Document management systems and methods

US 10,536,459 B2
Filed: 12/12/2016
Issued: 01/14/2020
Est. Priority Date: 10/05/2012
Status: Active Grant

First Claim

Patent Images

1. A system for providing managed document access in a computer network, comprising:

a) a first computer operating as a file server, the first computer operatively in communication with a data network, the first computer comprising;

i) a data store;

ii) a first unique identifier usable as a server token and immutably associated with a hardware component of the first computer'"'"'s hardware;

iii) a set of managed files to be managed resident on the data store;

iv) database management software operationally resident in the first computer; and

v) server service software operationally resident in the first computer, the server service software configured to validate a client computer'"'"'s token against a predetermined set of valid client computer tokens, the server service software comprising;

1. a predetermined data communications access path independent of the first unique identifier; and

2. a module configured to communicate over a unique client data communications access path; and

b) a second computer operatively in communication with the data network, the set of managed files having limited accessibility to the second computer via the data network, the second computer comprising;

i) a second unique identifier usable as a client computer token, the second unique identifier immutably associated with a hardware component of the second computer'"'"'s hardware;

ii) client service software operationally resident in the second computer, the client service software configured to;

(1) communicate with the first computer over the data network using the predetermined data communications access path and to provide the server service software with the second unique identifier; and

(2) communicate with the server service software over the data network using both the first unique identifier and the second unique identifier over the unique client data communications access path; and

iii) a driver-based disk mapper configured to create a pseudo-disk software service which emulates a hard drive to provide managed access to the set of managed files resident on the data store using the client service software.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for managing files over a network comprises a first computer hosting managed folders and files and one or more second computers. The first computer comprises database management software, server software such as server pipe software, and a first unique token. The second computer comprises a software module adapted and configured to be integrated into application software, client software such as client pipe software, and a second unique token. The computers communicate in part using the server and client software to establish a secure session for file access and transfer between the first and second computers.

107 Citations

19 Claims

1. A system for providing managed document access in a computer network, comprising:
- a) a first computer operating as a file server, the first computer operatively in communication with a data network, the first computer comprising;
  
  i) a data store;
  
  ii) a first unique identifier usable as a server token and immutably associated with a hardware component of the first computer'"'"'s hardware;
  
  iii) a set of managed files to be managed resident on the data store;
  
  iv) database management software operationally resident in the first computer; and
  
  v) server service software operationally resident in the first computer, the server service software configured to validate a client computer'"'"'s token against a predetermined set of valid client computer tokens, the server service software comprising;
  
  1. a predetermined data communications access path independent of the first unique identifier; and
  
  2. a module configured to communicate over a unique client data communications access path; and
  
  b) a second computer operatively in communication with the data network, the set of managed files having limited accessibility to the second computer via the data network, the second computer comprising;
  
  i) a second unique identifier usable as a client computer token, the second unique identifier immutably associated with a hardware component of the second computer'"'"'s hardware;
  
  ii) client service software operationally resident in the second computer, the client service software configured to;
  
  (1) communicate with the first computer over the data network using the predetermined data communications access path and to provide the server service software with the second unique identifier; and
  
  (2) communicate with the server service software over the data network using both the first unique identifier and the second unique identifier over the unique client data communications access path; and
  
  iii) a driver-based disk mapper configured to create a pseudo-disk software service which emulates a hard drive to provide managed access to the set of managed files resident on the data store using the client service software.

2. A method of providing managed document access in a computer network for a system for providing managed document access in a computer network, the system comprising a first computer, operating as a server and operatively in communication with a data network, where the first computer comprises a data store, a first unique identifier usable as a server token and immutably associated with a hardware component of the first computer'"'"'s hardware, a set of managed files resident on the data store, a database manager comprising database management software operationally resident in the first computer, and server service software operationally resident in the first computer where the server service software is configured to communicate over a predetermined data communications access path independent of the first unique identifier, to validate a client computer'"'"'s token against a predetermined set of valid client computer tokens, and to communicate over a unique client data communications access path, and a second computer, operatively in communication with the data network, where the second computer has limited access to the set of managed files via the data network and comprises a second unique identifier usable as a client computer token, the second unique identifier immutably associated with a hardware component of the second computer'"'"'s hardware, client service software operationally resident in the second computer and configured to communicate with the first computer over the data network using the predetermined data communications access path, provide the server service software with the second unique identifier and communicate with the server service software over the data network using both the first unique identifier and the second unique identifier over the unique client data communications access path, and a driver-based disk mapper configured to create a pseudo-disk software service which emulates a hard drive to provide managed access to the set of managed files resident on the data store using the client service software, the method comprising:
- a) initiating the driver-based disk mapper at the second computer;
  
  b) using the driver-based disk mapper to create a mapped pseudo-disk drive at the second computer;
  
  c) emulating a physical disk drive via the mapped pseudo-disk drive;
  
  d) using the mapped pseudo-disk drive to intercept a file operation request for a managed file of the set of managed files resident at the first computer where the set of managed files has limited accessibility at the second computer;
  
  e) upon receipt of the file operation request, using the driver-based disk mapper to connect to the first computer over the data network using the predetermined data communications access path to establish whether or not the second computer is a valid, registered computer by sending a client message comprising the second unique identifier to the first computer;
  
  f) validating the client message at the first computer by using the server service software to compare the client computer token contained in the second unique identifier against the predetermined set of valid client computer tokens;
  
  g) if the second unique identifier is present in the predetermined set of valid client computer tokens and associated with a valid, registered computer, sending a validation message to the second computer from the first computer, the validation message comprising the first unique identifier, and establishing the unique client data communications access path;
  
  h) if validated, using the driver-based disk mapper to query the database manager over the unique client data communications access path to determine if the second computer has adequate permission to perform the file operation request with respect to the managed file of the set of managed files having limited accessibility; and
  
  i) if the second computer has adequate permission, using the driver-based disk mapper to complete the file operation request.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 3. The method of providing managed document access in a computer network of claim 2, wherein the pseudo-disk drive is not mounted as a temporary link and then dismounted after the completion of the file operation request.
  - 4. The method of providing managed document access in a computer network of claim 2, wherein the pseudo-disk drive allows a set of file operations to be performed with respect to the set of managed files without having a specific managed document access software module integrated into a software application at the second computer which issues the file operation request.
  - 5. The method of providing managed document access in a computer network of claim 4, wherein the file operation request is made by the software application through the pseudo-disk drive by:
    - a) using the pseudo-disk drive to acquire further information from the second computer required for managed files access once the file operation request is received by the driver-based disk mapper;
      
      b) forwarding required information to the first computer for access verification by the first computer; and
      
      c) allowing the requested file operation if access is verified by the first computer.
  - 6. The method of providing managed document access in a computer network of claim 5, wherein the further information is acquired by using the pseudo-disk drive to present a form to a user at the second computer and allowing the file operation request to be entered into the form.
  - 7. The method of providing managed document access in a computer network of claim 2, further comprising:
    - a) allowing a software module integrated into an application at the second computer to identify itself to the pseudo-disk drive and request a file operation on a managed file using the pseudo-disk drive; and
      
      b) if the software module is authorized as a result of its identification, using the pseudo-disk drive to allow the requested file operation on the managed file to proceed.
  - 8. The method of providing managed document access in a computer network of claim 2, wherein a pseudo-disk drive created by the driver-based disk-mapper comprises a logical path comprising a secure path to a Cloud resource.
  - 9. The method of providing managed document access in a computer network of claim 2, wherein the driver-based disk mapper connects to the first computer to establish whether or not the second computer is a valid, registered computer by sending a message to the first computer where the message comprises the second unique identifier and creating a mapped pseudo-disk drive further comprises:
    - a) initiating a data communication service at the first computer, the data communication service accessible using the predetermined data communications access path;
      
      b) initiating a complementary client data communication service at the second computer;
      
      c) establishing a data connection from the first computer by the second computer over the predetermined data communications access path, the establishing comprising the second computer sending the client message to the first computer over the predetermined data communications access path;
      
      d) stripping the received client computer token from the client message by the first computer;
      
      c) validating the stripped client computer token at the first computer against a predetermined set of valid client pipe service tokens;
      
      f) creating a unique client data communications access path between the first computer and the second computer;
      
      g) sending a validation message from the first computer to the second computer over the predetermined data communications access path, the validation message comprising an identifier for the unique client data communications access path between the first computer and the second computer, the identifier comprising a client pipe service token;
      
      h) mapping the pseudo-disk drive only if the received client pipe service token is validated; and
      
      i) using the unique client data communications access path between the first computer and the second computer for data transfers to and from the first computer via the pseudo-disk drive.
  - 10. The method of providing managed document access in a computer network for a system for providing managed document access in a computer network of claim 9, further comprising closing the unique client data communications access path between the first computer and the second computer once a requested operation has completed.
  - 11. The method of providing managed document access in a computer network for a system for providing managed document access in a computer network of claim 9, further comprising encrypting data transferred from the first computer to the second computer using the second unique identifier.
  - 12. The method of providing managed document access in a computer network for a system for providing managed document access in a computer network of claim 2, further comprising trapping the file operation request in a computer program operatively resident in the second computer when the computer program makes the file operation request.
  - 13. The method of providing managed document access in a computer network for a system for providing managed document access in a computer network of claim 12, wherein the trapping is accomplished by a software module integrated into at least one of a computer operating system or the computer program.
  - 14. The method of providing managed document access in a computer network for a system for providing managed document access in a computer network of claim 2, further comprising:
    - a) creating a set of related tables in a database, the set of related tables comprising data regarding each managed folder and each managed folder item;
      
      b) adding a predetermined set of file records to the set of related tables, the predetermined set of file records comprising data sufficient to identify the set of managed files having limited accessibility;
      
      c) isolating a set of managed folders from direct access by a user of an operating system currently executing in the first computer, the managed folders being populated by the set of managed files having limited accessibility;
      
      d) assigning a set of item attributes from a set of global item attributes to each managed folder;
      
      e) associating each managed folder item with a subset of the set of item attributes;
      
      f) associating a set of searchable attributes with each managed folder item;
      
      g) creating a set of users who will have access to managed folders and managed files;
      
      h) assigning a set of permissions to each user in the set of users, the permissions comprising a read permission, a write permission, a delete permission, and a view permission;
      
      i) designating a file as a linked file which is physically not present but which is logically linked to a physical file of the set of managed files;
      
      j) performing the file operation as requested against the linked file irrespective of the associated managed folder; and
      
      k) allowing deletion of the linked file only if it is the only remaining file associated with a single managed folder.
  - 15. The method of providing managed document access in a computer network for a system for providing managed document access in a computer network of claim 14, further comprising:
    - a) providing a linked file item attribute as part of the set of item attributes;
      
      b) allowing a user with appropriate permissions to mark a file item as a linked file item;
      
      c) allowing a user with appropriate permissions to associate a linked file item with a set of managed folders; and
      
      d) displaying the linked file item as a member of each associated member of the set of managed folders.
  - 16. The method of providing managed document access in a computer network for a system for providing managed document access in a computer network of claim 15, further comprising:
    - a) allowing a user to freeze a version of the linked file item;
      
      b) creating a new copy of the frozen linked file item with a new version identified for the linked file item; and
      
      c) associating the new copy of the frozen linked file item with a selected managed folder.
  - 17. The method of providing managed document access in a computer network for a system for providing managed document access in a computer network of claim 2, further comprising:
    - a) allowing a user to specify file versioning, each version of a managed file comprising a separate instance of a versioned managed file; and
      
      b) allowing a user to request a new version of a managed file.
  - 18. The method of providing managed document access in a computer network for a system for providing managed document access in a computer network of claim 2, further comprising allowing a user at a verified second computer to locate a managed folder by presenting the user with a folder searching form and using search criteria entries from the folder searching form to locate managed folders meeting a set of search criteria entered by the user using the folder searching form.
  - 19. The method of providing managed document access in a computer network for a system for providing managed document access in a computer network claim 2, further comprising:
    - a) extracting text content from a file to be stored at the first computer as a managed computer; and
      
      b) storing the extracted text content in a text searchable record associated with the file to be stored at the first computer in a table managed by the database manager.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kptools Incorporated
Original Assignee
Kptools Incorporated
Inventors
Maze, Gary Robin
Primary Examiner(s)
Cao, Phuong Thao

Application Number

US15/375,276
Publication Number

US 20170195333A1
Time in Patent Office

1,128 Days
Field of Search

707827
US Class Current
CPC Class Codes

G06F 16/182   Distributed file systems

G06F 16/183   Provision of network file s...

G06F 16/1873   Versioning file systems, te...

G06F 16/23   Updating

G06F 16/93   Document management systems

G06F 21/6218   to a system of files or obj...

H04L 63/10   for controlling access to d...

Document management systems and methods

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

107 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Document management systems and methods

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others