System and method for controlling access to documents stored on an internal network
First Claim
1. A method of limiting access from an external network to documents stored on an internal network, the method comprising:
- building a client list, wherein building a client list includes assigning each client to a role;
building a document list naming documents available to clients assigned to the client'"'"'s role;
receiving a request for a document stored on the internal network;
associating the request with a client;
determining if the requested document is on the list of documents; and
if the requested document is on the list of documents, fetching the requested document as a proxy and sending the requested document to the client.
13 Assignments
0 Petitions
Accused Products
Abstract
A system and method of limiting access from an external network to documents stored on an internal network. A client list is built in which each client is assigned to one or more roles. Each role has access to one or more documents as defined on a document list. A request from an external network is reviewed and, if possible, the request is associated with a client on the client list. The requested document is then compared to the document list associated with the client'"'"'s role and, if the requested document is in the list of documents available to a client in the client'"'"'s role, the requested document is fetched, cleaned and sent to the client.
-
Citations
37 Claims
-
1. A method of limiting access from an external network to documents stored on an internal network, the method comprising:
-
building a client list, wherein building a client list includes assigning each client to a role;
building a document list naming documents available to clients assigned to the client'"'"'s role;
receiving a request for a document stored on the internal network;
associating the request with a client;
determining if the requested document is on the list of documents; and
if the requested document is on the list of documents, fetching the requested document as a proxy and sending the requested document to the client. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A document control system, including:
-
an internal network;
an external interface;
a document server connected to the internal network, wherein the document server controls access to a plurality of documents, including a first document; and
a document control server, wherein the document control server receives a document request for the first document, determines a user associated with the document request and authenticates the user, wherein the document control server includes a go list processor for determining if the user has authorization to access said first document and a document processor for reading the first document from the document server, cleaning the first document and forwarding a clean version of said first document to the user. - View Dependent Claims (8, 9, 10, 18, 19, 20, 21, 22)
-
-
11. A document control system, including:
-
an internal network;
an external interface;
a document server connected to the internal network, wherein the document server controls access to a plurality of documents, including a first document;
a document control server; and
a data owner interface for building a document list of available documents;
wherein the document control server receives a document request from the external interface for the first document, determines a user associated with the document request and authenticates the user; and
wherein the document control server includes a go list processor for determining, based on the document list, if the user has authorization to access said first document. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
23. In a system having an internal network and an interface to an external network, a method of handling requests from the external network for documents stored on the internal network, the method comprising:
-
defining one or more users;
defining documents accessible to the users;
receiving a document request from the external network;
determining a user associated with the document request;
authenticating the user associated with the document request;
determining if the user associated with the document request has permission to access the document requested; and
if the user associated with the document request has permission to access the document requested, retrieving the document requested from the internal network, cleaning the document of embedded links and delivering the document to the user associated with the document request. - View Dependent Claims (24, 25, 26, 27, 28, 29)
accessing a document list listing the URL of each available document; and
generating an error message if the document requested is not on the document list.
-
-
25. The method according to claim 23, wherein defining documents accessible to the users includes assigning each user to one or more roles and limiting access to documents as a function of role and wherein determining if the user associated with the document request has permission to access the document requested includes determining if users in the role associated with the document request have permission to access the document requested.
-
26. The method according to claim 24, wherein defining documents accessible to the users includes assigning each user to one or more roles and limiting access to documents as a function of role and wherein determining if the user associated with the document request has permission to access the document requested includes determining if users in the role associated with the document request have permission to access the document requested.
-
27. The method according to claim 23, wherein each document request includes an HTTP header and wherein authenticating the user associated with the document request includes retrieving authentication information from the HTTP header.
-
28. The method according to claim 23, wherein cleaning the document of embedded links includes looking for a server path link and replacing the server path link with a link to an alias.
-
29. The method according to claim 23, wherein cleaning the document of embedded links includes looking for an absolute path link, determining if the absolute path link is a link which should be hidden and, if the absolute path link is a link which should be hidden, replacing the absolute path link with a different link.
-
30. In a system having an internal network and an interface to an external network, a method of handling requests from the external network for documents stored on the internal network, the method comprising:
-
defining a plurality of users, including a first and a second user;
assigning each user to one or more roles, wherein assigning includes assigning the first user to a first role and the second user to a second role;
defining documents accessible to the users, wherein defining includes limiting access to documents as a function of the roles assigned to the user;
receiving a document request from the external network;
determining a user and a role associated with the document request;
authenticating the user associated with the document request;
determining if users in the role associated with the document request have permission to access the document requested; and
if users in the role associated with the document request have permission to access the document requested, retrieving the document requested from the internal network and delivering the document to the user associated with the document request. - View Dependent Claims (31, 32, 33, 34)
accessing a document list listing the URL of each available document; and
generating an error message if the document requested is not on the document list.
-
-
32. The method according to claim 30, wherein retrieving the document requested includes cleaning the document of embedded links.
-
33. The method according to claim 32, wherein cleaning the document of embedded links includes looking for a server path link and replacing the server path link with a link to an alias.
-
34. The method according to claim 32, wherein cleaning the document of embedded links includes looking for an absolute path link, determining if the absolute path link is a link which should be hidden and, if the absolute path link is a link which should be hidden, replacing the absolute path link with a different link.
-
35. A computer-readable medium having program code for limiting access from an external network to documents stored on an internal network, the program code comprising:
-
program code for building a client list, wherein program code for building a client list includes program code for assigning each client to a role;
program code for building a document list naming documents available to clients assigned to the client'"'"'role;
program code for receiving a request for a document stored on the internal network;
program code for associating the request with a client;
program code for determining if the requested document is on the list of documents; and
program code for, if the requested document is on the list of documents, fetching the requested document as a proxy and sending the requested document to the client.
-
-
36. A computer-readable medium comprising program code, in a system having an internal network and an interface to an external network, for handling requests from the external network for documents stored on the internal network, the program code comprising:
-
program code for defining one or more users;
program code for defining documents accessible to the users;
program code for receiving a document request from the external network;
program code for determining a user associated with the document request;
program code for authenticating the user associated with the document request;
program code for determining if the user associated with the document request has permission to access the document requested; and
program code for, if the user associated with the document request has permission to access the document requested, retrieving the document requested from the internal network, cleaning the document of embedded links and delivering the document to the user associated with the document request.
-
-
37. A computer-readable medium comprising program code, in a system having an internal network and an interface to an external network, for handling requests from the external network for documents stored on the internal network, the program code comprising:
-
program code for defining a plurality of users, including a first and a second user;
program code for assigning each user to one or more roles, wherein assigning includes assigning the first user to a first role and the second user to a second role;
program code for defining documents accessible to the users, wherein defining includes limiting access to documents as a function of the roles assigned to the user;
program code for receiving a document request from the external network;
program code for determining a user and a role associated with the document request;
program code for authenticating the user associated with the document request;
program code for determining if users in the role associated with the document request have permission to access the document requested; and
program code for, if users in the role associated with the document request have permission to access the document requested, retrieving the document requested from the internal network and delivering the document to the user associated with the document request.
-
Specification