WO2011160855A1 - Method, server and system for granting temporary access to electronic content - Google Patents
Method, server and system for granting temporary access to electronic content Download PDFInfo
- Publication number
- WO2011160855A1 WO2011160855A1 PCT/EP2011/003151 EP2011003151W WO2011160855A1 WO 2011160855 A1 WO2011160855 A1 WO 2011160855A1 EP 2011003151 W EP2011003151 W EP 2011003151W WO 2011160855 A1 WO2011160855 A1 WO 2011160855A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- access
- content
- server
- electronic
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/52—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail for supporting social networking services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/254—Management at additional data server, e.g. shopping server, rights management server
- H04N21/2541—Rights Management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/20—Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
- H04N21/25—Management operations performed by the server for facilitating the content distribution or administrating data related to end-users or client devices, e.g. end-user or client device authentication, learning user preferences for recommending movies
- H04N21/258—Client or end-user data management, e.g. managing client capabilities, user preferences or demographics, processing of multiple end-users preferences to derive collaborative data
- H04N21/25866—Management of end-user data
- H04N21/25891—Management of end-user data being end-user preferences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04N—PICTORIAL COMMUNICATION, e.g. TELEVISION
- H04N21/00—Selective content distribution, e.g. interactive television or video on demand [VOD]
- H04N21/40—Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
- H04N21/47—End-user applications
- H04N21/478—Supplemental services, e.g. displaying phone caller identification, shopping application
- H04N21/4788—Supplemental services, e.g. displaying phone caller identification, shopping application communicating with other users, e.g. chatting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Definitions
- the present invention relates to information management systems. More particularly, the present invention is directed to a system, method, and server for granting an identified user temporary access to another user's electronic content.
- An example of electronic content is social content such as videos, photographs, status messages, and the like which individuals store in online storage facilities of a so-called social media network.
- the present invention solves this problem with a system, method, and server for granting an identified user temporary access to protected electronic content.
- the permission granted to the identified user in addition to the time period, also defines the scope of what content he or she is permitted to access.
- the present invention is directed to a method of granting a first user temporary access to a second user's electronic content in a social media network.
- the method comprises receiving, by a server, a request originating from a first user of the plurality of users to access electronic user content of a second user of the plurality of users.
- a policy engine function comprised in the server processes the request by performing the steps of: retrieving relationship information specifying a particular type of relationship between the first and the second user; applying an access rule matching the relationship information, the access rule specifying a period of time the electronic user content of the second user is available for the first user.
- the policy engine function grants the first user temporary access to the second user's electronic content.
- the policy engine function denies the first user access to the second user's electronic content.
- the server can be any type of processor controlled server, such as a server in a switching node or control node or elsewhere in a telecommunications system, performing operations related to the telecommunications system.
- the server may also be a dedicated server such as a Policy Engine connected to or connectable by the telecommunications systems or an other data processing system, for processing social media content in a social media network.
- the period of time wherein access is allowed may be specified as a particular time duration wherein access is allowed, such as one hour, one day, one week or the like, from the start of a first access, for example, but also during a particular time of the day, a particular day or days of a week and the like, or combinations of both, for example.
- the user content may be stored or available from remote online storage facilities such as accessible by an access server or servers of the social media network.
- an access rule may specify which content or how much of the second user's electronic content is permitted to access by the first user, and the step of allowing includes restricting access to this permitted content.
- a user may specify what particular part of his electronic content or what particular type files and the like is accessible to a particular first user.
- the relationship information may identify a particular user to whom temporarily access is granted to the second user's electronic content.
- the relationship information comprises at least one identifiable characteristic and wherein the method further comprises retrieving, by the policy engine function, the at least one identifiable characteristic of a first user and allowing each first user having the identifiable characteristic access to the second user's electronic content for the specified period of time.
- the identifiable characteristic may be any such as an identifier identifying users of a particular group, such as employees of a same company, members of a same association, and the like.
- the relationship information may be stored in an internal database in the server, in an Active Address Book storage or database external or remote from the server, and/or included in a request from a user.
- the access rule or rules by the second user may be stored and available from an internal database in the server and/or in a remote storage or database such as an Active Rules Book, which may be incorporated with the Active Address Book, for example.
- the databases storing the relationship information and access rule or rules are accessible, either directly or indirectly, by the users of the social media network for generating or specifying and applying their individual preferences.
- the method instead of or in addition to storing access rules in a network database, the method provides for obtaining an access rule from the second user directly, via a messaging service, such as an e-mail service, a short messaging service, SMS, a multimedia messaging service, MMS, or a messaging service provided by the social media network, for example.
- a messaging service such as an e-mail service, a short messaging service, SMS, a multimedia messaging service, MMS, or a messaging service provided by the social media network, for example.
- the second user is prompted by the policy engine function to provide an access rule.
- the second user may, for example, visit a special web site provided by the social media network for specifying an access rule, or may provide an access rule by return e-mail, SMS, MMS, or the like.
- the second user is prompted via the social media network if the second user is/connected or online with the social media network. In such a case the second user preferably replies via the social media network.
- any of an e-mail, SMS or MMS message may be forwarded to the second user and the second user may reply by logging in to the social media network or by responding with a return e-mail, SMS, MMS message or the like.
- the first user may be informed of the granted access.
- a response is send to the first user indicating that the content is available to the first user.
- a response is send to the first user indicating that the content is no longer available.
- This response may be forwarded via the social media network or an other messaging service available to the first user, such as e-mail, SMS or MMS.
- the policy engine function sends to the second user a notification of the first user's access to the second user's electronic content during the specified period of time and/or a notification that the first user attempted to access the second user's electronic content after the specified period of time expired.
- This notification may be forwarded via the social media network or an other messaging service available to the second user, such as e-mail, SMS or MMS.
- users In a social media network, users often add and remove content.
- an access server for example, at least the content of a second user to which first users are permitted access to is periodically refreshed by the access server and the first user is provided access to the refreshed content.
- the present invention is directed to a server for controlling access to electronic user content in a social media network comprising a plurality of users and arranged for sharing electronic user content amongst the plurality of users.
- the server comprises a communication unit arranged for receiving a request originating from a first user to access electronic user content of a second user of the plurality of users.
- a relationship retrieval unit arranged for retrieving relationship information specifying a particular type of relationship between the first and the second user.
- a matching unit arranged for applying an access rule matching the relationship information, the access rule specifying a period of time the electronic user content of the second user is available for the first user.
- a timer arranged for determining whether the specified period of time has expired.
- An access granting unit arranged for allowing the first user access to the second user's electronic content when the specified period of time has not expired and arranged for denying the first user access to the second user's electronic content when the specified period of time has expired.
- the communication unit sends a response toward the first user indicating that the content is available to the first user.
- the communication unit sends a response toward the first user indicating that the content is no longer available. This response may be forwarded via the social media network or an other messaging service available to the users, such as e-mail, SMS or MMS.
- the access granting unit is arranged for allowing restricted access to the second user's electronic content specified by the access rule.
- the restriction applies to a particular part of the second user's electronic content, i.e. how much of the second user's content the first user is allowed to access, or what particular type files and the like is accessible to a first user.
- the first user has at least one identifiable characteristic
- the relationship retrieval unit is arranged for retrieving the identifiable characteristic of the first user
- the access granting unit is arranged for allowing each first user having the identifiable characteristic access to the second user's electronic content for the specified period of time.
- the relationship retrieval unit In an example, is arranged for retrieving the relationship information from an internal database of the server and/or an Active Address Book storage or database external to the server and/or the request.
- the server for retrieving an access rule, the server, in an example, comprises a rule retrieval unit, arranged for obtaining the access rule from the second user and/or an internal rules database of the server for storing access rules and/or an Active Rules Book storage or database which may be incorporated with the Active Address Book external to the server.
- a rule retrieval unit arranged for obtaining the access rule from the second user and/or an internal rules database of the server for storing access rules and/or an Active Rules Book storage or database which may be incorporated with the Active Address Book external to the server.
- the rule retrieval unit is arranged for obtaining the access rule from the second user.
- a messaging service may be applied and the rule retrieval unit is configured to obtain the access rule from the second user through any or all of the social media network, by e-mail, SMS, MMS, or the like, by an intermediate message server and/or web server. Such messages may be communicated by the communication unit of the server.
- the communication unit is configured for sending to for sending to the second user, a notification of the first user's access to the second user's electronic content during the specified period of time and/or a notification that the first user attempted to access the second user's content after the specified period of time expired.
- the present invention is directed to a system for controlling access to electronic user content in a social media network comprising a Social Media Portal, SMP, accessible from a telecommunications network and arranged for sharing electronic user content amongst a plurality of users.
- the system comprises a server in communication with the SMP and arranged for applying access rules for controlling access to the electronic user content.
- the SMP includes a unit for forwarding to the server a request originating from a first user to access electronic user content of a second user of the plurality of users.
- the server includes a communication unit arranged for receiving the request; a relationship retrieval unit arranged for retrieving relationship information specifying a particular type of relationship between the first and the second user; a matching unit, arranged for applying an access rule matching the relationship information, the access rule specifying a period of time the electronic user content of the second user is available for the first user; a timer arranged for determining whether the specified period of time has expired, and an access granting unit.
- the access granting unit being arranged for allowing the first user access to the second user's electronic content when the specified period of time has not expired and arranged for denying the first user access to the second user's electronic content when the specified period of time has expired.
- the communication unit is further arranged for sending a response from the access granting unit to the SMP allowing or denying the first user access to the second user's electronic content.
- Fig. 1 is a message flow diagram illustrating the flow of messages in a first example of the method of the present invention
- Fig. 2 is a message flow diagram illustrating the flow of messages in a second example of the method of the present invention
- Fig. 3 is a message flow diagram illustrating the flow of messages in a third example of the method of the present invention
- Fig. 4 is a message flow diagram illustrating the flow of messages in a fourth example of the method of the present invention.
- Fig. 5 is a simplified block diagram of an example of a server of the present invention.
- the invention is explained below in the context of a scenario in which an individual tells his customer about his vacation, and the customer wants to see the individual's vacation photographs.
- the photographs are stored by an online storage service.
- the individual would like to share the photographs, but does not want to give the customer permanent access to all of his photographs, and would like to grant access for a limited duration.
- the present invention is not limited to electronic social content such as vacation photographs or to customers only.
- the inventive concepts can be applied to any kind of protected electronic content and to any kind of contacts and relationships in a social media network.
- Two main scenarios are described herein. Both scenarios assume two users, User-A or first user who wants access to the electronic content, and User-B or second user who is the owner of the electronic content. In a first scenario, both users are online. User-B can directly grant or deny temporary access by defining an access rule; and User- A can directly obtain temporary access to the content. In a second scenario, User-B is not online, and therefore cannot directly grant or deny the requested access.
- Fig. 1 is a message flow diagram illustrating the flow of messages in a first example of the method of the present invention.
- the figure illustrates User-A 1 1 and User- B 12 as well as three network nodes referred to as a Social Media Portal (SMP) 13, a server 14, and an Active Address Book (AAB) 15.
- SMP Social Media Portal
- AAB Active Address Book
- Pixl8r initiative is an open-standard solution that enables photo sharing sites to interact in real time.
- mobile users can easily share social media across different operator portals and receive SMS notifications of the activities of other users regardless of the network type.
- Pixl8r creates a federation of community portals that can connect the world's approximately four billion mobile users.
- Ericsson's SMP acting as an access server and browser users can connect to the social web using any mobile phone.
- the solution does not require client downloads, and enables posting and accessing of real-time, user-generated content to diverse internet communities. Content is automatically backed up on a community portal that offers personal storage, synchronization, unified messaging, and services for sharing content such as photos and videos with friends and family.
- server 14 may be implemented as a stand alone server, or may be integrated in a dedicated policy server, a Policy Engine, or any other type of server connected to the social media network and accessible from a telecommunications network.
- the AAB 15 provides intelligent and automated centralized contact management for mobile users.
- the AAB enables users to create and publish their personal information to an online address book that automatically updates contact information when a contact in the address book publishes new contact information. Users can search, add, edit, and delete contacts using an AAB web portal. Flexible privacy levels let subscribers decide what information to share and with whom.
- the AAB works with native address books in existing mobile phones and can support IMS-enabled devices, web, and PC clients. Integrating the AAB with directories, Internet accounts, or social networking sites enables users to search and add more contacts to the address book.
- the AAB thus provides a relationship database identifying relationships between each pair of users having a record in the AAB.
- the relationship information specifies a particular type or types of relationship between a pair of users.
- a policy engine function in the server 14 retrieves relationships between various users from the AAB 15, and retrieves and stores access rules from each user defining for how long content is available to each user and possibly what content is available to other users.
- the policy engine function in the server 14 may also retrieve relationship information from other type of sources, for example an internal database 40 in the server 14 or in the originating request itself, as will be explained in more detail below.
- User-A 11 sends a message to the SMP 13 requesting access to User-B's content-X. For example, this may be a friend or customer requesting to see User-B's vacation photographs.
- the SMP queries the policy engine function in server 14 to determine whether User-A's access to content-X is allowed.
- the server has no relationship information between User-A and User-B, and thus at step 3, the policy engine function in server 14 contacts the AAB 15 to retrieve one or more relationships between User-A 11 and User-B 12.
- the AAB 15 sends the relationships to the server 14.
- the policy engine function in server 14 checks a rules database, which may be implemented internally or externally to the server, to determine whether there are any access rules matching any of the relationships. In this particular scenario, it is assumed that there are no matching rules.
- the policy engine function in the server sends an access request message to User-B 12.
- the access request message includes the relationships between User-A and User-B, and indicates that User-A 11 has requested access to content-X.
- User-B 12 provides an access rule to the server 14 indicating that User- A 11 is allowed to access content-X for a defined period of time.
- the access rule may also indicate, for example, that this rule applies to other users who have the same relationship to User-B. For example, all of User-B's family members or all of User-B's customers may be granted access to User-B's vacation photographs for a week or any other period of time to be specified.
- the policy engine function in the server saves the new access rule in a rules database (not shown).
- the server 14 sends a response to the SMP 13 indicating that User-A 11 is allowed to access content-X.
- the SMP 13 returns access to the requested content-X to User-A 11.
- the access rule in step 6 may be obtained from User-B 12 via the social media network, if User-B is logged on or online, for example, and/or using a messaging service, such as e-mail, SMS, MMS.
- a messaging service such as e-mail, SMS, MMS.
- an application within the SMP 13 or an access server may periodically refresh [Refresh] the accessed content and provide same to User-A. Additionally, the server 14 may notify 18 User-B that User-A accessed content-X during the defined period of time and/or attempted to access the content outside the specified period of time.
- Fig. 2 is a message flow diagram illustrating the flow of messages in a second example of the method of the present invention.
- an access rule matching the relationship between User-A 11 and User-B 12 is already stored in a rules database.
- User-A 11 sends a message to the SMP 13 requesting access to User-B's content-X.
- the SMP 13 queries the policy engine function in server 14 to determine whether User-A's access to content-X is allowed.
- the policy engine function in server 14 contacts the AAB 15 to retrieve in step 4 one or more relationships between User-A 11 and User-B 12.
- the policy engine function in server 14 checks the rules database to determine whether there are any access rules matching any of the retrieved relationships.
- the server sends a response to the SMP 13 indicating that User-A
- step 11 is allowed to access content-X.
- the SMP 13 returns access to the requested content-X to User-A 11 in step 10.
- an application within the SMP 13 may periodically refresh [Refresh] the accessed content-X and provide it to User-A 11.
- the policy engine function in server 14 may notify 18 User-B
- Fig. 3 is a message flow diagram illustrating the flow of messages in a third example of the method of the present invention.
- a previously stored access rule matching the relationship between User-A 11 and User-B 12 has expired and may be deleted from the rules database or otherwise be indicated as invalid.
- User-A 11 sends a message to the SMP 13 requesting access to User-B's content-X.
- the SMP 13 queries the server 14 to determine whether User-A's access to content-X is allowed.
- the server 14 contacts the AAB 15 to retrieve one or more relationships between User-A 11 and User-B 12 in step 4.
- the server 14 checks the rules database to determine whether there are any access rules matching any of the relationships.
- the server 14 sends a response to the SMP 13 indicating that User-A's request to access content-X is denied (due to the expiration of the rule).
- the SMP 13 returns no content to User-A 11 , and may notify User-A 11 of a reason [Reason] for the denial (for example, the access period has expired).
- the SMP 13 may return a default content screen to User-A 11.
- the default content screen may be specified by User-B 12 through the rule, or may be pre-programmed in, or determined by, the SMP 13 whenever the server 14 denies a request for access.
- the default content screen may vary depending on the reason for denial.
- the server 14 may notify 18 User-B 12 that User-A 11 attempted to access content-X after expiration of the time period defined by the rule stored in the rules database, and that access was denied.
- Fig. 4 is a message flow diagram illustrating the flow of messages in a fourth example of the method of the present invention.
- User-A 11 sends a message to the SMP 13 requesting access to User-B's content-X.
- the SMP 13 queries the server 14 to determine whether User-A's access to content-X is allowed.
- the policy engine function in the server 14 does not have relationship information between User-A 11 and User-B 12, and thus at step 3, the server 14 contacts the AAB 15 to retrieve one or more relationships between User-A 11 and User-B 12.
- the AAB 15 sends the relationships to the server 14.
- the rules database is checked to determine whether there are any access rules matching any of the retrieved relationships, if any. In this particular scenario, it is assumed that there are no matching rules.
- the server 14 sends a message at step 20 to a Message Server 16, such as an e-mail server and/or an SMS or MMS server, serving User-B 12. Assume an e-mail message is send in step 20.
- the e-mail message includes the relationships between User-A 1 1 and User-B 12, and indicates that User-A 11 has requested access to content-X.
- the e-mail message may also include a link to a web server 17 with instructions for User-B 12 to click on the link and enter one or more access rules to control User-A's access. Because it may take some period of time before User-B 12 responds to the e-mail message 20, the server 14 indicates to the SMP 15 at step 21 that the request is pending. At step 22, the SMP 13 indicates to User-A 11 that there is no content available
- the SMP 13 may return a default content screen to User-A 11.
- the default content screen may be specified by User-B 12 through a particular rule, or may be pre-programmed in, or determined by, the SMP 13 whenever the server 14 indicates there will be a delay processing the request for access 1.
- User-B 12 responds to the e-mail message 20 (for example by clicking on the link provided by this message) and provides an access indicating that User-A 11 is allowed to access content-X for a defined period of time.
- the access rule may also indicate that this rule applies to other users who have the same relationship to User-B, for example.
- a Web Server 17 serving User-B 12 forwards the access rule to the server 14.
- the server 14 saves the rule in the rules database.
- the server 14 sends an e-mail message to the Message Server 16 for delivery to User-A 11 indicating that User-B 12 has granted/denied User-A 11 access to content-X for a specified time period. In the affirmative, within the specified time period, User-A 11 can then request access and view the content-X.
- the server 14 may indicate to User-B 12 via the Web Server 17 that the access rule has been created.
- this information may be requested from the User-B 12 in the same manner, for example, as illustrated in Fig. 4 with message 20.
- User-B 12 may create a relationship in the AAB 15, such that the request 1 can be further processed as illustrated above.
- User-A 11 may receive a message indicating the reason for not providing access, in the same manner as illustrated with reference to Fig. 4, for example.
- Fig. 5 is a simplified block diagram of an example of the server 14 of the present invention comprising the policy engine function.
- the policy engine function is comprised by a Relationship Retrieval Unit 32, a Matching Unit 33, a Rules Retrieval Unit 34 and an Access Granting Unit 36.
- a User-A communication unit 31 receives the access request from the SMP 13 and passes it to the Relationship Retrieval Unit 32 and the Matching Unit 33.
- the Relationship Retrieval Unit 32 retrieves the relationships between User-A and User-B from the AAB 15 or an internal database 40, indicated in dashed lines, and sends the relationships to the Matching Unit 33.
- the Matching Unit 33 determines from a Rules Database 35 or an Active Rules Book, which may be located in the AAB 15, whether there are access rules that match the relationships. If not, the Matching Unit requests the Rules Retrieval Unit 24 to retrieve access rules from User-B. As noted above, this may be done directly with User-B 12 if User-B is online or through the Message Server 16 if User-B is off line.
- the access rules are received either directly from User-B 12 if User-B is online or through the Web Server 17 when User-B logs on after being off line.
- the Rules Retrieval Unit 34 stores the access rules in the Rules Database 35 and the Matching Unit 33 accesses them to determine if there are access rules matching the relationships.
- the Matching Unit 33 sends a result to the Access Granting Unit 36 indicating whether there is an access rule matching the relationships.
- the Access Granting Unit 36 may have access to a Timer 37 for determining whether the time period specified in the access rule has expired. This Timer 37 may be configured for checking whether a particular time duration wherein access is allowed, such as one hour, one day, one week or the like, from the start of a first access, for example, has been expired, and/or comprising a calendar function for checking a particular time of the day, a particular day or days of a week and the like. If the access rule allows access to the requested content-X, and the specified time period has not expired, the access granting unit sends an "Allowed" indication to the User- A Communication Unit 31 , which forwards the Allowed indication to the SMP 13.
- the Access granting unit sends a "Denied" indication to the User-A Communication Unit 31 , which forwards the Denied indication to the SMP 13.
- the overall operation of the server 14 may be controlled by a common processor 38 executing computer program instructions stored in a memory 39. This control operation is schematically indicated by arrow 41.
- the server 14 may be implemented in hardware, firmware, or a combination of software, hardware, and firmware.
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Multimedia (AREA)
- Theoretical Computer Science (AREA)
- Computer Graphics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
A method, server, and system for granting a first user (11) temporary access to a electronic content of a second user (12) in a social media network. The server (14) receives a request (1) originating from the first user (11) to access the second user's content. A policy engine functions in the server (14) retrieves (3) from a relationship database (15) relationship information (4) regarding a relationship between the two users (11, 12). If an access rule (5) matching the relationship information is stored in the server (14), the policy engine function applies the access rule to control access by the first user (11) for a period of time specified in the rule. If an access rule is not stored, the policy engine function in the server (14) obtains (6) the access rule from the second user (12).
Description
Title
Method, server and system for granting temporary access to electronic content. Background
The present invention relates to information management systems. More particularly, the present invention is directed to a system, method, and server for granting an identified user temporary access to another user's electronic content.
Technical Field
An example of electronic content is social content such as videos, photographs, status messages, and the like which individuals store in online storage facilities of a so- called social media network.
In prior art information management systems and social media networks the individual can access his own social electronic content, but others cannot access this content without permission. When an individual desires to share some of his or her social electronic content with others, existing social media network systems grant access on a permanent basis. This is acceptable if the individual desires to share the content between friends and family. However, for other contacts such as business or professional contacts, the individual may not desire to permanently share the social electronic content. Summary
The present invention solves this problem with a system, method, and server for granting an identified user temporary access to protected electronic content. The permission granted to the identified user, in addition to the time period, also defines the scope of what content he or she is permitted to access.
In one embodiment, the present invention is directed to a method of granting a first user temporary access to a second user's electronic content in a social media network. The method comprises receiving, by a server, a request originating from a first user of the
plurality of users to access electronic user content of a second user of the plurality of users. A policy engine function comprised in the server processes the request by performing the steps of: retrieving relationship information specifying a particular type of relationship between the first and the second user; applying an access rule matching the relationship information, the access rule specifying a period of time the electronic user content of the second user is available for the first user. When the specified period of time has not expired, the policy engine function grants the first user temporary access to the second user's electronic content. When the specified period of time has expired, the policy engine function denies the first user access to the second user's electronic content.
The server can be any type of processor controlled server, such as a server in a switching node or control node or elsewhere in a telecommunications system, performing operations related to the telecommunications system. The server may also be a dedicated server such as a Policy Engine connected to or connectable by the telecommunications systems or an other data processing system, for processing social media content in a social media network.
The period of time wherein access is allowed may be specified as a particular time duration wherein access is allowed, such as one hour, one day, one week or the like, from the start of a first access, for example, but also during a particular time of the day, a particular day or days of a week and the like, or combinations of both, for example.
The user content may be stored or available from remote online storage facilities such as accessible by an access server or servers of the social media network.
In an example, besides a particular period of time, an access rule may specify which content or how much of the second user's electronic content is permitted to access by the first user, and the step of allowing includes restricting access to this permitted content. With such an access rule, a user may specify what particular part of his electronic content or what particular type files and the like is accessible to a particular first user.
The skilled person will appreciate that other access rules may be defined and applicable, specifying further criteria for permitting access to a user's electronic content.
The relationship information may identify a particular user to whom temporarily access is granted to the second user's electronic content. In a further example the relationship information comprises at least one identifiable characteristic and wherein the method further comprises retrieving, by the policy engine function, the at least one identifiable characteristic of a first user and allowing each first user having the identifiable characteristic access to the second user's electronic content for the specified period of time.
The identifiable characteristic may be any such as an identifier identifying users of a particular group, such as employees of a same company, members of a same association, and the like.
The relationship information may be stored in an internal database in the server, in an Active Address Book storage or database external or remote from the server, and/or included in a request from a user.
The access rule or rules by the second user may be stored and available from an internal database in the server and/or in a remote storage or database such as an Active Rules Book, which may be incorporated with the Active Address Book, for example.
The databases storing the relationship information and access rule or rules are accessible, either directly or indirectly, by the users of the social media network for generating or specifying and applying their individual preferences. In an example, instead of or in addition to storing access rules in a network database, the method provides for obtaining an access rule from the second user directly, via a messaging service, such as an e-mail service, a short messaging service, SMS, a multimedia messaging service, MMS, or a messaging service provided by the social media network, for example.
First it may be determined by the policy engine function whether an access rule matching the relationship information is stored in a database available for or located in the server. When there is not an access rule matching the relationship information stored in the server or an other database, the second user is prompted by the policy engine
function to provide an access rule. The second user may, for example, visit a special web site provided by the social media network for specifying an access rule, or may provide an access rule by return e-mail, SMS, MMS, or the like. Preferably, the second user is prompted via the social media network if the second user is/connected or online with the social media network. In such a case the second user preferably replies via the social media network. If the second user is not online, any of an e-mail, SMS or MMS message may be forwarded to the second user and the second user may reply by logging in to the social media network or by responding with a return e-mail, SMS, MMS message or the like.
The first user may be informed of the granted access. In an example, when the specified period of time has not expired, a response is send to the first user indicating that the content is available to the first user. When the specified period of time has expired, a response is send to the first user indicating that the content is no longer available. This response may be forwarded via the social media network or an other messaging service available to the first user, such as e-mail, SMS or MMS.
In an other example, the policy engine function sends to the second user a notification of the first user's access to the second user's electronic content during the specified period of time and/or a notification that the first user attempted to access the second user's electronic content after the specified period of time expired. This notification may be forwarded via the social media network or an other messaging service available to the second user, such as e-mail, SMS or MMS.
In a social media network, users often add and remove content. To take this into account, in a further example, when the first user is granted access to the second user's content, controlled by an access server, for example, at least the content of a second user to which first users are permitted access to is periodically refreshed by the access server and the first user is provided access to the refreshed content.
In another embodiment, the present invention is directed to a server for controlling access to electronic user content in a social media network comprising a plurality of users and arranged for sharing electronic user content amongst the plurality of users. The
server comprises a communication unit arranged for receiving a request originating from a first user to access electronic user content of a second user of the plurality of users. A relationship retrieval unit, arranged for retrieving relationship information specifying a particular type of relationship between the first and the second user. A matching unit, arranged for applying an access rule matching the relationship information, the access rule specifying a period of time the electronic user content of the second user is available for the first user. A timer arranged for determining whether the specified period of time has expired. An access granting unit, arranged for allowing the first user access to the second user's electronic content when the specified period of time has not expired and arranged for denying the first user access to the second user's electronic content when the specified period of time has expired.
To inform the first user of the granted access, in an example, when the specified period of time has not expired, the communication unit sends a response toward the first user indicating that the content is available to the first user. When the specified period of time has expired, the communication unit sends a response toward the first user indicating that the content is no longer available. This response may be forwarded via the social media network or an other messaging service available to the users, such as e-mail, SMS or MMS.
In an example, the access granting unit is arranged for allowing restricted access to the second user's electronic content specified by the access rule. The restriction applies to a particular part of the second user's electronic content, i.e. how much of the second user's content the first user is allowed to access, or what particular type files and the like is accessible to a first user.
In an other example, the first user has at least one identifiable characteristic, and the relationship retrieval unit is arranged for retrieving the identifiable characteristic of the first user, and wherein the access granting unit is arranged for allowing each first user having the identifiable characteristic access to the second user's electronic content for the specified period of time.
For retrieving the relationship information, the relationship retrieval unit, in an example, is arranged for retrieving the relationship information from an internal database
of the server and/or an Active Address Book storage or database external to the server and/or the request.
For retrieving an access rule, the server, in an example, comprises a rule retrieval unit, arranged for obtaining the access rule from the second user and/or an internal rules database of the server for storing access rules and/or an Active Rules Book storage or database which may be incorporated with the Active Address Book external to the server.
When there is not an access rule matching the relationship information stored within a rules database, the rule retrieval unit is arranged for obtaining the access rule from the second user. To this end a messaging service may be applied and the rule retrieval unit is configured to obtain the access rule from the second user through any or all of the social media network, by e-mail, SMS, MMS, or the like, by an intermediate message server and/or web server. Such messages may be communicated by the communication unit of the server.
In an example, the communication unit is configured for sending to for sending to the second user, a notification of the first user's access to the second user's electronic content during the specified period of time and/or a notification that the first user attempted to access the second user's content after the specified period of time expired.
In a further embodiment, the present invention is directed to a system for controlling access to electronic user content in a social media network comprising a Social Media Portal, SMP, accessible from a telecommunications network and arranged for sharing electronic user content amongst a plurality of users. The system comprises a server in communication with the SMP and arranged for applying access rules for controlling access to the electronic user content. The SMP includes a unit for forwarding to the server a request originating from a first user to access electronic user content of a second user of the plurality of users. The server includes a communication unit arranged for receiving the request; a relationship retrieval unit arranged for retrieving relationship information specifying a particular type of relationship between the first and the second user; a matching unit, arranged for applying an access rule matching the relationship information, the access rule specifying a period of time the electronic user content of the second user is available for the first user; a timer arranged for determining whether the
specified period of time has expired, and an access granting unit. The access granting unit being arranged for allowing the first user access to the second user's electronic content when the specified period of time has not expired and arranged for denying the first user access to the second user's electronic content when the specified period of time has expired. The communication unit is further arranged for sending a response from the access granting unit to the SMP allowing or denying the first user access to the second user's electronic content.
In the following section, the invention will be described with reference to exemplary embodiments illustrated in the enclosed figures.
Brief description of the drawings
Fig. 1 is a message flow diagram illustrating the flow of messages in a first example of the method of the present invention;
Fig. 2 is a message flow diagram illustrating the flow of messages in a second example of the method of the present invention; Fig. 3 is a message flow diagram illustrating the flow of messages in a third example of the method of the present invention;
Fig. 4 is a message flow diagram illustrating the flow of messages in a fourth example of the method of the present invention; and
Fig. 5 is a simplified block diagram of an example of a server of the present invention.
Detailed description
In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific
details. In other instances, well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the present invention.
The invention is explained below in the context of a scenario in which an individual tells his customer about his vacation, and the customer wants to see the individual's vacation photographs. The photographs are stored by an online storage service. The individual would like to share the photographs, but does not want to give the customer permanent access to all of his photographs, and would like to grant access for a limited duration. It should be understood that the present invention is not limited to electronic social content such as vacation photographs or to customers only. The inventive concepts can be applied to any kind of protected electronic content and to any kind of contacts and relationships in a social media network.
Two main scenarios are described herein. Both scenarios assume two users, User-A or first user who wants access to the electronic content, and User-B or second user who is the owner of the electronic content. In a first scenario, both users are online. User-B can directly grant or deny temporary access by defining an access rule; and User- A can directly obtain temporary access to the content. In a second scenario, User-B is not online, and therefore cannot directly grant or deny the requested access.
Fig. 1 is a message flow diagram illustrating the flow of messages in a first example of the method of the present invention. The figure illustrates User-A 1 1 and User- B 12 as well as three network nodes referred to as a Social Media Portal (SMP) 13, a server 14, and an Active Address Book (AAB) 15. The SMP 13, for example available from Ericsson, together with an open-standard initiative referred to as "the Pixl8r initiative", offers simplified sharing of user-generated content between users across diverse networks.
The Pixl8r initiative is an open-standard solution that enables photo sharing sites to interact in real time. With Pixl8r, mobile users can easily share social media across different operator portals and receive SMS notifications of the activities of other users regardless of the network type. Pixl8r creates a federation of community portals that can connect the world's approximately four billion mobile users. With Ericsson's SMP acting as an access server and browser, users can connect to the social web using any mobile
phone. The solution does not require client downloads, and enables posting and accessing of real-time, user-generated content to diverse internet communities. Content is automatically backed up on a community portal that offers personal storage, synchronization, unified messaging, and services for sharing content such as photos and videos with friends and family.
In practical situation the server 14 may be implemented as a stand alone server, or may be integrated in a dedicated policy server, a Policy Engine, or any other type of server connected to the social media network and accessible from a telecommunications network.
The AAB 15 provides intelligent and automated centralized contact management for mobile users. The AAB enables users to create and publish their personal information to an online address book that automatically updates contact information when a contact in the address book publishes new contact information. Users can search, add, edit, and delete contacts using an AAB web portal. Flexible privacy levels let subscribers decide what information to share and with whom. The AAB works with native address books in existing mobile phones and can support IMS-enabled devices, web, and PC clients. Integrating the AAB with directories, Internet accounts, or social networking sites enables users to search and add more contacts to the address book.
The AAB thus provides a relationship database identifying relationships between each pair of users having a record in the AAB. The relationship information specifies a particular type or types of relationship between a pair of users.
A policy engine function in the server 14 retrieves relationships between various users from the AAB 15, and retrieves and stores access rules from each user defining for how long content is available to each user and possibly what content is available to other users.
The policy engine function in the server 14 may also retrieve relationship information from other type of sources, for example an internal database 40 in the server 14 or in the originating request itself, as will be explained in more detail below.
In Fig. 1 , at step 1 , User-A 11 sends a message to the SMP 13 requesting access to User-B's content-X. For example, this may be a friend or customer requesting to see User-B's vacation photographs. At step 2, the SMP queries the policy engine function in server 14 to determine whether User-A's access to content-X is allowed. The server has no relationship information between User-A and User-B, and thus at step 3, the policy engine function in server 14 contacts the AAB 15 to retrieve one or more relationships between User-A 11 and User-B 12. At step 4, the AAB 15 sends the relationships to the server 14. At step 5, the policy engine function in server 14 checks a rules database, which may be implemented internally or externally to the server, to determine whether there are any access rules matching any of the relationships. In this particular scenario, it is assumed that there are no matching rules. Thus, at step 6, the policy engine function in the server sends an access request message to User-B 12. The access request message includes the relationships between User-A and User-B, and indicates that User-A 11 has requested access to content-X.
At step 7, User-B 12 provides an access rule to the server 14 indicating that User- A 11 is allowed to access content-X for a defined period of time. The access rule may also indicate, for example, that this rule applies to other users who have the same relationship to User-B. For example, all of User-B's family members or all of User-B's customers may be granted access to User-B's vacation photographs for a week or any other period of time to be specified. At step 8, the policy engine function in the server saves the new access rule in a rules database (not shown). At step 9, the server 14 sends a response to the SMP 13 indicating that User-A 11 is allowed to access content-X. At step 10, the SMP 13 returns access to the requested content-X to User-A 11.
The access rule in step 6 may be obtained from User-B 12 via the social media network, if User-B is logged on or online, for example, and/or using a messaging service, such as e-mail, SMS, MMS.
Once access is granted, an application within the SMP 13 or an access server may periodically refresh [Refresh] the accessed content and provide same to User-A. Additionally, the server 14 may notify 18 User-B that User-A accessed content-X during
the defined period of time and/or attempted to access the content outside the specified period of time.
Fig. 2 is a message flow diagram illustrating the flow of messages in a second example of the method of the present invention. In this embodiment, an access rule matching the relationship between User-A 11 and User-B 12 is already stored in a rules database. Thus, at step 1 , User-A 11 sends a message to the SMP 13 requesting access to User-B's content-X. At step 2, the SMP 13 queries the policy engine function in server 14 to determine whether User-A's access to content-X is allowed. At step 3, the policy engine function in server 14 contacts the AAB 15 to retrieve in step 4 one or more relationships between User-A 11 and User-B 12. At step 5, the policy engine function in server 14 checks the rules database to determine whether there are any access rules matching any of the retrieved relationships. In this particular scenario, it is assumed that there is a matching rule. In particular it is indicated that the relationship is based on an identifiable characteristic 19 of User-A 1 , and that User-B 12 has specified a rule that all users having this identifiable characteristic, such as a particular identity, are allowed to have access to the content-X.
Thus, at step 9, the server sends a response to the SMP 13 indicating that User-A
11 is allowed to access content-X. At step 6, the SMP 13 returns access to the requested content-X to User-A 11 in step 10. Once again, when access is granted, an application within the SMP 13 may periodically refresh [Refresh] the accessed content-X and provide it to User-A 11. Additionally, the policy engine function in server 14 may notify 18 User-B
12 that User-A 11 accessed content-X during the time period defined by the particular rule stored in the rules database.
Fig. 3 is a message flow diagram illustrating the flow of messages in a third example of the method of the present invention. In this embodiment, a previously stored access rule matching the relationship between User-A 11 and User-B 12 has expired and may be deleted from the rules database or otherwise be indicated as invalid. Thus, at step 1 , User-A 11 sends a message to the SMP 13 requesting access to User-B's content-X.
At step 2, the SMP 13 queries the server 14 to determine whether User-A's access to content-X is allowed. At step 3, the server 14 contacts the AAB 15 to retrieve one or more relationships between User-A 11 and User-B 12 in step 4. At step 5, the server 14 checks the rules database to determine whether there are any access rules matching any of the relationships. In this particular scenario, it is assumed that there is a matching rule, but the rule, and thus the authorized time period for access, has expired. Thus, at step 26, the server 14 sends a response to the SMP 13 indicating that User-A's request to access content-X is denied (due to the expiration of the rule). At step 27, the SMP 13 returns no content to User-A 11 , and may notify User-A 11 of a reason [Reason] for the denial (for example, the access period has expired).
Alternatively, when the rule has expired, the SMP 13 may return a default content screen to User-A 11. The default content screen may be specified by User-B 12 through the rule, or may be pre-programmed in, or determined by, the SMP 13 whenever the server 14 denies a request for access. The default content screen may vary depending on the reason for denial. Additionally, the server 14 may notify 18 User-B 12 that User-A 11 attempted to access content-X after expiration of the time period defined by the rule stored in the rules database, and that access was denied. Fig. 4 is a message flow diagram illustrating the flow of messages in a fourth example of the method of the present invention. In this embodiment, there is no matching rule for the relationship between User-A 11 and User-B 12 stored in the rules database, and User-B 12 is currently off-line, i.e. not logged on or available from the social media network. At step 1 , User-A 11 sends a message to the SMP 13 requesting access to User-B's content-X. At step 2, the SMP 13 queries the server 14 to determine whether User-A's access to content-X is allowed. Assume that the policy engine function in the server 14 does not have relationship information between User-A 11 and User-B 12, and thus at step 3, the server 14 contacts the AAB 15 to retrieve one or more relationships between User-A 11 and User-B 12. At step 4, the AAB 15 sends the relationships to the server 14.
At step 5, the rules database is checked to determine whether there are any access rules matching any of the retrieved relationships, if any. In this particular scenario, it is assumed that there are no matching rules. Since User-B 12 is off-line, the server 14
sends a message at step 20 to a Message Server 16, such as an e-mail server and/or an SMS or MMS server, serving User-B 12. Assume an e-mail message is send in step 20. The e-mail message includes the relationships between User-A 1 1 and User-B 12, and indicates that User-A 11 has requested access to content-X. The e-mail message may also include a link to a web server 17 with instructions for User-B 12 to click on the link and enter one or more access rules to control User-A's access. Because it may take some period of time before User-B 12 responds to the e-mail message 20, the server 14 indicates to the SMP 15 at step 21 that the request is pending. At step 22, the SMP 13 indicates to User-A 11 that there is no content available
(yet), and may provide a reason [Reason] for the delay. Once again, the SMP 13 may return a default content screen to User-A 11. The default content screen may be specified by User-B 12 through a particular rule, or may be pre-programmed in, or determined by, the SMP 13 whenever the server 14 indicates there will be a delay processing the request for access 1.
At step 23, User-B 12 responds to the e-mail message 20 (for example by clicking on the link provided by this message) and provides an access indicating that User-A 11 is allowed to access content-X for a defined period of time. The access rule may also indicate that this rule applies to other users who have the same relationship to User-B, for example. At step 7, a Web Server 17 serving User-B 12 forwards the access rule to the server 14. At step 8, the server 14 saves the rule in the rules database. At step 24, the server 14 sends an e-mail message to the Message Server 16 for delivery to User-A 11 indicating that User-B 12 has granted/denied User-A 11 access to content-X for a specified time period. In the affirmative, within the specified time period, User-A 11 can then request access and view the content-X. At step 25, the server 14 may indicate to User-B 12 via the Web Server 17 that the access rule has been created.
Once the rule has been received with the server 14 in step 7, it will be appreciated that the policy engine function in server 14 will proceed to grant access to the content-X to User-A 11 as illustrated above with reference to steps 9 and 10 in Figs. 1 , 2.
If no relationship information can be retrieved by the policy engine function from the AAB 15, this information may be requested from the User-B 12 in the same manner,
for example, as illustrated in Fig. 4 with message 20. User-B 12 may create a relationship in the AAB 15, such that the request 1 can be further processed as illustrated above. User-A 11 may receive a message indicating the reason for not providing access, in the same manner as illustrated with reference to Fig. 4, for example.
Fig. 5 is a simplified block diagram of an example of the server 14 of the present invention comprising the policy engine function. In this particular example, the policy engine function is comprised by a Relationship Retrieval Unit 32, a Matching Unit 33, a Rules Retrieval Unit 34 and an Access Granting Unit 36.
A User-A communication unit 31 receives the access request from the SMP 13 and passes it to the Relationship Retrieval Unit 32 and the Matching Unit 33. The Relationship Retrieval Unit 32 retrieves the relationships between User-A and User-B from the AAB 15 or an internal database 40, indicated in dashed lines, and sends the relationships to the Matching Unit 33. The Matching Unit 33 determines from a Rules Database 35 or an Active Rules Book, which may be located in the AAB 15, whether there are access rules that match the relationships. If not, the Matching Unit requests the Rules Retrieval Unit 24 to retrieve access rules from User-B. As noted above, this may be done directly with User-B 12 if User-B is online or through the Message Server 16 if User-B is off line. The access rules are received either directly from User-B 12 if User-B is online or through the Web Server 17 when User-B logs on after being off line.
The Rules Retrieval Unit 34 stores the access rules in the Rules Database 35 and the Matching Unit 33 accesses them to determine if there are access rules matching the relationships. The Matching Unit 33 sends a result to the Access Granting Unit 36 indicating whether there is an access rule matching the relationships. The Access Granting Unit 36 may have access to a Timer 37 for determining whether the time period specified in the access rule has expired. This Timer 37 may be configured for checking whether a particular time duration wherein access is allowed, such as one hour, one day, one week or the like, from the start of a first access, for example, has been expired, and/or comprising a calendar function for checking a particular time of the day, a particular day or days of a week and the like.
If the access rule allows access to the requested content-X, and the specified time period has not expired, the access granting unit sends an "Allowed" indication to the User- A Communication Unit 31 , which forwards the Allowed indication to the SMP 13.
If there is no access rule matching the relationships, or the matching rule does not allow access to the requested content, or the matching rule has expired, the Access granting unit sends a "Denied" indication to the User-A Communication Unit 31 , which forwards the Denied indication to the SMP 13.
The overall operation of the server 14 may be controlled by a common processor 38 executing computer program instructions stored in a memory 39. This control operation is schematically indicated by arrow 41. Alternatively, the server 14 may be implemented in hardware, firmware, or a combination of software, hardware, and firmware.
As will be recognized by those skilled in the art, the innovative concepts described in the present application can be modified and varied over a wide range of applications. Accordingly, the scope of patented subject matter should not be limited to any of the specific exemplary teachings discussed above, but is instead defined by the following claims.
Claims
1. A method of granting access to electronic user content (10) in a social media network comprising a plurality of users (11 ; 12) and arranged for sharing electronic user content (10) amongst said plurality of users (11 ; 12), said method comprising the steps of: receiving, by a server (14), a request (1 ; 2) originating from a first user (11 ) of said plurality of users (11 ; 12) to access electronic user content (10) of a second user (12) of said plurality of users (11 ; 12);
processing said request by a policy engine function comprised in said server (14), said policy engine function performing the further steps of:
retrieving relationship information (3, 4) specifying a particular type of relationship between said first (1 1) and said second user (12);
applying an access rule (5; 8) matching said relationship information (4), said access rule (5; 8) specifying a period of time said electronic user content (10) of said second user (12) is available for said first user (11 ), wherein
when said specified period of time has not expired, said policy engine function allowing (9) said first user (11 ) access to said second user's electronic content (10); and when said specified period of time has expired, said policy engine function denying (26) said first user (11) access to said second user's electronic content (10).
2. The method as recited in claim 1 , wherein said access rule (5; 8) further specifies which content (10) of said second user's electronic content (10) said first user (11) is permitted to access, and said step of allowing (9) includes allowing access to said permitted content (10).
3. The method as recited in any of the previous claims, wherein said relationship information comprises at least one identifiable characteristic (19) and wherein said method further comprises retrieving, by said policy engine function, said at least one identifiable characteristic (19) of said first user (11) and allowing (9) each first user (1 1) having said identifiable characteristic (19) access to said second user's electronic content (10) for said specified period of time.
4. The method as recited in any of the previous claims, wherein said step of retrieving relationship information (3, 4) includes retrieving said relationship information (3, 4) from one of an internal database (40) in said server (14), an Active Address Book (15), and said request (1 ; 2).
5. The method as recited in any of the previous claims, further comprising obtaining, by said policy engine function, said access rule (5; 8) from one of said second user (12), an internal database (35) in said server (14), and an Active Rules Book (15).
6. The method as recited in claim 5, wherein said access rule (5; 8) is obtained from said second user (12) via a messaging service (20).
7. The method as recited in any of the previous claims, further comprising notifying (18) said second user (12) that said first user (11) performed at least one of accessing said second user's content (10) during said specified period of time, and attempting to access said second user's electronic content (10) after said specified period of time expired.
8. A server (14) for controlling access to electronic user content (10) in a social media network comprising a plurality of users (11 ; 12) and arranged for sharing electronic user content (10) amongst said plurality of users (11 ; 12), said server comprising:
- a communication unit (31), arranged for receiving a request (1 ; 2) originating from a first user (11) to access electronic user content (10) of a second user (12) of said plurality of users (11 ; 12);
a relationship retrieval unit (32), arranged for retrieving relationship information (3, 4) specifying a particular type of relationship between said first (11 ) and said second user (12);
a matching unit (33), arranged for applying an access rule (5; 8) matching said relationship information (4), said access rule (5; 8) specifying a period of time said electronic user content (10) of said second user ( 2) is available for said first user (11); a timer (37), arranged for determining whether said specified period of time has expired; and
an access granting unit (36), arranged for allowing (9) said first user (11) access to said second user's electronic content (10) when said specified period of time has not expired (37) and arranged for denying (26) said first user (11) access to said second user's electronic content (10) when said specified period of time has expired (37).
9. The server (14) as recited in claim 8, wherein said access granting unit (36) is arranged for allowing (9) restricted access to said second user's electronic content (10) specified by said access rule (5; 8).
10. The server (14) as recited in claim 8 or 9, wherein said relationship information comprises at least one identifiable characteristic (19), and wherein said relationship retrieval unit (32) is arranged for retrieving said identifiable characteristic (19) of said first user (1 ), and wherein said access granting unit (36) is arranged for allowing (9) each first user (11) having said identifiable characteristic (19) access to said second user's electronic content (10) for said specified period of time.
11. The server (14) as recited in any of the claims 8 - 10, wherein said relationship retrieval unit (32) is arranged for retrieving said relationship information (4) from one of an internal database (40) of said server, an Active Address Book (15), and said request (1 ; 2).
12. The server (14) as recited in any of the claims 8 - 10, further comprising a rule retrieval unit (32), arranged for obtaining said access rule (5; 8) from one of said second user (12), an internal database (35) of said server and an Active Rules Book (15).
13. The server (14) as recited in claim 12, wherein said rule retrieval unit (32) is arranged for obtaining said access rule (5; 8) from said second user (12) via a messaging service (20).
14. The server (14) as recited in any of the claims 8 - 13, further comprising a communication unit arranged for sending to said second user (12), a notification (18) that said first user (11) performed at least one of accessing said second user's content (10) during said specified period of time, and attempting to access said second user's electronic content (10) after said specified period of time expired.
15. A system for controlling access to electronic user content (10) in a social media network comprising a Social Media Portal, SMP, (13) arranged for sharing electronic user content (10) amongst a plurality of users (11 ; 12), said system comprising a server (14) in communication with said SMP (13) and arranged for applying access rules (5; 8) for controlling access to said electronic user content (10), wherein said SMP (13) includes a unit for forwarding to said server (14) a request (1 ; 2) originating from a first user (11) to access electronic user content (10) of a second user (12) of said plurality of users (11 ; 12), and wherein said server (14) includes:
a communication unit (31), arranged for receiving said request (1 ; 2);
a relationship retrieval unit (32), arranged for retrieving relationship information (3, 4) specifying a particular type of relationship between said first and said second user (12); a matching unit (33), arranged for applying an access rule (5; 8) matching said relationship information (4), said access rule (5; 8) specifying a period of time said electronic user content (10) of said second user (12) is available for said first user (11); a timer (37) arranged for determining whether said specified period of time has expired;
an access granting unit (36), arranged for allowing (9) said first user (11) access to said second user's electronic content (10) when said specified period of time has not expired (37) and arranged for denying (26) said first user (11) access to said second user's electronic content (10) when said specified period of time has expired (37), wherein said communication unit (31 ) is further arranged for sending a response from said access granting unit (36) to said SMP (13) allowing (9) or denying (26) said first user (11) access to said second user's electronic content (10).
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP11728782.1A EP2586171B1 (en) | 2010-06-25 | 2011-06-27 | Method, server and system for granting temporary access to electronic content |
CN201180031490.6A CN102959922B (en) | 2010-06-25 | 2011-06-27 | Method, server and system for granting temporary access to electronic content |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/823,304 US8931034B2 (en) | 2010-06-25 | 2010-06-25 | System, method, and policy engine for granting temporary access to electronic content |
US12/823,304 | 2010-06-25 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011160855A1 true WO2011160855A1 (en) | 2011-12-29 |
Family
ID=44627716
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2011/003151 WO2011160855A1 (en) | 2010-06-25 | 2011-06-27 | Method, server and system for granting temporary access to electronic content |
Country Status (4)
Country | Link |
---|---|
US (1) | US8931034B2 (en) |
EP (1) | EP2586171B1 (en) |
CN (1) | CN102959922B (en) |
WO (1) | WO2011160855A1 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2014025809A1 (en) * | 2012-08-06 | 2014-02-13 | Intralinks, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment |
US9069436B1 (en) | 2005-04-01 | 2015-06-30 | Intralinks, Inc. | System and method for information delivery based on at least one self-declared user attribute |
US9083728B1 (en) | 2012-03-06 | 2015-07-14 | Tal Lavian | Systems and methods to support sharing and exchanging in a network |
US9148417B2 (en) | 2012-04-27 | 2015-09-29 | Intralinks, Inc. | Computerized method and system for managing amendment voting in a networked secure collaborative exchange environment |
US9251360B2 (en) | 2012-04-27 | 2016-02-02 | Intralinks, Inc. | Computerized method and system for managing secure mobile device content viewing in a networked secure collaborative exchange environment |
US9253176B2 (en) | 2012-04-27 | 2016-02-02 | Intralinks, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment |
US9514327B2 (en) | 2013-11-14 | 2016-12-06 | Intralinks, Inc. | Litigation support in cloud-hosted file sharing and collaboration |
US9553860B2 (en) | 2012-04-27 | 2017-01-24 | Intralinks, Inc. | Email effectivity facility in a networked secure collaborative exchange environment |
US9613190B2 (en) | 2014-04-23 | 2017-04-04 | Intralinks, Inc. | Systems and methods of secure data exchange |
US10033702B2 (en) | 2015-08-05 | 2018-07-24 | Intralinks, Inc. | Systems and methods of secure data exchange |
Families Citing this family (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7725525B2 (en) * | 2000-05-09 | 2010-05-25 | James Duncan Work | Method and apparatus for internet-based human network brokering |
US9519613B2 (en) * | 2009-02-02 | 2016-12-13 | Asurion, Llc | Method for integrating applications in an electronic address book |
US20110321147A1 (en) * | 2010-06-28 | 2011-12-29 | International Business Machines Corporation | Dynamic, temporary data access token |
US9947031B2 (en) * | 2011-12-16 | 2018-04-17 | Facebook, Inc. | Content access management in a social networking system for locally stored content |
US9286642B2 (en) * | 2011-12-16 | 2016-03-15 | Facebook, Inc. | Content access management in a social networking system for externally stored content |
EP2819088A4 (en) * | 2012-02-20 | 2015-10-28 | Nec Corp | Server device, information disclosure control method, and recording medium |
US20130227101A1 (en) * | 2012-02-27 | 2013-08-29 | Verizon Patent And Licensing, Inc. | Method and system for providing transaction management in a request-oriented service architecture |
US20130227143A1 (en) * | 2012-02-27 | 2013-08-29 | Verizon Patent And Licensing Inc. | Method and system for providing transaction management in a request-oriented service architecture using meta-models |
US20130282812A1 (en) * | 2012-04-24 | 2013-10-24 | Samuel Lessin | Adaptive audiences for claims in a social networking system |
US10325323B2 (en) | 2012-04-24 | 2019-06-18 | Facebook, Inc. | Providing a claims-based profile in a social networking system |
US9978106B2 (en) * | 2012-04-24 | 2018-05-22 | Facebook, Inc. | Managing copyrights of content for sharing on a social networking system |
WO2013160539A1 (en) * | 2012-04-27 | 2013-10-31 | Nokia Corporation | Method and apparatus for privacy protection in images |
EP2675136A1 (en) * | 2012-06-11 | 2013-12-18 | Grand City Hotels GmbH | Method for enabling contact via a virtual communication platform and communication system |
US9331966B2 (en) * | 2012-07-06 | 2016-05-03 | Empire Technology Development Llc | Processing connection request in online service |
US20140067909A1 (en) * | 2012-08-29 | 2014-03-06 | Telefonaktiebolaget L M Ericsson (Publ) | Sharing social network feeds via proxy relationships |
EP2743860A1 (en) * | 2012-12-12 | 2014-06-18 | Alcatel-Lucent | Method of protecting data stored in an electronic database |
US9400999B2 (en) | 2013-03-15 | 2016-07-26 | Proofpoint, Inc. | Detecting, classifying, and enforcing policies on social networking activity |
CN103327100B (en) * | 2013-06-21 | 2017-04-19 | 华为技术有限公司 | Resource processing method and site server |
US10033684B2 (en) | 2013-08-16 | 2018-07-24 | Nexgate, Inc. | Classifying social entities and applying unique policies on social entities based on crowd sourced data |
US9918037B2 (en) | 2014-01-31 | 2018-03-13 | Thomson Licensing | Multi-tier color look-up table (LUT) database system |
US9454787B1 (en) * | 2014-03-04 | 2016-09-27 | Stephen M. Dorr | Secure membership data sharing system and associated methods |
US9979644B2 (en) | 2014-07-13 | 2018-05-22 | Cisco Technology, Inc. | Linking to content using information centric networking |
US9935964B2 (en) * | 2014-10-08 | 2018-04-03 | Oracle Financial Services Software Limited | Access control for objects having attributes defined against hierarchically organized domains containing fixed number of values |
US10057229B2 (en) * | 2015-06-05 | 2018-08-21 | Microsoft Technology Licensing, Llc | Seamless viral adaption |
US10122774B2 (en) * | 2015-06-29 | 2018-11-06 | Microsoft Technology Licensing, Llc | Ephemeral interaction system |
US9843546B2 (en) | 2015-07-23 | 2017-12-12 | International Business Machines Corporation | Access predictions for determining whether to share content |
CN105426743B (en) * | 2015-10-28 | 2020-08-11 | 腾讯科技(深圳)有限公司 | Account authority authorization method, account login method, server and client |
CN105337974B (en) * | 2015-10-28 | 2020-06-23 | 腾讯科技(深圳)有限公司 | Account authorization method, account login method, account authorization device and client |
US9848223B2 (en) | 2016-03-15 | 2017-12-19 | Adobe Systems Incorporated | Automatically determining restored availability of multi-channel media distributors for authentication or authorization |
US9641880B1 (en) * | 2016-03-15 | 2017-05-02 | Adobe Systems Incorporated | Automatically identifying reduced availability of multi-channel media distributors for authentication or authorization |
CN107426134A (en) * | 2016-05-23 | 2017-12-01 | 上海神计信息系统工程有限公司 | A kind of access control method based on relation |
US10896473B2 (en) | 2016-06-08 | 2021-01-19 | Proofpoint, Inc. | Detection and prevention of fraudulent activity on social media accounts |
CN107079034B (en) * | 2016-11-15 | 2020-07-28 | 深圳达闼科技控股有限公司 | Identity authentication method, terminal equipment, authentication server and electronic equipment |
US10855674B1 (en) * | 2018-05-10 | 2020-12-01 | Microstrategy Incorporated | Pre-boot network-based authentication |
CN110502904B (en) * | 2018-05-18 | 2022-02-11 | 广州信天翁信息科技有限公司 | Authorization method and device for traceability data entry permission |
JP2021170146A (en) * | 2018-06-13 | 2021-10-28 | ソニーグループ株式会社 | Information processing equipment, information processing method and program |
EP3828795A1 (en) * | 2019-11-28 | 2021-06-02 | Ricoh Company, Ltd. | Information processing system, information processing apparatus, information processing method, and recording medium |
CN114826629A (en) * | 2021-01-22 | 2022-07-29 | 北京京东方技术开发有限公司 | Data sharing method, device, system, server and computer storage medium |
CN114417287B (en) * | 2022-03-25 | 2022-09-06 | 阿里云计算有限公司 | Data processing method, system, device and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020073033A1 (en) * | 2000-04-07 | 2002-06-13 | Sherr Scott Jeffrey | Online digital video signal transfer apparatus and method |
US20070226169A1 (en) * | 2006-03-23 | 2007-09-27 | Microsoft Corporation | Smart share technologies for automatically processing digital information |
US20080134294A1 (en) * | 2006-11-30 | 2008-06-05 | Microsoft Corporation | Personal Site Privacy Policy |
WO2009153477A1 (en) * | 2008-05-27 | 2009-12-23 | France Telecom | Method and system for user access to at least one service offered by at least one other user |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003529822A (en) * | 1999-12-22 | 2003-10-07 | イースピード, インコーポレイテッド | System and method for providing a commerce interface |
US7386798B1 (en) * | 2002-12-30 | 2008-06-10 | Aol Llc | Sharing on-line media experiences |
US7664814B2 (en) * | 2004-04-20 | 2010-02-16 | Microsoft Corporation | Presence-based seamless messaging |
RU2010133882A (en) * | 2008-02-15 | 2012-03-27 | Йо Нэт Вёкс, Инк. (Us) | DEVICE, METHOD AND COMPUTER SOFTWARE PRODUCT TO ENSURE INTERACTION BETWEEN THE FIRST USER AND SECOND USER OF SOCIAL NETWORK |
US8370925B2 (en) * | 2008-07-29 | 2013-02-05 | International Business Machines Corporation | User policy manageable strength-based password aging |
-
2010
- 2010-06-25 US US12/823,304 patent/US8931034B2/en active Active
-
2011
- 2011-06-27 CN CN201180031490.6A patent/CN102959922B/en not_active Expired - Fee Related
- 2011-06-27 WO PCT/EP2011/003151 patent/WO2011160855A1/en active Application Filing
- 2011-06-27 EP EP11728782.1A patent/EP2586171B1/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020073033A1 (en) * | 2000-04-07 | 2002-06-13 | Sherr Scott Jeffrey | Online digital video signal transfer apparatus and method |
US20070226169A1 (en) * | 2006-03-23 | 2007-09-27 | Microsoft Corporation | Smart share technologies for automatically processing digital information |
US20080134294A1 (en) * | 2006-11-30 | 2008-06-05 | Microsoft Corporation | Personal Site Privacy Policy |
WO2009153477A1 (en) * | 2008-05-27 | 2009-12-23 | France Telecom | Method and system for user access to at least one service offered by at least one other user |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9069436B1 (en) | 2005-04-01 | 2015-06-30 | Intralinks, Inc. | System and method for information delivery based on at least one self-declared user attribute |
US9083728B1 (en) | 2012-03-06 | 2015-07-14 | Tal Lavian | Systems and methods to support sharing and exchanging in a network |
US9547770B2 (en) | 2012-03-14 | 2017-01-17 | Intralinks, Inc. | System and method for managing collaboration in a networked secure exchange environment |
US9253176B2 (en) | 2012-04-27 | 2016-02-02 | Intralinks, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment |
US9596227B2 (en) | 2012-04-27 | 2017-03-14 | Intralinks, Inc. | Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment |
US10356095B2 (en) | 2012-04-27 | 2019-07-16 | Intralinks, Inc. | Email effectivity facilty in a networked secure collaborative exchange environment |
US9369454B2 (en) | 2012-04-27 | 2016-06-14 | Intralinks, Inc. | Computerized method and system for managing a community facility in a networked secure collaborative exchange environment |
US9369455B2 (en) | 2012-04-27 | 2016-06-14 | Intralinks, Inc. | Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment |
US9397998B2 (en) | 2012-04-27 | 2016-07-19 | Intralinks, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys |
US10142316B2 (en) | 2012-04-27 | 2018-11-27 | Intralinks, Inc. | Computerized method and system for managing an email input facility in a networked secure collaborative exchange environment |
US9148417B2 (en) | 2012-04-27 | 2015-09-29 | Intralinks, Inc. | Computerized method and system for managing amendment voting in a networked secure collaborative exchange environment |
US9553860B2 (en) | 2012-04-27 | 2017-01-24 | Intralinks, Inc. | Email effectivity facility in a networked secure collaborative exchange environment |
US9251360B2 (en) | 2012-04-27 | 2016-02-02 | Intralinks, Inc. | Computerized method and system for managing secure mobile device content viewing in a networked secure collaborative exchange environment |
US9807078B2 (en) | 2012-04-27 | 2017-10-31 | Synchronoss Technologies, Inc. | Computerized method and system for managing a community facility in a networked secure collaborative exchange environment |
US9654450B2 (en) | 2012-04-27 | 2017-05-16 | Synchronoss Technologies, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment with customer managed keys |
WO2014025809A1 (en) * | 2012-08-06 | 2014-02-13 | Intralinks, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment |
US9514327B2 (en) | 2013-11-14 | 2016-12-06 | Intralinks, Inc. | Litigation support in cloud-hosted file sharing and collaboration |
US10346937B2 (en) | 2013-11-14 | 2019-07-09 | Intralinks, Inc. | Litigation support in cloud-hosted file sharing and collaboration |
US9762553B2 (en) | 2014-04-23 | 2017-09-12 | Intralinks, Inc. | Systems and methods of secure data exchange |
US9613190B2 (en) | 2014-04-23 | 2017-04-04 | Intralinks, Inc. | Systems and methods of secure data exchange |
US10033702B2 (en) | 2015-08-05 | 2018-07-24 | Intralinks, Inc. | Systems and methods of secure data exchange |
Also Published As
Publication number | Publication date |
---|---|
CN102959922A (en) | 2013-03-06 |
EP2586171A1 (en) | 2013-05-01 |
US8931034B2 (en) | 2015-01-06 |
EP2586171B1 (en) | 2015-08-26 |
US20110321132A1 (en) | 2011-12-29 |
CN102959922B (en) | 2015-07-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2586171B1 (en) | Method, server and system for granting temporary access to electronic content | |
EP1968263B1 (en) | A method and system for querying user information, and search agent, client and server | |
US10474660B2 (en) | Universal data aggregation | |
US7853563B2 (en) | Universal data aggregation | |
US8516031B2 (en) | Network-based system for social interactions between users | |
JP5545953B2 (en) | System and method for managing XML document management server history | |
US20130346331A1 (en) | Methods and systems for asymmetric exchange of content | |
KR20140033191A (en) | System and method for presence notification based on presence attribute | |
CA2372647A1 (en) | System and method for administrating a wireless communication network | |
US8869296B2 (en) | Access to user information | |
EP2250783B1 (en) | Method and apparatus for authorising provision of indirected content associated with a presentity of a presence service | |
JP5574554B2 (en) | System and method for global directory service | |
US20140067909A1 (en) | Sharing social network feeds via proxy relationships | |
US7774823B2 (en) | System and method for managing electronic communications | |
KR100642215B1 (en) | The method for Presence Service using SIP and recording medium for storing XML format for Extended Presence Information | |
WO2012136652A1 (en) | System of communicating user information for web services | |
CA2452893C (en) | Method and apparatus for storing and managing contacts in a distributed collaboration system | |
KR102322236B1 (en) | Method for operating content providing server and computer program performing the method | |
EP3026617A1 (en) | Method and apparatus for controlling access to user profiles | |
KR101490520B1 (en) | System and method for managing xml document management server history | |
EP2294780A1 (en) | A method for masking data | |
Petersen et al. | An architectural framework for context sensitive personalization: standardization work at the European Telecommunications Standards Institute (ETSI) | |
EP3026618A1 (en) | Method and apparatus for controlling access to user profiles | |
CN110134859A (en) | A kind of PIM method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201180031490.6 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11728782 Country of ref document: EP Kind code of ref document: A1 |
|
DPE1 | Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2011728782 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |