Who is the assignee on this patent?

Smith Ned M, Agerstam Mats G, Heldt-Sheller Nathan

What technology area does this patent fall under?

Primary CPC classification H04L63/20. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu Dec 15 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).

System, Apparatus And Method For Access Control List Processing In A Constrained Environment

US2016366183A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016366183-A1
Application number	US-201615168609-A
Country	US
Kind code	A1
Filing date	May 31, 2016
Priority date	Jun 9, 2015
Publication date	Dec 15, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In one embodiment, a system includes: a credential management server to provide credentials to a plurality of computing devices and a plurality of resource servers; a rights management server to grant capability rights to the plurality of computing devices; and an access management server to assign access control policies for a plurality of resources to be protected by the plurality of resource servers. A first resource server may receive a first access request for access to a first resource from a first computing device and send the first access request to the access management server for determination of whether to grant a permission for the access to the first resource. Other embodiments are described and claimed.

First claim

Opening claim text (preview).

1 - 20 . (canceled) 21 : At least one computer readable storage medium comprising instructions that when executed enable a system to: responsive to a first request from a first client device to access a first resource of the system, grant access to the first resource based on a first access control entry in a first access control list of the system, the first access control entry to identify the first client device as a subject, to identify the first resource, and to identify a permission type associated with the first resource and the first client device, wherein the system comprises a server device; responsive to a second request from a second client device to access a second resource of the system, deny access to the second resource responsive to absence of an access control policy in the system for the second client device pertaining to the second resource; responsive to a third request from a third client device to access a third resource of the system, send information corresponding to the third request to an access manager service of an access manager server, wherein a second access control entry of a second access control list of the system is to indicate that the system is to consult the access manager service of the access manager server, the second access control entry to identify the third client device as a subject, to identify the third resource, and to identify the access manager service; and grant the third client device access to the third resource in response to a reply from the access manager service. 22 : The at least one computer readable storage medium of claim 21 , wherein the first client device has a first relevance value and the second client device has a second relevance value. 23 : The at least one computer readable storage medium of claim 22 , further comprising instructions that when executed enable the system to store the first access control list in the system based on the first relevance value and not store the access control policy in the system based on the second relevance value. 24 : The at least one computer readable storage medium of claim 21 , wherein the reply from the access manager service includes an access grant from the access manager service and based thereon the system is to grant the third client device access to the third resource. 25 : The at least one computer readable storage medium of claim 21 , further comprising instructions that when executed enable the system to: responsive to a fourth request from a fourth client device to access a fourth resource of the system, wherein at a time of receipt of the fourth request, the system does not store a third access control policy for the fourth client device pertaining to the fourth resource; and send a redirection message to the fourth client device, to cause the fourth client device to send a request to the access manager service. 26 : The at least one computer readable storage medium of claim 25 , further comprising instructions that when executed enable the system to receive a third access control entry from the fourth client device, the third access control entry obtained in the fourth client device from the access manager service, and store the third access control entry in the system. 27 : The at least one computer readable storage medium of claim 26 , further comprising instructions that when executed enable the system to, responsive to another request from the fourth client device, grant access to the fourth resource based on the third access control entry, the third access control entry to identify the fourth client device as a subject, to identify the fourth resource, and to identify a permission type associated with the fourth resource and the fourth client device. 28 : The at least one computer readable storage medium of claim 21 , wherein the first access control list comprises a signed access control list, and further comprising instructions that when executed enable the system to, responsive to another request from another client device to access the first resource, deny access to the first resource if a signature of the signed access control list is invalid. 29 : The at least one computer readable storage medium of claim 21 , further comprising instructions that when executed enable the system to grant access to the first resource based at least in part on identity of the first computing device. 30 : The at least one computer readable storage medium of claim 21 , further comprising instructions that when executed enable the system to grant access to the first resource based at least in part on a role of the first computing device. 31 : The at least one computer readable storage medium of claim 21 , further comprising instructions that when executed enable the system to grant access to the first resource based at least in part on a group credential to indicate membership of the first computing device in a group of devices. 32 : A method comprising: responsive to a first request from a first client device to access a first resource of a system, granting access to the first resource based on a first access control entry in a first access control list of the system, the first access control entry to identify the first client device as a subject, to identify the first resource, and to identify a permission type associated with the first resource and the first client device; responsive to a second request from a second client device to access a second resource of the system, denying access to the second resource responsive to absence of an access control policy in the system for the second client device pertaining to the second resource; responsive to a third request from a third client device to access a third resource of the system, sending information corresponding to the third request to an access manager service of an access manager server, wherein a second access control entry of a second access control list of the system is to indicate that the system is to consult the access manager service of the access manager server, the second access control entry to identify the third client device as a subject, to identify the third resource, and to identify the access manager service; and granting the third client device access to the third resource in response to a reply from the access manager service. 33 : The method of claim 32 , further comprising responsive to a fourth request from a fourth client device to access a fourth resource of the system, wherein at a time of receipt of the fourth request, the system does not store a third access control policy for the fourth client device pertaining to the fourth resource, sending a redirection message to the fourth client device, to cause the fourth client device to send a request to the access manager service. 34 : The method of claim 33 , further comprising: receiving a third access control entry from the fourth client device, the third access control entry obtained in the fourth client device from the access manager service; and storing the third access control entry in the system. 35 : The method of claim 34 , further comprising granting access to the fourth resource based on the third access control entry, the third access control entry to identify the fourth client device as a subject, identify the fourth resource, and identify a permission type associated with the fourth resource and the fourth client device. 36 : The method of claim 32 , further comprising granting access to the first resource based at least in part on a group credential to indicate membership of the first computing device in a gro

Assignees

Inventors

Classifications

H04L63/101
Access control lists [ACL] · CPC title
H04L63/06
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
H04L63/0823
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title

Patent family

Related publications grouped by family.

View patent family 57504266

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016366183A1 cover?: In one embodiment, a system includes: a credential management server to provide credentials to a plurality of computing devices and a plurality of resource servers; a rights management server to grant capability rights to the plurality of computing devices; and an access management server to assign access control policies for a plurality of resources to be protected by the plurality of resource…
Who is the assignee on this patent?: Smith Ned M, Agerstam Mats G, Heldt-Sheller Nathan
What technology area does this patent fall under?: Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu Dec 15 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).