Distributed secure repository
First Claim
1. A system for securely managing communications between a sender of a communication and a recipient of the communication across a computer network such that the sender sets permissions associated with the communication which limit actions that the recipient is permitted to take with respect to the communication and such that the sender retains control of the communication, even after the communication is accessed by the recipient, the system comprising:
- a sender computer device with a communication manager that allows the sender to;
identify a communication that the sender wishes to make available to the recipient, set permissions limiting the activities which the recipient is permitted to carry out with respect to the communication, and create a recipient list for the communication that includes the recipient;
a sender network service provider in communication with the sender computer device configured to receive an encrypted copy of the communication as well as the permissions and recipient list associated with the communication, the sender network service provider further configured to generate recipient metadata about the communication, wherein the recipient metadata about the communication comprises information that allows the recipient to contact the sender network service provider with a request for the communication, the sender network service provider comprising;
a secure communications repository for storing the encrypted copy of the communication; and
a security module which, in conjunction with a remote access manager module, is configured to oversee secure storage and network transmission of communications, recipient metadata, permissions, and recipient lists, and to authenticate the identity of any entity that contacts the sender network service provider, claiming to be the recipient and requesting access to the communication;
a recipient network service provider, capable of receiving transmissions from the sender network service provider, the recipient network service provider comprising;
a repository of recipient metadata for storing recipient metadata about the communication received from the sender network service provider; and
a security module which oversees the secure storage of the recipient metadata and which provides single sign-on authentication for the recipient that allows the recipient access to the system; and
a recipient computer device, in communication with the recipient network service provider, comprising;
a communications list that displays for the recipient a listing, which is based at least in part on the recipient metadata received from the recipient network service provider, of communications that users of the system wish to make available to the recipient, including the communication from the sender, and that receives instructions from the recipient to use the recipient metadata and the single sign-on authentication to contact the sender network service provider with a request for a secure copy of the encrypted communication and the permissions; and
a secure viewer for displaying to the recipient a decrypted version of the communication, if permitted by the permissions, and for enforcing the permissions, which limit the recipient'"'"'s ability to carry out activities with respect to the communication, such as viewing, storing, modifying, creating a screen shot, or forwarding the communication.
2 Assignments
0 Petitions
Accused Products
Abstract
A distributed secure repository and related methods allow users of a communications management system to securely store and share communications with other users. A user shares a communication by securely storing the communication, identifying the recipient, and specifying permissions that limit actions that the recipient is permitted to take with respect to the communication. Mechanisms are provided for limiting a recipient'"'"'s ability to view, copy, store, forward, print, and modify the communication. Metadata associated with the communication is transmitted to the recipient, notifying the recipient of the securely stored communication. The recipient uses the metadata to request an encrypted copy of the communication, to view the communication, or to otherwise interact with the communication in accordance with the sender'"'"'s permissions. The sender retains control of the communication and can modify the communication and associated permissions.
139 Citations
21 Claims
-
1. A system for securely managing communications between a sender of a communication and a recipient of the communication across a computer network such that the sender sets permissions associated with the communication which limit actions that the recipient is permitted to take with respect to the communication and such that the sender retains control of the communication, even after the communication is accessed by the recipient, the system comprising:
-
a sender computer device with a communication manager that allows the sender to;
identify a communication that the sender wishes to make available to the recipient, set permissions limiting the activities which the recipient is permitted to carry out with respect to the communication, and create a recipient list for the communication that includes the recipient;
a sender network service provider in communication with the sender computer device configured to receive an encrypted copy of the communication as well as the permissions and recipient list associated with the communication, the sender network service provider further configured to generate recipient metadata about the communication, wherein the recipient metadata about the communication comprises information that allows the recipient to contact the sender network service provider with a request for the communication, the sender network service provider comprising;
a secure communications repository for storing the encrypted copy of the communication; and
a security module which, in conjunction with a remote access manager module, is configured to oversee secure storage and network transmission of communications, recipient metadata, permissions, and recipient lists, and to authenticate the identity of any entity that contacts the sender network service provider, claiming to be the recipient and requesting access to the communication;
a recipient network service provider, capable of receiving transmissions from the sender network service provider, the recipient network service provider comprising;
a repository of recipient metadata for storing recipient metadata about the communication received from the sender network service provider; and
a security module which oversees the secure storage of the recipient metadata and which provides single sign-on authentication for the recipient that allows the recipient access to the system; and
a recipient computer device, in communication with the recipient network service provider, comprising;
a communications list that displays for the recipient a listing, which is based at least in part on the recipient metadata received from the recipient network service provider, of communications that users of the system wish to make available to the recipient, including the communication from the sender, and that receives instructions from the recipient to use the recipient metadata and the single sign-on authentication to contact the sender network service provider with a request for a secure copy of the encrypted communication and the permissions; and
a secure viewer for displaying to the recipient a decrypted version of the communication, if permitted by the permissions, and for enforcing the permissions, which limit the recipient'"'"'s ability to carry out activities with respect to the communication, such as viewing, storing, modifying, creating a screen shot, or forwarding the communication.
-
-
2. A method for managing communications that are transmitted over a computer network between a sender and a recipient, wherein the sender retains control over the communication, even after transmission to the recipient, and wherein the sender is provided with mechanisms for setting permissions that limit activities, such as viewing, copying, modifying, storing, forwarding, and printing, that the recipient is permitted to carry out with respect to the communication, the method comprising:
-
receiving from a sender a communication that the sender wishes to share with a recipient;
receiving from the sender a recipient list and a set of permissions in association with the communication;
securely storing the communication;
generating metadata associated with the communication and transmitting the metadata to the recipient, wherein the metadata comprises information that identifies the sender, the communication, a network address and other locating information for the securely stored communication and that allows the recipient to transmit a request for the communication;
receiving a request for the communication from an entity claiming to be the recipient;
validating the entity'"'"'s identity as the recipient; and
securely sending an encrypted version of the communication to the recipient along with the permissions, wherein the communication is viewable only on a secure viewer that is configured to enforce the permissions set received from the sender.
-
-
3. A system for securely managing communications between a sender of a communication and a recipient of the communication across a computer network such that the sender sets permissions associated with the communication which limit actions that the recipient is permitted to take with respect to the communication and such that the sender retains control of the communication, even after the communication is accessed by the recipient, the system comprising:
-
a communication manager on a sender computer device that allows the sender to set permissions with respect to a communication that the sender wishes to share with a recipient, wherein the permissions place limitations on activities that the recipient is permitted to carry out with respect to the communication, such as limiting the recipient'"'"'s ability to view the communication, print the communication, store the communication, modify the communication, copy the communication, forward the communication, and such as limiting time periods during which the recipient may carry out an activity with respect to the communication, and such as limiting a number of times that the recipient may carry out an activity with respect to the communication;
a sender network service provider in communication with the communication manager on the sender computer device, wherein the sender service provider is configured to;
accept from the communication manager an encrypted copy of the communication, the permissions associated with the communication, and a recipient list associated with the communication that lists the recipient;
securely store the encrypted communication in a repository of encrypted communications;
create and store recipient metadata about the communication that is based at least in part on the recipient list, the encrypted communication, and the permissions received from the communication manager, and that further comprises information which allows the recipient to contact the sender network service provider with a request for the communication;
send the recipient metadata;
receive on behalf of the recipient a request for the communication; and
if permitted by the permissions associated with the communication, send an encrypted copy of the communication and the permissions for the recipient;
a recipient network service provider configured to receive and store the recipient metadata from the sender network service provider; and
a recipient computer device in communication with the recipient network provider configured to;
receive the recipient metadata from the recipient service provider;
use information in the recipient metadata to establish a connection with the sender service provider;
send a request for the communication to the sender service provider;
if permitted by the permissions, receive an encrypted copy of the communication and the associated permissions;
if permitted by the permissions, display to the recipient a decrypted version of the communication on a secure viewer that is configured to enforce the permissions; and
if permitted by the permissions, carry out another activity with respect to the communication.
-
-
4. A computer-based method for securely managing a communication between a sender and a recipient, the method comprising the acts of:
-
receiving an encrypted communication that a sender wants to make accessible to a recipient;
securely storing the encrypted communication;
storing sender metadata associated with the communication, wherein the sender metadata comprises information about a set of actions that the sender allows the recipient to take with regard to the communication;
sending recipient metadata to a computer server associated with the recipient to notify the recipient about the communication;
accepting an authenticated login from the recipient;
receiving a request from the recipient to take an action with regard to the communication; and
permitting the recipient to take the action if the sender metadata indicates that the sender allows the recipient to take the action. - View Dependent Claims (5, 6, 7, 8)
-
-
9. A computer-based system for managing a communication between a sender and a recipient, the system comprising:
-
a first repository maintained by a sender for securely storing an encrypted version of a communication;
a second repository maintained by the sender for storing sender metadata associated with the communication;
a communications system accessible to the sender for sending recipient metadata associated with the communication to a computer server associated with the recipient, wherein the recipient metadata provides an indication to the recipient server of how to access the communication. - View Dependent Claims (10)
-
-
11. A computer-based method for managing communication notifications received by a recipient, the method comprising:
-
maintaining a repository of listings that comprise information about communications that one or more senders are securely storing and are providing permission to access; and
using at least a portion of one listing associated with one accessible communication to communicate with a computer server associated with the sender of the communication, requesting to perform a permitted action with regard to the communication, wherein the sender determines if the action is permitted to the recipient. - View Dependent Claims (12, 13, 14)
-
-
15. A computer-based communications system, the system comprising:
-
a first network service provider that manages data communications for a first user;
a central directory, accessible to the first network service provider, the central directory comprising information for accessing a second network service provider;
a database comprising at least one encrypted file stored by the first network service provider on behalf of the first user;
metadata about the encrypted file stored by the first network service provider, wherein the metadata comprises permissions that limit the second user'"'"'s ability to perform actions with respect to the file; and
secure repository server software stored by the first network service provider, wherein the secure repository server software is configured to receive the information for accessing the second network service provider, to open a communication channel with the second network service provider; and
to transmit at least a portion of the metadata to the second network service provider for passing to the second user. - View Dependent Claims (16, 17, 18)
-
-
19. A computer-based communications system, the system comprising:
-
a first network service provider that manages data communications for a first user and that is configured to access information for accessing a second network service provider;
a database comprising at least one encrypted file stored by the first network service provider on behalf of the first user;
metadata about the encrypted file stored by the first network service provider, wherein the metadata comprises permissions that limit the second user'"'"'s ability to perform actions with respect to the file; and
distributed secure repository server software stored by the first network service provider, wherein the secure repository server software is configured to receive the information for accessing the second network service provider, to open a communication channel with the second network service provider; and
to transmit at least a portion of the metadata to the second network service provider for passing to the second user.
-
-
20. A computer-based communications system, the system comprising:
-
a first network service provider that manages data communications for a first user and that is configured to access information for accessing a second network service provider using at least one relationship-managed communications channel;
a database comprising at least one encrypted file stored by the first network service provider on behalf of the first user;
metadata about the encrypted file stored by the first network service provider, wherein the metadata comprises permissions that limit the second user'"'"'s ability to perform actions with respect to the file; and
distributed secure repository server software stored by the first network service provider, wherein the secure repository server software is configured to receive the information for accessing the second network service provider, to open a relationship-managed communication channel with the second network service provider; and
to transmit at least a portion of the metadata to the second network service provider for passing to the second user.
-
-
21. A computer-based communications system, the system comprising:
-
means for receiving an encrypted communication that a sender wants to make accessible to a recipient;
means for securely storing the encrypted communication;
means for storing sender metadata associated with the communication, wherein the sender metadata comprises information about a set of actions that the sender allows the recipient to take with regard to the communication;
means for sending recipient metadata to a computer server associated with the recipient to notify the recipient about the communication;
means for accepting an authenticated login from the recipient;
means for receiving a request from the recipient to take an action with regard to the communication; and
means for permitting the recipient to take the action if the sender metadata indicates that the sender allows the recipient to take the action.
-
Specification