WO2006037662A1 - Multiple indexing of an electronic document to selectively permit access to the content and metadata thereof - Google Patents

Multiple indexing of an electronic document to selectively permit access to the content and metadata thereof Download PDF

Info

Publication number
WO2006037662A1
WO2006037662A1 PCT/EP2005/010900 EP2005010900W WO2006037662A1 WO 2006037662 A1 WO2006037662 A1 WO 2006037662A1 EP 2005010900 W EP2005010900 W EP 2005010900W WO 2006037662 A1 WO2006037662 A1 WO 2006037662A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
document
metadata
electronic document
restricted
Prior art date
Application number
PCT/EP2005/010900
Other languages
French (fr)
Inventor
Alan Ross Gilmore
Graham Lee
Brian Gerard Philip Mcerlean
Fergus Martin Wilson
Gary Turnbull
Original Assignee
Meridio Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Meridio Limited filed Critical Meridio Limited
Publication of WO2006037662A1 publication Critical patent/WO2006037662A1/en
Priority to GB0708168A priority Critical patent/GB2434672A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/33Querying
    • G06F16/335Filtering based on additional data, e.g. user or group profiles
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control

Definitions

  • the disclosed technology relates generally to restricting access to electronic documents, and more particularly to indexing an electronic document multiple times to selectively permit access to and/or manipulation of desired information subsets of that document.
  • Electronic documents such as textual data, e-mail messages, audio segments, video segments, electronic records, and other digital representations of information, have traditionally been protected from unauthorized access by restricting physical access to a digital data processing device containing such documents and/or requiring that users submit credentials for authentication prior to approving access to electronic documents of interest.
  • a user's credentials are normally compared with a security identifier and/or any other number and type of elements in a pre-established access control list that associates a particular user or user group with a permission (e.g., read access, write access, deny access, etc.).
  • Access control lists have effectively restricted access to sensitive documents in networked environments within a particular organization or domain, the widespread dissemination of electronic documents across the world wide web and other wide area networks or metropolitan area networks has complicated not only the management and integration of such access control lists but also the types of access that are to be granted to particular users. For example, users from different organizations that are collaborating on a particular project may desire access to each other's electronic documents and the access control lists and associated processes and access privileges may be incompatible and prove difficult to harmonize.
  • Access control lists incorporated into more structured environments, such as collaboration portals can restrict access to the portal and provide a basic level of security, but may not provide the degree of access granularity desired by collaborating participants to specific electronic documents of interest.
  • authorized users of a portal may desire that their counterparts have a more limited type of read access to certain sensitive documents or parts thereof, but may not want to entirely disable or block access to the documents or hide their existence. Accordingly, individuals, organizations, associations and other types of entities interested in controlling access to electronic documents have a continuing interest in developing more flexible access control technologies that provide a greater degree of access granularity.
  • aspects of the invention include methods as set out in claims 1, 5 and 18.
  • these methods are performed by at least one digital data processing device running suitable computer program code and are typically performed in a document management system, especially an electronic document management system.
  • the disclosed technology enhances the granularity of access control systems by indexing electronic documents of interest in a manner that selectively provides authorized users with access to either full-access objects (e.g. the entirety of an electronic document's information, such as in some embodiments, its content and metadata) or limited-access objects (e.g. information subsets that are not as inclusive as the aggregate information of full-access objects, such as metadata) of such documents.
  • full-access objects e.g. the entirety of an electronic document's information, such as in some embodiments, its content and metadata
  • limited-access objects e.g. information subsets that are not as inclusive as the aggregate information of full-access objects, such as metadata
  • Restriction indicia corresponding to, for example, a full-access permission and a limited-access permission, are assigned to an electronic document and this restriction indicia is compared with a user's authorization level to determine whether the user should be granted full access to the electronic document's content or be granted a limited access that is restricted to the document's metadata.
  • the disclosed technology is used to develop systems and perform methods in which one or more electronic documents are searched based on search criteria, where such search criteria are based on the content information and/or metadata of the electronic document.
  • Access to the content information of the electronic document matching the search criteria can be selectively permitted based on a user's authorization level.
  • the sufficiency of the user's authorization level can be based on indicia within the metadata of the matching electronic document and/or on a location of such document.
  • the selective permission for a particular type of access can involve, without limitation, comparing the user's authorization level to restriction indicia that were previously assigned to the electronic document matching the search criteria.
  • a user's authorization level is determined to be compatible with the restriction indicia, then access to the content information of the matching electronic document is permitted, whereas, if the user's authorization level is incompatible with the restriction indicia, access to the content information is prevented but access to the matching electronic document's metadata may be permitted.
  • the disclosed technology is used to develop systems and perform methods in which access to one or more electronic documents are restricted.
  • an authorization level associated with a received access request for a particular restricted-access document can be compared with restriction indicia associated with the restricted-access document, where such restriction indicia correspond to, for example, a full- access permission and/or a limited-access permission.
  • the authorization level associated with the received access request may be indicative of a user's access privileges that are determined based on credentials supplied during a login process.
  • an access request can be processed to provide access to data associated with a restricted-access document such that access is provided to the content of the restricted-access document upon the authorization level being compatible with a full-access permission or access is limited to the metadata associated with the restricted-access document upon the authorization level being incompatible with the full-access permission, but compatible with a limited-access permission.
  • an electronic document (which may be in conformity with a predetermined document template) and its full-access and/or limited-access permissions can be received and restriction indicia can be assigned to such electronic document to form a restricted- access document prior to the receipt of an access request.
  • the access request for the restricted- access document can be conveyed in response to a selection of one or more search terms in a selectable list, where such search terms are identified within the metadata and/or content of the restricted-access document..
  • the search terms of the selectable list can be associated with location information corresponding to the restricted-access document.
  • the content and/or metadata of a restricted-access document can be stored in one or more directory folders within a cache or other volatile or nonvolatile memory of a digital data processing device and restriction indicia associated with the restricted-access document can be further associated with the directory folders storing the document.
  • the content and/or metadata of the restricted-access document can be incorporated into the content of a web page that is transmitted to a digital data processing device participating in a collaboration session, in which an access request for the restricted-access document was transmitted by such digital data processing device the collaboration session.
  • storage location information e.g., a cache location, a hard drive location, and/or a database location of the restricted-access document
  • storage location information can be inserted into the metadata of the restricted-access document to facilitate the retrieval of at least part of the restricted-access document.
  • the metadata can also identify a version of the restricted-access document and/or include the restriction indicia associated with the restricted-access document.
  • the disclosed technology can be used to develop systems and perform methods of restricting access to an electronic document in which an electronic document having metadata and content information associated therewith is further associated with a first and/or second permission level.
  • the first permission level authorizes access to the content information of the electronic document to users associated with a first authorization level.
  • the second permission level restricts access to the content information, but authorizes access to the metadata of the electronic document to users associated with a second authorization level.
  • the first and/or second permission levels can be stored within the metadata of the electronic document and/or can be based on a directory folder containing the electronic document. At least a part of the electronic document can also be received in conformity with a predetermined document template.
  • a selectable list of search terms can be formed to include one or more search terms identified with the metadata and/or content information of a particular electronic document.
  • a displayable representation of the metadata can be formed for such user.
  • a displayable representation of the content information and/or the metadata of the electronic document can be formed for such user.
  • the metadata of the electronic document can also identify a version of the document and/or include stored location information that facilitates retrieval of the document.
  • the disclosed technology can be used to develop systems and perform methods for selectively accessing information subsets (e.g., one or more limited-access objects) of an electronic document.
  • a number of access permission types can be determined and assigned to at least some of an electronic document's information subsets and such access permission types can correspond to varying degrees of access to the electronic document.
  • At least some of the electronic document's information subsets can be repetitively indexed to facilitate their subsequent access and/or manipulation by entities with compatible access permissions.
  • the number or index repetitions applied to one or more of the document's information subsets can be based on the number of access permission types assigned to such subsets.
  • FIG. 1 schematically illustrates an exemplary architecture for indexing an electronic document multiple tinies to selectively permit access to that document's content and/or metadata, in accordance with an illustrative embodiment of the disclosed technology
  • FIG. 2 illustrates an exemplary methodology for performing multiple indexing operations on an electronic document
  • FIG. 3 illustrates an exemplary methodology used in searching and accessing electronic documents of interest that have been indexed using the methodology of FIG. 2; and
  • FIG. 4 schematically illustrates a web-based implementation of the exemplary architecture of FIG. 1.
  • the illustrated embodiments can be understood as providing exemplary features of varying detail of certain embodiments, and therefore, unless otherwise specified, features, components, modules, elements, constructs, processes, and/or aspects of the illustrations can be otherwise combined, interconnected, sequenced, separated, interchanged, positioned, and/or rearranged without materially departing from the disclosed systems or methods. Additionally, the shapes and sizes of components are also exemplary and unless otherwise specified, can be altered without materially affecting or limiting the disclosed , technology.
  • the term “substantially” can be broadly construed to indicate a precise relationship, condition, arrangement, orientation, and/or other characteristic, as well as, deviations thereof as understood by one of ordinary skill in the art, to the extent that , such deviations do not materially affect the disclosed methods and systems.
  • process can be broadly construed to refer to the execution of instructions that interact with operating parameters, message data/parameters, network connection parameters/data, variables, constants, software libraries, and/or any other elements needed for the proper execution of the instructions, within an execution environment in a memory of a digital data processing device, that causes a processor to control the operations of the data processing device in accordance with the desired functionality of an operating system, software application program, and/or any other type of
  • a digital data processing device can be construed broadly to refer to a personal computer, computer workstation (e.g., Sun, HP), laptop computer, server computer, mainframe computer, handheld device (e.g., personal digital assistant, Pocket PC, cellular telephone, etc.), information appliance, or any other type of generic or special- purpose, processor-controlled device capable of receiving, processing, and/or transmitting digital data.
  • computer workstation e.g., Sun, HP
  • laptop computer e.g., server computer, mainframe computer, handheld device (e.g., personal digital assistant, Pocket PC, cellular telephone, etc.), information appliance, or any other type of generic or special- purpose, processor-controlled device capable of receiving, processing, and/or transmitting digital data.
  • a processor refers to the logic circuitry that responds to and processes instructions that drive digital data processing devices and can include, without limitation, a central processing unit, an arithmetic logic unit, an application specific integrated circuit, a task engine, and/or any combinations, arrangements, or multiples thereof.
  • a data communications network can refer to a series of network nodes that can be interconnected by network devices and communication lines (e.g., public carrier lines, private lines, satellite lines, etc.) that enable the network nodes to communicate.
  • network devices e.g., public carrier lines, private lines, satellite lines, etc.
  • communication lines e.g., public carrier lines, private lines, satellite lines, etc.
  • the transfer of data (e.g., messages) between network nodes can be facilitated by network devices, such as routers, switches, multiplexers, bridges, gateways, etc., that can manipulate and/or route data from an originating node to a destination node regardless of any dissimilarities in the network topology (e.g., bus, star, token ring), spatial distance (local, metropolitan, or wide area network), transmission technology (e.g., TCP/IP, Systems Network Architecture), data type (e.g., data, voice, video, or multimedia), nature of connection (e.g., switched, non-switched, dial-up, dedicated, or virtual), and/or physical link (e.g., optical fiber, coaxial cable, twisted pair, wireless, etc.) between the originating and destination network nodes.
  • network devices such as routers, switches, multiplexers, bridges, gateways, etc.
  • an electronic document such as textual data, e-mail messages, audio segments, video segments, electronic records, and/or combinations thereof or other types of digital representations of data or information, under the control of a document management system includes one or more "full-access" objects and/or one or more "partial or limited-access” objects.
  • Full-access objects refer to data or information that may be viewed or otherwise accessed by users with an unrestricted authorization level (i.e., those that have full access) and may include, for example, the entirety of an electronic document's information.
  • a full-access object can refer to an electronic document's content (e.g., the text of this disclosure that is normally viewable within a word processing program) as well as the document's properties (referred to herein as metadata).
  • Limited-access objects refer to data or information that may be viewed or otherwise accessed by users with less than full access and may, for example, include one or more information subsets that are associated with an electronic document and that are not as inclusive as the aggregate information of full-access objects.
  • limited-access objects can be restricted to a document's metadata.
  • Metadata can include fixed properties, which may be determined by a document management or other type of system, and custom properties that may be defined by authorized users and/or administrators to more particularly tailor an electronic document for a particular
  • Metadata can be assigned, not only to electronic documents, but also to containers (e.g., directory folders or equivalents thereto that contain one or more electronic documents or pointers/references/indices to such documents) and other logic/organizational constructs and such metadata or parts thereof can be inherited or shared amongst multiple such electronic documents and containers and/or can serve as a basis for distinguishing between particular electronic documents and particular containers. Accordingly, an electronic document's metadata can serve as an index that uniquely identifies the document and/or relates the document to particular groups of similar or related documents.
  • Metadata can also be applied to containers that include or reference electronic documents, stored searches, and/or other containers.
  • an electronic document's metadata can include one or more of the following, separately or.
  • indicia pertaining to a user who added, viewed, modified, or otherwise manipulated the document in a document management system indicia pertaining to the document's author; an indicator identifying whether the document inherits the access control parameters of a container including or pointing to the document; indicia associated with a document's category or classification; user-added comments; date and time indicia for when the document was created, edited, or otherwise manipulated; unique document identifier and/or other document identification indicia; identifiers
  • Retrieving information about full-access objects (including, for example, an electronic document's content and metadata) or limited-access objects (e.g., an electronic document's metadata) from a document management system may require that an operator (e.g., user, administrator, etc.) of the system present credentials (e.g., user ID and password) to the system to authenticate his identity as a particular authorized user or as a member of a particular authorized user group (e.g., system administrator group, end user group, resource disposition group, electronic document management group, etc.) and thereby be associated with a pre- assigned authorization level (e.g., add, delete, modify, or view electronic documents) and be granted certain permissions (e.g., no access, read-only access, write access, unrestricted/full access, etc.) to access and/or otherwise manipulate electronic documents, containers, stored searches, and/or other types of resources or parts thereof controlled or managed by the system.
  • authorization levels and permissions can be stored in one or more access control lists and
  • restriction indicia can be construed broadly to refer to indicators or markings (e.g., a word or phrase from, preferably, a predefined list) that further restrict a user's access to a particular electronic document, container, etc.
  • restriction indicia can include one or more of the following, separately or in substantially any combination: a phrase that identifies a common attribute of users (e.g., U.S.
  • a code word e.g., a password for a particular document
  • a classification descriptor e.g., appointments, budget, commercial, contracts, or the like
  • indicia of an organization or association e.g., Meridio Ltd., NATO, WIPO, American Cancer Society, or the like
  • a security category e.g., top secret, secret, confidential, restricted, etc.
  • an electronic document containing or otherwise being associated with restriction indicia is referred to herein as a restricted-access document.
  • an administrator or other authorized user of a document management system forms new electronic documents or accesses existing electronic documents from a repository 102 of such documents 104 (202).
  • the new or existing electronic documents 104 are, preferably, in a form that is in accordance with a predetermined document template, such as in XML format with tags assigned to particular metadata field values.
  • the administrator or other authorized user of the document management system can execute a document configuration process 106 that provides a user interface (e.g., with drop-down list boxes identifying possible selections for restriction indicia) to facilitate the assignment of desired restriction indicia to each electronic document 104 and thereby form restricted-access documents 104 corresponding to full-access objects 108 and/or limited-access objects 110 (204).
  • a document configuration process 106 that provides a user interface (e.g., with drop-down list boxes identifying possible selections for restriction indicia) to facilitate the assignment of desired restriction indicia to each electronic document 104 and thereby form restricted-access documents 104 corresponding to full-access objects 108 and/or limited-access objects 110 (204).
  • the document configuration process 106 can also inform a user configuration process 112 of the permissions required for authorized users or user groups to access the restricted-access documents 104 and/or to identify such users or groups, which enables the user configuration process 112 to incorporate such information into one or more access control lists 114 (206).
  • access control lists 114 residing in the object store 102
  • FIG. 1 shows the access control lists 114 residing in the object store 102
  • the storage location of such access control lists 114 are merely exemplary and that they can be stored in a variety of other locations, so long as they are communicatively coupled to a document management system incorporating aspects of the disclosed technology.
  • the document management system can periodically (or upon the occurrence of an event) execute an indexing process 116 of a search engine 118 that traverses the object store 102 and forms indices 120 (e.g., URLs) that identify the storage locations of full-access objects 108 (e.g., a document's content and metadata) associated with the restricted-access documents 104 (208).
  • the indices 120 can include references to containers or other types of organizational constructs that either store the electronic documents 104 therein or include other indices that point to the storage location of the documents 104 or to other constructs in the directory path of the document 104.
  • the indices 120 and/or containers can be stored in one or more index databases 122 for subsequent access by a retrieval process 124 as further described below.
  • the document management system can also perform other types of processes (e.g., encryption, decryption, compression, decompression, etc.) substantially prior to, coincident with, or
  • the restricted-access documents 104 can be re-indexed by the indexing process 116 substantially any number of times to, for example, index metadata changes, storage location changes, and/or other types of modifications to the restricted-access documents and/or to further index unmodified documents for different types of access and/or for substantially any other purpose.
  • the document 104 can be resubmitted to the indexing process 116 so that indices 120 to the storage locations of corresponding limited-access objects 110 (e.g., the document's metadata) can be formed (210).
  • the indices 120 stored in the index database 122 include URLs or other types of references that uniquely identify the location of one or more full or limited-access objects 108, 110 (e.g., content and metadata) based on the restriction indicia assigned to such objects and this facilitates retrieval of the objects during subsequent searches by users with various permission and authorization levels.
  • the number of indexing passes or operations to which a restricted-access document is subjected can be based on a variety of factors, such as on a number and type of selective access mechanisms (e.g., authorization levels, document permissions, etc.) that may be desired by particular users of a document management system.
  • the number of such indexing passes can also be static (e.g., based on a predetermined number of passes set by a user or administrator) or dynamic (e.g., based on parameters determined during the execution of one or more processes and/or based upon the occurrence of an event).
  • a document management system incorporating at least some aspects of the disclosed technology can receive an access request 126 from a user or user-controlled process or system that specifies search criteria, which are to be used in a search to identify electronic documents of interest (302).
  • the access request 126 can include indicia pertaining to the user's authorization level and/or access permissions along with the search criteria, alternatively, such authorization level and/or access permissions can be first ascertained by an authentication process (not shown) that retrieves such information from one or more access control lists 114 (304).
  • restriction indicia associated with the restricted-access documents 104 that fulfill the search criteria and which identify the set of users or user groups authorized to access full and/or limited-access objects 108, 110 of such documents 104 can be compared with user identification information for the user that submitted the access request 126 (312). Particular ones of the restricted-access documents whose restriction indicia specify the requesting user are deemed compatible with the user and thus the appropriate full or limited-access objects thereof can be provided to the user or otherwise be made available to the user (314). In one
  • the location of an index within a particular container is indicative of a corresponding document's restriction indicia.
  • a document's metadata (which may also be stored within or communicatively coupled to the index database 122) can include the document's restriction indicia.
  • the document management system can also store prior successful/compatible searches 130 by properly authorized users within the object store 102 to facilitate future searches on the same or similar subject matter.
  • a business application program 402 such as a program enabling a web-based collaboration of multiple users, can rely on a document manager application program 404 executing on a digital data processing device operating as a web server 406 to service access requests 408 submitted by web browser application programs 410 executing on one or more digital data processing devices 412 under the control of users participating in a collaboration session in a manner that preserves the access restrictions 414 associated with electronic documents 416 targeted by such access requests 408.
  • document manager application program 404 is shown and described as executing on the web server 406, those skilled in the art will recognize that all or part of the application program 404 may be executed on different digital data processing devices (e.g., a user interface portion of the document manager application program 404 may be executing on a web server, while data manipulation extensions of such program 404 may be executing on a content server that stores and maintains a repository of electronic documents 416).
  • a user interface portion of the document manager application program 404 may be executing on a web server
  • data manipulation extensions of such program 404 may be executing on a content server that stores and maintains a repository of electronic documents 416).
  • An access request 408 specifying a particular electronic document 416 or requesting all electronic documents 416 that meet particular search criteria can be received by a document manager application program 404, which subsequently instructs an access control software process 418 (authentication process) to ascertain a corresponding user's authorization level 420
  • the document manager application program 404 can instruct a search engine 424 to search for indices 426 (which may be stored within a cache of the web server 406) that correspond to electronic documents of interest.
  • search engine If the search engine ascertains that the requesting user is authorized to access an electronic document of interest (by, for example, confirming that such user is listed among the set of authorized users specified in the document's restriction indicia), then the search engine can return a search result list (displayable within web page content 428 transmitted from the web server 406 to the associated web browser 410) that contains indices 426 to such desired and compatible electronic documents or parts thereof (e.g., full-access objects and/or limited- access objects).
  • the returned indices in the search result list will include URLs 428 to limited-access objects (e.g., metadata 430) of electronic documents 416. However, if a user is found to be authorized for full access to the electronic documents of interest, then the returned indices in the search results list will include URLs 432 to full-access objects (e.g., content information 434 and metadata 430) of such documents. In one embodiment, the frequency with which certain content information 436 and/or metadata 438 appears in search result lists, may warrant that such information be cached on the web server 406 to improve retrieval performance.

Abstract

The invention relates to restricting access to electronic documents, particularly by indexing an electronic document multiple times to selectively permit access to and/or manipulation of desired information subsets of that document. The technology enhances the granularity of access control systems by indexing electronic documents of interest in a manner that selectively provides authorised users with access to either full-access objects or limited-access objects of such documents. Restriction indicia corresponding to, for example, a full-access permission and a limited-access permission, are assigned to an electronic document and this restriction indicia is compared with a user's authorisation level to determine whether the user should be granted full access to the electronic documents content or be granted a limited access that is restricted to the document's metadata.

Description

MULTIPLE INDEXING OF AN ELECTRONIC DOCUMENT TO SELECTIVELY PERMIT ACCESS TO THE CONTENT AND METADATA THEREOF
TECHNICAL FIELD
[0001 J The disclosed technology relates generally to restricting access to electronic documents, and more particularly to indexing an electronic document multiple times to selectively permit access to and/or manipulation of desired information subsets of that document.
BACKGROUND
[0002] Electronic documents, such as textual data, e-mail messages, audio segments, video segments, electronic records, and other digital representations of information, have traditionally been protected from unauthorized access by restricting physical access to a digital data processing device containing such documents and/or requiring that users submit credentials for authentication prior to approving access to electronic documents of interest. A user's credentials are normally compared with a security identifier and/or any other number and type of elements in a pre-established access control list that associates a particular user or user group with a permission (e.g., read access, write access, deny access, etc.).
[0003] Although access control lists have effectively restricted access to sensitive documents in networked environments within a particular organization or domain, the widespread dissemination of electronic documents across the world wide web and other wide area networks or metropolitan area networks has complicated not only the management and integration of such access control lists but also the types of access that are to be granted to particular users. For example, users from different organizations that are collaborating on a particular project may desire access to each other's electronic documents and the access control lists and associated processes and access privileges may be incompatible and prove difficult to harmonize. [0004] Access control lists incorporated into more structured environments, such as collaboration portals, can restrict access to the portal and provide a basic level of security, but may not provide the degree of access granularity desired by collaborating participants to specific electronic documents of interest. For example, authorized users of a portal may desire that their counterparts have a more limited type of read access to certain sensitive documents or parts thereof, but may not want to entirely disable or block access to the documents or hide their existence. Accordingly, individuals, organizations, associations and other types of entities interested in controlling access to electronic documents have a continuing interest in developing more flexible access control technologies that provide a greater degree of access granularity.
SUMMARY
Aspects of the invention include methods as set out in claims 1, 5 and 18. In preferred embodiments, these methods are performed by at least one digital data processing device running suitable computer program code and are typically performed in a document management system, especially an electronic document management system.
Further aspects of the invention include the systems of claims 26, 27 and 28. In preferred embodiments, these systems may comprise electronic document management systems.
Further aspects of the invention include computer program products as recited in claims 29 to 30 and 31. [0005] The disclosed technology enhances the granularity of access control systems by indexing electronic documents of interest in a manner that selectively provides authorized users with access to either full-access objects (e.g. the entirety of an electronic document's information, such as in some embodiments, its content and metadata) or limited-access objects (e.g. information subsets that are not as inclusive as the aggregate information of full-access objects, such as metadata) of such documents. Restriction indicia corresponding to, for example, a full-access permission and a limited-access permission, are assigned to an electronic document and this restriction indicia is compared with a user's authorization level to determine whether the user should be granted full access to the electronic document's content or be granted a limited access that is restricted to the document's metadata.
[0006] In one illustrative embodiment, the disclosed technology is used to develop systems and perform methods in which one or more electronic documents are searched based on search criteria, where such search criteria are based on the content information and/or metadata of the electronic document. Access to the content information of the electronic document matching the search criteria can be selectively permitted based on a user's authorization level. The sufficiency of the user's authorization level can be based on indicia within the metadata of the matching electronic document and/or on a location of such document. The selective permission for a particular type of access can involve, without limitation, comparing the user's authorization level to restriction indicia that were previously assigned to the electronic document matching the search criteria. In one embodiment, if a user's authorization level is determined to be compatible with the restriction indicia, then access to the content information of the matching electronic document is permitted, whereas, if the user's authorization level is incompatible with the restriction indicia, access to the content information is prevented but access to the matching electronic document's metadata may be permitted.
[0007] In one illustrative embodiment, the disclosed technology is used to develop systems and perform methods in which access to one or more electronic documents are restricted. In such an embodiment, an authorization level associated with a received access request for a particular restricted-access document can be compared with restriction indicia associated with the restricted-access document, where such restriction indicia correspond to, for example, a full- access permission and/or a limited-access permission. The authorization level associated with the received access request may be indicative of a user's access privileges that are determined based on credentials supplied during a login process. In response to a comparison of an authorization level and restriction indicia, an access request can be processed to provide access to data associated with a restricted-access document such that access is provided to the content of the restricted-access document upon the authorization level being compatible with a full-access permission or access is limited to the metadata associated with the restricted-access document upon the authorization level being incompatible with the full-access permission, but compatible with a limited-access permission.
[0008] In this embodiment, an electronic document (which may be in conformity with a predetermined document template) and its full-access and/or limited-access permissions can be received and restriction indicia can be assigned to such electronic document to form a restricted- access document prior to the receipt of an access request. The access request for the restricted- access document can be conveyed in response to a selection of one or more search terms in a selectable list, where such search terms are identified within the metadata and/or content of the restricted-access document.. The search terms of the selectable list can be associated with location information corresponding to the restricted-access document.
[0009] The content and/or metadata of a restricted-access document can be stored in one or more directory folders within a cache or other volatile or nonvolatile memory of a digital data processing device and restriction indicia associated with the restricted-access document can be further associated with the directory folders storing the document. The content and/or metadata of the restricted-access document can be incorporated into the content of a web page that is transmitted to a digital data processing device participating in a collaboration session, in which an access request for the restricted-access document was transmitted by such digital data processing device the collaboration session. Prior to receiving an access request, storage location information (e.g., a cache location, a hard drive location, and/or a database location of the restricted-access document) can be inserted into the metadata of the restricted-access document to facilitate the retrieval of at least part of the restricted-access document. The metadata can also identify a version of the restricted-access document and/or include the restriction indicia associated with the restricted-access document.
[0010] In one illustrative embodiment, the disclosed technology can be used to develop systems and perform methods of restricting access to an electronic document in which an electronic document having metadata and content information associated therewith is further associated with a first and/or second permission level. The first permission level authorizes access to the content information of the electronic document to users associated with a first authorization level. The second permission level restricts access to the content information, but authorizes access to the metadata of the electronic document to users associated with a second authorization level. The first and/or second permission levels can be stored within the metadata of the electronic document and/or can be based on a directory folder containing the electronic document. At least a part of the electronic document can also be received in conformity with a predetermined document template.
[0011 ] A selectable list of search terms can be formed to include one or more search terms identified with the metadata and/or content information of a particular electronic document. Upon detecting a selection of at least one of the search terms in the document's metadata or content information by a user with a second authorization level, a displayable representation of the metadata can be formed for such user. Similarly and upon detecting a selection of at least one of the search terms in the document's metadata or content information by a user with a first authorization level, a displayable representation of the content information and/or the metadata of the electronic document can be formed for such user. The metadata of the electronic document can also identify a version of the document and/or include stored location information that facilitates retrieval of the document.
[0012] In one illustrative embodiment, the disclosed technology can be used to develop systems and perform methods for selectively accessing information subsets (e.g., one or more limited-access objects) of an electronic document. A number of access permission types can be determined and assigned to at least some of an electronic document's information subsets and such access permission types can correspond to varying degrees of access to the electronic document. At least some of the electronic document's information subsets can be repetitively indexed to facilitate their subsequent access and/or manipulation by entities with compatible access permissions. The number or index repetitions applied to one or more of the document's information subsets can be based on the number of access permission types assigned to such subsets.
BRIEF DESCRIPTION OF THE DRAWINGS
[0013] The foregoing discussion will be understood more readily from the following detailed description of the disclosed technology, when taken in conjunction with the accompanying drawings in which:
FIG. 1 schematically illustrates an exemplary architecture for indexing an electronic document multiple tinies to selectively permit access to that document's content and/or metadata, in accordance with an illustrative embodiment of the disclosed technology;
FIG. 2 illustrates an exemplary methodology for performing multiple indexing operations on an electronic document; . .
FIG. 3 illustrates an exemplary methodology used in searching and accessing electronic documents of interest that have been indexed using the methodology of FIG. 2; and FIG. 4 schematically illustrates a web-based implementation of the exemplary architecture of FIG. 1.
DETAILED DESCRIPTION
[0014] Unless otherwise specified, the illustrated embodiments can be understood as providing exemplary features of varying detail of certain embodiments, and therefore, unless otherwise specified, features, components, modules, elements, constructs, processes, and/or aspects of the illustrations can be otherwise combined, interconnected, sequenced, separated, interchanged, positioned, and/or rearranged without materially departing from the disclosed systems or methods. Additionally, the shapes and sizes of components are also exemplary and unless otherwise specified, can be altered without materially affecting or limiting the disclosed , technology.
[0015] For the purposes of this disclosure, the term "substantially" can be broadly construed to indicate a precise relationship, condition, arrangement, orientation, and/or other characteristic, as well as, deviations thereof as understood by one of ordinary skill in the art, to the extent that , such deviations do not materially affect the disclosed methods and systems. [0016] For the purposes of this disclosure, the term "process" can be broadly construed to refer to the execution of instructions that interact with operating parameters, message data/parameters, network connection parameters/data, variables, constants, software libraries, and/or any other elements needed for the proper execution of the instructions, within an execution environment in a memory of a digital data processing device, that causes a processor to control the operations of the data processing device in accordance with the desired functionality of an operating system, software application program, and/or any other type of
e generic or specific-purpose application program (or subparts thereof). Those skilled in the art will recognize that the various processes discussed herein are merely exemplary of the functionality performed by the disclosed technology and thus such processes and/or their equivalents may be implemented in commercial embodiments in various combinations and quantities without materially affecting the operation of the disclosed technology. [0017] For the purposes of this disclosure, a digital data processing device can be construed broadly to refer to a personal computer, computer workstation (e.g., Sun, HP), laptop computer, server computer, mainframe computer, handheld device (e.g., personal digital assistant, Pocket PC, cellular telephone, etc.), information appliance, or any other type of generic or special- purpose, processor-controlled device capable of receiving, processing, and/or transmitting digital data. A processor refers to the logic circuitry that responds to and processes instructions that drive digital data processing devices and can include, without limitation, a central processing unit, an arithmetic logic unit, an application specific integrated circuit, a task engine, and/or any combinations, arrangements, or multiples thereof.
[0018] For the purposes of this disclosure, a data communications network can refer to a series of network nodes that can be interconnected by network devices and communication lines (e.g., public carrier lines, private lines, satellite lines, etc.) that enable the network nodes to communicate. The transfer of data (e.g., messages) between network nodes can be facilitated by network devices, such as routers, switches, multiplexers, bridges, gateways, etc., that can manipulate and/or route data from an originating node to a destination node regardless of any dissimilarities in the network topology (e.g., bus, star, token ring), spatial distance (local, metropolitan, or wide area network), transmission technology (e.g., TCP/IP, Systems Network Architecture), data type (e.g., data, voice, video, or multimedia), nature of connection (e.g., switched, non-switched, dial-up, dedicated, or virtual), and/or physical link (e.g., optical fiber, coaxial cable, twisted pair, wireless, etc.) between the originating and destination network nodes. [0019] In brief overview, the disclosed technology can be incorporated into document management systems that enable users at various authorization levels to store, maintain, and/or access documents and records in a flexible manner. An electronic document, such as textual data, e-mail messages, audio segments, video segments, electronic records, and/or combinations thereof or other types of digital representations of data or information, under the control of a document management system includes one or more "full-access" objects and/or one or more "partial or limited-access" objects. Full-access objects refer to data or information that may be viewed or otherwise accessed by users with an unrestricted authorization level (i.e., those that have full access) and may include, for example, the entirety of an electronic document's information. By way of non-limiting example and with respect to some illustrative embodiments, a full-access object can refer to an electronic document's content (e.g., the text of this disclosure that is normally viewable within a word processing program) as well as the document's properties (referred to herein as metadata). Limited-access objects refer to data or information that may be viewed or otherwise accessed by users with less than full access and may, for example, include one or more information subsets that are associated with an electronic document and that are not as inclusive as the aggregate information of full-access objects. By way of non-limiting example and with respect to some illustrative embodiments, limited-access objects can be restricted to a document's metadata.
[0020] Metadata can include fixed properties, which may be determined by a document management or other type of system, and custom properties that may be defined by authorized users and/or administrators to more particularly tailor an electronic document for a particular
t o organization and/or use. Metadata can be assigned, not only to electronic documents, but also to containers (e.g., directory folders or equivalents thereto that contain one or more electronic documents or pointers/references/indices to such documents) and other logic/organizational constructs and such metadata or parts thereof can be inherited or shared amongst multiple such electronic documents and containers and/or can serve as a basis for distinguishing between particular electronic documents and particular containers. Accordingly, an electronic document's metadata can serve as an index that uniquely identifies the document and/or relates the document to particular groups of similar or related documents. For example, searching one or more data structures (e.g., databases, tables, lists, etc.) containing an electronic document and/or its metadata for particular metadata field values (e.g., date document created, user identifier for the creator of the document) may identify more than one electronic document created on a particular day by a particular user, whereas more unique metadata fields (e.g., unique document identification code) or a larger quantity of metadata fields may focus the search results on a specific electronic document. Metadata can also be applied to containers that include or reference electronic documents, stored searches, and/or other containers. [0021] By way of non-limiting example, an electronic document's metadata can include one or more of the following, separately or. in any combination: indicia pertaining to a user who added, viewed, modified, or otherwise manipulated the document in a document management system; indicia pertaining to the document's author; an indicator identifying whether the document inherits the access control parameters of a container including or pointing to the document; indicia associated with a document's category or classification; user-added comments; date and time indicia for when the document was created, edited, or otherwise manipulated; unique document identifier and/or other document identification indicia; identifiers
// pertaining to the status (e.g., locked or unlocked, checked-in or checked-out, etc.) or maintenance (e.g., marked for deletion) of the document; version of the document; storage policy (e.g., archive after 30 days); storage location and directory path of the metadata and/or the storage location and directory path of corresponding content information; and/or any other type of information or indicia useful or desirable for the storage, maintenance, or access of electronic documents. A wide variety of similar or dissimilar metadata fields can also be associated with containers or other types of logic/organizational constructs within a document management system to facilitate the operation of such system.
[0022] Retrieving information about full-access objects (including, for example, an electronic document's content and metadata) or limited-access objects (e.g., an electronic document's metadata) from a document management system may require that an operator (e.g., user, administrator, etc.) of the system present credentials (e.g., user ID and password) to the system to authenticate his identity as a particular authorized user or as a member of a particular authorized user group (e.g., system administrator group, end user group, resource disposition group, electronic document management group, etc.) and thereby be associated with a pre- assigned authorization level (e.g., add, delete, modify, or view electronic documents) and be granted certain permissions (e.g., no access, read-only access, write access, unrestricted/full access, etc.) to access and/or otherwise manipulate electronic documents, containers, stored searches, and/or other types of resources or parts thereof controlled or managed by the system. Such authorization levels and permissions can be stored in one or more access control lists and ' can also form part of (or be referenced by) an object's metadata.
[0023] Access and/or manipulation of individual electronic documents, containers, and/or other types of digital representations or organizational constructs can be further secured by
/ 2. assignment of restriction indicia thereto. The term "restriction indicia" can be construed broadly to refer to indicators or markings (e.g., a word or phrase from, preferably, a predefined list) that further restrict a user's access to a particular electronic document, container, etc. By way of non- limiting example, restriction indicia can include one or more of the following, separately or in substantially any combination: a phrase that identifies a common attribute of users (e.g., U.S. EYES ONLY, STRATEGIC MARKETING ONLY, EMPLOYEE BENEFIT COMMITTEE ONLY, etc.); a code word (e.g., a password for a particular document); a classification descriptor (e.g., appointments, budget, commercial, contracts, or the like); indicia of an organization or association (e.g., Meridio Ltd., NATO, WIPO, American Cancer Society, or the like); a security category (e.g., top secret, secret, confidential, restricted, etc.); restrictions inherited by higher level containers and/or any other type of indicator that uniquely pertains to an electronic document, container, etc. For the purposes of this disclosure, an electronic document containing or otherwise being associated with restriction indicia is referred to herein as a restricted-access document.
[0024] In one illustrative embodiment and with reference to FIGs. 1 and 2, an administrator or other authorized user of a document management system forms new electronic documents or accesses existing electronic documents from a repository 102 of such documents 104 (202). The new or existing electronic documents 104 are, preferably, in a form that is in accordance with a predetermined document template, such as in XML format with tags assigned to particular metadata field values. If the electronic documents 104 do not presently include restriction indicia or other access permissions, but such indicia is desired, the administrator or other authorized user of the document management system can execute a document configuration process 106 that provides a user interface (e.g., with drop-down list boxes identifying possible selections for restriction indicia) to facilitate the assignment of desired restriction indicia to each electronic document 104 and thereby form restricted-access documents 104 corresponding to full-access objects 108 and/or limited-access objects 110 (204). The document configuration process 106 can also inform a user configuration process 112 of the permissions required for authorized users or user groups to access the restricted-access documents 104 and/or to identify such users or groups, which enables the user configuration process 112 to incorporate such information into one or more access control lists 114 (206). Although the embodiment shown in FIG. 1 shows the access control lists 114 residing in the object store 102, those skilled in the art will recognize that the storage location of such access control lists 114 are merely exemplary and that they can be stored in a variety of other locations, so long as they are communicatively coupled to a document management system incorporating aspects of the disclosed technology. [0025] Once the restricted-access documents 104 have been properly configured with restriction indicia, the document management system can periodically (or upon the occurrence of an event) execute an indexing process 116 of a search engine 118 that traverses the object store 102 and forms indices 120 (e.g., URLs) that identify the storage locations of full-access objects 108 (e.g., a document's content and metadata) associated with the restricted-access documents 104 (208). The indices 120 can include references to containers or other types of organizational constructs that either store the electronic documents 104 therein or include other indices that point to the storage location of the documents 104 or to other constructs in the directory path of the document 104. The indices 120 and/or containers can be stored in one or more index databases 122 for subsequent access by a retrieval process 124 as further described below. The document management system can also perform other types of processes (e.g., encryption, decryption, compression, decompression, etc.) substantially prior to, coincident with, or
>1 following an indexing operation and such additional processes can pertain to particular data or information elements that may or may not be associated with a restricted-access document 104 subjected to the indexing process.
[0026] The restricted-access documents 104 can be re-indexed by the indexing process 116 substantially any number of times to, for example, index metadata changes, storage location changes, and/or other types of modifications to the restricted-access documents and/or to further index unmodified documents for different types of access and/or for substantially any other purpose. For example, after a restricted-access document 104 has been indexed with respect to full-access objects 108 (e.g., the document's content and metadata), the document 104 can be resubmitted to the indexing process 116 so that indices 120 to the storage locations of corresponding limited-access objects 110 (e.g., the document's metadata) can be formed (210). In this manner, the indices 120 stored in the index database 122 include URLs or other types of references that uniquely identify the location of one or more full or limited-access objects 108, 110 (e.g., content and metadata) based on the restriction indicia assigned to such objects and this facilitates retrieval of the objects during subsequent searches by users with various permission and authorization levels.
[0027] The number of indexing passes or operations to which a restricted-access document is subjected can be based on a variety of factors, such as on a number and type of selective access mechanisms (e.g., authorization levels, document permissions, etc.) that may be desired by particular users of a document management system. The number of such indexing passes can also be static (e.g., based on a predetermined number of passes set by a user or administrator) or dynamic (e.g., based on parameters determined during the execution of one or more processes and/or based upon the occurrence of an event).
/r [0028] With reference now to FIGs. 1 and 3, a document management system incorporating at least some aspects of the disclosed technology can receive an access request 126 from a user or user-controlled process or system that specifies search criteria, which are to be used in a search to identify electronic documents of interest (302). The access request 126 can include indicia pertaining to the user's authorization level and/or access permissions along with the search criteria, alternatively, such authorization level and/or access permissions can be first ascertained by an authentication process (not shown) that retrieves such information from one or more access control lists 114 (304). A determination can then be made by a retrieval process 124 of a search engine 118 or by the authentication process as to whether the user has sufficient authority to view and/or otherwise access electronic documents of interest (306). If the user's authorization level is insufficient to enable a user to make the access request submitted, then a message can be transmitted to the user indicative of such insufficiency (308). Otherwise and assuming that a user has a sufficient authorization level, a retrieval process 124 can search one or . more index databases 122 for indices 120 that identify the locations to and/or restriction indicia of full or limited-access objects 108, 110 of restricted-access documents 104 that fulfill the search criteria specified in the access request 126 (310).
[0029] The restriction indicia associated with the restricted-access documents 104 that fulfill the search criteria and which identify the set of users or user groups authorized to access full and/or limited-access objects 108, 110 of such documents 104 can be compared with user identification information for the user that submitted the access request 126 (312). Particular ones of the restricted-access documents whose restriction indicia specify the requesting user are deemed compatible with the user and thus the appropriate full or limited-access objects thereof can be provided to the user or otherwise be made available to the user (314). In one
a embodiment, the location of an index within a particular container is indicative of a corresponding document's restriction indicia. In another embodiment, a document's metadata (which may also be stored within or communicatively coupled to the index database 122) can include the document's restriction indicia. The document management system can also store prior successful/compatible searches 130 by properly authorized users within the object store 102 to facilitate future searches on the same or similar subject matter. [0030] In one illustrative embodiment, a business application program 402, such as a program enabling a web-based collaboration of multiple users, can rely on a document manager application program 404 executing on a digital data processing device operating as a web server 406 to service access requests 408 submitted by web browser application programs 410 executing on one or more digital data processing devices 412 under the control of users participating in a collaboration session in a manner that preserves the access restrictions 414 associated with electronic documents 416 targeted by such access requests 408. Although the document manager application program 404 is shown and described as executing on the web server 406, those skilled in the art will recognize that all or part of the application program 404 may be executed on different digital data processing devices (e.g., a user interface portion of the document manager application program 404 may be executing on a web server, while data manipulation extensions of such program 404 may be executing on a content server that stores and maintains a repository of electronic documents 416).
[0031] An access request 408 specifying a particular electronic document 416 or requesting all electronic documents 416 that meet particular search criteria can be received by a document manager application program 404, which subsequently instructs an access control software process 418 (authentication process) to ascertain a corresponding user's authorization level 420
iT- and/or other access permissions 422 that are necessary to access such requested documents 416. Assuming that a user has a sufficient authorization level to issue an access request 408 and/or to view or otherwise manipulate electronic documents 416 of the type requested, the document manager application program 404 can instruct a search engine 424 to search for indices 426 (which may be stored within a cache of the web server 406) that correspond to electronic documents of interest. If the search engine ascertains that the requesting user is authorized to access an electronic document of interest (by, for example, confirming that such user is listed among the set of authorized users specified in the document's restriction indicia), then the search engine can return a search result list (displayable within web page content 428 transmitted from the web server 406 to the associated web browser 410) that contains indices 426 to such desired and compatible electronic documents or parts thereof (e.g., full-access objects and/or limited- access objects).
[0032] If a user is found to be authorized for limited access to the electronic documents of interest, then the returned indices in the search result list will include URLs 428 to limited-access objects (e.g., metadata 430) of electronic documents 416. However, if a user is found to be authorized for full access to the electronic documents of interest, then the returned indices in the search results list will include URLs 432 to full-access objects (e.g., content information 434 and metadata 430) of such documents. In one embodiment, the frequency with which certain content information 436 and/or metadata 438 appears in search result lists, may warrant that such information be cached on the web server 406 to improve retrieval performance. [0033] Although the disclosed technology has been described with reference to specific embodiments, it is not intended that such details should be regarded as limitations upon the scope of the invention.
iS

Claims

Claims:
1. A method of searching a plurality of electronic documents using search criteria, each electronic document having content information and metadata, the method comprising: searching the plurality of electronic documents based on the search criteria, the search criteria being based on at least one of the content information and metadata; and based on a user's authorization level, selectively permitting access to the content information of an electronic document matching the search criteria.
2. The method of claim 1, further comprising: determining a sufficiency of the user's authorization level based on indicia within the metadata of the matching electronic document.
3. The method of claim 1 or claim 2, further comprising: determining a sufficiency of the user's authorization level based on a location of the matching electronic document.
4. The method of any preceding claim wherein selectively permitting access to the content information comprises: comparing the user's authorization level to restriction indicia previously-assigned to the matching electronic document, wherein upon the user's authorization level being compatible with the restriction indicia, permitting access to the content information of the matching electronic document, and upon the user's authorization level being incompatible with the restriction indicia, preventing access to the content information and permitting access to the metadata of the matching electronic document.
5. A method of restricting access to an electronic document, the method comprising: receiving a request to access a restricted-access document; determining an authorization level associated with the request;
/9 comparing the authorization level to restriction indicia associated with the restricted-access document, the restriction indicia corresponding to one of a full- access permission and a limited-access permission; and in response to the comparison, processing the request to provide access to data associated with the restricted-access document, the processing of such request including: upon the authorization level being compatible with the full-access permission, providing access to a content of the restricted-access document, and upon the authorization level being incompatible with the full-access permission and compatible with the limited-access permission, limiting access to metadata associated with the restricted-access document.
6. The method of claim 5, further comprising: prior to receiving the access request, receiving an electronic document; receiving the full-access permission and limited-access permission for the electronic document; and assigning restriction indicia to the electronic document to form the restricted- access document.
7. The method of claim 6, wherein at least a part of the electronic document is received in conformity with a predetermined document template.
8. The method of claim 6 or claim 7, further comprising: identifying search terms within the metadata and content of the restricted-access document; forming a selectable list of search terms including at least one of the identified search terms; and conveying the access request for the restricted-access document in response to a selection of the at least one identified search term in the selectable list.
9. The method of claim 8, further comprising: associating the search terms of the selectable list with location information of corresponding restricted-access document.
Zo
10. The method of any one of claims 5 to 9, further comprising: storing at least one of the content and metadata of the restricted-access document in at least one directory folder within a cache of a digital data processing device.
11. The method of claim 10, wherein the restriction indicia associated with the restricted-access document is further associated with the at least one directory folder storing such document.
12. The method of any one of claims 5 to 11, further comprising: incorporating at least one of the content and metadata of the restricted-access document within a web page content; and transmitting the web page content to a digital data processing device participating in a collaboration session, wherein the access request was transmitted by such digital data processing device during the collaboration session.
13. The method of any one of claims 5 to 12, further comprising: prior to receiving the access request, inserting storage location information into the metadata of the restricted-access document, the storage location information facilitating retrieval of at least part of the restricted-access document.
14. The method of claim 13, wherein the storage location information includes at least one of a cache location, a hard drive location, and a database location of the restricted-access document.
15. The method of any one of claims 5 to 14, wherein the metadata identifies a version of the restricted-access document.
16. The method of any one of claims 5 to 15 wherein the restriction indicia associated with the restricted-access document is included within the metadata.
2/
17. The method of any one of claims 5 to 16, wherein the authorization level associated with the request is indicative of a user's access privileges, the user's access privileges being determined based on credentials supplied during a login process.
18. A method of restricting access to an electronic document, the method comprising: accessing an electronic document having metadata and content information associated therewith; associating a first permission level with the electronic document, the first permission level authorizing access to the content information of the electronic document to users associated with a first authorization level; associating a second permission level with the electronic document, the second permission level restricting access to the content information but authorizing access to the metadata of the electronic document to users associated with a second authorization level.
19. The method of claim 18, wherein at least a part of the electronic document is received in conformity with a predetermined document template.
20. The method of claim 18 or claim 19, wherein the first and second permission levels associated with the electronic document are stored within the metadata of such document.
21. The method of any one of claims 18 to 20, wherein the first and second permission levels associated with the electronic document are based on a directory folder containing such document.
22. The method of any one of claims 18 to 21 further comprising: identifying search terms within the metadata and content information; forming a selectable list of search terms including at least one of the identified search terms; and upon detecting a selection of the at least one identified search item in the selectable list by a user having a second authorization level, forming a displayable representation of the metadata for such user.
23. The method of any one of claims 18 to 22, further comprising: identifying search terms within the metadata and content information; forming a selectable list of search terms including at least one identified search terms; and upon detecting a selection of the at least one identified search term in the selectable list by a user having a first authorization level, forming a displayable representation of the content information and metadata of the electronic document for such user.
24. The method of any one of claims 18 to 23, further comprising: storing location information in the metadata of the electronic document to facilitate retrieval of such document.
25. The method of any one of claims 18 to 24, wherein the metadata of the electronic document identifies a version of such document.
26. A system for searching a plurality of electronic documents using search criteria, each electronic document having content information and metadata, the system comprising: means for searching the plurality of electronic documents based on the search criteria, the search criteria being based on at least one of the content information and metadata; and means for selectively permitting access to the content information of an electronic document matching the search criteria based on a user's authorization level.
27. A system for restricting access to an electronic document, the system comprising: means for receiving a request to access a restricted-access document; means for determining an authorization level associated with the request; means for comparing the authorization level to restriction indicia associated with the restricted-access document, the restriction indicia corresponding to one of a full- access permission and a limited-access permission; and means for processing, in
11 response to the comparison, the request to provide access to data associated with the restricted-access document, the processing means including means for providing, upon the authorization level being compatible with the full-access permission, access to a content of the restricted-access document, and means for limiting, upon the authorization level being incompatible with the full-access permission and compatible with the limited-access permission, access to metadata associated with the restricted-access document.
28. A system for restricting access to an electronic document, the system comprising: means for accessing an electronic document having metadata and content information associated therewith; means for associating a first permission level with the electronic document, the first permission level authorising access to the content information of the electronic document to users associated with a first authorisation level; means for associating a second permission level with the electronic document, the second permission level restricting access to the content information but authorizing access to the metadata of the electronic document to users associated with a second authorization level.
29. A computer program product comprising computer program code stored on a computer useable medium for causing a computer to perform the method of claim
1.
30. A computer program product comprising computer program code stored on a computer useable medium for causing a computer to perform the method of claim 5.
31. A computer program product comprising computer program code stored on a computer useable medium for causing a computer to perform the method of claim 18.
2V
PCT/EP2005/010900 2004-10-08 2005-10-07 Multiple indexing of an electronic document to selectively permit access to the content and metadata thereof WO2006037662A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB0708168A GB2434672A (en) 2004-10-08 2007-04-27 Multiple indexing of an electric document to selectively permit access to the content and metadata thereof

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10/961,415 2004-10-08
US10/961,415 US20060080316A1 (en) 2004-10-08 2004-10-08 Multiple indexing of an electronic document to selectively permit access to the content and metadata thereof

Publications (1)

Publication Number Publication Date
WO2006037662A1 true WO2006037662A1 (en) 2006-04-13

Family

ID=35295397

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2005/010900 WO2006037662A1 (en) 2004-10-08 2005-10-07 Multiple indexing of an electronic document to selectively permit access to the content and metadata thereof

Country Status (3)

Country Link
US (1) US20060080316A1 (en)
GB (1) GB2434672A (en)
WO (1) WO2006037662A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016197198A1 (en) * 2015-06-12 2016-12-15 Billtrader Pty Ltd Computer implemented multi-currency invoice capture, trading, access and payment system
EP2115634B1 (en) * 2006-12-22 2019-06-19 Commvault Systems, Inc. Method and system for searching stored data

Families Citing this family (199)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6877136B2 (en) * 2001-10-26 2005-04-05 United Services Automobile Association (Usaa) System and method of providing electronic access to one or more documents
US7464330B2 (en) * 2003-12-09 2008-12-09 Microsoft Corporation Context-free document portions with alternate formats
US7359902B2 (en) * 2004-04-30 2008-04-15 Microsoft Corporation Method and apparatus for maintaining relationships between parts in a package
US7487448B2 (en) * 2004-04-30 2009-02-03 Microsoft Corporation Document mark up methods and systems
US8661332B2 (en) 2004-04-30 2014-02-25 Microsoft Corporation Method and apparatus for document processing
US7383500B2 (en) * 2004-04-30 2008-06-03 Microsoft Corporation Methods and systems for building packages that contain pre-paginated documents
US7512878B2 (en) * 2004-04-30 2009-03-31 Microsoft Corporation Modular document format
US7440132B2 (en) * 2004-05-03 2008-10-21 Microsoft Corporation Systems and methods for handling a file with complex elements
US7519899B2 (en) 2004-05-03 2009-04-14 Microsoft Corporation Planar mapping of graphical elements
US7580948B2 (en) 2004-05-03 2009-08-25 Microsoft Corporation Spooling strategies using structured job information
US8243317B2 (en) * 2004-05-03 2012-08-14 Microsoft Corporation Hierarchical arrangement for spooling job data
US7755786B2 (en) * 2004-05-03 2010-07-13 Microsoft Corporation Systems and methods for support of various processing capabilities
US7634775B2 (en) * 2004-05-03 2009-12-15 Microsoft Corporation Sharing of downloaded resources
US8363232B2 (en) * 2004-05-03 2013-01-29 Microsoft Corporation Strategies for simultaneous peripheral operations on-line using hierarchically structured job information
US7617450B2 (en) * 2004-09-30 2009-11-10 Microsoft Corporation Method, system, and computer-readable medium for creating, inserting, and reusing document parts in an electronic document
US20060103872A1 (en) * 2004-11-17 2006-05-18 Kabushiki Kaisha Toshiba Electronic document management program and electronic document management apparatus
JP4301513B2 (en) * 2004-11-26 2009-07-22 インターナショナル・ビジネス・マシーンズ・コーポレーション Judgment method of access control effect using policy
US7617451B2 (en) * 2004-12-20 2009-11-10 Microsoft Corporation Structuring data for word processing documents
US7617229B2 (en) * 2004-12-20 2009-11-10 Microsoft Corporation Management and use of data in a computer-generated document
US20060136816A1 (en) * 2004-12-20 2006-06-22 Microsoft Corporation File formats, methods, and computer program products for representing documents
US7770180B2 (en) * 2004-12-21 2010-08-03 Microsoft Corporation Exposing embedded data in a computer-generated document
US7752632B2 (en) * 2004-12-21 2010-07-06 Microsoft Corporation Method and system for exposing nested data in a computer-generated document in a transparent manner
JP2006202269A (en) * 2004-12-22 2006-08-03 Canon Inc Information processor, control method of information processor, program thereof, and storage medium
US7571486B2 (en) * 2005-03-29 2009-08-04 Microsoft Corporation System and method for password protecting an attribute of content transmitted over a network
US7644086B2 (en) * 2005-03-29 2010-01-05 Sas Institute Inc. Computer-implemented authorization systems and methods using associations
US7656286B2 (en) 2005-05-03 2010-02-02 Palomar Technology, Llc Trusted monitoring system and method
US20060277452A1 (en) * 2005-06-03 2006-12-07 Microsoft Corporation Structuring data for presentation documents
US20070022128A1 (en) * 2005-06-03 2007-01-25 Microsoft Corporation Structuring data for spreadsheet documents
US8225410B2 (en) 2005-07-08 2012-07-17 At&T Intellectual Property I, L. P. Methods, systems, and devices for securing content
US7882565B2 (en) * 2005-09-02 2011-02-01 Microsoft Corporation Controlled access to objects or areas in an electronic document
US20070180356A1 (en) * 2005-10-12 2007-08-02 Yu Sun Content that is searchable but inhibited
US9864752B2 (en) * 2005-12-29 2018-01-09 Nextlabs, Inc. Multilayer policy language structure
US8073380B2 (en) * 2005-12-30 2011-12-06 Nokia Corporation Media content delivery and recording over broadcast network
US20070162417A1 (en) * 2006-01-10 2007-07-12 Kabushiki Kaisha Toshiba System and method for selective access to restricted electronic documents
US20070208743A1 (en) * 2006-02-14 2007-09-06 Narayan Sainaney System and Method For Searching Rights Enabled Documents
US8433712B2 (en) 2006-03-01 2013-04-30 Oracle International Corporation Link analysis for enterprise environment
US8005816B2 (en) * 2006-03-01 2011-08-23 Oracle International Corporation Auto generation of suggested links in a search system
US20070214129A1 (en) * 2006-03-01 2007-09-13 Oracle International Corporation Flexible Authorization Model for Secure Search
US8214394B2 (en) 2006-03-01 2012-07-03 Oracle International Corporation Propagating user identities in a secure federated search system
US7941419B2 (en) 2006-03-01 2011-05-10 Oracle International Corporation Suggested content with attribute parameterization
US8332430B2 (en) * 2006-03-01 2012-12-11 Oracle International Corporation Secure search performance improvement
US8027982B2 (en) 2006-03-01 2011-09-27 Oracle International Corporation Self-service sources for secure search
US8868540B2 (en) * 2006-03-01 2014-10-21 Oracle International Corporation Method for suggesting web links and alternate terms for matching search queries
US8875249B2 (en) * 2006-03-01 2014-10-28 Oracle International Corporation Minimum lifespan credentials for crawling data repositories
US8707451B2 (en) 2006-03-01 2014-04-22 Oracle International Corporation Search hit URL modification for secure application integration
US9177124B2 (en) 2006-03-01 2015-11-03 Oracle International Corporation Flexible authentication framework
US9754119B1 (en) * 2006-03-07 2017-09-05 Emc Corporation Containerized security for managed content
US9519399B1 (en) 2006-03-07 2016-12-13 Emc Corporation Providing a visual indication that stored content is associated with a collaboration environment
JP4914252B2 (en) * 2006-03-23 2012-04-11 キヤノン株式会社 Image processing apparatus, display screen transmission method, and control program
JP4838610B2 (en) * 2006-03-24 2011-12-14 キヤノン株式会社 Document management apparatus, document management method, and program
US7512578B2 (en) 2006-03-30 2009-03-31 Emc Corporation Smart containers
US8166003B2 (en) 2006-05-05 2012-04-24 Microsoft Corporation Permission-based document server
US7831563B2 (en) * 2006-05-17 2010-11-09 International Business Machines Corporation Active storage and retrieval systems and methods
US8386464B2 (en) * 2006-08-18 2013-02-26 National Instruments Corporation Configuration of optimized custom properties in a data finder tool
US10157368B2 (en) * 2006-09-25 2018-12-18 International Business Machines Corporation Rapid access to data oriented workflows
US8826281B2 (en) * 2006-11-07 2014-09-02 Microsoft Corporation Managing document publication using time-driven job scheduling
US8688749B1 (en) 2011-03-31 2014-04-01 Palantir Technologies, Inc. Cross-ontology multi-master replication
CN101197011A (en) * 2006-12-08 2008-06-11 深圳富泰宏精密工业有限公司 Graphics file management system
US7979398B2 (en) * 2006-12-22 2011-07-12 International Business Machines Corporation Physical to electronic record content management
US8341651B2 (en) * 2007-01-10 2012-12-25 Microsoft Corporation Integrating enterprise search systems with custom access control application programming interfaces
US8930331B2 (en) * 2007-02-21 2015-01-06 Palantir Technologies Providing unique views of data based on changes or rules
US8375086B2 (en) * 2007-05-31 2013-02-12 International Business Machines Corporation Shared state manager and system and method for collaboration
US7996392B2 (en) 2007-06-27 2011-08-09 Oracle International Corporation Changing ranking algorithms based on customer settings
US8316007B2 (en) 2007-06-28 2012-11-20 Oracle International Corporation Automatically finding acronyms and synonyms in a corpus
US8179915B2 (en) * 2007-06-28 2012-05-15 Lantiq Deutschland Gmbh System and method for transmitting and retransmitting data
US8205093B2 (en) * 2007-06-29 2012-06-19 At&T Intellectual Property I, L.P. Restricting access to information
US8307001B2 (en) * 2007-08-23 2012-11-06 International Business Machines Corporation Auditing of curation information
US8554719B2 (en) 2007-10-18 2013-10-08 Palantir Technologies, Inc. Resolving database entity information
US20090106271A1 (en) * 2007-10-19 2009-04-23 International Business Machines Corporation Secure search of private documents in an enterprise content management system
US9020913B2 (en) * 2007-10-25 2015-04-28 International Business Machines Corporation Real-time interactive authorization for enterprise search
US8650616B2 (en) * 2007-12-18 2014-02-11 Oracle International Corporation User definable policy for graduated authentication based on the partial orderings of principals
US8078624B2 (en) * 2007-12-20 2011-12-13 International Business Machines Corporation Content searching for portals having secure content
US20090178143A1 (en) * 2008-01-07 2009-07-09 Diginome, Inc. Method and System for Embedding Information in Computer Data
WO2009094633A1 (en) * 2008-01-25 2009-07-30 Chacha Search, Inc. Method and system for access to restricted resource(s)
US9147080B2 (en) * 2008-02-06 2015-09-29 International Business Machines Corporation System and methods for granular access control
US20090320092A1 (en) * 2008-06-24 2009-12-24 Microsoft Corporation User interface for managing access to a health-record
US20090320096A1 (en) * 2008-06-24 2009-12-24 Microsoft Corporation Managing access to a health-record
US8332359B2 (en) * 2008-07-28 2012-12-11 International Business Machines Corporation Extended system for accessing electronic documents with revision history in non-compatible repositories
US10747952B2 (en) 2008-09-15 2020-08-18 Palantir Technologies, Inc. Automatic creation and server push of multiple distinct drafts
US20100235443A1 (en) * 2009-03-10 2010-09-16 Tero Antero Laiho Method and apparatus of providing a locket service for content sharing
US8555378B2 (en) 2009-03-11 2013-10-08 Sas Institute Inc. Authorization caching in a multithreaded object server
US8195613B2 (en) * 2009-08-06 2012-06-05 Autonomy Corporation Ltd. Transactional archiving of an electronic document
US8874929B2 (en) * 2009-10-27 2014-10-28 Lockheed Martin Corporation Cross domain discovery
JP2011138369A (en) * 2009-12-28 2011-07-14 Canon Inc Client apparatus, information limitation method, and program
US8695104B2 (en) * 2010-04-23 2014-04-08 Dell Products, Lp System and method for creating conditional immutable objects in a storage device
US20110314392A1 (en) * 2010-06-17 2011-12-22 Cisco Technology, Inc. Incorporating calendar interfaces to dynamically adjust presentation information
US8364642B1 (en) 2010-07-07 2013-01-29 Palantir Technologies, Inc. Managing disconnected investigations
US8527556B2 (en) * 2010-09-27 2013-09-03 Business Objects Software Limited Systems and methods to update a content store associated with a search index
EP2641381B1 (en) * 2010-11-19 2021-01-06 IOT Holdings, Inc. Machine-to-machine (m2m) interface procedures for announce and de-announce of resources
US8868502B2 (en) * 2011-01-14 2014-10-21 Apple Inc. Organizing versioning according to permissions
US20120222132A1 (en) * 2011-02-25 2012-08-30 Microsoft Corporation Permissions Based on Behavioral Patterns
US9152736B2 (en) 2011-03-11 2015-10-06 Google Inc. Efficient indexing and searching of access control listed documents
US8959113B2 (en) * 2011-03-30 2015-02-17 Open Text S.A. System, method and computer program product for managing tabulated metadata
US20120284276A1 (en) * 2011-05-02 2012-11-08 Barry Fernando Access to Annotated Digital File Via a Network
WO2012153388A1 (en) * 2011-05-10 2012-11-15 株式会社日立製作所 Administration information generation method, administration information generation program, and administration information generation device
US8799240B2 (en) 2011-06-23 2014-08-05 Palantir Technologies, Inc. System and method for investigating large amounts of data
US9092482B2 (en) 2013-03-14 2015-07-28 Palantir Technologies, Inc. Fair scheduling for mixed-query loads
US9547693B1 (en) 2011-06-23 2017-01-17 Palantir Technologies Inc. Periodic database search manager for multiple data sources
US9280532B2 (en) 2011-08-02 2016-03-08 Palantir Technologies, Inc. System and method for accessing rich objects via spreadsheets
US8732574B2 (en) 2011-08-25 2014-05-20 Palantir Technologies, Inc. System and method for parameterizing documents for automatic workflow generation
US8504542B2 (en) 2011-09-02 2013-08-06 Palantir Technologies, Inc. Multi-row transactions
US9104748B2 (en) * 2011-10-21 2015-08-11 Microsoft Technology Licensing, Llc Providing a search service including updating aspects of a document using a configurable schema
US20130144755A1 (en) * 2011-12-01 2013-06-06 Microsoft Corporation Application licensing authentication
US8782004B2 (en) 2012-01-23 2014-07-15 Palantir Technologies, Inc. Cross-ACL multi-master replication
US8725650B2 (en) * 2012-01-26 2014-05-13 Microsoft Corporation Document template licensing
EP3413222B1 (en) 2012-02-24 2020-01-22 Nant Holdings IP, LLC Content activation via interaction-based authentication, systems and method
JP5929369B2 (en) * 2012-03-16 2016-06-01 日本電気株式会社 Information processing apparatus including electronic document database, illegally stored document detection method, and program
US9135588B2 (en) * 2012-06-27 2015-09-15 M-Files Oy Method for controlling workflow
US9449178B2 (en) * 2012-07-24 2016-09-20 ID Insight System, method and computer product for fast and secure data searching
US9348677B2 (en) 2012-10-22 2016-05-24 Palantir Technologies Inc. System and method for batch evaluation programs
WO2014065444A1 (en) * 2012-10-23 2014-05-01 한국생산기술연구원 Collaboration system using open public network
US10140664B2 (en) 2013-03-14 2018-11-27 Palantir Technologies Inc. Resolving similar entities from a transaction database
US8930897B2 (en) 2013-03-15 2015-01-06 Palantir Technologies Inc. Data integration tool
US8868486B2 (en) 2013-03-15 2014-10-21 Palantir Technologies Inc. Time-sensitive cube
US8903717B2 (en) 2013-03-15 2014-12-02 Palantir Technologies Inc. Method and system for generating a parser and parsing complex data
US9230280B1 (en) 2013-03-15 2016-01-05 Palantir Technologies Inc. Clustering data based on indications of financial malfeasance
US8909656B2 (en) 2013-03-15 2014-12-09 Palantir Technologies Inc. Filter chains with associated multipath views for exploring large data sets
US10275778B1 (en) 2013-03-15 2019-04-30 Palantir Technologies Inc. Systems and user interfaces for dynamic and interactive investigation based on automatic malfeasance clustering of related data in various data structures
US8924388B2 (en) 2013-03-15 2014-12-30 Palantir Technologies Inc. Computer-implemented systems and methods for comparing and associating objects
US8855999B1 (en) 2013-03-15 2014-10-07 Palantir Technologies Inc. Method and system for generating a parser and parsing complex data
US20140344952A1 (en) 2013-05-14 2014-11-20 Google Inc. Indexing and searching documents with restricted portions
US9069986B2 (en) * 2013-06-18 2015-06-30 International Business Machines Corporation Providing access control for public and private document fields
US8886601B1 (en) 2013-06-20 2014-11-11 Palantir Technologies, Inc. System and method for incrementally replicating investigative analysis data
US8601326B1 (en) 2013-07-05 2013-12-03 Palantir Technologies, Inc. Data quality monitors
US10346892B1 (en) * 2013-08-06 2019-07-09 Dzine Steps L.L.C. Method for dynamic visual design customization
US8938686B1 (en) 2013-10-03 2015-01-20 Palantir Technologies Inc. Systems and methods for analyzing performance of an entity
US9116975B2 (en) 2013-10-18 2015-08-25 Palantir Technologies Inc. Systems and user interfaces for dynamic and interactive simultaneous querying of multiple data stores
US20160267413A1 (en) * 2013-10-30 2016-09-15 Hewlett Packard Enterprise Development Lp Assigning resource permissions
US9105000B1 (en) 2013-12-10 2015-08-11 Palantir Technologies Inc. Aggregating data from a plurality of data sources
US10579647B1 (en) 2013-12-16 2020-03-03 Palantir Technologies Inc. Methods and systems for analyzing entity performance
US9817987B2 (en) 2013-12-23 2017-11-14 Dropbox, Inc. Restricting access to content
US9043696B1 (en) 2014-01-03 2015-05-26 Palantir Technologies Inc. Systems and methods for visual definition of data associations
US10657113B2 (en) 2014-01-14 2020-05-19 Baker Hughes, A Ge Company, Llc Loose coupling of metadata and actual data
US10242222B2 (en) 2014-01-14 2019-03-26 Baker Hughes, A Ge Company, Llc Compartment-based data security
US10212143B2 (en) * 2014-01-31 2019-02-19 Dropbox, Inc. Authorizing an untrusted client device for access on a content management system
US8935201B1 (en) 2014-03-18 2015-01-13 Palantir Technologies Inc. Determining and extracting changed data from a data source
US9836580B2 (en) 2014-03-21 2017-12-05 Palantir Technologies Inc. Provider portal
US20150271267A1 (en) * 2014-03-24 2015-09-24 Palo Alto Research Center Incorporated Content-oriented federated object store
US9535974B1 (en) 2014-06-30 2017-01-03 Palantir Technologies Inc. Systems and methods for identifying key phrase clusters within documents
US9619557B2 (en) 2014-06-30 2017-04-11 Palantir Technologies, Inc. Systems and methods for key phrase characterization of documents
US9419992B2 (en) 2014-08-13 2016-08-16 Palantir Technologies Inc. Unwanted tunneling alert system
US9454281B2 (en) 2014-09-03 2016-09-27 Palantir Technologies Inc. System for providing dynamic linked panels in user interface
US9483546B2 (en) 2014-12-15 2016-11-01 Palantir Technologies Inc. System and method for associating related records to common entities across multiple lists
US10362133B1 (en) 2014-12-22 2019-07-23 Palantir Technologies Inc. Communication data processing architecture
US9348920B1 (en) 2014-12-22 2016-05-24 Palantir Technologies Inc. Concept indexing among database of documents using machine learning techniques
US10552994B2 (en) 2014-12-22 2020-02-04 Palantir Technologies Inc. Systems and interactive user interfaces for dynamic retrieval, analysis, and triage of data items
US10452651B1 (en) 2014-12-23 2019-10-22 Palantir Technologies Inc. Searching charts
US9817563B1 (en) 2014-12-29 2017-11-14 Palantir Technologies Inc. System and method of generating data points from one or more data stores of data items for chart creation and manipulation
US11302426B1 (en) 2015-01-02 2022-04-12 Palantir Technologies Inc. Unified data interface and system
US9578006B2 (en) * 2015-03-21 2017-02-21 International Business Machines Corporation Restricted content publishing with search engine registry
US11282592B2 (en) * 2015-03-31 2022-03-22 Change Healthcare Holdings, Llc Healthcare information system and method for controlling access to a data projection
US10103953B1 (en) 2015-05-12 2018-10-16 Palantir Technologies Inc. Methods and systems for analyzing entity performance
US9672257B2 (en) 2015-06-05 2017-06-06 Palantir Technologies Inc. Time-series data storage and processing database system
US9384203B1 (en) 2015-06-09 2016-07-05 Palantir Technologies Inc. Systems and methods for indexing and aggregating data records
US10628834B1 (en) 2015-06-16 2020-04-21 Palantir Technologies Inc. Fraud lead detection system for efficiently processing database-stored data and automatically generating natural language explanatory information of system results for display in interactive user interfaces
US9407652B1 (en) 2015-06-26 2016-08-02 Palantir Technologies Inc. Network anomaly detection
US9418337B1 (en) 2015-07-21 2016-08-16 Palantir Technologies Inc. Systems and models for data analytics
US9392008B1 (en) 2015-07-23 2016-07-12 Palantir Technologies Inc. Systems and methods for identifying information related to payment card breaches
US9537880B1 (en) 2015-08-19 2017-01-03 Palantir Technologies Inc. Anomalous network monitoring, user behavior detection and database system
US10127289B2 (en) 2015-08-19 2018-11-13 Palantir Technologies Inc. Systems and methods for automatic clustering and canonical designation of related data in various data structures
US10402385B1 (en) 2015-08-27 2019-09-03 Palantir Technologies Inc. Database live reindex
US9984428B2 (en) 2015-09-04 2018-05-29 Palantir Technologies Inc. Systems and methods for structuring data from unstructured electronic data files
US9454564B1 (en) 2015-09-09 2016-09-27 Palantir Technologies Inc. Data integrity checks
US10387669B1 (en) * 2015-09-17 2019-08-20 Nextlabs, Inc. Protecting documents with centralized and discretionary policies
US10097557B2 (en) * 2015-10-01 2018-10-09 Lam Research Corporation Virtual collaboration systems and methods
US10044745B1 (en) 2015-10-12 2018-08-07 Palantir Technologies, Inc. Systems for computer network security risk assessment including user compromise analysis associated with a network of devices
US9760556B1 (en) 2015-12-11 2017-09-12 Palantir Technologies Inc. Systems and methods for annotating and linking electronic documents
US9514414B1 (en) 2015-12-11 2016-12-06 Palantir Technologies Inc. Systems and methods for identifying and categorizing electronic documents through machine learning
US9542446B1 (en) 2015-12-17 2017-01-10 Palantir Technologies, Inc. Automatic generation of composite datasets based on hierarchical fields
US10621198B1 (en) * 2015-12-30 2020-04-14 Palantir Technologies Inc. System and method for secure database replication
US10218709B2 (en) * 2016-03-11 2019-02-26 Microsoft Technology Licensing, Llc Share permissions and organization of content in an application with multiple levels of organizational hierarchy
US9753935B1 (en) 2016-08-02 2017-09-05 Palantir Technologies Inc. Time-series data storage and processing database system
US11106692B1 (en) 2016-08-04 2021-08-31 Palantir Technologies Inc. Data record resolution and correlation system
US10382440B2 (en) 2016-09-22 2019-08-13 International Business Machines Corporation Method to allow for question and answer system to dynamically return different responses based on roles
US10754969B2 (en) 2016-09-22 2020-08-25 International Business Machines Corporation Method to allow for question and answer system to dynamically return different responses based on roles
US10133588B1 (en) 2016-10-20 2018-11-20 Palantir Technologies Inc. Transforming instructions for collaborative updates
US10318630B1 (en) 2016-11-21 2019-06-11 Palantir Technologies Inc. Analysis of large bodies of textual data
US10884875B2 (en) 2016-12-15 2021-01-05 Palantir Technologies Inc. Incremental backup of computer data files
US10223099B2 (en) 2016-12-21 2019-03-05 Palantir Technologies Inc. Systems and methods for peer-to-peer build sharing
US10693660B2 (en) * 2017-01-05 2020-06-23 Serge Vilvovsky Method and system for secure data storage exchange, processing, and access
US10567524B2 (en) 2017-02-27 2020-02-18 International Business Machines Corporation Dynamic cognitive optimization of web applications
US11074277B1 (en) 2017-05-01 2021-07-27 Palantir Technologies Inc. Secure resolution of canonical entities
US10896097B1 (en) 2017-05-25 2021-01-19 Palantir Technologies Inc. Approaches for backup and restoration of integrated databases
GB201708818D0 (en) 2017-06-02 2017-07-19 Palantir Technologies Inc Systems and methods for retrieving and processing data
US11334552B2 (en) 2017-07-31 2022-05-17 Palantir Technologies Inc. Lightweight redundancy tool for performing transactions
US10417224B2 (en) 2017-08-14 2019-09-17 Palantir Technologies Inc. Time series database processing system
US10216695B1 (en) 2017-09-21 2019-02-26 Palantir Technologies Inc. Database system for time series data storage, processing, and analysis
US10614069B2 (en) 2017-12-01 2020-04-07 Palantir Technologies Inc. Workflow driven database partitioning
US11281726B2 (en) 2017-12-01 2022-03-22 Palantir Technologies Inc. System and methods for faster processor comparisons of visual graph features
US10235533B1 (en) 2017-12-01 2019-03-19 Palantir Technologies Inc. Multi-user access controls in electronic simultaneously editable document editor
US11016986B2 (en) 2017-12-04 2021-05-25 Palantir Technologies Inc. Query-based time-series data display and processing system
US11061874B1 (en) 2017-12-14 2021-07-13 Palantir Technologies Inc. Systems and methods for resolving entity data across various data structures
US10838987B1 (en) 2017-12-20 2020-11-17 Palantir Technologies Inc. Adaptive and transparent entity screening
GB201807534D0 (en) 2018-05-09 2018-06-20 Palantir Technologies Inc Systems and methods for indexing and searching
US11061542B1 (en) 2018-06-01 2021-07-13 Palantir Technologies Inc. Systems and methods for determining and displaying optimal associations of data items
US10795909B1 (en) 2018-06-14 2020-10-06 Palantir Technologies Inc. Minimized and collapsed resource dependency path
JP2021144565A (en) * 2020-03-13 2021-09-24 富士フイルムビジネスイノベーション株式会社 Information processing apparatus and information processing program
US20220011734A1 (en) * 2020-07-09 2022-01-13 UiPath, Inc. Robot access control and governance for robotic process automation
US11733668B2 (en) 2020-07-09 2023-08-22 UiPath, Inc. Robot access control and governance for robotic process automation

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5335346A (en) * 1989-05-15 1994-08-02 International Business Machines Corporation Access control policies for an object oriented database, including access control lists which span across object boundaries
US20020026592A1 (en) * 2000-06-16 2002-02-28 Vdg, Inc. Method for automatic permission management in role-based access control systems
US6665657B1 (en) * 1999-11-19 2003-12-16 Niku Corporation Method and system for cross browsing of various multimedia data sources in a searchable repository
EP1424619A2 (en) * 2002-11-27 2004-06-02 NEC Electronics Corporation Master slice semiconductor integrated circuit
US20040122696A1 (en) * 2002-12-23 2004-06-24 Joerg Beringer Collaborative information spaces

Family Cites Families (95)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5301319A (en) * 1989-09-15 1994-04-05 Emtek Health Care Systems, Inc. Data storage audit trail
US6122403A (en) * 1995-07-27 2000-09-19 Digimarc Corporation Computer system linked by using information in data objects
US6681029B1 (en) * 1993-11-18 2004-01-20 Digimarc Corporation Decoding steganographic messages embedded in media signals
US7171016B1 (en) * 1993-11-18 2007-01-30 Digimarc Corporation Method for monitoring internet dissemination of image, video and/or audio files
US5694546A (en) * 1994-05-31 1997-12-02 Reisman; Richard R. System for automatic unattended electronic information transport between a server and a client by a vendor provided transport software with a manifest list
US6311214B1 (en) * 1995-07-27 2001-10-30 Digimarc Corporation Linking of computers based on optical sensing of digital data
US6580808B2 (en) * 1995-09-25 2003-06-17 Digimarc Corporation Method and apparatus for discerning image distortion by reference to encoded marker signals
US5729734A (en) * 1995-11-03 1998-03-17 Apple Computer, Inc. File privilege administration apparatus and methods
US5748896A (en) * 1995-12-27 1998-05-05 Apple Computer, Inc. Remote network administration methods and apparatus
US6381341B1 (en) * 1996-05-16 2002-04-30 Digimarc Corporation Watermark encoding method exploiting biases inherent in original signal
AU4495597A (en) * 1996-09-23 1998-04-14 Lowrie Mcintosh Defining a uniform subject classification system incorporating document management/records retention functions
US6335927B1 (en) * 1996-11-18 2002-01-01 Mci Communications Corporation System and method for providing requested quality of service in a hybrid network
US6754181B1 (en) * 1996-11-18 2004-06-22 Mci Communications Corporation System and method for a directory service supporting a hybrid communication system architecture
US6731625B1 (en) * 1997-02-10 2004-05-04 Mci Communications Corporation System, method and article of manufacture for a call back architecture in a hybrid network with support for internet telephony
US5928363A (en) * 1997-08-27 1999-07-27 International Business Machines Corporation Method and means for preventing unauthorized resumption of suspended authenticated internet sessions using locking and trapping measures
US7031954B1 (en) * 1997-09-10 2006-04-18 Google, Inc. Document retrieval system with access control
JP3272283B2 (en) * 1997-11-14 2002-04-08 富士通株式会社 Electronic data storage device
US6357010B1 (en) * 1998-02-17 2002-03-12 Secure Computing Corporation System and method for controlling access to documents stored on an internal network
US6332154B2 (en) * 1998-09-11 2001-12-18 Genesys Telecommunications Laboratories, Inc. Method and apparatus for providing media-independent self-help modules within a multimedia communication-center customer interface
US6381640B1 (en) * 1998-09-11 2002-04-30 Genesys Telecommunications Laboratories, Inc. Method and apparatus for automated personalization and presentation of workload assignments to agents within a multimedia communication center
US6529932B1 (en) * 1998-04-01 2003-03-04 Microsoft Corporation Method and system for distributed transaction processing with asynchronous message delivery
US6567846B1 (en) * 1998-05-15 2003-05-20 E.Piphany, Inc. Extensible user interface for a distributed messaging framework in a computer network
US6745203B1 (en) * 1998-05-15 2004-06-01 E.Piphany, Inc. User interface for a distributed messaging framework
US6701307B2 (en) * 1998-10-28 2004-03-02 Microsoft Corporation Method and apparatus of expanding web searching capabilities
US6389412B1 (en) * 1998-12-31 2002-05-14 Intel Corporation Method and system for constructing integrated metadata
US6381602B1 (en) * 1999-01-26 2002-04-30 Microsoft Corporation Enforcing access control on resources at a location other than the source location
US6677858B1 (en) * 1999-02-26 2004-01-13 Reveo, Inc. Internet-based method of and system for monitoring space-time coordinate information and biophysiological state information collected from an animate object along a course through the space-time continuum
US6714928B1 (en) * 1999-03-19 2004-03-30 Sybase, Inc. Development system providing HTML database control object
US6721713B1 (en) * 1999-05-27 2004-04-13 Andersen Consulting Llp Business alliance identification in a web architecture framework
US6742015B1 (en) * 1999-08-31 2004-05-25 Accenture Llp Base services patterns in a netcentric environment
US6539396B1 (en) * 1999-08-31 2003-03-25 Accenture Llp Multi-object identifier system and method for information service pattern environment
US6571282B1 (en) * 1999-08-31 2003-05-27 Accenture Llp Block-based communication in a communication services patterns environment
US6339832B1 (en) * 1999-08-31 2002-01-15 Accenture Llp Exception response table in environment services patterns
US6715145B1 (en) * 1999-08-31 2004-03-30 Accenture Llp Processing pipeline in a base services pattern environment
US6529909B1 (en) * 1999-08-31 2003-03-04 Accenture Llp Method for translating an object attribute converter in an information services patterns environment
US6550057B1 (en) * 1999-08-31 2003-04-15 Accenture Llp Piecemeal retrieval in an information services patterns environment
US6529948B1 (en) * 1999-08-31 2003-03-04 Accenture Llp Multi-object fetch component
US6578068B1 (en) * 1999-08-31 2003-06-10 Accenture Llp Load balancer in environment services patterns
US6549949B1 (en) * 1999-08-31 2003-04-15 Accenture Llp Fixed format stream in a communication services patterns environment
US8271336B2 (en) * 1999-11-22 2012-09-18 Accenture Global Services Gmbh Increased visibility during order management in a network-based supply chain environment
AU2001229371A1 (en) * 2000-01-14 2001-07-24 Saba Software, Inc. Information server
WO2001052090A2 (en) * 2000-01-14 2001-07-19 Saba Software, Inc. Method and apparatus for a web content platform
US6643652B2 (en) * 2000-01-14 2003-11-04 Saba Software, Inc. Method and apparatus for managing data exchange among systems in a network
AU2001227857A1 (en) * 2000-01-14 2001-07-24 Saba Software, Inc. Method and apparatus for a business applications management system platform
US7089583B2 (en) * 2000-01-14 2006-08-08 Saba Software, Inc. Method and apparatus for a business applications server
US20020069247A1 (en) * 2000-06-14 2002-06-06 Daryoush Paknad Business network platform method and system
AU7182701A (en) * 2000-07-06 2002-01-21 David Paul Felsher Information record infrastructure, system and method
US7197565B2 (en) * 2001-01-22 2007-03-27 Sun Microsystems, Inc. System and method of using a pipe advertisement for a peer-to-peer network entity in peer-to-peer presence detection
US6694307B2 (en) * 2001-03-07 2004-02-17 Netvention System for collecting specific information from several sources of unstructured digitized data
US7076503B2 (en) * 2001-03-09 2006-07-11 Microsoft Corporation Managing media objects in a database
US7246104B2 (en) * 2001-03-21 2007-07-17 Nokia Corporation Method and apparatus for information delivery with archive containing metadata in predetermined language and semantics
US6904454B2 (en) * 2001-03-21 2005-06-07 Nokia Corporation Method and apparatus for content repository with versioning and data modeling
US7353236B2 (en) * 2001-03-21 2008-04-01 Nokia Corporation Archive system and data maintenance method
US7200627B2 (en) * 2001-03-21 2007-04-03 Nokia Corporation Method and apparatus for generating a directory structure
US7254570B2 (en) * 2001-03-21 2007-08-07 Nokia Corporation Query resolution system and service
US20030014483A1 (en) * 2001-04-13 2003-01-16 Stevenson Daniel C. Dynamic networked content distribution
US7822969B2 (en) * 2001-04-16 2010-10-26 Digimarc Corporation Watermark systems and methods
US6934702B2 (en) * 2001-05-04 2005-08-23 Sun Microsystems, Inc. Method and system of routing messages in a distributed search network
US7099871B2 (en) * 2001-05-04 2006-08-29 Sun Microsystems, Inc. System and method for distributed real-time search
US6950821B2 (en) * 2001-05-04 2005-09-27 Sun Microsystems, Inc. System and method for resolving distributed network search queries to information providers
US7171415B2 (en) * 2001-05-04 2007-01-30 Sun Microsystems, Inc. Distributed information discovery through searching selected registered information providers
US7013303B2 (en) * 2001-05-04 2006-03-14 Sun Microsystems, Inc. System and method for multiple data sources to plug into a standardized interface for distributed deep search
EP1410258A4 (en) * 2001-06-22 2007-07-11 Inc Nervana System and method for knowledge retrieval, management, delivery and presentation
US20030009536A1 (en) * 2001-07-06 2003-01-09 Portris, Inc. Method and system for collaborative knowledge management
US6865568B2 (en) * 2001-07-16 2005-03-08 Microsoft Corporation Method, apparatus, and computer-readable medium for searching and navigating a document database
US7222187B2 (en) * 2001-07-31 2007-05-22 Sun Microsystems, Inc. Distributed trust mechanism for decentralized networks
US7308496B2 (en) * 2001-07-31 2007-12-11 Sun Microsystems, Inc. Representing trust in distributed peer-to-peer networks
US7383433B2 (en) * 2001-07-31 2008-06-03 Sun Microsystems, Inc. Trust spectrum for certificate distribution in distributed peer-to-peer networks
US7203753B2 (en) * 2001-07-31 2007-04-10 Sun Microsystems, Inc. Propagating and updating trust relationships in distributed peer-to-peer networks
AU2002355530A1 (en) * 2001-08-03 2003-02-24 John Allen Ananian Personalized interactive digital catalog profiling
AU2002332556A1 (en) * 2001-08-15 2003-03-03 Visa International Service Association Method and system for delivering multiple services electronically to customers via a centralized portal architecture
US6931408B2 (en) * 2001-08-17 2005-08-16 E.C. Outlook, Inc. Method of storing, maintaining and distributing computer intelligible electronic data
JP2005505045A (en) * 2001-09-28 2005-02-17 コムヴォールト・システムズ・インコーポレーテッド Method and apparatus for creating and managing a quick recovery volume
US6976036B2 (en) * 2001-11-06 2005-12-13 Science Applications International Corporation Database management system
US6671364B2 (en) * 2002-03-29 2003-12-30 Longboard, Inc. System and method of triggering services for call control
US7899915B2 (en) * 2002-05-10 2011-03-01 Richard Reisman Method and apparatus for browsing using multiple coordinated device sets
US20040015408A1 (en) * 2002-07-18 2004-01-22 Rauen Philip Joseph Corporate content management and delivery system
US20040024662A1 (en) * 2002-08-02 2004-02-05 David Gray Equipment documentation management system, method, and software tools
US7533161B2 (en) * 2002-08-08 2009-05-12 Sun Microsystems, Inc. System and method for multiplatform implementation of abstract software modules in peer-to-peer network environments
US7484225B2 (en) * 2002-08-08 2009-01-27 Sun Microsystems, Inc. System and method for describing and identifying abstract software modules in peer-to-peer network environments
US7487509B2 (en) * 2002-08-08 2009-02-03 Sun Microsystems, Inc. System and method for providing multiple embodiments of abstract software modules in peer-to-peer network environments
US7849140B2 (en) * 2002-08-29 2010-12-07 Oracle America, Inc. Peer-to-peer email messaging
US7263560B2 (en) * 2002-08-30 2007-08-28 Sun Microsystems, Inc. Decentralized peer-to-peer advertisement
US8204992B2 (en) * 2002-09-26 2012-06-19 Oracle America, Inc. Presence detection using distributed indexes in peer-to-peer networks
US7657597B2 (en) * 2002-09-26 2010-02-02 Sun Microsystems, Inc. Instant messaging using distributed indexes
US7206934B2 (en) * 2002-09-26 2007-04-17 Sun Microsystems, Inc. Distributed indexing of identity information in a peer-to-peer network
US7123696B2 (en) * 2002-10-04 2006-10-17 Frederick Lowe Method and apparatus for generating and distributing personalized media clips
US20040102990A1 (en) * 2002-10-11 2004-05-27 Xerox Corporation Method for managing knowledge flow to value
US8108455B2 (en) * 2002-10-31 2012-01-31 Oracle America, Inc. Mobile agents in peer-to-peer networks
US7328243B2 (en) * 2002-10-31 2008-02-05 Sun Microsystems, Inc. Collaborative content coherence using mobile agents in peer-to-peer networks
US7213047B2 (en) * 2002-10-31 2007-05-01 Sun Microsystems, Inc. Peer trust evaluation using mobile agents in peer-to-peer networks
US7254608B2 (en) * 2002-10-31 2007-08-07 Sun Microsystems, Inc. Managing distribution of content using mobile agents in peer-topeer networks
US7395536B2 (en) * 2002-11-14 2008-07-01 Sun Microsystems, Inc. System and method for submitting and performing computational tasks in a distributed heterogeneous networked environment
US20040103367A1 (en) * 2002-11-26 2004-05-27 Larry Riss Facsimile/machine readable document processing and form generation apparatus and method
US7257564B2 (en) * 2003-10-03 2007-08-14 Tumbleweed Communications Corp. Dynamic message filtering

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5335346A (en) * 1989-05-15 1994-08-02 International Business Machines Corporation Access control policies for an object oriented database, including access control lists which span across object boundaries
US6665657B1 (en) * 1999-11-19 2003-12-16 Niku Corporation Method and system for cross browsing of various multimedia data sources in a searchable repository
US20020026592A1 (en) * 2000-06-16 2002-02-28 Vdg, Inc. Method for automatic permission management in role-based access control systems
EP1424619A2 (en) * 2002-11-27 2004-06-02 NEC Electronics Corporation Master slice semiconductor integrated circuit
US20040122696A1 (en) * 2002-12-23 2004-06-24 Joerg Beringer Collaborative information spaces

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
RICHARD J S ET AL: "Design issues for a trusted electronic document management system", ELECTRICAL AND COMPUTER ENGINEERING, 1999 IEEE CANADIAN CONFERENCE ON EDMONTON, ALTA., CANADA 9-12 MAY 1999, PISCATAWAY, NJ, USA,IEEE, US, vol. 1, 9 May 1999 (1999-05-09), pages 373 - 378, XP010359790, ISBN: 0-7803-5579-2 *
ROY D ET AL: "Content management strategy and heuristic evaluation of a model electronic portfolio: A rhetorical approach", INTERNATIONAL PROFESSIONAL COMMUNICATION CONFERENCE. PROCEEDINGS. IPCC 2003. ORLANDO, FL, SEPT. 21 - 24, 2003, NEW YORK, NY : IEEE, US, 21 September 2003 (2003-09-21), pages 117 - 131, XP010669301, ISBN: 0-7803-7949-7 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2115634B1 (en) * 2006-12-22 2019-06-19 Commvault Systems, Inc. Method and system for searching stored data
WO2016197198A1 (en) * 2015-06-12 2016-12-15 Billtrader Pty Ltd Computer implemented multi-currency invoice capture, trading, access and payment system
CN107851276A (en) * 2015-06-12 2018-03-27 比尔交易私人有限公司 The computer implemented more collection of currency invoice, transaction, access and payment systems
JP2018517222A (en) * 2015-06-12 2018-06-28 ビルトレイダー プロプライエタリー リミテッドBilltrader Pty Ltd Computer implemented multi-currency invoice acquisition, trading, access and payment system
JP2022116218A (en) * 2015-06-12 2022-08-09 ビルトレイダー プロプライエタリー リミテッド Computer-implemented multi-currency invoice capture, trading, access and payment system
JP7246788B2 (en) 2015-06-12 2023-03-28 ビルトレイダー プロプライエタリー リミテッド Computer-implemented multi-currency invoice acquisition, trading, access and payment system

Also Published As

Publication number Publication date
GB0708168D0 (en) 2007-06-06
GB2434672A (en) 2007-08-01
US20060080316A1 (en) 2006-04-13

Similar Documents

Publication Publication Date Title
US20060080316A1 (en) Multiple indexing of an electronic document to selectively permit access to the content and metadata thereof
US10819782B2 (en) Personal digital server (PDS)
US9288211B2 (en) Providing access control for public and private document fields
US7984066B1 (en) Mandatory access control list for managed content
US7284271B2 (en) Authorizing a requesting entity to operate upon data structures
US6990502B2 (en) Reviewing cached user-group information in connection with issuing a digital rights management (DRM) license for content
US20100100967A1 (en) Secure collaborative environment
JP4892179B2 (en) Zone-based security management for data items
EP1452942A2 (en) Issuing a digital rights management (DRM) license for content based on cross-forest directory information
US20150271267A1 (en) Content-oriented federated object store
US8909669B2 (en) System and method for locating and retrieving private information on a network
US20120131646A1 (en) Role-based access control limited by application and hostname
US8510860B2 (en) Local storage of information pedigrees
US7657925B2 (en) Method and system for managing security policies for databases in a distributed system
CN111723391A (en) Data management system
US8079065B2 (en) Indexing encrypted files by impersonating users
Carminati et al. Trust and share: Trusted information sharing in online social networks
JP2007304831A (en) Approval management system
JP2005032109A (en) Document data managing device, document data access program, and document data managing program
Wei et al. A generic discretionary access control system for reuse frameworks
CN117473535A (en) Three-dimensional data authority management and control method based on classification and grading
Wahul et al. Multi Keyword Search on Encrypted Data with Ranking
JP2000330848A (en) Access control system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 0708168

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20051007

WWE Wipo information: entry into national phase

Ref document number: 0708168.0

Country of ref document: GB

122 Ep: pct application non-entry in european phase

Ref document number: 05794810

Country of ref document: EP

Kind code of ref document: A1