System and method for limited user access to network document

FIELD: information technologies.

SUBSTANCE: system includes component of documents storage for storage of documents having associated level of access, component of server to receive document request from user, association of document request with level of access of requested document and sending server request, if level of access is limited, component of facility for control of document for reception of server request, sending request of control facility into component of documents storage, reception of document without limitations from component of documents storage, document processing without limitation for limitation of access rights in compliance with level of access and dispatch of restricted document to server in order to make it possible for user to obtain access to restricted document.

EFFECT: limited access of users to critical materials in network document.

25 cl, 7 dwg

 

Prior art

With the advent and rapid growth of the Internet, computer users are accustomed to easy virtual access to any type of electronic document from virtually any location. In particular, the proliferation of the world wide web ("Web") and application programs, Web browsers have made a very easy access to many types of documents, such as text and graphic documents. Through the application program of the Web browser the user can access and view many types of electronic documents without the need to install additional software.

In light of the proliferation of Internet, documents can be distributed in a number of ways. In order for other users to have access to the contents of a document can be created copies of this document or its parts. For example, in many scenarios, the document is sent to other users via e-mail (e-mail). Users who accept the document can then analyze the document to manipulate the document or add a document to another application. Alternatively, the document can be saved on a file sharing server, where multiple users can access the contents of the document. In such situations, the user is and accept the document without restriction and can modify, to manipulate or copy the information in any way they see fit.

Summary of the invention

There may be some situations when the administrator of the document is not willing to provide the client with full rights to work with the document. For example, a document may contain sensitive information (for example, links to external data or data that constitute intellectual property. In this situation, the administrator of the document can allow the client to view the document, but not to see the basic formulas, expressions, or equations that make up the document. In other situations, the administrator of the document may not want the client reviewed the edits or the previous version of the document. Moreover, in other situations, the administrator of the document may not want the client saw the personal information in the document. In other situations, the administrator of the document can support one master document that cannot be changed viewing clients. In such cases, the administrator of the document can give only limited access rights.

Aspects of the present invention relate to a system and method for restricting user access to critical materials in the network document, while the user of the war is Vlada non-critical materials. One aspect of the invention contains implemented by the computer a way to limit access to the network document. Implemented by computer, the method can include the steps of receiving a query document and determine the level of access to this document. Implemented by computer, the method can also include the steps of receiving a document in which with respect to associated with the document data, there are no restrictions, and applying the document, in conformance with a certain level of access so that at least a portion of the data associated with the document, was unavailable.

In accordance with another aspect of the present invention the present invention may contain machine-readable medium having Mashinostroenie instructions for receiving the request document on behalf of a client that has limited access rights, and retrieve the requested document without restrictions on behalf of the client. The instructions can also include the steps of processing the requested document without restrictions with purpose restrictions on at least a portion of the document in accordance with restricted access rights and the access client to the document with the imposed restrictions.

In addition, another aspect of the present invention may include readable medium having a storage component of the document is in, the server component and controls document. Component document repository may be configured to store documents having an associated access level. The server component can be configured to receive a query document, Association request document access level requested document and send server request if the access level is limited. Component controls the document can be configured to receive a request from a server, sending a request from the component controls in the component store documents, receiving unrestricted document from the component document storage, document processing without restrictions to limit rights in accordance with the level of access and departure document with the imposed restrictions on the server.

List of figures

Figure 1 - illustrative computing device that may be used in one aspect of the present invention.

Figure 2 - illustrative mobile device that can be used in one aspect of the present invention.

Figure 3 - illustrative system for extracting document without restrictions from the server, which can be used in one aspect of the present invention.

4 is an illustrative element of this is subramania, where the user has full rights to the spreadsheet document.

5 is an illustrative system for extracting document with the imposed limitations of the server, which can be used in one aspect of the present invention.

6 is an illustrative element of the present invention, where a user may have limited rights to the spreadsheet document.

7 is a logical block diagram of one aspect of the present invention.

Detailed description of the invention

Embodiments of the present invention will hereinafter be described in more like with reference to the accompanying drawings, which form part of the description and which represent by means of illustration specific exemplary embodiments of implementation for the practical implementation of the invention. This invention, however, can be implemented in many other forms and is not intended to be limited options for implementation presented herein; rather, these embodiments of provided for this presentation was comprehensive and complete, and to more fully convey the scope of the invention to specialists in this field of technology. Among other entities, the present invention can be implemented as a method or device. Thus, the present invention may be f the RMU fully hardware options implementation fully software option implementation or an implementation option, combining software and hardware aspects. Therefore, further detailed description should not be taken in the sense of the constraint.

Illustrative embodiments of the method and system for restricting user access to a network document

Figure 3-6 presents a General overview of the present invention and the illustrative details regarding the possibility of using the present invention. The present invention relates to a system and method for restricting user access to critical data in a network document. Even if the present invention is described here with reference to the document in the form of a spreadsheet may also be restrictions on other documents, such as Word documents, ADOBE documents, workbooks, Web pages, email messages, notes, or other types of documents where it is desirable to limit access rights. It will be obvious that, in accordance with one embodiment, the document in the form of a spreadsheet containing the application program work with EXCEL spreadsheets from MICROSOFT CORPORATION, the headquarters of which are hosted in Redmond, Washington.

In one General example of the present invention, the administrator of the document can manage documents is om, which contains critical information. In order for other users to have access to the contents of a document may be made and distributed copies of the document or its parts. For example, in many scenarios, the document is sent to other users via e-mail (“e-mail”). Users who accept the document can then analyze the document to manipulate the document or add a document to another application.

Alternatively, the document can be saved on the server, file sharing, where multiple users can access the contents of the document. 3 and 4 are illustrative aspect of the present invention for comparison with figure 5 and 6 as additionally set forth. System 300 represents a General view of the system to access documents on the server. The system 300 includes a client 302 with access to the server 304 via the network 306. The client 302 may include any type of client that has access to the server 304. The client 302 may include a computing device such as computing device 100 described in connection with figure 1. The client may also include a mobile computing device, such as mobile computing device 200 described in connection with figure 2. The client 302 may contain one who knogo user, a user group or network of users.

The client 302 may include a number of program modules and data files stored on the client 302. The client 302 may have a Web-browser, which is configured to request, receive, render, and provide interactivity in relation to electronic documents such as Web pages that are formatted using HTML. In accordance with one embodiment of the invention, the application Web browser contains an application program of the Web browser INTERNET EXPLORER from MICROSOFT CORPORATION. It should be noted, however, that other applications Web browser from other manufacturers can be used to implement various aspects of the present invention, such as the Web-browser FIREFOX from the MOZILLA FOUNDATION, headquartered in Mountainview, California.

The server 304 may include any type of server, which made access to the database 308 content (information meaningful content). In one embodiment, the server 304 is a file server share. It should be noted that, in accordance with another embodiment of the invention, the server 304 is a WINDOWS SHAREPOINT SERVER from MICROSOFT CORPORATION. In addition, in another embodiment of the invention, the server 304 with which contains the EXCEL CALCULATION SERVER from MICROSOFT CORPORATION.

As an example of learning through the Internet document in the form of a spreadsheet, the client 302 may access the computing server spreadsheet via the Internet. Access may take the form of a query document. The query document is to identify the client making the request, and a uniform resource locator ("URL") of the requested document. The server 304 can then verify. The server 304 accesses the database 308 content to certify that the client has access rights to the document. In one embodiment, access rights are defined by the access control list ("ACL"), an associate with the document. ACL can contain a set of data that inform the operating computing system regarding permissions or access rights that each user has to a particular system object, such as a directory or file. If the client 302 has unlimited rights to use the document, the document is sent from the database 308 content server 304. In situations where the network includes Internet, intranet, or the like, the server 304 may then process the document so that it was in the form view for the client. In one embodiment of the present invention, the server converts the document is a hypertext markup language (HTML), to enable the user to view the document. However, it is possible that the client has access to the document line via the Internet. Other processing on the server will be further described below.

4 shows an illustrative element of the present invention, where the user has unlimited rights in respect of the spreadsheet document. Web page 400 may include a representation of the document in the spreadsheet view. In particular, the Web page 400 may include HTML and scripts (programs in the macro language), which, when displayed by the Web browser, provide a visual display of the spreadsheet. In addition, included in a Web page scripts allow the client to interact with the displayed image and to modify the spreadsheet. Web page 400 may include a number of columns 402 together with many lines 404. Columns 402 and line 404 intersect in various cells, such as cell 406. In many situations, the cell 406 contains the calculated value or number. To calculate the number or value may be the result of a formula or dependence. In a situation where the client has unrestricted access to the Web page 400, box 408 formulas can be placed on top of the spreadsheet to display the formula related to the cell 406.

As alleged is camping by the present invention, there may be some situations when the administrator of the document don't want a client had full access rights to the document. For example, a document may contain critical information (for example, links to external data or data that constitute intellectual property. In this situation, the administrator of the document can allow the client to view the document, but without seeing the underlying formulas, expressions, or equations that make up the document. In other situations, the administrator of the document may not want the client saw a hotfix or an early version of the document. In addition, in other situations, the administrator of the document may not want the client saw confidential information in the document. In such cases, the administrator of the document can give only limited access rights. Such limited rights may include the right to read, exercise right, the right of removal, the right view and so on, In one preferred embodiment of the present invention, the administrator of the document gives the customer the right view.

Figure 5 and 6 shows an illustrative aspect of the present invention for comparison with figure 3 and 4, described previously. Figure 5 presents one aspect of a system and method for restricting user access to a network document, and Fig presents illustrative element of the present invention, where the user has limited rights to the spreadsheet document.

System 500 is a General view of the system to access the document associated with restricted rights. The system 500 includes a client 502, which requests access to the document. The client 502 described above in connection with figure 3. The client 502 may have access to the network 504. The network 504 may include any type of network. In one embodiment, the network includes the Internet. The system 500 also includes a server 506. The server described above in connection with figure 3, however, in one embodiment, process 500, the server is a WINDOWS server, SHAREPOINT SERVER from MICROSOFT CORPORATION.

Reference number 508 corresponds to the management tool document. Management tool 508 document may include several embodiments. In one embodiment, the management tool 508 document is an application or program associated with the server 506. In another embodiment, the management tool document is based on a Web application. In addition, in another embodiment, the management tool document is computing server spreadsheet. Patent application No. 10/607780, filed June 27, 2003 and entitled "METHOD AND APPARATUS FOR VIEWING AND INTERACTING WITH A SPREADSHEET FROM WITHIN A BROWSER", is included here through the links to provide detailed case for one type of control means 508 document. As more fully set forth management tool 508 document processes document for the imposition of restrictions on the information proprietary or sensitive data.

The process 500 also includes a database 510 content and configuration account 512. Database 510 content includes a document repository, user accounts and customers ' rights. Configuration account 512 contains information about the server configuration. For example, the configuration account 512 may contain data that show that the management tool 508 document is available to the server 506.

When explaining the system 500 references will be made to the spreadsheet document, a computer server, spreadsheets, WINDOWS server, SHAREPOINT SERVER and right view. These links are provided only with an explanatory purpose. In the form of the presentation here can be used multiple configurations of the system 500. May also be imposed various restrictions on the document in addition to the rights set out above. In addition, the system 500 can be used with several types of documents in addition to the spreadsheet document.

In one embodiment, the client 502 sends a request document to the server 506. The request document may contain the customer selects a document, solirovanie with the server. The query document is to identify the client making the request, and a uniform resource locator ("URL") of the requested document. The server 506 may then perform a check to determine whether the user has unlimited rights in respect of the requested document by comparing the URL and the client information database 510 content. Database 510 content may include the storage of documents and the rights to these documents. In one embodiment, the customer's rights associated with the document in the form of ACL. In a situation where the rights of the client indicates that the client has unlimited rights to the document, the process continues as described above in connection with figure 3.

In comparison with figure 3 may be several situations where the client 502 has limited rights to the requested document. If the user is fully restricted (no rights) from the access server 506 may send to the client 502, a message indicating that the client 502 is restricted from access. In another embodiment, if the client is restricted from access to the document, the client will not be able to see the icon of the document when accessing the server 506. In other words, the client 502 does not recognize that the document exists when the client 502 connect to the server 506.

Another is Etoile client 502 may be given limited rights to the document. Such limited rights may include, but is not in a restrictive sense, read right, exercise right, the right to remove or the right view. In one embodiment, the limited right is a right view. When the setting is a limited right, the database 510 receives the URL of the content and the user information from the server 506. In one embodiment, this information is compared with the ACL associated with the requested document. ACL can identify the document and the client's rights on this document. Additionally, it is assumed that the header or footer of the document can identify the document and the rights of the client to the document. In situations where the client 502 has only a limited right, the server 506 specifies whether the configuration of the system 500 to convey with the imposed constraints document to the client 502. As more accurately installed below, if the system 500 can not guarantee that the whole material constituting intellectual property or sensitive material removed from a document, the client 502 is completely restricted from access to the document.

Once you have identified a limited right, the configuration of the system 500 is checked in connection with the configuration account 512. Configuration account 512 contains the information associated with the configuration of the system 500. In the example, configuration account 512 may contain information regarding available programs, modules, or the appropriate servers. Configuration account 512 may also indicate whether the server 506 can access the management tool 508 document. If the client 502 has a limited right, but the server does not have access to the management tool 508 document, the server 506 may indicate to the client 502 that the client 502 has no rights on this document. If the client 502 has a limited right and the server has access to the management tool 508 document, but the link between the server 506 and management tool 508 document interrupted, the server 506 may indicate to the client 502 that the request has timed out, the timeout of. If the client 502 has a limited right and the server has access to the management tool 508 document, but the link between governance 508 document and database 510 of the content is interrupted, the server can tell the client that the request has timed out limit timeout.

When defined and limited right management tool 508 document associated with the server 506, the server 506 may send a request to the management tool 508 document on behalf of the client 502. The request can show the client identifier 502 and the URL of the document, as set out above. In one embodiment, the present invented the I, the management tool document includes computing server spreadsheet, as illustrated by the included patent application No. 10/607780 as set out above. In another embodiment, the control document is the application on the server 506. In addition, in another aspect of the present invention, the management tool document includes opissyvayusya on the Web program. Means and other types of tools for managing documents, if only management tool document was made with the possibility of processing of the document. The management tool document sends the content database query management tools, requesting unrestricted access to the document, on behalf of the client 502. The request control means includes at least a URL of the requested document. Database 510 responds to the request controls the transmission of the document without restriction means 508 management document.

After the tool 508 of the document management accepts the document, the document can be processed. Patent application No. 10/903568, filed July 30, 2004 and entitled "METHOD, SYSTEM AND APPARATUS FOR EXPOSING WORKBOOK AS DATA SOURCES, are included in the present description by reference to detailed illustrative case for one type of processing. Patent application No. 10/85875, filed June 1, 2004 and entitled "METHOD, SYSTEM AND APPARATUS FOR EXPOSING WORKBOOK RANGES AS DATA SOURCES, are included in the present description by reference to detailed illustrative case for another type of processing. Patent application No. 10/858190, filed June 1, 2004, entitled "METHOD, SYSTEM AND APPARATUS FOR DISCOVERING AND CONNECTING TO DATA SOURCES", included in the present description by reference to detailed illustrative case for another type of processing.

Document processing can also include the imposition of a management tool 508 document restrictions on access to parts of the document. For example, if the document is a spreadsheet document, a management tool document may limit access to basic formulas in the spreadsheet. Management tool 508 document can handle the spreadsheet to remove the formula cells 408, as shown in figure 4, and thus to limit the client's access to the basic formula of the cell. As another example, the management tool 508 document can prevent client access to personal notes, drafts of the document, revisions, drafts, links to external data and other critical material. In addition, in another embodiment, the management tool 508 document may be created based on the Web PR is dostavlenie document which does not include intellectual property or sensitive data. This is based on the Web representation may include a representation of an extensible markup language ("XML") or the HTML view of the document. From based on Web view can be excluded representation of critical material.

After a document is processed by the tool 508 of the document management tool 508 management document passes with the imposed restrictions document on the server 506. In a situation where the tool 508 management document is the application server 506, the tool 508 management document may transfer the document to another application for further processing. In one embodiment of the present invention, the server 506 may perform additional processing of the document, such as document conversion from XML to HTML. The server 506 can then pass available for viewing with the imposed constraints document to the client 502.

In comparison with figure 4, figure 6 presents an illustrative element of the present invention, where the user has limited access to the spreadsheet document. Web page 600 may include viewable representation of the spreadsheet document. In particular, the Web page 600 may include HTML and scripts that, when displaying Web-browser is, provide a visual display of the spreadsheet. In addition, included in a Web page scripts allow the client to interact with the image and modify the spreadsheet. However, fully within the scope of the present invention to be what the spreadsheet document corresponds to all or part of a valid spreadsheet file, and not the view. In comparison with figure 4, in a situation where the client has limited access to the Web page 600, the Web page 600 has an open field 602, the formula cell is not located on top of the spreadsheet and basic critical information is unavailable to the client. As stated above, it is assumed that any type of critical information can be restrictions in any type of documents.

Figure 7 shows the logical block diagram of one aspect of the present invention. The process begins at step 702 the beginning and continues to step 704, where the request document is sent to the server. The request document can be sent from a client that has access to the Internet, such as request, disclosed above in connection with figure 3. However, in another aspect of the present invention, the request is sent to the private network. In one embodiment, the request includes the URL of the document and the identity of the client making the request.

The process 700 continues at this the PE 706, where defined, is limited to whether the client from access to the document. As established earlier, this limitation can be determined by comparing the ACL of the document with the client associated with the request. If the ACL indicates that the client is not restricted in access, then the process 700 proceeds to step 708, where the server provides access to the document repository, and the entire document without restrictions is sent to the client, as further defined above. Again, it is assumed that other indicators, in addition to the ACL, can show rights. Other indicators can include the header, footer, or a separate application program associated with the server. In one embodiment of the present invention, the server processes the document so that the document was available to the client for viewing via the Internet. After sending the document without restriction to the client, the process 700 ends at step 730.

If access is limited, the process 700 proceeds to step 710, where it is determined whether the restriction full restriction. If the constraint is full limit, the client is not allowed any access to the document, as shown at step 712. In one embodiment, the present invention ACL associated with a document may indicate that the customer does not have access rights to dokumentu. If the client does not have access rights to the document, all access is limited to the document and the server can send a message to the client indicating that the access is limited. In another embodiment, if the client is restricted from access to the document, the client will not be able to see the icon of the document when accessing the server. In other words, the client will not know that the document exists when the client connects to the server. After step 712, the process ends at step 730.

If the client has limited rights, then the process 700 proceeds to step 714, where the server determines whether the configuration is sent to the client document with the imposed restrictions. As more fully described above, the client may be sent an error message or a message about the time limit is exceeded, as shown at step 716, if the configuration is not adequate.

If the client has limited access rights to the document and the access is adequate, the process 700 proceeds to step 718. At step 718, the server sends the request to the server management tool document. Request to the server to indicate the client and the URL of the document, as described above. The process then continues to step 720, where the management tool document accepts the request to the server and sends the request to the controls in the content database from the name to the rate. Query management tools can be a request for unrestricted access to the document.

The process 700 proceeds to step 722, where the database sends the administrator of the document unlimited document. Such a document without limitation, may include the raw document. As more fully described above, the management tool document can process the document to at least restrict access to parts of the document. For example, if the document is a spreadsheet tool management document may limit access to basic formulas in the spreadsheet. The management tool document can handle the spreadsheet document to remove the formula cells, thereby limiting access to the basic formula of the cell. In another embodiment, the management tool, the document may be created based on the Web view the spreadsheet, which does not include data that constitute intellectual property or sensitive data. So, based on the Web representation may include a representation of an extensible markup language (XML) or HTML representation of the spreadsheet document. Additionally, it is assumed that the management tool document may indicate critical material remotely in any number of documents to olnine documents spreadsheets. Such other documents may include document processing words, Internet document, image document, note or e-mail. It is also assumed that the management tool document additionally processes the document to the user using the document. Such processing is advanced above in connection with figure 5.

The process 700 continues to step 726, where the management tool document sends the document with the imposed constraints (or representation of the document) to the server. As stated above, in one embodiment of the present invention, the server may perform additional processing on document with the imposed restrictions, such as converting a document from XML to HTML. The process 700 proceeds to step 728, where the client is allowed to access the document with the imposed restrictions. This restriction may include the restriction of the rights of the client view. Assumed and other types of restrictions on the rights, as more fully described above. Then the process continues at step 730 the end, where the process 700 ends.

Illustrative operating environment

In accordance with figure 1 illustrative system for implementing the invention includes a computing device, such as vychislitelnykhsistem 100. In the basic configuration, computing device 100 typically includes at least one module 102 of the data processing and system memory 104. Depending on the exact configuration and type of computing device, system memory 104 may be volatile (such as RAM), non-volatile (such as ROM, flash memory, etc. or some combination of these two types of memory. System memory 104 typically includes an operating system 105, one or more applications 106, and may include data 107 programs. In one embodiment, applications 106 further include the application 120 for communication with the network. This basic configuration is shown in figure 1 with its components inside the dashed line 108.

Computing device 100 may have additional features or functionality. For example, computing device 100 may also include additional data storage devices (removable and/or neshaminy), such as, for example, magnetic disks, optical disks or tapes. Such additional data storage device is presented in figure 1 removable drive 109 and non-removable storage 110. Computer storage media may include volatile and nonvolatile, removable and non-removable device implemented in any way and the technology to store information, such as machine-readable instructions, data structures, program modules or other data. System memory 104, removable storage device 109 and non-removable storage 110 are all examples of computer storage media. Computer storage media include, but are not in a restrictive sense, RAM, ROM, electrically considered programmable ROM (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical media, magnetic cassettes, magnetic tape, magnetic disks or other magnetic storage devices, or any other medium that can be used to store the desired information and which can access the computing device 100. Any such computer storage media may be part of device 100. Computing device 100 may also have a device(a) input 112 is(s) as the keyboard, mouse, pen, audio input device, touch input device, etc. Device(s) output 114, such as a display, speakers, printer, etc. may also be included in the composition. All these devices are well-known experts in this field and do not need further details here.

Computing device 100 also contains a compound(I) connection 116, which allows the device to communicate with friends and computing devices 118, such as an external network or a wireless cellular network. The compound(I) of the connection 116 is an example of communication media. The communication environment is typically embody computer-readable instructions, data structures, program modules or other data in a modulated information signal, such as carrier wave or other transport mechanism and includes any information delivery. The term "modulated information signal" means a signal, one or more characteristics which set or changed in such a way as to ensure the encoding of information in the signal. As an example, and without limitation of the communication environment includes a wired medium, such as a wired network or direct-wired connection, and wireless environments, such as acoustic, RF, infrared and other wireless environments. The term "machine-readable medium", as used here, includes both storage media and communication environment.

Figure 2 presents a mobile computing device that can be used in one illustrative embodiment of the present invention. According to figure 2, one illustrative system for implementing the invention includes a mobile computing device, such as mobile computing devices is 200. Mobile computing device 200 has a processor 260, a memory 262, a display 228 and keypad 232. The memory 262, generally includes both volatile memory (e.g., RAM)and nonvolatile memory (such as ROM, flash memory or the like). Mobile computing device 200 includes an operating system 264, such as the Windows CE operating system from Microsoft Corporation or other operating system that resides in memory 262 and executed by the processor 260. Keypad 232 may be a push-button keypad for dialing (such as on a regular phone), multi-button keypad (such as a conventional keyboard). The display 228 may be a liquid crystal display or any other type of display commonly used in mobile computing devices. The display 228 may be touch and then will function as an input device.

One or more application programs 266 loaded into memory 262 and running the operating system 264. Examples of application programs include a program, a set of telephone numbers, work programme with electronic mail (e-mail), program planners, program, personal information management (PIM), word processing program, spreadsheet, browser, Internet, etc. In one the m of the embodiment, application 266 also include application 280 for communication with the network. Mobile computing device 200 also includes non-volatile storage 268 within the memory 262. Non-volatile storage 268 may be used to store persistent information which should not be lost if the mobile computing device 200 is turned off. Applications 266 may use and store information in the storage 268, such as e-mail or other messages used by an e-mail application, contact information used by PIM, information about meetings, used by the scheduler, documents used by a word processing application, etc.

Mobile computing device 200 has a source 270 power supply, which may be implemented as one or more batteries. Source 270 power supply may further include an external power source, such as AC current or battery charger that supports or recharge the batteries.

Mobile computing device 200 is presented with two types of external notification mechanisms: an led (LED) 240 and audio interface 274. These devices can be directly connected to the source 270 power to ensure that when activated, they remain on for the duration prescribed by the mechanism Uwe is online, even if the processor 260 and other components can be disabled to save power batteries. Led (LED) 240 may be programmed to remain on indefinitely until the user takes action to indicate active status. Audio interface 274 is used to provide audible signals to the user and receiving from him audible signals. For example, audio interface 274 may be connected to the speaker for providing audible output signal and a microphone for receiving audible audio input signal to provide a telephone conversation.

Mobile computing device 200 also includes a level 272 radio interface, which performs the function of transmission and reception, such as in radio frequency communications. Level 272 radio interface provides a wireless connection between the mobile computing device 200 and the outside world through the operator or service provider (ISP) services. Transfer at level 272 air and from it run under the control of the operating system 264. In other words, transfer, accept level 272 of the radio interface can be extended by application programs 266 through the operating system 264, and Vice versa.

The above described is e, examples and data provide a complete description of the manufacture and use of the composition of the invention. Since many embodiments of the invention may be created without departing from the essence and scope of the present invention, the invention is enclosed in the claims attached below.

1. Implemented by the computer method of restricting access to critical data network spreadsheet document containing phases in which:
take on the server the request of the spreadsheet document, and the request of the spreadsheet document includes a client identifier that identifies the client making the request of the spreadsheet document, and a resource identifier that identifies a location of the requested document in a spreadsheet;
on receiving the above request to the server to access the content database associated with the server to determine access rights based on the client identifier and the resource identifier from the request for the spreadsheet document;
when certain access rights are unlimited, send from the server to the requesting client a spreadsheet document without restriction;
when certain access rights are fully disabled, send from the server to the requesting client a message indicating that the access is not permitted;
when certain access rights are limited, access to the configuration server account to determine whether the management tool spreadsheet document to the server;
when certain access rights are limited and management tool spreadsheet document is not available for the server, sent from the server to the requesting client a message indicating that access is not allowed;
when certain access rights are limited and management tool spreadsheet document is available to the server, send the server management tool spreadsheet document request document spreadsheet, which imposed restrictions on behalf of the client,
based on the request from the server is sent from the management tool spreadsheet document in a content database query requesting the spreadsheet document without restrictions
based on the request from the management tool spreadsheet document get the spreadsheet document without restriction in the management tool spreadsheet document,
after taking the spreadsheet document without restriction to process the spreadsheet document without restriction in the management tool spreadsheet document for fo the creation of a spreadsheet document with restricted access, moreover, this treatment imposes a restriction on access to critical data on the basis of the specified access rights from the content database,
after processing, send the spreadsheet document with restricted access management tool spreadsheet document on the server, and after receiving the spreadsheet document with restricted access on the server send the spreadsheet document with restricted access to the client making the request, the client is restricted from access to critical data requested spreadsheet document.

2. Implemented by the computer method according to claim 1, in which the server is at least one of a Web server and share server files.

3. Implemented by the computer method of claim 1, wherein access to the content database associated with the server to determine access rights includes at least one of access to the access control list that includes a list of rights associated with the user, access to the requested document, spreadsheet and determine access rights of the header of the spreadsheet document, access to the requested document, spreadsheet and determine access rights from the footer of a document, spreadsheet, and access to a separate program for measuring the population's access rights.

4. Implemented by the computer method according to claim 1, in which unrestricted access include unrestricted access to the value of the spreadsheet document and the formula associated with this value of the spreadsheet document.

5. Implemented by the computer method according to claim 1, in which limited access rights include the right of the view.

6. Implemented by the computer method according to claim 1, in which limited access rights include at least one of read access, law enforcement and the right of removal.

7. Implemented by the computer method according to claim 1, in which limited access rights include the right to view the value of a spreadsheet document and a limitation on the view the formula that led to this value of the spreadsheet document.

8. Implemented by the computer method of claim 1, wherein the management tool spreadsheet document represents at least one application associated with the server-based Web applications and computing server spreadsheet.

9. Implemented by the computer method according to claim 1, in which critical data includes at least one of the references to external data, data that constitute intellectual property, formulas, equations, patch, version, and personal information is.

10. Implemented by the computer method of claim 1, wherein the document processing spreadsheets without restriction in the management tool spreadsheet document to generate document spreadsheet with limited access includes at least one of the formation of the spreadsheet document with restricted access in the form of an XML document and generate spreadsheet document with restricted access in the form of an HTML document.

11. Implemented by the computer method of claim 1, wherein sending the spreadsheet document with restricted access to the client that made the request includes, before sending the spreadsheet document with restricted access, convert spreadsheet document with restricted access in at least one of the XML version of the spreadsheet document with restricted access and HTML versions of the spreadsheet document with restricted access.

12. Machine-readable media having executable computer commands to restrict access to critical data network document, and these commands require:
to take on the server, the query document and the query document includes a client ID that identifies the client making the request document;
on receiving the above request to the server is re to access the content database server to determine access rights based on the client identifier;
when certain access rights are limited,
to access the management tool document to generate document to which the restrictions, on behalf of the client,
send from funds management document in the content database query requesting the document without restrictions
based on the request from the management tools document to obtain a document without restriction in the management tool, document,
to process the document without restriction in the management tool document to generate a document with restricted access, and when this processing is subject to a restriction on access to critical data on the basis of the specified access rights from the content database,
to send the generated document with restricted access management tool to document on the server and
to send a document with restricted access to the client making the request, the client is restricted from access to critical data of the requested document.

13. Machine-readable media according to item 12, the server is at least one of a Web server and share server files.

14. Machine-readable media according to item 12, in which access to the content database associated with the server to determine access rights includes at least one access control list access includes a list of rights associated with the user, access to the requested document and determine access rights of the header of the document, access to the requested document and determine access rights of the footer of the document, and access to the individual program to determine access rights.

15. Machine-readable media according to item 12, which limited access rights include the right of the view.

16. Machine-readable media according to item 12, which limited access rights include at least one of read access, law enforcement and the right of removal.

17. Machine-readable media according to item 12, which limited access rights include the right to view the value of the document and the restriction to view the formula that led to this document.

18. Machine-readable media according to item 12, in which the management tool document represents at least one application associated with the server, and based on the Web application.

19. Machine-readable media according to item 12, in which critical data includes at least one of the references to external data, data that constitute intellectual property, formulas, equations, patch, version, and personal information.

20. Sityva the range of computer media on p.12, in which document processing without restriction in the management tool document to generate a document with restricted access includes at least one of a document with restricted access in the form of an XML document and generating a document with restricted access in the form of an HTML document.

21. Machine-readable media according to item 12, in which the sending of a document with restricted access to the client that made the request includes, before sending a document with restricted access, document conversion is restricted in at least one of the XML version of the document with restricted access and HTML version of the document with restricted access.

22. Machine-readable media according to item 12, in which the document is at least one document, spreadsheet, document, applications, text processing, document, workbook, Web page, email message and document notes.

23. A system for restricting access to critical data network document containing:
processor and
a memory in which are stored Mashinostroenie team adapted in order
to take on the server, the query document and the query document includes a client ID that identifies the client making the request document;
on the Riem above-mentioned request to the server to access the content database server to determine access rights based on the client identifier;
when certain access rights are limited,
to access the management tool document to generate document to which the restrictions, on behalf of the client,
send from funds management document in the content database query requesting the document without restrictions
based on the request from the management tools document to obtain a document without restriction in the management tool, document,
after receiving the document without restriction to process the document without restriction in the management tool document to generate a document with restricted access, and when this processing is subject to a restriction on access to critical data on the basis of the specified access rights from the content database,
after processing to send the generated document with restricted access management tool to document on the server, and after receiving the generated document with restricted access on the server to send the document with restricted access to the client making the request, the client is restricted from access to critical data of the requested document.

24. The system according to item 23, in which the processing of the document without restriction in the management tool document to generate a document with restricted access includes at least one of the creation the document with restricted access in the form of an XML document and generating a document with restricted access in the form of an HTML document.

25. The system according to item 23, in which the sending of a document with restricted access to the client that made the request includes, before sending a document with restricted access, document conversion is restricted in at least one of the XML version of the document with restricted access and HTML version of the document with restricted access.



 

Same patents:

FIELD: information technologies.

SUBSTANCE: it is identified, whether periodical information that indicates periodical transfer of program in broadcast mode is contained in received broadcasting signal; program is registered in information on programs preview, if at the stage of identification it has been identified that periodical information on the program is contained in broadcast signal; and user is notified on time of program broadcast before time of program broadcast on the basis of information on program preview.

EFFECT: provides for the possibility to receive broadcast and to automatically notify user about broadcast, which user always or periodically reviews.

19 cl, 5 dwg

FIELD: information technologies.

SUBSTANCE: system for distribution of content to device provides for linking of collection of sets with supplier, linking set of links with set, linking set of channels with link, and makes it possible to link subscription for a collection of services with supplier, at the same time the channel is provision of service depending on supplier linked to service.

EFFECT: development of system for distribution of content for user device in network of data transmission, which flexibly supports multiple pickers of content and subjects of consumer support.

6 cl, 11 dwg

FIELD: physics, communications.

SUBSTANCE: invention relates to communication engineering. Method and device are proposed, which enable delivery to a mobile terminal of a program service indicator of a second broadcast/multicast system in form of a program of a first broadcast/multicast system. Upon request, the service indicator of the second broadcast/multicast system is transmitted to the mobile terminal in form of a content element packed as a program in the service indicator of the first broadcast/multicast system through an adaptation function. The adaptation function provides the connection between the server of the first broadcast/multicast system and the server of the second broadcast/multicast system.

EFFECT: higher reception quality and speed of transmitting data using a portable device.

30 cl, 4 dwg

FIELD: physics, communications.

SUBSTANCE: invention relates to communication networks and is specifically designed for providing terminal initialisation in a communication network. A device and a method are proposed for a digital broadcast system, which enable transmission of terminal initialisation as a service or as access to a service. The terminal initialisation function can provide a terminal or group of terminals with configuration parametres, data or applications, for instance. Terminal initialisation can be transmitted in an ESG fragment which can include, for instance a service fragment, an access fragment or a content fragment. In one example the ESG service fragment can include a parametre which determines the type of the service fragment. The type of the service fragment can be indicated as a terminal initialisation service. In another example the ESG access fragment can include a parametre for indicating terminal initialisation as service or as access to a service. The content fragment can also contain terminals initialisation messages in form of files.

EFFECT: efficient and reliable terminal initialisation in a communication network.

64 cl, 8 dwg

FIELD: physics, communications.

SUBSTANCE: invention relates to communication networks and is specifically designed for providing terminal initialisation in a communication network. A device and a method are proposed for a digital broadcast system, which enable transmission of terminal initialisation as a service or as access to a service. The terminal initialisation function can provide a terminal or group of terminals with configuration parametres, data or applications, for instance. Terminal initialisation can be transmitted in an ESG fragment which can include, for instance a service fragment, an access fragment or a content fragment. In one example the ESG service fragment can include a parametre which determines the type of the service fragment. The type of the service fragment can be indicated as a terminal initialisation service. In another example the ESG access fragment can include a parametre for indicating terminal initialisation as service or as access to a service. The content fragment can also contain terminals initialisation messages in form of files.

EFFECT: efficient and reliable terminal initialisation in a communication network.

64 cl, 8 dwg

FIELD: information technologies.

SUBSTANCE: mobile terminal for performance of operations with broadcast content comprises controller able to control client application. Client application may perform operations including work in recording mode. In recording mode client application may record content for selected channel and save recorded content in data base. In response to changing channel from selected channel to another channel, client application may initiate time-out of recording for selected channel. Client application may reset time-out of recording for selected channel at each subsequent event of changing channels back to selected channel. However, if time-out of recording expires before its reset at the following event of changing channels back to selected channel, client application may terminate recording of content for selected channel.

EFFECT: reduction of delay related to switching of channels.

27 cl, 30 dwg

FIELD: information technologies.

SUBSTANCE: method is proposed for generation of digital broadcasting transport flow pack, including formation of transport flow pack comprising filling area for insertion of available data of subsidiary reference sequence (SRS), randomisation of pack, which includes filling area, and SRS-data is inserted into filling area of randomised packet, addition of parity for correction of errors in pack, where SRS-data is inserted, pack, in which parity has been added, is alternating, and its trellis coding is carried out. Signal of segment synchronisation and signal of field synchronisation are inserted into pack produced by trellis coding, and modulation is carried out with vestigial sideband (VSB) and RF-transformation of pack for transfer of VSB-modulated and RF-transformed pack.

EFFECT: improved efficiency of reception in receiving system and support of compatibility with existing digital broadcasting transmitting receiving system.

23 cl, 14 dwg

FIELD: information technology.

SUBSTANCE: presentation associatively related to a basic service and an additional presentation associatively related to an additional service are received. Also the devices and methods include provision for a channel set up in the device, where the set up channel is based on the combination of at least part of the basic service with at least part of the additional service.

EFFECT: possibility of content distributors customising content presented to their subscribers when on service is offered by several content distributors.

51 cl, 21 dwg

FIELD: physics, communications.

SUBSTANCE: invention relates to multimedia transmission systems, specifically to methods and a device for acquiring services. Proposed is a service acquisition device which has a source coder configured to generate one or more channel switch video (CSV) signals, which is an independently decoded version of a low-resolution video for the selected channel in a received multiplex transmission and associated one or more multimedia signals, an error coder configured to code CSV signals and multimedia signals for formation of coded error blocks, and a linker configured to encapsulate coded error blocks into a multiplex transmission signal.

EFFECT: fast acquisition of a service and/or switching between services in multiplex transmission.

60 cl, 23 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to content distribution systems and specifically to a device and methods of subscribing for opening and closure of packets. The technical result is achieved due to that program package information containing attributes of the channel package for presenting multimedia information is provides. Further, the subscription characteristic which determines possibility of subscription for a package and presentation of the program package information on the device is determined. The device can compare the subscription characteristic with information on subscription relating to the device. Subscription is permitted and/or program package information is presented on the device based on predefined dependency between the subscription characteristic and subscription information of the device.

EFFECT: improved efficiency of managing changes in multimedia scheduling packages.

28 cl, 9 dwg

FIELD: information technology.

SUBSTANCE: system for adaptive parametric control of safety of information systems comprises a safety configuration setting module, a safety conditions description module, a module for assessing fulfillment of safety conditions, a module for detecting actions which keeps track of access of a subject to an object, a safety control module designed for adaptation of the information system through generation of a control action on its safety configuration. The method describes operation of the said system.

EFFECT: automation of the process of adaptation of information systems to security breaches.

3 cl, 5 dwg

FIELD: information technologies.

SUBSTANCE: method is proposed to perform secured electronic transaction on terminal with application of portable data carrier. According to this method, at first the user authenticates themselves for portable data carrier. At the same time portable data carrier generates quality information on how user has been authenticated. Then portable data carrier sends confirmation of user authentication to terminal. Afterwards portable data carrier performs operation providing for information security and protection, for instance operation of digital signature creation, in process of electronic transaction. Data carrier adds quality information to result of operation providing for security and protection of information.

EFFECT: improved flexibility in performance of electronic transactions that are important from the security point of view.

14 cl, 3 dwg

FIELD: information technologies.

SUBSTANCE: method for protected booting of computer operating system with integrity check includes stages of operating system boot loader start-up, reading coding key, checking integrity of operating system and booting of operating system. Boot loader is previously recorded on external media. All sectors of computer hard disk are coded at initial stage of booting. Prior to operating system integrity check, coding key required for this check and further booting is read. Coding key is previously saved in protected memory of external media. User authentication is required for access to external device memory.

EFFECT: improved extent of computer protection against unauthorised access to information stored on hard disk.

8 cl

FIELD: information technology.

SUBSTANCE: invention relates to a method of distributing information content for a mobile device using a digital privilege control (DPC) scheme, and to a mobile device for receiving information content using DPC. The mobile device creates a request file (RORequest.rop) which contains information necessary for creating an privilege object file. The request file is extracted on the computer side and a response file is sent to the mobile device, where the said response file contains encrypted information content (Content.dcf), as well as privilege object file (). The mobile device receives the response file and decrypts and stores the information content. File exchange can take place through a DPC holder made in the mobile device and is accessible to the computer in mass memory mode, or the DPC holder can be made in external memory which is accessed by the mobile device and the computer in turns.

EFFECT: flexible method of distributing protected information content using DPC from a computer system to a mobile device independent of the data transmission protocol or channel type.

30 cl, 7 dwg

FIELD: information technologies.

SUBSTANCE: system comprises controller for analysis of transactions data. Comprises at least one switching network for transfer of transactions data within the limits of one or several facilities of access to data. Data access facilities generate coded information of their identification and coded data of transactions into system of data processing. System of data processing includes user interface communicated with remote access facility. It is connected to controller of data processing system and system for reduction of fraud operations number. Controller via protocol of data exchange is connected to server for storage of data, user interface and system for reduction of fraud operations. Prior to authorisation of transaction, processing in system for reduction of fraud operations number checks personal data of services user. One list is generated with data of payments processed earlier for its benefit. List with receiver data on previously processed transactions for its benefit. List with data of all payment receivers on transactions that were earlier processed by user. Lists are sent to controller of data processing system to compare data on processed payments with data of current payment. Availability of similar payments is analysed (by sums, essentials) for the benefit of this receiver from other payers. Availability of similar receivers on earlier made payments of user, which make it possible to cash funds, frequency and sums of such payments. Availability of payments for the benefit of this user and assessment of current payment for the benefit of specified receiver for the possibility of further cashing of payment funds by user. Compliance and consistency of current payment parametres (user, receiver, technical data, etc.) broken down by various characteristics on the basis of accumulated data on receiver on all earlier made transactions. Availability of transactions with payments for the benefit of payer on payment of current transaction, which are later recognised as fraud. In case data is available to reject authorisation of user transaction, system for reduction of fraud operations number sends rejection of transaction permission sends via communication network into controller of data processing system and/or access facility.

EFFECT: creation of additional system for reduction of fraud operations number when working with payment systems.

3 dwg

FIELD: information technology.

SUBSTANCE: invention enables to predict and evaluate security of accessible states of information systems. The method of predicting and evaluating security of accessible states of protected information systems is based on analysis of the system state, security model and safety conditions. A complete set of states accessible from the current system state from security model rules is obtained and subsets of secure and insecure conditions are allocated in it through evaluation of fulfilment of safety conditions in the subsets. This enables to obtain information on security of the system not only in its current state but also predict further fulfilment of security requirements for the system, obtain beforehand and take into account information of security or insecurity of all future states of the system.

EFFECT: guaranteed security of information systems in the current and all possible states relative given safety conditions.

2 cl, 1 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to systems and methods of accessing information. A system and a process for interacting with a system in unprotected state are described. Before entering the protected state of a computer system, a user can access limited information which includes calendar information relating to meetings on that day etc. In certain aspects of the invention, a user can interact with displayed notes for receiving handwritten or printed notes. Aspects of the described system and method provide the user with possibility of browsing or interacting with a computer before entering the protected state of the computer system.

EFFECT: fast access to required information.

20 cl, 11 dwg

FIELD: information technology.

SUBSTANCE: method of providing data objects on rights for issuing to a device has access to encrypted content relating to one of several events and is provided with indication of position, from which the data object on rights can be requested, and event information uniquely associated with the event. The device includes a function of an agent for providing a request for a device which issues data objects on rights from the said position, and data which represent event information. The method involves steps on which a request and data representing event information are received, and a data object on rights is generated, which includes event key information which enables encryption of content data relating to the event uniquely associated with the event information. The event key information is generated using a cryptographic function relative at least part of the event information.

EFFECT: possibility of a device which provides data objects on rights working relatively independent of a content supplier.

12 cl, 4 dwg

FIELD: information technology.

SUBSTANCE: information processing system undergoes analysis in order to detect information circuits which are most vulnerable in terms of information protection from leakage due to stray electromagnetic radiation and noise pickup (SERNP), in which digital electronic devices are connected by a single-bit communication line to their transmitting and receiving sides respectively. In each information circuit with stray electromagnetic radiation and noise pickup, transmission of digital signals between devices over the single-bit communication line is stopped. The series of digital signals coming from the digital electronic device of the transmitting side of the information circuit which corresponds to a serial code is converted to a series of generated digital signals, which corresponds to a parallel code which is transmitted over the single-bit communication line to the receiving side, where the series of digital signals transmitted in parallel is first converted to a series of digital signals corresponding to a serial code, and after conversion, entered into the digital electronic device of the receiving side of the information circuit.

EFFECT: more efficient protection of information circulating in channels of an information processing system from leakage due to stray electromagnetic radiation and noise pickup.

3 cl, 6 dwg

FIELD: information technology.

SUBSTANCE: invention involves making standard templates and security policies; detecting contradictions in security policy rules; setting and fixing security configuration parametres in accordance with given security requirements; monitoring and analysis of meeting of security requirements; detection and description of security violations and their compositions related to parametre configurations; generating instructions for their elimination, elimination of detected violations by setting security parametre configurations. Centralisation, automation and remote execution of the said procedures simplifies the process of introducing and monitoring security of information systems, increases efficiency of detecting and correcting administration errors, cuts resource and labour inputs on maintaining information security.

EFFECT: more efficient maintenance of information security and improved manageability of information systems.

14 cl, 3 dwg

FIELD: information technologies.

SUBSTANCE: device of communication to external devices and systems comprises four processor devices, switching device, source of supply, two units of long-term non-volatile memory, three transceivers, four communication devices, unit of self-control.

EFFECT: increased efficiency and expansion of functional capabilities.

1 dwg

Up!