System and method for controlling access to documents stored on an internal network

US 7,543,329 B2
Filed: 06/30/2003
Issued: 06/02/2009
Est. Priority Date: 02/17/1998
Status: Expired due to Fees

First Claim

Patent Images

1. In a document control system including an internal network, an external interface, and a document server connected to the internal network and to the external interface, wherein the document server belongs to an organization and wherein the document server includes a plurality of go lists, wherein each go list is associated with a role such that a first go list is associated with a first role and a second go list is associated with a second role, wherein each go list indicates whether a Business Partner assigned to that role has access to particular documents in the document server, wherein the Business Partner is a user from outside the organization, a method of modifying a go list, the method comprising:

defining a plurality of Data Owners including a first Data Owner and a second Data Owner, wherein each Data Owner is a trusted individual within the organization;

delegating control over the go lists from an administrator to Data Owners, wherein delegating includes assigning each Data Owner to one or more roles, wherein assigning includes;

assigning the first Data Owner control over the go list associated with the first role, wherein assigning the first Data Owner control over the go list associated with the first role includes granting the first Data Owner access to the first go list and granting the first Data Owner permission to add one or more Business Partners to the first role; and

assigning the second Data Owner control over the go list associated with the second role, wherein assigning the second Data Owner control over the go list associated with the second role includes granting the second Data Owner access to the second go list and granting the second Data Owner permission to add one or more Business Partners to the second role;

receiving, from one of the Data Owners, a request to modify the go list associated with the second role;

determining if the Data Owner making the request is permitted to modify the go list associated with the second role;

if the Data Owner is permitted to modify the go list associated with the second role, displaying the go list associated with the second role as a directory tree;

modifying the directory tree;

mapping the modified directory tree into a revised go list;

replacing, in the directory server, the go list associated with the second role with the revised go list; and

allowing Business Partners assigned to the second role to access documents stored in the document server according to the revised go list.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method of limiting access from an external network to documents stored on an internal network. A client list is built in which each client is assigned to one or more roles. Each role has access to one or more documents as defined on a document list. A request from an external network is reviewed and, if possible, the request is associated with a client on the client list. The requested document is then compared to the document list associated with the client'"'"'s role and, if the requested document is in the list of documents available to a client in the client'"'"'s role, the requested document is fetched, cleaned and sent to the client.

91 Citations

View as Search Results

14 Claims

1. In a document control system including an internal network, an external interface, and a document server connected to the internal network and to the external interface, wherein the document server belongs to an organization and wherein the document server includes a plurality of go lists, wherein each go list is associated with a role such that a first go list is associated with a first role and a second go list is associated with a second role, wherein each go list indicates whether a Business Partner assigned to that role has access to particular documents in the document server, wherein the Business Partner is a user from outside the organization, a method of modifying a go list, the method comprising:
- defining a plurality of Data Owners including a first Data Owner and a second Data Owner, wherein each Data Owner is a trusted individual within the organization;
  
  delegating control over the go lists from an administrator to Data Owners, wherein delegating includes assigning each Data Owner to one or more roles, wherein assigning includes;
  
  assigning the first Data Owner control over the go list associated with the first role, wherein assigning the first Data Owner control over the go list associated with the first role includes granting the first Data Owner access to the first go list and granting the first Data Owner permission to add one or more Business Partners to the first role; and
  
  assigning the second Data Owner control over the go list associated with the second role, wherein assigning the second Data Owner control over the go list associated with the second role includes granting the second Data Owner access to the second go list and granting the second Data Owner permission to add one or more Business Partners to the second role;
  
  receiving, from one of the Data Owners, a request to modify the go list associated with the second role;
  
  determining if the Data Owner making the request is permitted to modify the go list associated with the second role;
  
  if the Data Owner is permitted to modify the go list associated with the second role, displaying the go list associated with the second role as a directory tree;
  
  modifying the directory tree;
  
  mapping the modified directory tree into a revised go list;
  
  replacing, in the directory server, the go list associated with the second role with the revised go list; and
  
  allowing Business Partners assigned to the second role to access documents stored in the document server according to the revised go list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 12)
- - 2. The method according to claim 1, wherein modifying includes adding a document.
  - 3. The method according to claim 1, wherein modifying includes adding a directory.
  - 4. The method according to claim 1, wherein modifying includes marking the directory tree to prevent access to a portion of the directory tree.
  - 5. The method according to claim 1, wherein modifying includes marking the directory tree to allow access to a portion of the directory tree.
  - 6. The method according to claim 1, wherein displaying includes displaying the directory tree within a Graphical User Interface (GUI).
  - 7. A computer-readable medium comprising instructions, which, when executed by a computer, perform the method of claim 1.
  - 12. The document control system according to claim 1, wherein the data owner interface includes a graphical user interface which displays the document list in a tree structure, wherein the graphical user interface queries the document control server to obtain a current version of the document list for a particular role.

8. A document control system, including:
- an internal network;
  
  an external interface;
  
  a document server connected to the internal network and to the external interface, wherein the document server belongs to an organization and wherein the document server controls access to a plurality of documents, including a first document;
  
  a document control server connected to the internal network and to the external interface, wherein the document control server includes a go list processor; and
  
  a data owner interface, wherein the data owner interface is operable to;
  
  define a plurality of Data Owners, wherein each Data Owner is a trusted individual within the organization; and
  
  delegate control over a document list of available documents for each role from an administrator to Data Owners, wherein the delegation includes assigning each Data Owner one or more roles, wherein assigning includes granting the Data Owner access to the document list of available documents for his role and granting the Data Owner permission to add one or more end users to his role, wherein each end user is a user from outside the organization;
  
  wherein the document control server receives a document request from the external interface for the first document, determines an end user associated with the document request, authenticates the end user and determines whether the end user has been assigned to one of the one or more roles associated with a corresponding Data Owner; and
  
  wherein if the end user has been assigned to one of the one or more roles associated with the corresponding Data Owner, the document control server accesses the go list processor and determines whether to allow the end user to access said first document based on the document list for the role associated with the corresponding Data Owner.
- View Dependent Claims (9, 10, 11, 13, 14)
- - 9. The document control system according to claim 8, wherein the data owner interface includes a graphical user interface which displays the document list in a tree structure, wherein the graphical user interface queries the document control server to obtain a current version of the document list for a particular role.
  - 10. The document control system according to claim 8, wherein the document control server further includes a document processor for reading the first document from the document server, cleaning the first document and forwarding a clean version of said first document to the user.
  - 11. The document control system according to claim 10, wherein the document processor acts as a proxy to hide access to the first document.
  - 13. The document control system according to claim 8, wherein the external interface includes a firewall connected to an external network.
  - 14. The document control system according to claim 8, wherein the external interface includes a telephone interface into which a business partner can dial to gain access to the document control server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Greve, Paula Budig, Herberg, Wayne W., Motes, David G., Viets, Richard R.
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
Gergiso; Techane J

Application Number

US10/609,854
Publication Number

US 20040003293A1
Time in Patent Office

2,164 Days
Field of Search

726/2, 726/3, 726/4, 726/21, 726/26, 726/27, 726/28, 726/29, 709/217, 709/233
US Class Current

726/2
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 9/40   Network security protocols

System and method for controlling access to documents stored on an internal network

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

91 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for controlling access to documents stored on an internal network

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links