logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 9888039 B1

PDFFull Text
Date of Patent:
Feb. 06, 2018

Filed:

Jul. 07, 2016

Network-based permissioning system

Applicant:

Palantir Technologies Inc., Palo Alto, CA (US);

Inventors:

Mark Elliot, New York City, NY (US);

Jason Zhao, Menlo Park, CA (US);

Brian Schimpf, Vienna, VA (US);

Jacob Meacham, Sunnyvale, CA (US);

Marco Gelmi, London, GB;

Benjamin Duffield, New York, NY (US);

Savino Sguera, London, GB;

James Baker, Cambridge, GB;

Neil Rickards, London, GB;

Javier Campanini, New York City, NY (US);

Qinfeng Chen, Queens Village, NY (US);

Derek Cicerone, New York City, NY (US);

Nathan Ziebart, East Palo Alto, CA (US);

Assignee:

Palantir Technologies Inc., Palo Alto, CA (US);

Attorney:

Schwegman Lundberg & Woessner, P.A.

Primary Examiner:

Lisa Lewis

Int. Cl.
CPC ...
H04L 29/06 (2006.01); G06F 21/00 (2013.01);
U.S. Cl.
CPC ...
H04L 63/20 (2013.01); H04L 63/08 (2013.01); H04L 63/10 (2013.01); H04L 2463/121 (2013.01);
Abstract

Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. Example embodiments involve evaluating user access permissions with respect to shared data resources of a group of network applications. The method includes receiving a request, from one of the network applications, to access a particular data resource. The request includes an identifier of a requesting user. The method further includes accessing a policy object associated with the data resource that includes policy information specifying operations the user is authorized to perform with respect to the data resource based on satisfaction of one or more conditions. The method further includes evaluating the user's access permissions with respect to the data resource based on the policy object, and communicating a response to the network application that includes the access permission of the user.

Find Patent Forward Citations

Loading…