Policy Enforcement in a Secure Data File Delivery System

US 20130104185A1
Filed: 05/25/2012
Published: 04/25/2013
Est. Priority Date: 03/31/2000
Status: Active Grant

First Claim

Patent Images

1. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server interacts with a sender to form a package which can include one or more attached data files to be sent to one or more recipients, and the server applies a policy established by a policy authority of the sender to the package. Since the server both forms the package through interaction with the sender and applies the policy, violations of the policy by the package can be brought to the sender'"'"'s attention during an interactive session with the sender and before encryption of all or part of the package. As a result, the sender is educated regarding the policy of the sender'"'"'s policy authority, and the sender can modify the package immediately to comport with the policy. The server delivers the package to intended recipients by sending notification to each recipient and including package identification data, e.g., a URL by which the package can be retrieved.

Citations

14 Claims

1. (canceled)

2. A method comprising:
- in an secure interactive session between a client sender associated with an enterprise and a web server accessible to the client sender via a public internet, receiving data specifying one or more recipients, a subject and message data, and identifying one or more data files for inclusion in a package submitted for delivery to the specified one or more recipients;
  
  evaluating the received data for violation of a sender policy framework specified and configurable by a policy authority with which the client sender is associated and, in the case of a violation, allowing the client sender to, during the secure interactive session, correct the data and resubmit the package for delivery; and
  
  effectuating delivery of the package at least in part by sending a notification message to each of the specified one or more recipients, the notification message containing a private universal resource locator (private URL) by which the respective recipient may securely retrieve the package.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 3. The method of claim 2,wherein the evaluating of received data for violation of the sender policy framework is performed prior to encryption of the package for secure delivery.
  - 4. The method of claim 2,wherein the evaluating includes evaluations of policy conditions and Boolean expressions that test allowable recipients or recipient enterprises and package content against the sender policy framework.
  - 5. The method of claim 2,wherein the client sender is associated with the policy authority of a first enterprise and wherein a second client sender is associated with a policy authority of a second enterprise;
    - andwherein the evaluating of data received from the client sender and from the second client sender, respectively, is for violation of policy rule sets specified by the policy authority of the respective associated first or second enterprise.
  - 6. The method of claim 2, further comprising:
    - delaying delivery of the submitted package, at least as to a particular one of the recipients, if the sender policy framework specifies a condition for administrator review that is met by data of the submitted package.
  - 7. The method of claim 2, further comprising:
    - saving or sending a copy of the submitted package if the sender policy framework specifies a condition that is met by data of the submitted package.
  - 8. The method of claim 2, further comprising:
    - in the secure interactive session, receiving sender specified authentication requirements for specified ones of the recipients.
  - 9. The method of claim 2,wherein the sender policy framework for a particular client sender specifies whether a secure transmission channel is required.
  - 10. The method of claim 2,wherein the sender policy framework for a particular client sender specifies whether package data is to be encrypted while stored.
  - 11. The method of claim 2,wherein the sender policy framework for a particular client sender specifies recipient authentication requirements.
  - 12. A computer program product encoded in one or more media, the computer program product including codes executable on one or more processors of a service platform to cause the service platform to perform the method of claim 2.

13. A secure file transfer service platform comprising:
- a package manager implemented as code executable on one or more servers of the service platform and accessible to at least some remote users thereof via a public network, the package manager providing human ones of the remote users with an interactive package creation user interface by which the remote human users may specify, as a package sender, one or more recipients, a subject and message data, and by which one or more data files may be specified for inclusion in the package for delivery to the specified one or more recipients;
  
  a policy manager implemented as code executable on one or more servers of the service platform to enforce, relative to packages interactively created by the package senders, information security policies established by policy authorities of an enterprise with which a particular package sender is associated, the policy manager supplying the package manager with indications of policy violations and thereby allowing the human users, in the course of an interactive package creation and submission session, to correct policy violations in the package and resubmit the package for the delivery; and
  
  a delivery manager implemented as code executable on one or more servers of the service platform to facilitate delivery of submitted packages not violative of the information security policies established by a policy authority of an enterprise with which a particular package sender is associated, the delivery manager sending to each of the one or more recipients a notification message containing a private universal resource locator (private URL) by which the respective recipient may securely retrieve the package.
- View Dependent Claims (14)
- - 14. The secure file transfer service platform of claim 13, exposed to at least the remote users thereof as web server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Axway Incorporated (Axway Software SA)
Original Assignee
Axway Incorporated (Axway Software SA)
Inventors
Smith, Jeffrey C., Bandini, Jean-Christophe

Granted Patent

US 9,578,059 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/0227   Filtering policies mail mes...

H04L 63/083   using passwords cryptograph...

H04L 63/1408   by monitoring network traff...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04L 67/06   specially adapted for file ...

H04L 67/568   Storing data temporarily at...

H04L 67/62   Establishing a time schedul...

H04L 69/329   in the application layer [O...

Policy Enforcement in a Secure Data File Delivery System

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Policy Enforcement in a Secure Data File Delivery System

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links