Method and apparatus for accessing secured electronic data off-line
First Claim
1. A method for accessing secured data off-line, the method comprising:
- sending a request to a server from a client machine via a private link provided by an internal network using a secured communication protocol used to retrieve secured data, the request including at least;
credential information associated with a user to access the secured data on the client machine;
information identifying operations to perform with the secured data;
information identifying a location where the secured data will be accessed; and
a duration the secured data is to be accessible on the client machine when the client machine is off-line;
receiving at the client machine, from the server, via the private link, a response to the request and the secured data which is accessed on the client machine without the client machine being coupled to the server;
determining that the client machine is off-line and disconnected from the internal network;
recording, by the client machine, activities involving the secured data on the client machine during an off-line period;
determining, after the off-line period in response to the client machine coupling again to the server, that the client machine is on-line and coupled to the server; and
reporting the recorded activities to the server from the client machine once the client machine is again on-line and coupled to the server.
7 Assignments
0 Petitions
Accused Products
Abstract
Method and Apparatus for access secured electronic data are disclosed. According to one aspect, an off-line access mechanism in a client machine is activated to facilitate those users on the go to access secured electronic data. When a user decides to be away from a network premises or on a business trip, an off-line access request may be generated by the off-line access mechanism and forwarded to a server. In response, the server may grant the off-line access request to the user as well as the client machine from which the user will access the secured electronic data off-line. Depending on implementation, the AC may provide amended or tentative access rules, access privileges or user keys that will automatically expire when a predetermined time ends or become invalid the next time the client machine is connected to the server.
722 Citations
32 Claims
-
1. A method for accessing secured data off-line, the method comprising:
-
sending a request to a server from a client machine via a private link provided by an internal network using a secured communication protocol used to retrieve secured data, the request including at least; credential information associated with a user to access the secured data on the client machine; information identifying operations to perform with the secured data; information identifying a location where the secured data will be accessed; and a duration the secured data is to be accessible on the client machine when the client machine is off-line; receiving at the client machine, from the server, via the private link, a response to the request and the secured data which is accessed on the client machine without the client machine being coupled to the server; determining that the client machine is off-line and disconnected from the internal network; recording, by the client machine, activities involving the secured data on the client machine during an off-line period; determining, after the off-line period in response to the client machine coupling again to the server, that the client machine is on-line and coupled to the server; and reporting the recorded activities to the server from the client machine once the client machine is again on-line and coupled to the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 31)
-
-
13. An apparatus comprising:
-
a processor; a non-transitory computer-readable storage medium configured to store computer-readable instructions that, in response to being executed by the processor, cause the processor to perform operations for accessing secured data off-line, the operations comprising; sending a request to a server from a client via a private link provided by an internal network using a secured communication protocol used to retrieve the secured data, the request including at least; credential information associated with a user to access the secured data on the client; information identifying operations to perform with the secured data; information identifying one or more applications used to perform the identified operations; information identifying a location where the secured data will be accessed; and a duration the secured data is to be accessible on the client when the client is off-line; receiving at the client, from the server, via the private link, a response to the request and the secured data which is accessed on the client using the one or more applications without the client being coupled to the server; determining that the client machine is off-line and disconnected from the internal network; recording, by the client, activities involving the secured data and the one or more applications on the client during an off-line period; determining, after the off-line period in response to the client coupling again to the server, that the client is on-line and coupled to the server; and reporting the recorded activities to the server from the client once the client is again on-line and coupled to the server. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 32)
-
-
25. A system for accessing secured data off-line, the system comprising:
a client machine having a processor and a non-transitory computer-readable storage medium, storing modules executed by the processor comprising; an access request module executable on the client machine and configured to send a request to a server via a private link provided by an internal network using a secured communication protocol used to retrieve secured data, the request including at least; credential information associated with a user to access the secured data on the client machine; information identifying operations to perform with the secured data; information identifying one or more applications used to perform the identified operations; information identifying a location where the secured data will be accessed; and a duration the secured data is to be accessible on the client machine when the client machine is off-line; an off-line access manager configured to receive, at the client machine, a response to the request and the secured data which is accessed on the client machine without the client machine being coupled to the server; an access report module executable on the client machine and configured to determine that the client machine is off-line and disconnected from the internal network and record activities involving the secured data on the client machine during an off-line period; and a reporting module executable on the client machine configured to determine, after the off-line period and in response to the client machine coupling again to the server, that the client machine is on-line and to transmit the recorded activities to the server from the client once the client machine is again on-line and coupled to the server.
-
26. A non-transitory computer-readable storage medium having instructions stored thereon, execution of which, by a processor, causes the processor to perform operations comprising:
-
sending a request to a server from a client via a private link provided by an internal network using a secured communication protocol that is used to retrieve secured data, the request including at least; credential information associated with a user to access the secured data on the client; information identifying operations to perform with the secured data; information identifying a location where the secured data will be accessed; and a duration the secured data is to be accessible on the client when the client is off-line; receiving at the client, from the server, via the private link, a response to the request and the secured data which is accessed on the client without the client being coupled to the server; determining that the client machine is off-line and disconnected from the internal network; recording, by the client, activities involving the secured data on the client during an off-line period; determining, after the off-line period and in response to the client machine coupling again to the server, that the client machine is on-line and coupled to the server; and reporting the recorded activities to the server from the client once the client is again on-line and coupled to the server.
-
-
27. An apparatus comprising:
a computer executing computer-readable instructions stored on a non-transitory computer-readable storage medium, causing the computer to perform operations for providing access to secured data via a private link provided by an internal network using a secured communication protocol used to retrieve the secured data, the operations comprising; receiving a request from a client, the request including at least; information identifying the secured data to be accessed; credential information associated with a user to access the secured data on the client; information identifying operations to perform with the secured data; information identifying a location where the secured data will be accessed; and a duration the secured data is to be accessible on the client when the client is off-line; retrieving access rules associated with the secured data identified in the request; measuring the retrieved access rules against access privileges of the user associated with the credential information included in the request; transmitting, via the private link, a response to the request and the secured data, the secured data including a header portion and a secured data portion, the header portion including automatically expiring access rules, access privileges, or user keys allowing limited activities to be performed on the secured data portion of the secured electronic document during an off-line period where the client is disconnected from the internal network, the secured data portion including at least; an encrypted data portion; and a set of access rules that facilitate restrictive access to the encrypted data portion; determining, after the off-line period in response to the client coupling again to the internal network, that the client is on-line and coupled to the apparatus; and receiving a report from the client once the client is again on-line and coupled to the apparatus, the report identifying activities involving the secured data on the client during the off-line period. - View Dependent Claims (28, 29)
-
30. A system for providing access to secured data, the system comprising:
a processor and a non-transitory computer-readable storage medium storing modules, the modules comprising; an access monitor module executable on a server machine and configured to receive a request from a client via a private link provided by an internal network using a secured communication protocol used to retrieve secured data, the request including at least; information identifying the secured data; credential information associated with a user to access the secured data on the client; information identifying operations to perform with the secured data; information identifying a location where the secured data will be accessed; and a duration the secured data is to be accessible on the client when the client is off-line; a rules manager executable on the server machine and configured to; retrieve access rules associated with the secured data identified in the request; and measure the retrieved access rules against the information included in the request; an off-line access manager configured to send to the client, via the private link, a response to the request and the secured data, the secured data including a header portion and a secured data portion, the header portion including automatically expiring access rules, access privileges, or user keys allowing, based on information included in the request, limited activities to be performed on the secured data portion of the secured electronic document during an off-line period where the client is disconnected from the internal network, the secured data portion including at least; an encrypted data portion; and a set of access rules that facilitate restrictive access to the encrypted data portion; and an access report module executable on the server machine and configured to determine, after the off-line period and in response to the client coupling again to the internal network, that the client is on-line and coupled to the server machine and to receive report from the client identifying activities involving secured data on the client when the client is again on-line and coupled to the server machine.
Specification