System and method for controlling access to documents stored on an internal network

US 6,357,010 B1
Filed: 02/17/1998
Issued: 03/12/2002
Est. Priority Date: 02/17/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method of limiting access from an external network to documents stored on an internal network, the method comprising:

building a client list, wherein building a client list includes assigning each client to a role;

building a document list naming documents available to clients assigned to the client'"'"'s role;

receiving a request for a document stored on the internal network;

associating the request with a client;

determining if the requested document is on the list of documents; and

if the requested document is on the list of documents, fetching the requested document as a proxy and sending the requested document to the client.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of limiting access from an external network to documents stored on an internal network. A client list is built in which each client is assigned to one or more roles. Each role has access to one or more documents as defined on a document list. A request from an external network is reviewed and, if possible, the request is associated with a client on the client list. The requested document is then compared to the document list associated with the client'"'"'s role and, if the requested document is in the list of documents available to a client in the client'"'"'s role, the requested document is fetched, cleaned and sent to the client.

Citations

37 Claims

1. A method of limiting access from an external network to documents stored on an internal network, the method comprising:
- building a client list, wherein building a client list includes assigning each client to a role;
  
  building a document list naming documents available to clients assigned to the client'"'"'s role;
  
  receiving a request for a document stored on the internal network;
  
  associating the request with a client;
  
  determining if the requested document is on the list of documents; and
  
  if the requested document is on the list of documents, fetching the requested document as a proxy and sending the requested document to the client.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, wherein each document has a unique URL and wherein the document list includes the URL of each available document, wherein the step of determining includes the step of determining if the URL of the requested document is included in the document list.
  - 3. The method according to claim 2, wherein building the document list includes displaying available documents in a tree structure within a graphical user interface, wherein displaying includes querying a document control server to obtain a current version of the document list.
  - 4. The method according to claim 1, wherein associating the request with a client includes the step of authenticating the client.
  - 5. The method according to claim 4, wherein each document has a unique URL and wherein the document list includes the URL of each available document, wherein the step of determining includes the step of determining if the URL of the requested document is included in the document list.
  - 6. The method according to claim 5, wherein building the document list includes displaying available documents in a tree structure within a graphical user interface, wherein displaying includes the step of querying a document control server to obtain a current version of the document list.

7. A document control system, including:
- an internal network;
  
  an external interface;
  
  a document server connected to the internal network, wherein the document server controls access to a plurality of documents, including a first document; and
  
  a document control server, wherein the document control server receives a document request for the first document, determines a user associated with the document request and authenticates the user, wherein the document control server includes a go list processor for determining if the user has authorization to access said first document and a document processor for reading the first document from the document server, cleaning the first document and forwarding a clean version of said first document to the user.
- View Dependent Claims (8, 9, 10, 18, 19, 20, 21, 22)
- - 8. The document control system according to claim 7, wherein the external interface includes a firewall connected to an external network, wherein the document control server communicates to the document server through the firewall.
  - 9. The document control system according to claim 7, wherein the document processor acts as a proxy to hide access to the first document.
  - 10. The document control system according to claim 7, wherein the external interface includes a telephone interface into which a business partner can dial to gain access to the document control server.
  - 18. The document control system according to claim 8, wherein the document control server is connected to the external network and communicates to the firewall through the external network.
  - 19. The document control system according to claim 8, wherein the document control server is connected to a third network and communicates to the firewall through the third network.
  - 20. The document control system according to claim 7, wherein the document control server is connected to the internal network and wherein the external interface includes a firewall connected to an external network, wherein the firewall is configured to receive the document request and to route the document request to the document control server.
  - 21. The document control system according to claim 7, wherein the document control server includes means for translating links embedded in the first document.
  - 22. The document control system according to claim 7, wherein each user is assigned one or more roles and wherein the go list processor restricts access to documents as function of the role under which the user attempts to access the document.

11. A document control system, including:
- an internal network;
  
  an external interface;
  
  a document server connected to the internal network, wherein the document server controls access to a plurality of documents, including a first document;
  
  a document control server; and
  
  a data owner interface for building a document list of available documents;
  
  wherein the document control server receives a document request from the external interface for the first document, determines a user associated with the document request and authenticates the user; and
  
  wherein the document control server includes a go list processor for determining, based on the document list, if the user has authorization to access said first document.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The document control system according to claim 11, wherein the data owner interface includes a graphical user interface which displays the document list in a tree structure, wherein the graphical user interface queries the document control server to obtain a current version of the document list.
  - 13. The document control system according to claim 11, wherein the document control server further includes a document processor for reading the first document from the document server, cleaning the first document and forwarding a clean version of said first document to the user.
  - 14. The document control system according to claim 13, wherein the document processor acts as a proxy to hide access to the first document.
  - 15. The document control system according to claim 14, wherein the data owner interface includes a graphical user interface which displays the document list in a tree structure, wherein the graphical user interface queries the document control server to obtain a current version of the document list.
  - 16. The document control system according to claim 11, wherein the external interface includes a firewall connected to an external network.
  - 17. The document control system according to claim 11, wherein the external interface includes a telephone interface into which a business partner can dial to gain access to the document control server.

23. In a system having an internal network and an interface to an external network, a method of handling requests from the external network for documents stored on the internal network, the method comprising:
- defining one or more users;
  
  defining documents accessible to the users;
  
  receiving a document request from the external network;
  
  determining a user associated with the document request;
  
  authenticating the user associated with the document request;
  
  determining if the user associated with the document request has permission to access the document requested; and
  
  if the user associated with the document request has permission to access the document requested, retrieving the document requested from the internal network, cleaning the document of embedded links and delivering the document to the user associated with the document request.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. The method according to claim 23, wherein each document has a unique URL and wherein determining if the user associated with the document request has permission to access the document requested includes:
25. The method according to claim 23, wherein defining documents accessible to the users includes assigning each user to one or more roles and limiting access to documents as a function of role and wherein determining if the user associated with the document request has permission to access the document requested includes determining if users in the role associated with the document request have permission to access the document requested.
26. The method according to claim 24, wherein defining documents accessible to the users includes assigning each user to one or more roles and limiting access to documents as a function of role and wherein determining if the user associated with the document request has permission to access the document requested includes determining if users in the role associated with the document request have permission to access the document requested.
27. The method according to claim 23, wherein each document request includes an HTTP header and wherein authenticating the user associated with the document request includes retrieving authentication information from the HTTP header.
28. The method according to claim 23, wherein cleaning the document of embedded links includes looking for a server path link and replacing the server path link with a link to an alias.
29. The method according to claim 23, wherein cleaning the document of embedded links includes looking for an absolute path link, determining if the absolute path link is a link which should be hidden and, if the absolute path link is a link which should be hidden, replacing the absolute path link with a different link.

30. In a system having an internal network and an interface to an external network, a method of handling requests from the external network for documents stored on the internal network, the method comprising:
- defining a plurality of users, including a first and a second user;
  
  assigning each user to one or more roles, wherein assigning includes assigning the first user to a first role and the second user to a second role;
  
  defining documents accessible to the users, wherein defining includes limiting access to documents as a function of the roles assigned to the user;
  
  receiving a document request from the external network;
  
  determining a user and a role associated with the document request;
  
  authenticating the user associated with the document request;
  
  determining if users in the role associated with the document request have permission to access the document requested; and
  
  if users in the role associated with the document request have permission to access the document requested, retrieving the document requested from the internal network and delivering the document to the user associated with the document request.
- View Dependent Claims (31, 32, 33, 34)
- - 31. The method according to claim 30, wherein each document has a unique URL and wherein determining if the user associated with the document request has permission to access the document requested includes:
32. The method according to claim 30, wherein retrieving the document requested includes cleaning the document of embedded links.
33. The method according to claim 32, wherein cleaning the document of embedded links includes looking for a server path link and replacing the server path link with a link to an alias.
34. The method according to claim 32, wherein cleaning the document of embedded links includes looking for an absolute path link, determining if the absolute path link is a link which should be hidden and, if the absolute path link is a link which should be hidden, replacing the absolute path link with a different link.

35. A computer-readable medium having program code for limiting access from an external network to documents stored on an internal network, the program code comprising:
- program code for building a client list, wherein program code for building a client list includes program code for assigning each client to a role;
  
  program code for building a document list naming documents available to clients assigned to the client'"'"'role;
  
  program code for receiving a request for a document stored on the internal network;
  
  program code for associating the request with a client;
  
  program code for determining if the requested document is on the list of documents; and
  
  program code for, if the requested document is on the list of documents, fetching the requested document as a proxy and sending the requested document to the client.

36. A computer-readable medium comprising program code, in a system having an internal network and an interface to an external network, for handling requests from the external network for documents stored on the internal network, the program code comprising:
- program code for defining one or more users;
  
  program code for defining documents accessible to the users;
  
  program code for receiving a document request from the external network;
  
  program code for determining a user associated with the document request;
  
  program code for authenticating the user associated with the document request;
  
  program code for determining if the user associated with the document request has permission to access the document requested; and
  
  program code for, if the user associated with the document request has permission to access the document requested, retrieving the document requested from the internal network, cleaning the document of embedded links and delivering the document to the user associated with the document request.

37. A computer-readable medium comprising program code, in a system having an internal network and an interface to an external network, for handling requests from the external network for documents stored on the internal network, the program code comprising:
- program code for defining a plurality of users, including a first and a second user;
  
  program code for assigning each user to one or more roles, wherein assigning includes assigning the first user to a first role and the second user to a second role;
  
  program code for defining documents accessible to the users, wherein defining includes limiting access to documents as a function of the roles assigned to the user;
  
  program code for receiving a document request from the external network;
  
  program code for determining a user and a role associated with the document request;
  
  program code for authenticating the user associated with the document request;
  
  program code for determining if users in the role associated with the document request have permission to access the document requested; and
  
  program code for, if users in the role associated with the document request have permission to access the document requested, retrieving the document requested from the internal network and delivering the document to the user associated with the document request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Greve, Paula Budig, Herberg, Wayne W., Motes, David G., Viets, Richard R.
Primary Examiner(s)
Lee, Thomas
Assistant Examiner(s)
Nguyen, Tanh Q.

Application Number

US09/024,576
Time in Patent Office

1,484 Days
Field of Search

713/201, 713/200, 709/225
US Class Current

726/4
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 9/40   Network security protocols

System and method for controlling access to documents stored on an internal network

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for controlling access to documents stored on an internal network

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links