Approach for managing access to electronic documents on network devices using document retention policies and document security policies

US 8,272,028 B2
Filed: 10/15/2008
Issued: 09/18/2012
Est. Priority Date: 10/15/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing access to electronic documents, the computer-implemented method comprising:

at a network device, detecting a request to access a particular electronic document stored on the network device; and

in response to detecting the request to access the particular electronic document stored on the network device, applying a document retention policy to the particular electronic document by;

determining that the particular electronic document belongs to a particular electronic document retention classification from a plurality of electronic document retention classifications,retrieving document retention policy data for the particular electronic document retention classification, wherein the document retention policy data for the particular document retention classification specifies one or more deletion criteria for the particular document retention classification,determining whether any of the one or more deletion criteria for the particular electronic document retention classification are satisfied,if any of the one or more deletion criteria for the particular electronic document retention classification are satisfied, then causing the particular electronic document to be deleted,if none of the one or more deletion criteria for the particular electronic document retention classification are satisfied, then applying a document security policy to the particular electronic document by;

determining that the particular electronic document belongs to a particular document security classification from the plurality of document security classifications,retrieving document security policy data for the particular document security classification, wherein the document security policy data for the particular document security classification specifies one or more access criteria for the particular document security classification,determining, based upon the one or more access criteria for the particular document security classification and one or more attributes of a user associated with the request to access the particular electronic document, whether the user is authorized to access the particular electronic document, andif the user is not authorized to access the particular electronic document, then preventing access to the particular electronic document.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach for managing access to electronic documents uses document retention and document security policies. In response to detecting a request to access a particular electronic document stored on a network device, a document retention policy and a document security policy are applied to the particular electronic document. If, based upon application of the document retention policy to the particular electronic document, a determination is made that the particular electronic document is to be deleted, then the particular electronic document is deleted from the network device. If, based upon application of the document security policy to the particular electronic document, a determination is made that access to the particular electronic document should be denied, then access to the particular electronic document is denied. Retention policy audits, automatic or manual loading or auto-destruction code and self-extracting and executable data may also be used to enforce document retention and document security policies.

Citations

20 Claims

1. A computer-implemented method for managing access to electronic documents, the computer-implemented method comprising:
- at a network device, detecting a request to access a particular electronic document stored on the network device; and
  
  in response to detecting the request to access the particular electronic document stored on the network device, applying a document retention policy to the particular electronic document by;
  
  determining that the particular electronic document belongs to a particular electronic document retention classification from a plurality of electronic document retention classifications,retrieving document retention policy data for the particular electronic document retention classification, wherein the document retention policy data for the particular document retention classification specifies one or more deletion criteria for the particular document retention classification,determining whether any of the one or more deletion criteria for the particular electronic document retention classification are satisfied,if any of the one or more deletion criteria for the particular electronic document retention classification are satisfied, then causing the particular electronic document to be deleted,if none of the one or more deletion criteria for the particular electronic document retention classification are satisfied, then applying a document security policy to the particular electronic document by;
  
  determining that the particular electronic document belongs to a particular document security classification from the plurality of document security classifications,retrieving document security policy data for the particular document security classification, wherein the document security policy data for the particular document security classification specifies one or more access criteria for the particular document security classification,determining, based upon the one or more access criteria for the particular document security classification and one or more attributes of a user associated with the request to access the particular electronic document, whether the user is authorized to access the particular electronic document, andif the user is not authorized to access the particular electronic document, then preventing access to the particular electronic document.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer-implemented method as recited in claim 1, wherein:
    - the one or more deletion criteria for the particular electronic document classification include a retention time,determining whether any of the one or more deletion criteria for the particular electronic document retention classification are satisfied includes determining whether the particular electronic document has existed for at least the retention time, andif the particular electronic has existed for at least the retention time, then causing the particular electronic document to be deleted.
  - 3. The computer-implemented method as recited in claim 1, wherein:
    - the one or more access criteria for the particular document security classification specifies a security level, anddetermining, based upon the one or more access criteria for the particular document security classification and one or more attributes of a user associated with the request to access the particular electronic document, whether the user is authorized to access the particular electronic document includes determining whether the user associated with the request to access the particular electronic document is authorized to access electronic documents assigned to the security level.
  - 4. The computer-implemented method as recited in claim 1, wherein:
    - the request to access the particular electronic document is generated by a particular application program, andpreventing access to the particular electronic document includes preventing the particular application program from accessing the particular electronic document.
  - 5. The computer-implemented method as recited in claim 1, wherein preventing access to the particular electronic document includes performing one or more actions based upon a security level of the particular document security classification to which the particular electronic document belongs.
  - 6. The computer-implemented method as recited in claim 1, wherein determining, based upon the one or more access criteria for the particular electronic document, whether a user associated with the request to access the particular electronic document is authorized to access the particular electronic document includes:
    - at the network device generating and transmitting over a network to a personnel information system a request to perform an authorization check to determine whether the user is authorized to access the particular electronic document, andreceiving at the network device from the personnel information system over the network a response indicating whether the user is authorized to access the particular electronic document.
  - 7. The computer-implemented method as recited in claim 1, further comprising if both none of the one or more deletion criteria for the particular electronic document retention classification are satisfied and the user is authorized to access the particular electronic document, then decrypting the particular electronic document to generate a decrypted particular electronic document and granting access to the decrypted particular electronic document.
  - 8. The computer-implemented method as recited in claim 1, further comprising generating self-executing data which, when processed by one or more processors, causes performance of the steps in response to detecting the request to access the particular electronic document stored on the network device.

9. A non-transitory computer-readable medium for managing access to electronic documents, the computer-readable medium carrying instructions which, when processed by one or more processors, causes:
- at a network device, detecting a request to access a particular electronic document stored on the network device; and
  
  in response to detecting the request to access the particular electronic document stored on the network device, applying a document retention policy to the particular electronic document by;
  
  determining that the particular electronic document belongs to a particular electronic document retention classification from a plurality of electronic document retention classifications,retrieving document retention policy data for the particular electronic document retention classification, wherein the document retention policy data for the particular document retention classification specifies one or more deletion criteria for the particular document retention classification,determining whether any of the one or more deletion criteria for the particular electronic document retention classification are satisfied,if any of the one or more deletion criteria for the particular electronic document retention classification are satisfied, then causing the particular electronic document to be deleted,if none of the one or more deletion criteria for the particular electronic document retention classification are satisfied, then applying a document security policy to the particular electronic document by;
  
  determining that the particular electronic document belongs to a particular document security classification from the plurality of document security classifications,retrieving document security policy data for the particular document security classification, wherein the document security policy data for the particular document security classification specifies one or more access criteria for the particular document security classification,determining, based upon the one or more access criteria for the particular document security classification and one or more attributes of a user associated with the request to access the particular electronic document, whether the user is authorized to access the particular electronic document, andif the user is not authorized to access the particular electronic document, then preventing access to the particular electronic document.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer-readable medium as recited in claim 9, wherein:
    - the one or more deletion criteria for the particular electronic document classification include a retention time,determining whether any of the one or more deletion criteria for the particular electronic document retention classification are satisfied includes determining whether the particular electronic document has existed for at least the retention time, andif the particular electronic has existed for at least the retention time, then causing the particular electronic document to be deleted.
  - 11. The non-transitory computer-readable medium as recited in claim 9, wherein:
    - the one or more access criteria for the particular document security classification specifies a security level, anddetermining, based upon the one or more access criteria for the particular document security classification and one or more attributes of a user associated with the request to access the particular electronic document, whether the user is authorized to access the particular electronic document includes determining whether the user associated with the request to access the particular electronic document is authorized to access electronic documents assigned to the security level.
  - 12. The non-transitory computer-readable medium as recited in claim 9, wherein:
    - the request to access the particular electronic document is generated by a particular application program, andpreventing access to the particular electronic document includes preventing the particular application program from accessing the particular electronic document.
  - 13. The non-transitory computer-readable medium as recited in claim 9, wherein preventing access to the particular electronic document includes performing one or more actions based upon a security level of the particular document security classification to which the particular electronic document belongs.
  - 14. The non-transitory computer-readable medium as recited in claim 9, wherein determining, based upon the one or more access criteria for the particular electronic document, whether a user associated with the request to access the particular electronic document is authorized to access the particular electronic document includes:
    - at the network device generating and transmitting over a network to a personnel information system a request to perform an authorization check to determine whether the user is authorized to access the particular electronic document, andreceiving at the network device from the personnel information system over the network a response indicating whether the user is authorized to access the particular electronic document.
  - 15. The non-transitory computer-readable medium as recited in claim 9, further comprising additional instructions which, when processed by the one or more processors, causes if both none of the one or more deletion criteria for the particular electronic document retention classification are satisfied and the user is authorized to access the particular electronic document, then decrypting the particular electronic document to generate a decrypted particular electronic document and granting access to the decrypted particular electronic document.
  - 16. The non-transitory computer-readable medium as recited in claim 9, further comprising self-executing data which, when processed by one or more processors, causes performance of the steps in response to detecting the request to access the particular electronic document stored on the network device.

17. An apparatus for managing access to electronic documents, the apparatus comprising a memory storing instructions which, when processed by one or more processors, causes:
- at a network device, detecting a request to access a particular electronic document stored on the network device; and
  
  in response to detecting the request to access the particular electronic document stored on the network device, applying a document retention policy to the particular electronic document by;
  
  determining that the particular electronic document belongs to a particular electronic document retention classification from a plurality of electronic document retention classifications,retrieving document retention policy data for the particular electronic document retention classification, wherein the document retention policy data for the particular document retention classification specifies one or more deletion criteria for the particular document retention classification,determining whether any of the one or more deletion criteria for the particular electronic document retention classification are satisfied,if any of the one or more deletion criteria for the particular electronic document retention classification are satisfied, then causing the particular electronic document to be deleted,if none of the one or more deletion criteria for the particular electronic document retention classification are satisfied, then applying a document security policy to the particular electronic document by;
  
  determining that the particular electronic document belongs to a particular document security classification from the plurality of document security classifications,retrieving document security policy data for the particular document security classification, wherein the document security policy data for the particular document security classification specifies one or more access criteria for the particular document security classification,determining, based upon the one or more access criteria for the particular document security classification and one or more attributes of a user associated with the request to access the particular electronic document, whether the user is authorized to access the particular electronic document, andif the user is not authorized to access the particular electronic document, then preventing access to the particular electronic document.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus as recited in claim 17, wherein:
    - the one or more deletion criteria for the particular electronic document classification include a retention time, determining whether any of the one or more deletion criteria for the particular electronic document retention classification are satisfied includes determining whether the particular electronic document has existed for at least the retention time, andif the particular electronic has existed for at least the retention time, then causing the particular electronic document to be deleted.
  - 19. The apparatus as recited in claim 17, wherein:
    - the one or more access criteria for the particular document security classification specifies a security level, anddetermining, based upon the one or more access criteria for the particular document security classification and one or more attributes of a user associated with the request to access the particular electronic document, whether the user is authorized to access the particular electronic document includes determining whether the user associated with the request to access the particular electronic document is authorized to access electronic documents assigned to the security level.
  - 20. The apparatus as recited in claim 17, wherein:
    - the request to access the particular electronic document is generated by a particular application program, andpreventing access to the particular electronic document includes preventing the particular application program from accessing the particular electronic document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ricoh Company Limited
Original Assignee
Ricoh Company Limited
Inventors
Motoyama, Tetsuro
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
Shehni, Ghazal

Application Number

US12/252,320
Publication Number

US 20100095349A1
Time in Patent Office

1,434 Days
Field of Search

None
US Class Current

726/1
CPC Class Codes

H04L 63/10 for controlling access to d...

H04L 63/20 for managing network securi...

Approach for managing access to electronic documents on network devices using document retention policies and document security policies

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Approach for managing access to electronic documents on network devices using document retention policies and document security policies

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links