Method and apparatus for reducing disclosure of proprietary data in a networked environment

US 7,711,835 B2
Filed: 09/30/2004
Issued: 05/04/2010
Est. Priority Date: 09/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for providing file contents comprising:

receiving, by an access control server, a request from a client node for a file having a native file type;

making, by the access control server, an access control decision to determine a level of access granted to the client node for the contents of the file;

transmitting, by the access control server responsive to the determined level of access, a second file to the client node, the second file executable by the client node and having a file type different from the native file type of the requested file;

establishing, via execution of the second file on the client node, a connection to an application server; and

presenting, by an application program executing on the application server, the contents of the file to the client node via the established connection.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for reducing disclosure of proprietary data in a networked environment includes a client node, an access control server, and an application server farm. The client node transmits a request for a file. The access control server receives the request for the file and makes an access control decision. An application server farm presents the contents of the file to the client node using an application program associated with a file type of the requested file.

322 Citations

55 Claims

1. A method for providing file contents comprising:
- receiving, by an access control server, a request from a client node for a file having a native file type;
  
  making, by the access control server, an access control decision to determine a level of access granted to the client node for the contents of the file;
  
  transmitting, by the access control server responsive to the determined level of access, a second file to the client node, the second file executable by the client node and having a file type different from the native file type of the requested file;
  
  establishing, via execution of the second file on the client node, a connection to an application server; and
  
  presenting, by an application program executing on the application server, the contents of the file to the client node via the established connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 2. The method of claim 1 further comprising identifying, responsive to the level of access, the application server from an application server farm.
  - 3. The method of claim 2 wherein identifying the application server further comprising identifying the application server responsive to the level of access.
  - 4. The method of claim 1 further comprising identifying, by the application server, an application program associated with the native file type.
  - 5. The method of claim 4 wherein identifying the application program further comprises identifying, by the application server, an identifier for the application program.
  - 6. The method of claim 4 wherein identifying the application program further comprises identifying, by the application server, the application program by querying a database for the application program to use with a file extension of the requested file.
  - 7. The method of claim 1 further comprising identifying a second application server from the application server farm for presenting the contents of the file to the client node.
  - 8. The method of claim 1 further comprising generating, by the access control server, the second file based on the level of access.
  - 9. The method of claim 8 further comprising, identifying a second application server from an application server farm, the second application server associated with the second file type for the file.
  - 10. The method of claim 9, wherein the second file type is different from the native file type.
  - 11. The method of claim 8 wherein determining the native file type further comprises downloading, by the access control server, the file from a content server.
  - 12. The method of claim 1 further comprising determining the native file type of the requested file.
  - 13. The method of claim 12 wherein determining the native file type further comprises determining, by the access control server, the native file type by extracting a file extension.
  - 14. The method of claim 1 further comprising acquiring, by the access control server, information about the client node.
  - 15. The method of claim 14 wherein making an access control decision further comprises comparing the information acquired by the access control server to a policy to make the access control decision.
  - 16. The method of claim 14 wherein presenting the contents of the file further comprises using, by the application server, acquired information to select a format for the presentation of the file contents.
  - 17. The method of claim 14 wherein presenting the contents of the file further comprises presenting the contents of the file by applying a policy to the acquired information to select a format for presentation of the file contents.
  - 18. The method of claim 1 further comprising transmitting, by the access control server, a collection agent to the client node.
  - 19. The method of claim 1 further comprising acquiring, by the access control server, information about the client node using a collection agent.
  - 20. The method of claim 19 wherein making an access control decision further comprises comparing the information acquired by the collection agent to a policy to make the access control decision.
  - 21. The method of claim 1 wherein making an access control decision further comprises rejecting, by the access control server, the request.
  - 22. The method of claim 1 further comprising retrieving the file from a file server.
  - 23. The method of claim 22 further comprising retrieving, by the application server, the file from a file server.
  - 24. The method of claim 1 further comprising retrieving the file from a web server.
  - 25. The method of claim 24 further comprising retrieving, by the application server, the file from a web server.
  - 26. The method of claim 24 further comprising retrieving, by the access control server, the file from a web server.
  - 27. The method of claim 1 further comprising retrieving the file from an email server.
  - 28. The method of claim 27 further comprising retrieving, by the application server, the file from an email server.
  - 29. The method of claim 27 further comprising retrieving, by the access control server, the file from an email server.
  - 30. The method of claim 1 further comprising connecting, by the client node, to the application server.
  - 31. The method of claim 30 wherein presenting the contents of the file further comprises presenting the contents of the file to the client node over the connection.
  - 32. The method of claim 1 wherein transmitting the second file further comprises transmitting, by the access control server, an executable file to the client node.
  - 33. The method of claim 32 further comprising identifying, by the executable file, the application server for presenting the contents of the file to the client node.
  - 34. The method of claim 32, further comprising identifying, by the second file, the application program for presenting the contents of the file to the client node.
  - 35. The method of claim 1 wherein transmitting the request for the file further comprises the client node residing on a first network separated from a second network by a network boundary, the client node requesting the file from the access control server, the access control server residing on the second network.
  - 36. The method of claim 1, wherein presenting the contents of the file further comprises:
    - using the identifier for the application program to identify the application server;
      
      connecting to the identified application server; and
      
      presenting the contents of the file to the client node in a format selected by the application server.

37. A system for providing file contents comprising:
- an access control server receiving a request from a client node for a file having a native file type, making an access control decision to determine a level of access granted to the client node for the contents of the file, and transmitting a second file to the client node responsive to the determined level of access, the second file executable by the client node and having a file type different from the native file type of the requested file, wherein a connection to an application server is established via execution of the second file on the client node; and
  
  an application program executing on the application server, presenting the contents of the file to the client node via the established connection.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
- - 38. The system of claim 37 wherein the application server further identifies the application program associated with the native file type.
  - 39. The system of claim 37 wherein the access control server further identifies the application program associated with the native file type.
  - 40. The system of claim 37 wherein the access control server further comprises a database storing at least one policy.
  - 41. The system of claim 37 wherein the access control server further comprises a collection agent for acquiring information about the client node.
  - 42. The system of claim 41 wherein the access control server makes an access control decision to determine a level of access for granting the client node access to the contents of the file based on the information acquired by the collection agent.
  - 43. The system of claim 41 wherein the access control server makes an access control decision to determine a level of access for granting the client node access to the contents of the file by applying a policy to the information acquired by the collection agent.
  - 44. The system of claim 41 wherein the collection agent acquires information about the client node regarding the device type of the client node.
  - 45. The system of claim 41 wherein the collection agent acquires information about the client node regarding network connection information.
  - 46. The system of claim 41 wherein the collection agent acquires information about the client node regarding authorization credentials.
  - 47. The system of claim 37 wherein the application server includes a database containing at least one application program associated with at least one file type.
  - 48. The system of claim 47 wherein the application server further identifies an application program by querying the database.
  - 49. The system of claim 37 wherein the access control server generates the second file to transmit to the client node based on the determined level of access.
  - 50. The system of claim 49 wherein the second file includes an identifier for the application program associated with the native file type.
  - 51. The system of claim 49 wherein the second file identifies the application server.
  - 52. The system of claim 49 wherein the client node executes the second file responsive to receiving the second file.
  - 53. The system of claim 49 wherein the application server accepts a connection from the client node.
  - 54. The system of claim 49 wherein the client node transmits the identifier for the application program identified by the executable file to the application server.
  - 55. The system of claim 49 wherein the application server presents the contents of the file over the connection to the client node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Simmons, Timothy Ernest, Braddy, Ricky Gene
Primary Examiner(s)
WINDER, PATRICE L

Application Number

US10/711,730
Publication Number

US 20060074837A1
Time in Patent Office

2,042 Days
Field of Search

None
US Class Current

709/229
CPC Class Codes

G06F 16/88   Mark-up to mark-up conversi...

G06F 16/9535   Search customisation based ...

G06F 21/10   Protecting distributed prog...

G06F 21/6218   to a system of files or obj...

G06Q 30/0601   Electronic shopping [e-shop...

H04L 63/0823   using certificates cryptogr...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04W 4/18   Information format or conte...

Method and apparatus for reducing disclosure of proprietary data in a networked environment

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

322 Citations

55 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for reducing disclosure of proprietary data in a networked environment

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

322 Citations

55 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others