Protecting an electronic document by embedding an executable script

US 8,453,258 B2
Filed: 09/15/2010
Issued: 05/28/2013
Est. Priority Date: 09/15/2010
Status: Active Grant

First Claim

Patent Images

1. A system for safeguarding data, the system comprising:

a computer apparatus including a first processor and a memory; and

a software module stored in the memory comprising executable instructions that when executed by the first processor cause the first processor to;

embed a script in an electronic file;

generate a token associated with a token identification number;

identify a first recipient device and a second recipient device that are each in communication with the system, the first recipient device being associated with a device identification code;

determine that the second recipient device is an authorized device based on a name, contents, or a format of the electronic file;

issue the token to the first recipient device and the second recipient device;

provide a token application to the first recipient device, wherein the token application is configured to store the token at a specific location on the first recipient device in response to determining that the device identification code is associated with the first recipient device;

send the electronic file comprising the script to the first recipient device and the second recipient device;

wherein the script comprises commands that when operated by a second processor of the first recipient device cause the second processor of the first recipient device to open the electronic file in response to determining that the token is stored at the specific location on the first recipient device and that the token is associated with the token identification number;

wherein the script comprises commands that when operated by a third processor of the second recipient device cause the third processor of the second recipient device to open the electronic file in response to determining that the second recipient device is an authorized device and that the token issued to the second recipient device is not detected on the second recipient device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention relate to methods and apparatuses for safeguarding information by, for example, controlling access to electronic files. Some embodiments of the present invention provide a method that includes embedding a script in an electronic file, where the script comprises commands that when operated on by a processor allow a recipient device to access the electronic file if either a token associated with the recipient device is detected or the recipient device is determined to be an authorized device.

Citations

27 Claims

1. A system for safeguarding data, the system comprising:
- a computer apparatus including a first processor and a memory; and
  
  a software module stored in the memory comprising executable instructions that when executed by the first processor cause the first processor to;
  
  embed a script in an electronic file;
  
  generate a token associated with a token identification number;
  
  identify a first recipient device and a second recipient device that are each in communication with the system, the first recipient device being associated with a device identification code;
  
  determine that the second recipient device is an authorized device based on a name, contents, or a format of the electronic file;
  
  issue the token to the first recipient device and the second recipient device;
  
  provide a token application to the first recipient device, wherein the token application is configured to store the token at a specific location on the first recipient device in response to determining that the device identification code is associated with the first recipient device;
  
  send the electronic file comprising the script to the first recipient device and the second recipient device;
  
  wherein the script comprises commands that when operated by a second processor of the first recipient device cause the second processor of the first recipient device to open the electronic file in response to determining that the token is stored at the specific location on the first recipient device and that the token is associated with the token identification number;
  
  wherein the script comprises commands that when operated by a third processor of the second recipient device cause the third processor of the second recipient device to open the electronic file in response to determining that the second recipient device is an authorized device and that the token issued to the second recipient device is not detected on the second recipient device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the electronic file comprises confidential information.
  - 3. The system of claim 1, wherein the script is configured to detect the token without the script communicating with a user of the first recipient device.
  - 4. The system of claim 1, wherein the script comprises a target identifier, and wherein the script is further configured to provide the first recipient device with access to the electronic file based at least partially on the script determining that an identifier associated with the first recipient device matches the target identifier.
  - 5. The system of claim 4, wherein the script is configured to block access to the electronic file upon the script determining that the identifier associated with the first recipient device does not match the target identifier.
  - 6. The system of claim 1, wherein the first processor is further configured to embed a token in the electronic file prior to the first processor sending the electronic file comprising the script to the first recipient device.
  - 7. The system of claim 1, wherein the token comprises hardware.
  - 8. The system of claim 1, wherein the token comprises software.
  - 9. The system of claim 1, wherein the token is configured to be valid for a limited period of time.
  - 10. The system of claim 1, wherein the first processor is further configured to issue a revocation token to the first recipient device, wherein the revocation token is configured to disable the token associated with the first recipient device.
  - 11. The system of claim 1, wherein the first processor is configured to issue the token to the first recipient device prior to the first processor sending the electronic file comprising the script to the first recipient device.

12. A method for safeguarding data, the method comprising:
- embedding, using a first processor, a script in an electronic file;
  
  generating, using the first processor, a token associated with a token identification number;
  
  identifying, using the first processor, a first recipient device and a second recipient device, the first recipient device being associated with a device identification code;
  
  determining, using the first processor, that the second recipient device is an authorized device based on a name, contents, or a format of the electronic file;
  
  issuing, using the first processor, the token to the first recipient device and the second recipient device;
  
  providing, using the first processor, a token application to the first recipient device, wherein the token application is configured to store the token at a specific location on the first recipient device in response to determining that the device identification code is associated with the first recipient device;
  
  sending, using the first processor, the electronic file comprising the script to the first recipient device and the second recipient device;
  
  wherein the script comprises commands that when operated by a second processor of the first recipient device cause the second processor of the first recipient device to open the electronic file in response to determining that the token is stored at the specific location on the first recipient device and that the token is associated with the token identification number;
  
  wherein the script comprises commands that when operated by a third processor of the second recipient device cause the third processor of the second recipient device to open the electronic file in response to determining that the second recipient device is an authorized device and that the token issued to the second recipient device is not detected on the second recipient device.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, wherein the script is configured to detect the token without the script communicating with a user of the first recipient device.
  - 14. The method of claim 12, wherein the script comprises a target identifier, and wherein the script is further configured to provide the first recipient device with access to the electronic file based at least partially on the script determining that an identifier associated with the first recipient device matches the target identifier.
  - 15. The method of claim 14, wherein the script is configured to block access to the electronic file upon the script determining that the identifier associated with the first recipient device does not match the target identifier.
  - 16. The method of claim 12, further comprising:
    - embedding a token in the electronic file prior to the sending the electronic file comprising the script to the first recipient device.
  - 17. The method of claim 12, wherein the token is configured to be valid for a limited period of time.
  - 18. The method of claim 12, further comprising:
    - issuing a revocation token to the first recipient device, wherein the revocation token is configured to disable the token associated with the first recipient device.
  - 19. The method of claim 12, further comprising:
    - issuing the token to the first recipient device prior to the sending the electronic file comprising the script to the first recipient device.

20. A computer program product for safeguarding data, the computer program product comprising a non-transitory computer-readable medium, wherein the non-transitory computer-readable medium comprises computer-executable program code stored therein, wherein the computer-executable program code portions comprise:
- a first program code portion configured to;
  
  embed a script in an electronic file;
  
  generate a token associated with a token identification number;
  
  identify a first recipient device and a second recipient device, the first recipient device being associated with a device identification code;
  
  determine that the second recipient device is an authorized device based on a name, contents, or a format of the electronic file;
  
  issue the token to the first recipient device and the second recipient device;
  
  provide a token application to the first recipient device, wherein the token application is configured to store the token at a specific location on the first recipient device in response to determining that the device identification code is associated with the first recipient device;
  
  send the electronic file comprising the script to the first recipient device and the second recipient device;
  
  wherein the script comprises commands that when operated by a first processor of the first recipient device cause the first processor of the first recipient device to open the electronic file in response to determining that the token is stored at the specific location on the first recipient device and that the token is associated with the token identification number;
  
  wherein the script comprises commands that when operated by a second processor of the second recipient device cause the second processor of the second recipient device to open the electronic file in response to determining that the second recipient device is an authorized device and that the token issued to the second recipient device is not detected on the second recipient device.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The computer program product of claim 20, wherein the script is configured to detect the token without the script receiving input from a user of the first recipient device.
  - 22. The computer program product of claim 20, wherein the script comprises a target identifier, and wherein the script is further configured to provide the first recipient device with access to the electronic file based at least partially on the script determining that an identifier associated with the first recipient device matches the target identifier.
  - 23. The computer program product of claim 22, wherein the script is configured to block access to the electronic file upon the script determining that the identifier associated with the first recipient device does not match the target identifier.
  - 24. The computer program product of claim 20, further comprising:
    - a second program code portion configured to embed a token in the electronic file prior to the second program code portion sending the electronic file comprising the script to the first recipient device.
  - 25. The computer program product of claim 20, further comprising:
    - a second program code portion configured to issue the token to the first recipient device prior to the sending the electronic file comprising the script to the first recipient device.
  - 26. The computer program product of claim 20, wherein the token is configured to be valid for a limited period of time.
  - 27. The computer program product of claim 20, further comprising:
    - issuing a revocation token to the first recipient device, wherein the revocation token is configured to disable the token associated with the first recipient device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Weisberger, Andrea M.
Primary Examiner(s)
Joo, Joshua
Assistant Examiner(s)
Jenkins, Benjamin A

Application Number

US12/882,536
Publication Number

US 20120066773A1
Time in Patent Office

986 Days
Field of Search

726/20
US Class Current

726/29
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6209   to a single file or object,...

G06F 2221/2129   Authenticate client device ...

H04L 9/3234   involving additional secure...

Protecting an electronic document by embedding an executable script

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting an electronic document by embedding an executable script

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links