Security for collaboration services

US 8,572,369 B2
Filed: 12/11/2009
Issued: 10/29/2013
Est. Priority Date: 12/11/2009
Status: Active Grant

First Claim

Patent Images

1. A method of using a publicly accessible collaboration service to share organization-confidential information securely between authorized members of the organization, the method comprising:

receiving a data payload on a computing device as input for posting to a publicly-accessible, remote collaboration service;

executing instructions on at least one processor of the computing device to send the data payload to a private cryptographic service;

receiving the data payload in an encrypted form from the private cryptographic service;

sending the data payload in the encrypted form to the publicly-accessible collaboration service in a format as specified by a provider of the publicly-accessible collaboration service, the encrypted data payload to be stored by the publicly-accessible collaboration service;

capturing data received by an application performing the method;

determining the source of the received data;

when the source of the received data is not the publicly-accessible collaboration service, returning the received data to the application; and

when the source of the received data is the publicly-accessible collaboration service;

determining if the received data includes an encrypted data payload;

when the received data does not include an encrypted data payload, returning the received data to the application; and

when the received data includes an encrypted payload;

sending a copy of the encrypted data payload to the private cryptographic service to be decrypted;

replacing the encrypted data payload within the received data with a decrypted data payload received from the private cryptographic service; and

returning the received data, including the decrypted data payload, to the application performing the method;

wherein only the private cryptographic service can decrypt the encrypted data payload; and

wherein the private cryptographic service is only accessible to authorized members of the organization.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments, in the form of at least one of systems, methods, and software, are provided that include security solutions for use of collaboration services. Some embodiments include encrypting data to be sent to and stored by a collaboration service. These and other embodiments include capturing, within a computer application used to post data to a collaboration service, data to be sent to the collaboration service, encrypting the captured data, and returning the data in an encrypted form to the computer application for posting to the collaboration service.

Citations

18 Claims

1. A method of using a publicly accessible collaboration service to share organization-confidential information securely between authorized members of the organization, the method comprising:
- receiving a data payload on a computing device as input for posting to a publicly-accessible, remote collaboration service;
  
  executing instructions on at least one processor of the computing device to send the data payload to a private cryptographic service;
  
  receiving the data payload in an encrypted form from the private cryptographic service;
  
  sending the data payload in the encrypted form to the publicly-accessible collaboration service in a format as specified by a provider of the publicly-accessible collaboration service, the encrypted data payload to be stored by the publicly-accessible collaboration service;
  
  capturing data received by an application performing the method;
  
  determining the source of the received data;
  
  when the source of the received data is not the publicly-accessible collaboration service, returning the received data to the application; and
  
  when the source of the received data is the publicly-accessible collaboration service;
  
  determining if the received data includes an encrypted data payload;
  
  when the received data does not include an encrypted data payload, returning the received data to the application; and
  
  when the received data includes an encrypted payload;
  
  sending a copy of the encrypted data payload to the private cryptographic service to be decrypted;
  
  replacing the encrypted data payload within the received data with a decrypted data payload received from the private cryptographic service; and
  
  returning the received data, including the decrypted data payload, to the application performing the method;
  
  wherein only the private cryptographic service can decrypt the encrypted data payload; and
  
  wherein the private cryptographic service is only accessible to authorized members of the organization.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the collaboration service is a social network web site.
  - 3. The method of claim 1, wherein the received data payload is received as a data chunk created by an application performing the method according to a transfer protocol of the collaboration service.
  - 4. The method of claim 1, wherein the private cryptographic service is a service operating on a server residing within a networked computing environment of an organization.
  - 5. The method of claim 4, wherein a user of a computing system performing the method is an authenticated user within the networked computing environment of the organization.
  - 6. The method of claim 4, wherein the private cryptographic service performs symmetric encryption.

7. A system comprising:
- at least one processor, at least one memory device, a network interface device, a display device, and at least one input device;
  
  an application stored in the at least one memory device and executable on the at least one processor to;
  
  communicate via the network interface device with a publicly-accessible, remote collaboration service;
  
  receive data from the collaboration service for display on the display device;
  
  receive input, via the at least one input device, for posting to the collaboration service; and
  
  an application plug-in stored in the at least one memory device and executable by the at least one processor to augment the functionality of the application by;
  
  capturing, from the application, received input prior to posting to the collaboration service;
  
  copying a data payload of the captured input;
  
  sending the data payload to a private cryptographic service and, in response, receiving the data payload in an encrypted form;
  
  replacing the data payload of the captured input with the data payload in the encrypted form;
  
  returning the received input, including the data payload in the encrypted form, to the application for posting to the collaboration servicecapturing data received by the application from the network interface device;
  
  determining the source of the received data;
  
  when the source of the received data is not the publicly-accessible collaboration service, returning the received data to the application; and
  
  when the source of the received data is the publicly-accessible collaboration service;
  
  determining if the received data includes an encrypted data payload;
  
  when the received data does not include an encrypted data payload, returning the received data to the application; and
  
  when the received data includes an encrypted payload;
  
  sending a copy of the encrypted data payload to the encryption service to be decrypted;
  
  replacing the encrypted data payload within the received data with a decrypted data payload received from the encryption service; and
  
  returning the received data the decrypted data payload, to the application.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7, wherein the collaboration service is a social network web site.
  - 9. The system of claim 7, wherein the application is a web browser.
  - 10. The system of claim 7, wherein capturing the received input prior to posting to the collaboration service includes capturing a data chunk generated by the application according to a transfer protocol of the collaboration service prior to posting the data chunk to the collaboration service.
  - 11. The system of claim 7, wherein the private cryptographic service is accessible via the Internet by users authorized to utilize the private cryptographic service, each user authenticated through provision of authentication credentials over the Internet to the private cryptographic service.
  - 12. The system of claim 7, wherein the private cryptographic service is a service operating on a server residing within a networked computing environment of an organization and the publicly-accessible, remote collaboration service is accessible on the Internet.
  - 13. The system of claim 12, wherein sending the data payload to the private cryptographic service includes sending authentication data to the collaboration service that authenticates a user of the application as an authorized user within the networked computing environment of the organization.

14. A non-transitory computer-readable storage medium, with instructions stored thereon, which when executed by a processor of a computer, cause the computer to:
- capture data received by an application via a network interface device;
  
  determine the source of the received data;
  
  when the source of the received data is not publicly-accessible collaboration service, return the received data to the application; and
  
  when the source of the received data is the publicly-accessible collaboration service;
  
  determine if the received data includes an encrypted data payload;
  
  when the received data does not include an encrypted data payload, return the received data to the application; and
  
  when the received data includes an encrypted payload;
  
  send a copy of the encrypted data payload to an encryption service to be decrypted;
  
  replace the encrypted data payload within the received data with a decrypted data payload received from the encryption service; and
  
  return the received data, including the decrypted data payload, to the application.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The non-transitory computer-readable storage medium of claim 14, wherein the application is a web-enabled application capable of retrieving data from and posting data to the collaboration service via the network interface device.
  - 16. The non-transitory computer-readable storage medium of claim 15, wherein the application presents data retrieved from the collaboration service within at least one user interface defined within an instruction set of the application.
  - 17. The non-transitory computer-readable storage medium of claim 14, wherein the instructions when executed by the processor of the computer, further cause the computer to:
    - when the data was received from the collaboration service, but does not include an encrypted data payload, returning the received data to the application, wherein the application is capable of displaying, in a single user interface, data received from the collaboration service;
      
      in an encrypted form after the encrypted data has been decrypted; and
      
      in an unencrypted form.
  - 18. The non-transitory computer-readable storage medium of claim 14, wherein the instructions define an application plug-in.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP AG (SAP SE)
Inventors
Schmidt-Karaca, Markus, Eberlein, Peter
Primary Examiner(s)
LEMMA, SAMSON B

Application Number

US12/636,489
Publication Number

US 20110145571A1
Time in Patent Office

1,418 Days
Field of Search

713/160, 713/165, 713/167, 709/204
US Class Current

713/160
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0428   wherein the data content is...

H04L 9/08   Key distribution or managem...

H04L 9/32   including means for verifyi...

Security for collaboration services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Security for collaboration services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links