access by users to information resources according to an access policy that is defined using definitions of user subsets of the users made explicitly for access control, definitions of information subsets of the information resources made explicitly for access control, and explicit access policy definitions indicating which user subsets may access which information subsets, the graphical user interface system comprising:
- a processor;
  
  a computing device configured to display upon which is displayed a graphical user interface via a display device, the graphical user interface comprising;
  
  a list of previously-defined user subsets, a list of previously-defined information subsets, and a list of previously-defined access policies, and at least an indication of a create status of the previously-defined access policy operation policies, the indication visually indicating whether the policies are currently active; and
  
  a selection device for selecting a user subset from the list thereof, an information subset from the list thereof, and the indication at least one of the create previously-defined access policy operation policies, the access control system responding to the selection of the user subset, the information subset, and the indication of the create access at least one policy operation by defining applying the at least one policy to at least one of the previously-defined access policies to define a new access policy for the selected user subset and the selected information subset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15, 16)
- - 2. The graphical user interface access control system set forth in claim 1 further comprising:
    - an indication of a delete access policy operation; and
      
      the selection device further selects an access policy from the list thereof and the indication of the delete access policy operation,the access control system responding to the selection of the access policy and the indication of the delete access policy operation by deleting the selected access policy from the list thereof.
  - 3. The graphical user interface access control system set forth in claim 1 wherein each access policy specifies one of a plurality of access types and the graphical user interface further comprises:
    - indications in the access policies on the list of their access types and an indication of a change access type operation; and
      
      the selection device further selects an access policy on the list thereof and the indication of the change access type operation,the access control system responding to the selection of the access policy and the selection of the indication of the change access type operation by changing the access type of the selected access policy as specified by the indication of the change access type operation.
  - 4. The graphical user interface access control system set forth in any one of claims 1 through 3 wherein:
    - a user subset may itself have user subsets and an information subset may itself have information subsets; and
      
      the list of user subsets shows the subset relationships among user subsets and the list of information subsets shows the subset relationships among the information subsets.
  - 5. The graphical user interface access control system set forth in any one of claims 1 through 3, the graphical user interface further comprising:
    - an indication of an evaluate operation, the access control system responding to a selection of a user subset and a selection of the indication of the evaluate operation by the selection device by indicating the information subsets in the list thereof that the selected user subset may and/or may not access.
  - 6. The graphical user interface access control system set forth in claim 5 wherein:
    - the access control system further responds to the selection of the user subset and the selection of the indication of the evaluate operation by the selection device by indicating the policies in the list thereof that apply to the selected user subset.
  - 7. The graphical user interface access control system set forth in any one of claims 1 through 3 the graphical user interface further comprising:
    - an indication of an evaluate operation,the access control system responding to a selection of an information subset and a selection of the indication of the evaluate operation by the selection device by indicating the user subsets in the list thereof that may and/or may not access the selected information subset.
  - 8. The graphical user interface access control system set forth in claim 7 wherein:
    - the access control system further responds to the selection of the information subset and the selection of the indication of the evaluate operation by the selection device by indicating the policies in the list thereof that apply to the selected information subset.
  - 9. The graphical user interface access control system set forth in any one of claims 1 through 3, the graphical user interface further comprising:
    - an indication of an evaluate operation,the access control system responding to a selection of an access policy from the list thereof and a selection of the indication of the evaluate operation by the selection device by indicating the user subsets and information subsets in the lists thereof to which the selected policy applies.
  - 10. A data storage device for use having code stored thereon in a the access control system including a processor of claim 1, the data storage device being characterized in that:
    - the data storage device contains code which, when executed in response to execution by the processor, implements causes the processor to implement the graphical user interface set forth in any one of claims 1 through 3.
  - 12. The graphical user interface administrative access control system set forth in claim 1 11 wherein:
    - the display further displays a list of objects;
      
      the administration operation is an add object operation; and
      
      the selection device further selects an object from the list thereof,the administrative access control system responding to the selection of the object and the add object operation by adding the object.
  - 13. The graphical user interface administrative access control system of either claim 1 11 or 2 12 wherein:
    - the objects are in the alternative user subsets, information subsets of information resources, and available resources.
  - 14. The graphical user interface administrative access control system of either claim 1 11 or 2 12 wherein:
    - the appearance of an object on the list indicates whether the user may administer the object.
  - 15. A data storage device for use having code stored thereon in a system that permits a user who belongs to an administrative subset of users to administer a set of objects according to an administrative policy that is defined using an explicit definition of the set of objection and an explicit definition of the administrative subset, the system including a processor, the data storage device being characterized in that:
    - the data storage device contains code which, when executed in response to execution by the processor, implements the causes the processor to implement a graphical user interface set forth in either claim 1 or claim 2 comprising;
      
      a list which indicates a set of objects that are available to be administered by a user according to an administrative policy and an indication of a status of a previously-defined administrative operation, the indication visually indicating;
      
      a type of the previously-defined administration operation, and whether the policy is currently active; and
      
      causes the processor to implement a selection device configured to respond to selection of an object from the list and the indication of the status of the previously-defined administration operation, the system responding to the selection of the object and the indication of the status of the previously-defined administration operation by applying the administration operation to the object, wherein the selection device comprises at least one of the software and circuitry.
  - 16. The access control system set forth in claim 1, wherein the user subset is visually indicated in a first color and the information subset is visually indicated in a second color if accessible and the information subset is visually indicated in a third color if inaccessible.

11. A graphical user interface for an An administrative access control system that permits a user who belongs to an administrative subset of users to administer a set of objects according to an administrative policy that is defined using an explicit definition of the set of objects and an explicit definition of the administrative subset,the graphical user interface system comprising:
- a processor;
  
  a display upon which is displayed device configured to present a graphical user interface comprising;
  
  a list which indicates the set of objects that may be administered by the user according to the administrative policy and an indication of an a status of a previously-defined administration operation, the indication visually indicating;
  
  a type of the previously-defined administration operation, and whether the policy is currently active; and
  
  a selection device for selecting an object from the list thereof and the indication of the status of the previously-defined administration operation, the administrative access control system responding to the selection of the object and the indication of the status of the previously-defined administration operation by performing the administration operation with regard to the object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dropbox, Inc.
Original Assignee
Dropbox, Inc.
Inventors
Schneider, David S., Ribet, Michael B., Lipstone, Laurence R., Jensen, Daniel
Primary Examiner(s)
CAMPBELL, JOSHUA D

Application Number

US11/513,427
Time in Patent Office

3,939 Days
Field of Search

709229, 715741, 726 15
US Class Current
CPC Class Codes

H04L 41/28   Restricting access to netwo...

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

H04L 63/04   for providing a confidentia...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Distributed administration of access to information and interface for same

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

186 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed administration of access to information and interface for same

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

186 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links