Patent Grant
7320033
This invention relates to network systems, and more particularly to sharing resources between users in a network system.
As technology improves, users demand smaller devices that are mobile, have more memory, and can execute more complex functions. As one example, notebook computers are much smaller than their desktop counterparts, but have comparable memory and execute the same applications.
As another example, mobile telephones use modern communications techniques to allow the user to make and receive calls from just about anywhere. Most mobile phones include a database of names and numbers to make dialing easier.
Personal digital assistants (PDAs) are an extension of notebook computers, are typically small enough to fit in someone's hand, and operate via a small touch screen. PDAs also have databases (such as an address book and a compilation of email messages) to assist the operator in performing operations.
These devices have at least two features in common. First, they all have databases and applications (executable programs). Second, they all are portable. This portability allows any of these devices to be used in many environments. Examples of environments include the user's home, the user's office, and the home or office of another person.
Since these types of devices can be linked to multiple environments, a problem may arise in the unwanted sharing of data or applications. As an example, suppose a user uses his notebook computer for home accounting purposes while at home and for the generation of work product (e.g., proposals or budgets) while at work. When the notebook computer is in the work environment, other people may be able to obtain access to the user's home accounting data. Similarly, work product may become available to the user's family members when the notebook computer is used at home.
Currently, some operating systems, such as Windows® 95, 98, 2000 and NT from Microsoft, allow a user to grant access to a directory, file or application on an individual or group basis. In the Windows® operating systems, the user uses the Control Panel to grant other users read only, write only or read/write access. The access that the third party users receive is assigned to each directory, file or application. It is up to the user to get the network user names of everyone who will receive access to every directory, folder or file.
Like reference symbols in the various drawings indicate like elements.
As described above, resources, hardware and software that perform functions such as printing or word processing, may be associated with one machine but shared by a plurality of users via a network. By associating these shared resources with particular network environments, unauthorized access to these shared resources by some users can be eliminated. This can be accomplished by requiring that a user desiring access to a shared resource use a particular network environment to access the shared resource.
Referring to
Network environment 100 also includes a database 106 that stores data and executable files. The data and files stored within database 106 are accessible to users via network 104. Computers 108 and 110 also are coupled to network 104. A typical computer locally stores data and applications on a hard drive, or equivalent storage device, and can execute applications that require transmitting data requests to, and receiving data from database 106 or another computer via network 104.
Printer 112 also is coupled to network 104. Printer 112 receives data from other components via network 104. Typically, printer 112 prints a document in response to control signals and data received from another component, such as computer 108, via network 104. Scanner/PC combination 114 is also coupled to network 104 and allows images and text to be scanned and transmitted to any other component in the environment.
A mobile device 140 can be coupled to port 102 to work with the other components in network environment 100. Mobile device 140 includes a central processing unit (CPU) 142 and memory 144. Stored in memory 144 are shared files 144a and private files 144b. Generally, once coupled to a port, certain individuals may obtain access to the shared files 144a while no one except the user of mobile device 140 may obtain access to private files 144b. As it pertains to folders, file directories and applications, access means a user may open a particular folder, file directory or application and use it to perform a function or locate another folder, file, directory or application.
Printer 150 can be coupled to mobile device 140. Generally speaking, printer 150 is a local printer that is predominantly used by mobile device 140 but can receive print jobs from other devices as will be described in more detail below. Thus, other users may obtain access to printer 150. By obtaining access to a piece of hardware, such as a printer, the user may use that piece of hardware for his or her own purpose.
Network environment 120 is similar to network environment 100. Network environment 120 includes port 122, network 124, database 126, computers 128 and 130, printer 132 and scanner/PC combination 134. Coupling network environment 100 to network environment 120 is accomplished via network 160. Network 160 may be a wide area network (“WAN”) coupled to internal environmental networks 104 and 124. For example, network 160 may be the Internet.
It should be noted that the techniques described below are applicable regardless of the number of components or relative size (e.g., LAN vs. WAN) of the environments. Thus, the techniques can be implemented in an environment that contains more printers and more computers than the exemplary network environments shown in
Since mobile device 140 is portable, it is used in both network environment 100 and network environment 120. To interact with environment 100, the user simply couples mobile device 140 to port 102 to gain access to many of the attributes of network environment 100 via network 104. Other users of network environment 100 also may gain access to some of the shared files 144a stored in memory 144 depending on the sharing criteria established by the user of the mobile device 140.
Similarly, to gain access to the many attributes of network environment 120, the user of mobile device 140 couples mobile device 140 to port 122. Once coupled to port 122, other users of network environment 120 may gain access to some of the shared files 144a stored in memory 144 depending on the sharing criteria established by the user of mobile device 140.
Nobody other than the user of mobile device 140 can obtain access to private files 144b regardless of whether or not mobile device 140 is coupled to one of network environments 100 or 120.
The user of mobile device 140 may obtain access to data in either database 106 or database 126 depending on the network to which mobile unit 140 is coupled. Thus, the user of mobile device 140 may read, edit and create files in database 106 or database 126 if mobile device 140 is coupled to either port 102 or 122.
The hierarchy 200 shown in
The exemplary hierarchy shown in
Referring to
Column 320a contains network names that are network names identifiers entered by the user of the mobile device 140 to designate various network environments. In other words, network names are words used by the user of mobile device 140 to distinguish one network environment from another. Column 320b contains unique network identifiers or ID numbers, each of which is associated with one network connection (i.e., one port into a network environment). Network identifiers are machine level strings of characters or data that distinguish one network environment access point from other network environment access points. In one exemplary implementation, the network connection is made through a port containing an Ethernet card, and the corresponding unique number is the media access control (MAC) address of that Ethernet card. It should be noted that multiple network IDs can be associated with a single environment. For example, referring again to
The association between the network name in column 320a and the network identifier in column 320b allows for easier use. When mobile device 140 is coupled to a network environment for the first time, the user is prompted to associate an easily recallable network name with the network identifier obtained from the network environment hardware and/or software. As will be described later, the user can use the network name to establish sharing criteria to allow certain individuals access to resources associated with mobile device 140.
Columns 315a, 315b and 320b provide examples of sharing criteria. The data in column 320a is used as display data to inform the user of mobile device 140 which networks are available for use in establishing sharing criteria. Columns 315a, 315b and 320a provide three possible ways for an individual to gain access to a shared resource. In one implementation, access occurs only through the use of a user ID/password combination. In this implementation, network identifiers are not used to determine who may access or not access a resource. In other words, if a selected file is designated as shared through a user ID/password combination, then it cannot be accessed through the use of a network ID.
In a second implementation, access to shared resources is determined solely by association with a network identifier. In this implementation, when mobile device 140 is coupled to a particular network through a particular port, everyone else who has access to that network may access the resources associated with the network identifier of that network. Similarly, if a file can be accessed only through a network identifier, then it cannot be accessed through a user ID/password combination.
In a third implementation, access to shared resources is based on a combination of sharing criteria. In other words, not only does the corresponding network identifier need to be used, but also the correct user ID/password combination needs to be entered in order for a user to be able to access the resource.
By storing data into data table 300, associations between resources and sharing criteria are established. An association is a linking of the resource to sharing criteria.
The types of sharing criteria described above control and limit network user access to folders, files, applications and hardware devices. In other words, these sharing criteria establish an access requirement. The network user or the network itself must provide data that matches the sharing criteria so as to pass the access requirement and thereby grant the user access to the file, folder, application or hardware device.
Referring to
Mobile device 140 responds to the user's request to store data by providing the user with a prompt to enter the name of the folder, file or application (step 415). The mobile device also may permit the user to designate a directory in which the new item is to be placed.
Mobile device 140 then determines if the parent folder of the new folder, file or application is already shared (step 420). If the answer is “Yes,” then mobile device 140 prompts the user on whether the sharing criteria (e.g., user name/password combination and/or network identifier) for the parent folder are to be used to grant or deny access to this new folder, file or application (step 425). If the user replies “Yes”, the sharing criteria for the parent folder are retrieved (step 430). The folder, file or application then is stored in the appropriate directory or folder (step 435). The retrieved sharing criteria is then used to make a new entry, along with the name entered earlier (see step 415) for the new folder, file or application, in table 300 of
If the new folder, file or application is not placed into a parent folder that is currently shared (see step 420), or if the sharing criteria for the new folder, file or application is not to be copied from the parent folder (see step 425) but is instead to be created anew, then mobile device 140 prompts the user on whether or not he/she wants the new folder, file or application to be shared (step 450). If the user does not want the new folder, file or application to be shared, the process continues so that the folder, file or application is stored (step 455). The folder, file or application is thus stored in private memory 144b, which means that only the user of mobile device 140 has access to it. Regardless of where mobile device 140 is used, or what network environment it is coupled to, private memory 144b is only accessible to the user of mobile device 140. A user of another device, such as computer 128 of
If the user decides to share the new folder, file or application (see step 450), then it follows from the decisions made previously (steps 420 and 425) that the user wants to create new sharing criteria for the new folder, file or application. This is accomplished by having mobile device 140 search its registry for data table 300 (step 465). As described earlier, this data table contains a list of all user IDs and network identifiers associated with other shared resources such as folders, files and applications in memory 144 of mobile device 140. Mobile device 140 retrieves this data from data table 300 and displays the user IDs from column 315a and the network short names associated with network IDs in column 320a to the user (step 465). An exemplary screen shot 500 of this retrieved data is shown in
In
In section 515, the user enters a new password to go along with a selected user ID or recently created user ID from section 510. The network names (i.e., column 320a of data table 300) are displayed in section 520. Network names are identifiers that a user enters to aid him/her in selecting sharing criteria. In one implementation, the network environment to which the mobile device 140 is currently coupled, 520a, is underlined or highlighted to remind the user which network he/she is currently using.
Returning to
Mobile device 140 then creates a new entry in data table 300 that associates the new folder, file or application with the sharing criteria earlier selected/entered by the user (step 480). The process then ends (step 485).
Referring to
Mobile device 140 then reads the network identifier associated with the port to which it is coupled and obtains the user ID of the person requesting access to a folder, file or application (step 615). In one implementation, the network identifier is the MAC address of an Ethernet card and the user ID is the login ID that the network user uses to gain access to the network environment.
Mobile device 140 next compares the received network ID and the received user ID with data in data table 300 (step 620). In doing so, mobile device 140 makes three sub-comparisons. The first is to determine if access to a shared resource is determined solely based upon the received user ID (i.e., the network connection is irrelevant). The second is to determine which resources are accessible to the network, and therefore the network user, based upon the received network identifier. The final comparison is to determine which resources require both the user ID and the network identifier for granting access.
After mobile device 140 determines which of the required sharing criteria the network user meets, in other words which resources the network user has access to, the mobile device forwards a list of accessible folders, files and applications to the network user's device for display (step 620). It follows that the folders, files and applications for which the network user fails to provide matching sharing criteria are not displayed. The network user then requests access to one of the displayed folders, files or applications (step 625).
Mobile device 140 next determines if any additional data is needed before sharing the selected folder, file or application with the network user (e.g., does the network user need to provide a password for access to satisfy the user vat ID/password combination) (step 630). If any additional data is needed, the network user is prompted for the additional data by mobile device 140 through the network (step 635). Mobile device 140 then compares the received data from the network user against stored data to determine if there is a match. In one example, the network user enters a password and this password is compared with the password stored in column 315b of data table 300 associated with the folder, file or application selected (step 640).
If the received additional data does not match the stored data, mobile device 140 sends a message to the network user via the network informing him/her that access to the requested folder, file or application is denied (step 645). The process then ends (step 650).
If the received additional data matches the stored data, mobile device 140 grants access to that folder, file or application (step 655). The process then ends (step 650).
If additional data is not needed (e.g., the sharing criteria consisted solely of network ID) (see step 630) then the network user is granted access to the requested folder, file or application (step 655). The process then ends (step 650).
How the sharing criteria are used to grant access to certain folders, files and applications may be illustrated with the following example. Referring again to
The user of mobile device 140 splits his/her time servicing both client companies ABC and XYZ. In order to service both client companies, the user travels to both client sites and couples mobile device 140 into their respective network environments. In this example, it would be advantageous to limit what network users may access depending upon the network to which mobile device 140 is coupled. More specifically, when using mobile device 140 at a site owned by ABC, employees of ABC are denied access to directory “Client XYZ.” Similarly, when working at a site owned by client XYZ, employees of XYZ are denied access to directory “Client ABC.” This is accomplished by establishing the sharing criteria for each directory “Client ABC” and “Client XYZ” to be based solely on the network identifier. Thus, access to directory “Client ABC” by XYZ employees and other unauthorized entities is prevented by requiring those who request access to be associated with the network environment maintained by ABC.
When working at ABC's site, assume that the user of mobile device 140 brings along a co-worker. This co-worker is working on Project 1 but is prohibited from working on Project 2 for ethical reasons. In this example, the co-worker could gain access to the directory “Project 2” by virtue of his/her use of a computer owned by ABC that is on the network to which mobile device 140 is coupled if the sharing criteria require only network ID data. To prevent this access, the co-worker is denied access to “Project 2” by a user ID/password combination that is in addition to the network ID access control. Since the co-worker is not given a user ID or password that will grant him/her access to “Project 2,” it follows that the co-worker cannot gain access to this directory regardless of which network he/she uses. Conversely, another individual could only gain access to directory “Project 2” by both 1) using the network associated with ABC and 2) entering the user ID/password combination associated with “Project 2.”
Access to the “Samples” directory is limited to co-workers of the user of mobile device 140. The “Samples” directory contains exemplary documents for new employees to train themselves. Thus, access is given to co-workers of the user of mobile device 140 based solely upon a user ID/password combination and irrespective of the network connection of mobile device 140.
It should be noted that procedure 600 is iterative in that the process repeats as the network user continues to drill down through a folder or directory. In other words, once a network user obtains access to a folder or directory, he/she is taken through procedure 600 again for each folder, file, or application in that parent folder or directory with which sharing criteria are associated. Alternatively, the mobile device user may only apply sharing criteria to a higher level folder in the hierarchy, and may leave the lower level folders, files and applications without sharing criteria. Thus, once a network user has gained access to the higher level folder through providing the correct sharing criteria, everything contained inside that folder is automatically available to the network user and he/she does not need to go through procedure 600 again for individual items contained in that access-controlled folder. In other words, by establishing sharing criteria for a higher level folder only, a network user need only go through process 600 for the higher level folder once and still obtain access to lower level folders, files and applications.
Similarly to folders, files and applications, hardware also may be shared. One piece of hardware that may be shared is a printer. Referring again to
Referring to
Referring to
If the user does want printer 150 to be shared with others, the process continues by reading one or more databases in the registry (if the operating system is Windows®) (step 725). In one example, data table 300 is read. From the data read from the database(s), mobile device 140 displays to the user the list of user IDs and network names available for establishing sharing criteria to associate with printer 150. In one implementation, the user ID and network names are displayed to the user through a screen like the screen 500 shown in
The user of mobile device 140 then selects the sharing criteria such as user IDs and network IDs using the displayed network short names (step 730). It should be noted that if the user selects to control user ID access to printer 150, he/she also will enter a password for the individual(s) associated with that user ID (step 730). Next, the one or more databases are updated with the sharing criteria (step 735), and the process then ends (step 740).
When a network user prints, the print job can be sent to printer 150 if the network user meets the requisite sharing criteria. The process of printing on printer 150 is the same as that shown in
Referring to
In response, mobile device 140 retrieves the sharing criteria from the database(s) and displays them to the mobile device user (step 815). Again, as an example, mobile device 140 retrieves data from data table 300 in
The user of mobile device 140 then makes the desired change (e.g., changing a folder from strictly user ID/password access to network identifier access and vice versa) (step 820). After the mobile device 140 user has made all of his/her changes, the user is prompted as to whether these changes are to be the new default settings or if this change is temporary (i.e., the modifications are only valid as long as mobile device 140 is on and not-rebooted) (step 825).
If the mobile device user decides that these changes are not to be new default settings, then the process ends (step 830). If the mobile device user decides to set the changes as default(s), then the database(s) is rewritten with the changes made (step 835). The process then ends (step 840).
A number of implementations have been described. Nevertheless, it will be understood that various modifications may be made. For example, once a file is accessed by the network user, the uses to which he/she may have the file for may be restricted. For example, some files may be read only. Thus, the network user who obtains access through the sharing criteria may only be able to read the file, and may be unable to write to the file. Other files may be locked to prevent them from being printed or copied. The restriction on copying helps in licensed applications in that some individuals may use an application, through the sharing criteria, but cannot copy the application for non-licensed use.
While the above examples referred to use in notebook computers, it should be understood that other devices can implement the above described systems and methods. For example, many personal digital assistants (PDAs) have operating systems that allow them to store folders, files and applications. These PDAs can be coupled to a network and allow sharing of their resources as described above.
Similarly, mobile telephones, pagers and wireless modems also can be implemented with the systems and methods described above. In these systems, the port allows the phone or pager into the network environment when the phone or pager is turned on. Thus, when two phones or pagers are both turned on, the network environment recognizes this and allows them to exchange data such as email messages, short messages generated using Short Messenger Service (SMS), and contact information like names and phone numbers. The user of a mobile phone or pager establishes sharing criteria to prevent some other phone or pager users from obtaining information that they should not.
Shared resources are also not limited to the folder, file, application and printer examples given above. For example, scanners, ROM drives, disk drives and memory also may be shared.
In other implementations, access to the shared resources is accomplished through more than one network. As an example, referring to
In yet another implementation, the user is not given a choice with respect to selecting a network portion of the sharing criteria, but is instead defaulted into using the network ID of the network the mobile device 140 is currently coupled to.
It should also be noted that the techniques described above allow easy addition and subtraction of network users by a mobile device user. More specifically, if the sharing criteria are based solely on network identifiers, new users can be added to the network environment and obtain instant access to those resources. Similarly, when users leave a network environment (i.e., resign from employment), they lose access to that network and thus lose access to the shared resources that have the network identifier as part or all of their sharing criteria. The mobile device user does not have to individually provide new employees with access to shared resources on an individual basis but can instead have them added automatically through the use of network ID sharing criteria.
It should also be noted that there does not necessarily need to be a 1-to-1 correlation between networks and network identifiers. As shown in
Accordingly, these and other implementations are within the scope of the following claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5550981 | Bauer et al. | Aug 1996 | A |
| 5647056 | Barrett et al. | Jul 1997 | A |
| 5768516 | Sugishima | Jun 1998 | A |
| 5805924 | Stoevhase | Sep 1998 | A |
| 5812819 | Rodwin et al. | Sep 1998 | A |
| 5819047 | Bauer et al. | Oct 1998 | A |
| 5901284 | Hamdy-Swink | May 1999 | A |
| 5940591 | Boyle et al. | Aug 1999 | A |
| 5941956 | Shirakihara et al. | Aug 1999 | A |
| 6138162 | Pistriotto et al. | Oct 2000 | A |
| 6151629 | Trewitt | Nov 2000 | A |
| 6209048 | Wolff | Mar 2001 | B1 |
| 6209104 | Jalili | Mar 2001 | B1 |
| 6233543 | Butts et al. | May 2001 | B1 |
| 6233618 | Shannon | May 2001 | B1 |
| 6317797 | Clark et al. | Nov 2001 | B2 |
| 6351772 | Murphy et al. | Feb 2002 | B1 |
| 6370582 | Lim et al. | Apr 2002 | B1 |
| 6393569 | Orenshteyn | May 2002 | B1 |
| 6411943 | Crawford | Jun 2002 | B1 |
| 6418484 | Radia | Jul 2002 | B1 |
| 6442696 | Wray et al. | Aug 2002 | B1 |
| 6466804 | Pecen et al. | Oct 2002 | B1 |
| 6484174 | Wall et al. | Nov 2002 | B1 |
| 6490154 | Thompson | Dec 2002 | B2 |
| 6493825 | Blumenau et al. | Dec 2002 | B1 |
| 6519144 | Henrie et al. | Feb 2003 | B1 |
| 6542734 | Abrol et al. | Apr 2003 | B1 |
| 6546425 | Hanson et al. | Apr 2003 | B1 |
| 6580906 | Bilgic et al. | Jun 2003 | B2 |
| 6601040 | Kolls | Jul 2003 | B1 |
| 6601101 | Lee et al. | Jul 2003 | B1 |
| 6615264 | Stoltz et al. | Sep 2003 | B1 |
| 6629123 | Hunt | Sep 2003 | B1 |
| 6633759 | Kobayashi | Oct 2003 | B1 |
| 6633905 | Anderson et al. | Oct 2003 | B1 |
| 6697806 | Cook | Feb 2004 | B1 |
| 6700955 | Davis et al. | Mar 2004 | B1 |
| 6711263 | Nordenstam et al. | Mar 2004 | B1 |
| 6725238 | Auvenshine | Apr 2004 | B1 |
| 6725303 | Hoguta et al. | Apr 2004 | B1 |
| 6728885 | Taylor et al. | Apr 2004 | B1 |
| 6745047 | Karstens et al. | Jun 2004 | B1 |
| 6747961 | Ahmed et al. | Jun 2004 | B1 |
| 6754321 | Innes et al. | Jun 2004 | B1 |
| 6754826 | Challener et al. | Jun 2004 | B1 |
| 6757530 | Rouse et al. | Jun 2004 | B2 |
| 6760748 | Hakim | Jul 2004 | B1 |
| 6772331 | Hind et al. | Aug 2004 | B1 |
| 6816925 | Watts, Jr. | Nov 2004 | B2 |
| 6857068 | Moller et al. | Feb 2005 | B1 |
| 6862267 | Hughes et al. | Mar 2005 | B1 |
| 6871063 | Schiffer | Mar 2005 | B1 |
| 6917963 | Hipp et al. | Jul 2005 | B1 |
| 6917987 | Parthasarathy et al. | Jul 2005 | B2 |
| 6947398 | Ahmed et al. | Sep 2005 | B1 |
| 6981155 | Lyle et al. | Dec 2005 | B1 |
| 7032243 | Leerssen et al. | Apr 2006 | B2 |
| 7039724 | Lavian et al. | May 2006 | B1 |
| 7073055 | Freed et al. | Jul 2006 | B1 |
| 7117526 | Short | Oct 2006 | B1 |
| 7130880 | Burton et al. | Oct 2006 | B1 |
| 20020032780 | Moore et al. | Mar 2002 | A1 |
| 20020124100 | Adams | Sep 2002 | A1 |
| 20020184385 | Kato | Dec 2002 | A1 |
| 20030008680 | Huh et al. | Jan 2003 | A1 |
| 20030023725 | Bradfield et al. | Jan 2003 | A1 |
| 20030033522 | Bilgic et al. | Feb 2003 | A1 |
| 20030055912 | Martin et al. | Mar 2003 | A1 |
| Number | Date | Country |
|---|---|---|
| 2001002930 | Jan 2001 | KR |
| Number | Date | Country | |
|---|---|---|---|
| 20030023725 A1 | Jan 2003 | US |
