Enterprise Security Management System Using Hierarchical Organization and Multiple Ownership Structure

US 20120158787A1
Filed: 02/27/2012
Published: 06/21/2012
Est. Priority Date: 07/02/2004
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

assigning a first set of identifiers to a first set of users;

assigning a second set of identifiers to each of the first set of users, the second set of identifiers associating a respective one of the first set of users with at least one of a second set of users where the at least one of the second set of users is granted permission to access one or more files associated with the respective one of the first set of users;

receiving a request from a requestor among the second set of users to access a network resource associated with one of the first set of users;

determining whether the requestor has permission to access the network resource;

determining which privileges the requestor is given relative to the network resource if the requestor has permission to access the network resource; and

providing the requestor with the network resource based on the determined privilege.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hierarchical security model for networked computer users is described. Files and resources are controlled or created by users within the network. Each user within the network has an account that is managed by a network administrator. The account specifies the user identifier and password. Users are grouped into organizations depending upon function or other organizational parameter. The groups within the network are organized hierarchically in terms of access and control privileges. Users within a higher level group may exercise access and control privileges over files or resources owned by users in a lower level group. The account for each user further specifies the group that the owner belongs to and an identifier for any higher level groups that have access privileges over the user'"'"'s group. All users within a group inherit the rights and restrictions of the group.

29 Citations

View as Search Results

19 Claims

1. A method comprising:
- assigning a first set of identifiers to a first set of users;
  
  assigning a second set of identifiers to each of the first set of users, the second set of identifiers associating a respective one of the first set of users with at least one of a second set of users where the at least one of the second set of users is granted permission to access one or more files associated with the respective one of the first set of users;
  
  receiving a request from a requestor among the second set of users to access a network resource associated with one of the first set of users;
  
  determining whether the requestor has permission to access the network resource;
  
  determining which privileges the requestor is given relative to the network resource if the requestor has permission to access the network resource; and
  
  providing the requestor with the network resource based on the determined privilege.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein assigning the first identifier includes associating the first set of users with a plurality of child groups, with at least two users in the first set of users being associated with a different child group.
  - 3. The method of claim 2, wherein assigning the second identifier includes:
    - associating the second set of users with a plurality of parent groups; and
      
      associating at least one of the first set of users in the plurality of child groups with at least one of the second set of users in the plurality of parent groups.
  - 4. The method of claim 3, further comprising:
    - generating, based on the first identifier, a user descriptor table that specifies the association between each of the first set of users and a respective child group.
  - 5. The method of claim 3, further comprising:
    - generating, based on the second identifier, a group descriptor table that specifies an association between the plurality of child groups and the plurality of parent groups.
  - 6. The method of claim 5, further comprising:
    - determining access privilege of at least one of the second set of users with respect to one or more files based on the association specified on the group descriptor table.
  - 7. The method of claim 1, wherein receiving the request includes receiving a request to access one or more data files.
  - 8. The method of claim 1, wherein determining which privileges includes determining whether the requestor has read or write privilege.

9. A method of organizing users in an enterprise, the method comprising:
- assigning a user identifier and password to at least one user of a plurality of users;
  
  assigning a group identifier to the at least one user for associating with a group;
  
  specifying a parent group identifier for the group assigned to the at least one user, the parent group identifier identifying a parent group containing one or more superior users who have access to resources owned by the at least one user.
- View Dependent Claims (10, 11)
- - 10. The method of claim 9, further comprising:
    - storing the user identifier, password, and group identifier for the plurality of users in a user descriptor table;
      
      storing the group identifier and parent group identifier in a group descriptor table for associating a respective group with a respective parent group; and
      
      establishing a hierarchical relationship among the respective group and respective parent group based on the group and parent group identifier.
  - 11. The method of claim 9, further comprising defining access privileges for the one or more superior users over the resources owned by the user.

12. A system comprising:
- a plurality of first devices; and
  
  a server coupled with the plurality of first devices through a network, wherein the server is configured to;
  
  assign a first set of identifiers to the plurality of first devices;
  
  assign a second set of identifiers to each of the plurality of first devices, the second set of identifiers associating a respective one of the plurality of first devices with at least one of a plurality of second devices, where the at least one of the plurality of second devices is granted permission to access one or more files associated with the respective one of the plurality of first devices;
  
  receive a request from a requestor to access a network resource;
  
  determine whether the requestor has permission to access the network resource;
  
  determine which privileges the requestor is given relative to the network resource if the requestor has permission to access the network resource; and
  
  provide the requestor with the network resource based on the determined privilege.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the server is configured to associate the plurality of first devices with a plurality of child groups, with at least two of the plurality of first devices being associated with a different child group.
  - 14. The system of claim 13, wherein the server is configured to:
    - associate the plurality of second devices with a plurality of parent groups; and
      
      associate at least one of the plurality of first devices in the plurality of child groups with at least one of the plurality of second devices in the plurality of parent groups.
  - 15. The system of claim 14, wherein the server is configured to:
    - generate, based on the first identifier, a user descriptor table that specifies the association between each of the plurality of first devices and a respective child group.
  - 16. The system of claim 14, wherein the server is configured to:
    - generate, based on the second identifier, a group descriptor table that specifies an association between the plurality of child groups and the plurality of parent groups.
  - 17. The system of claim 16, wherein the server is configured to:
    - determine access privilege of at least one of the plurality of second devices with respect to one or more files based on the association specified on the group descriptor table.
  - 18. The system of claim 12, wherein the server is configured to receive a request to access one or more data files.
  - 19. The system of claim 12, wherein the server is configured to determine whether the requestor has read or write privilege.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ICE Mortgage Technology, Inc. (Intercontinental Exchange, Inc.)
Original Assignee
Ellie Mae Incorporated (Intercontinental Exchange, Inc.)
Inventors
Hu, Limin, Wu, Ting-Hu, Han, Ching-Chih Jason

Granted Patent

US 8,762,357 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/784
CPC Class Codes

G06F 3/04842   Selection of displayed obje...

G06Q 40/02   Banking, e.g. interest calc...

G06Q 40/03   Credit; Loans; Processing t...

H04L 63/083   using passwords cryptograph...

H04L 63/104   Grouping of entities

H04L 67/01   Protocols

Enterprise Security Management System Using Hierarchical Organization and Multiple Ownership Structure

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

29 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Enterprise Security Management System Using Hierarchical Organization and Multiple Ownership Structure

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links