Systems, methods, and apparatus for securing user documents

US 10,417,411 B2
Filed: 05/06/2016
Issued: 09/17/2019
Est. Priority Date: 06/11/2010
Status: Active Grant

First Claim

Patent Images

1. A system for securing documents comprising:

a) a server having at least one hardware processor and at least one data storage device for storing documents, wherein the at least one hardware processor is configured toi) receive at least one document for storage in the at least one data storage device, the at least one document with an associated at least one object of security concern, wherein the at least one document or the at least one object of security concern is associated with a first user profile of a user providing the document;

ii) determine whether to provide the at least one document to at least one client device associated with at least one second user to receive the at least one document based at least in part on at least one second user profile associated with the at least one second user to receive the at least one document and the first user profile obtained based at least in part on information included in the at least one object of security concern;

iii) if it is determined that the at least one object of security concern should be provided, provide the at least one document with the at least one object of security concern to the at least one client device associated with at least one second user, andiv) if it is determined that the at least one object of security concern should not be provided, then;

(1) generate at least one replacement document including the at least one document without the at least one object of security concern and including an indication that the at least one object of security concern has been excluded, and(2) provide the at least one replacement document to the at least one client device associated with the at least one second user;

wherein the first user profile and the at least one second user profile respectively include profile information about the first user or the at least one second user associated with the corresponding first user profile or at least one second user profile, including information that is indicative of a level of access granted to the corresponding first user or at least one second user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is directed to systems, methods and apparatus for securing documents. The system comprises a server having a processor and a data storage device for storing documents, at least one document provider connected to the server, the at least one document provider operable to provide user documents to the server for storage in the data storage device, the user documents containing at least one object of security concern, and at least one document consumer connected to the server, the at least one document consumer operable to receive the user documents containing the at least one object of security concern from the server. The processor in the server is operable to determine whether to provide the at least one object of security concern to the at least one document consumer based on at least one security setting, and based on the decision either provide the documents with the at least one object of security concern or provide a replacement documents without the security of concern and an indication on each replacement document that that the at least one object of security concern has been excluded.

Citations

20 Claims

1. A system for securing documents comprising:
- a) a server having at least one hardware processor and at least one data storage device for storing documents, wherein the at least one hardware processor is configured toi) receive at least one document for storage in the at least one data storage device, the at least one document with an associated at least one object of security concern, wherein the at least one document or the at least one object of security concern is associated with a first user profile of a user providing the document;
  
  ii) determine whether to provide the at least one document to at least one client device associated with at least one second user to receive the at least one document based at least in part on at least one second user profile associated with the at least one second user to receive the at least one document and the first user profile obtained based at least in part on information included in the at least one object of security concern;
  
  iii) if it is determined that the at least one object of security concern should be provided, provide the at least one document with the at least one object of security concern to the at least one client device associated with at least one second user, andiv) if it is determined that the at least one object of security concern should not be provided, then;
  
  (1) generate at least one replacement document including the at least one document without the at least one object of security concern and including an indication that the at least one object of security concern has been excluded, and(2) provide the at least one replacement document to the at least one client device associated with the at least one second user;
  
  wherein the first user profile and the at least one second user profile respectively include profile information about the first user or the at least one second user associated with the corresponding first user profile or at least one second user profile, including information that is indicative of a level of access granted to the corresponding first user or at least one second user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system according to claim 1, wherein the first user profile includes a first security setting that includes at least one centralized list managed by the server.
  - 3. The system according to claim 2, wherein the at least one centralized list comprises a black list indicative of a list of objects of security concern that should not be provided to the at least one client device associated with the at least one second user.
  - 4. The system according to claim 2, wherein the at least one centralized list comprises a white list indicative of a list of objects of security concern that should be provided to the at least one client device associated with the at least one second user.
  - 5. The system according to claim 2, wherein the at least one centralized list is applicable to all documents provided by the at least one document provider.
  - 6. The system according to claim 2, wherein the server manages information relating to the at least one centralized list based on intrinsic information obtained by the at least one hardware processor from the at least one document provided.
  - 7. The system according to claim 6, wherein the intrinsic information obtained by the at least one hardware processor from the at least one user document comprises at least one of:
    - a) a source of the at least one document;
      
      b) a type of the at least one document;
      
      c) a type of the at least one object of security concern contained in the at least one document; and
      
      d) when the at least one object of security concern contains at least one reference to another document, then information about the document that is referenced.
  - 8. The system according to claim 2, wherein the server centrally manages information relating to the at least one centralized list based on location information indicative of the location to which the at least one document is provided.
  - 9. The system according to claim 2, wherein the server centrally manages information relating to the at least one centralized list based on extrinsic information provided by one or more users in response to one or more screening documents.
  - 10. The system according to claim 2, wherein the at least one object of security concern comprises at least one of:
    - a) instructions executable by the at least one client device associated with the at least one second user in JavaScript language;
      
      b) instructions executable by the at least one client device associated with the at least one second user to obtain information from an external domain.
  - 11. The system according to claim 1, wherein the at least one hardware processor in the server is further configured to provide a screening document containing information about the at least one object of security concern such that at least one second user is able to use that information to assess security risk associated with the object of security concern, and at least one option for the at least one second user to provide preference information to the server indicative of whether to provide the object of security concern to the at least one second user.
  - 12. The system according to claim 11, wherein the at least one hardware processor is further operable to:
    - a) associate the preference information provided by the at least one second user to the server indicative of whether to provide the at least one object of security concern with a security setting of the at least one second user profile receiving the document; and
      
      b) store the preference information in the at least one data storage device.
  - 13. The system according to claim 12, wherein the first user profile includes a first security setting, the first security setting comprises at least one centralized list, and the at least one hardware processor is further configured to:
    - a) modify the at least one centralized list for the at least one second user based on the preference information provided by the at least one second user in response to the screening document; and
      
      b) associate the modified centralized list with the security setting of the at least one second user profile receiving the document.
  - 14. The system according to claim 11, wherein the information included in the screening document comprises a non-executable rendering of the object of security concern.
  - 15. The system according to claim 14, wherein the non-executable rendering of the object of security concern comprises at least one of:
    - a) an image representation of the at least one object of security concern;
      
      b) when the at least one object of security concern comprises instructions executable by a client device associated with a user to receive the at least one document, text of the instructions; and
      
      c) information about the first user profile that is associated with the at least one document including the at least one object of security concern.
  - 16. The system according to claim 11, wherein the screening document further comprises at least one other option for the at least one second user to indicate a scope of applicability of the information provided to the server, the scope of applicability being indicative of when the server should apply the information provided by the at least one second user to determine whether to provide the object of security concern.
  - 17. The system according to claim 16, wherein the scope of applicability includes at least one of:
    - a) applicability for a current session;
      
      b) applicability for the at least one client device associated with the at least one second user from that point on;
      
      c) applicability for a particular external domain referenced in the at least one document;
      
      d) applicability for a particular document provider; and
      
      e) applicability for a particular type of object of security concern.
  - 18. The system according to claim 16, wherein the at least one hardware processor is further operable to:
    - a) associate the scope of applicability provided by the at least one second user with the user profile receiving the document; and
      
      b) store the scope of applicability in the at least one data storage device.

19. A method for securing documents at a server having at least one server hardware processor and at least one data storage device comprising:
- a) receiving at least one document for storage in the at least one data storage device, the at least one document with an associated at least one object of security concern, wherein the at least one document or the at least one object of security concern is associated with a first user profile of a user providing the document;
  
  b) storing the at least one document in the at least one data storage device;
  
  c) determining, by the at least one server hardware processor, whether to provide the at least one document to at least one client device associated with at least one second user to receive the at least one document based at least in part on the at least one second user profile associated with the at least one second user to receive the at least one document and the first user profile obtained based at least in part on information included in the at least one object of security concern;
  
  d) if it is determined that the at least one object of security concern should be provided, then using the at least one server hardware processor to provide the at least one document with the at least one object of security concern to the at least one client device associated with at least one second user;
  
  e) if it is determined that the at least one object of security concern should not be provided, then using the at least one server hardware processor to generate at least one replacement document including the at least one document without the at least one object of security concern and further containing an indication that the at least one object of security concern has been excluded, and providing the at least one replacement document to the at least one client device associated with the at least one second user; and
  
  wherein each user profile includes profile information about the user associated with that profile including information that is indicative of a level of access granted to each user.

20. A non-transitory computer readable medium comprising instructions executable by a processor to cause the processor to:
- a) receive at least one document for storage in the at least one data storage device, the at least one document with an associated at least one object of security concern, wherein the at least one document or the at least one object of security concern is associated with a first user profile of a user providing the document;
  
  b) store the at least one document in at least one storage device;
  
  c) determine whether to provide the at least one document to at least one client device associated with at least one second user to receive the at least one document based at least in part on the at least one second user profile associated with the at least one second user to receive the at least one document and the first user profile obtained based at least in part on information included in the at least one object of security concern;
  
  d) if it is determined that the at least one object of security concern should be provided, then provide the at least one document with the at least one object of security concern to the at least one client device associated with at least one second user;
  
  e) if it is determined that the at least one object of security concern should not be provided, then generate at least one replacement document including the at least one document without the at least one object of security concern and an indication that the at least one object of security concern has been excluded, and provide the replacement document to the at least one client device associated with the at least one second user;
  
  wherein each user profile includes profile information about the user associated with that profile including information that is indicative of a level of access granted to each user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
D2L Corporation
Original Assignee
D2L Corporation
Inventors
Cepuran, Brian John, McMillan, Daryl, Lockhart, David Robert, Grabka, Dariusz
Primary Examiner(s)
Jamshidi, Ghodrat

Application Number

US15/148,644
Publication Number

US 20160255102A1
Time in Patent Office

1,229 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2149   Restricted operating enviro...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/145   the attack involving the pr...

Systems, methods, and apparatus for securing user documents

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, and apparatus for securing user documents

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links