Document management systems and methods
First Claim
Patent Images
1. A system for providing managed document access in a computer network, comprising:
- a) a first computer operating as a file server, the first computer operatively in communication with a data network, the first computer comprising;
i) a data store;
ii) a first unique identifier usable as a server token and immutably associated with a hardware component of the first computer'"'"'s hardware;
iii) a set of managed files to be managed resident on the data store;
iv) database management software operationally resident in the first computer; and
v) server service software operationally resident in the first computer, the server service software configured to validate a client computer'"'"'s token against a predetermined set of valid client computer tokens, the server service software comprising;
1. a predetermined data communications access path independent of the first unique identifier; and
2. a module configured to communicate over a unique client data communications access path; and
b) a second computer operatively in communication with the data network, the set of managed files having limited accessibility to the second computer via the data network, the second computer comprising;
i) a second unique identifier usable as a client computer token, the second unique identifier immutably associated with a hardware component of the second computer'"'"'s hardware;
ii) client service software operationally resident in the second computer, the client service software configured to;
(1) communicate with the first computer over the data network using the predetermined data communications access path and to provide the server service software with the second unique identifier; and
(2) communicate with the server service software over the data network using both the first unique identifier and the second unique identifier over the unique client data communications access path; and
iii) a driver-based disk mapper configured to create a pseudo-disk software service which emulates a hard drive to provide managed access to the set of managed files resident on the data store using the client service software.
0 Assignments
0 Petitions
Accused Products
Abstract
A system for managing files over a network comprises a first computer hosting managed folders and files and one or more second computers. The first computer comprises database management software, server software such as server pipe software, and a first unique token. The second computer comprises a software module adapted and configured to be integrated into application software, client software such as client pipe software, and a second unique token. The computers communicate in part using the server and client software to establish a secure session for file access and transfer between the first and second computers.
107 Citations
19 Claims
-
1. A system for providing managed document access in a computer network, comprising:
-
a) a first computer operating as a file server, the first computer operatively in communication with a data network, the first computer comprising; i) a data store; ii) a first unique identifier usable as a server token and immutably associated with a hardware component of the first computer'"'"'s hardware; iii) a set of managed files to be managed resident on the data store; iv) database management software operationally resident in the first computer; and v) server service software operationally resident in the first computer, the server service software configured to validate a client computer'"'"'s token against a predetermined set of valid client computer tokens, the server service software comprising; 1. a predetermined data communications access path independent of the first unique identifier; and 2. a module configured to communicate over a unique client data communications access path; and b) a second computer operatively in communication with the data network, the set of managed files having limited accessibility to the second computer via the data network, the second computer comprising; i) a second unique identifier usable as a client computer token, the second unique identifier immutably associated with a hardware component of the second computer'"'"'s hardware; ii) client service software operationally resident in the second computer, the client service software configured to; (1) communicate with the first computer over the data network using the predetermined data communications access path and to provide the server service software with the second unique identifier; and (2) communicate with the server service software over the data network using both the first unique identifier and the second unique identifier over the unique client data communications access path; and iii) a driver-based disk mapper configured to create a pseudo-disk software service which emulates a hard drive to provide managed access to the set of managed files resident on the data store using the client service software.
-
-
2. A method of providing managed document access in a computer network for a system for providing managed document access in a computer network, the system comprising a first computer, operating as a server and operatively in communication with a data network, where the first computer comprises a data store, a first unique identifier usable as a server token and immutably associated with a hardware component of the first computer'"'"'s hardware, a set of managed files resident on the data store, a database manager comprising database management software operationally resident in the first computer, and server service software operationally resident in the first computer where the server service software is configured to communicate over a predetermined data communications access path independent of the first unique identifier, to validate a client computer'"'"'s token against a predetermined set of valid client computer tokens, and to communicate over a unique client data communications access path, and a second computer, operatively in communication with the data network, where the second computer has limited access to the set of managed files via the data network and comprises a second unique identifier usable as a client computer token, the second unique identifier immutably associated with a hardware component of the second computer'"'"'s hardware, client service software operationally resident in the second computer and configured to communicate with the first computer over the data network using the predetermined data communications access path, provide the server service software with the second unique identifier and communicate with the server service software over the data network using both the first unique identifier and the second unique identifier over the unique client data communications access path, and a driver-based disk mapper configured to create a pseudo-disk software service which emulates a hard drive to provide managed access to the set of managed files resident on the data store using the client service software, the method comprising:
-
a) initiating the driver-based disk mapper at the second computer; b) using the driver-based disk mapper to create a mapped pseudo-disk drive at the second computer; c) emulating a physical disk drive via the mapped pseudo-disk drive; d) using the mapped pseudo-disk drive to intercept a file operation request for a managed file of the set of managed files resident at the first computer where the set of managed files has limited accessibility at the second computer; e) upon receipt of the file operation request, using the driver-based disk mapper to connect to the first computer over the data network using the predetermined data communications access path to establish whether or not the second computer is a valid, registered computer by sending a client message comprising the second unique identifier to the first computer; f) validating the client message at the first computer by using the server service software to compare the client computer token contained in the second unique identifier against the predetermined set of valid client computer tokens; g) if the second unique identifier is present in the predetermined set of valid client computer tokens and associated with a valid, registered computer, sending a validation message to the second computer from the first computer, the validation message comprising the first unique identifier, and establishing the unique client data communications access path; h) if validated, using the driver-based disk mapper to query the database manager over the unique client data communications access path to determine if the second computer has adequate permission to perform the file operation request with respect to the managed file of the set of managed files having limited accessibility; and i) if the second computer has adequate permission, using the driver-based disk mapper to complete the file operation request. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
Specification