Secure content sharing

US 9,525,692 B2
Filed: 10/25/2013
Issued: 12/20/2016
Est. Priority Date: 10/25/2012
Status: Active Grant

First Claim

Patent Images

1. A method of sharing accessed content between authorized users within a network-managed user group, the method comprising the steps of:

at a first user device,a. authenticating a first user via communication with an authentication server;

b. providing access to multiple software applications;

c. by the first user using the first user device, selecting a second user and a third user within the user group, wherein the second and third users have different access privileges permitting access to contents from the multiple software applications;

d. by the first user using the first user device, selecting contents from the multiple accessed software applications, thereby defining a set of contents for transmission to both the second user and the third user;

e. exporting the set of contents and transmitting the exported set of contents to a server; and

at the server,f. combining only portions of the set of contents to which the access privileges of the second user permit access into a first compilation;

g. combining only portions of the set of contents to which the access privileges of the third user permit access into a second compilation, wherein the first and second compilations include different portions of the set of contents;

h. associating a digital signature identifying the first user with the first compilation;

i. determining whether the second user has been authenticated by the authentication server via a second user device, and if so, causing transmission of only the first compilation to the second user device, the digital signature being verified at the second device; and

j. determining whether the third user has been authenticated by the authentication server via a third user device, and if so, causing transmission of only the second compilation to the third user device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Convenient sharing of information among authorized network users may be facilitated by allowing a user to send information originating from multiple applications in aggregate form to another user, e.g., using a secure messaging service. In scenarios where data access is restricted, a server may check the recipient'"'"'s access privileges prior to forwarding the information to her.

34 Citations

View as Search Results

29 Claims

1. A method of sharing accessed content between authorized users within a network-managed user group, the method comprising the steps of:
- at a first user device,a. authenticating a first user via communication with an authentication server;
  
  b. providing access to multiple software applications;
  
  c. by the first user using the first user device, selecting a second user and a third user within the user group, wherein the second and third users have different access privileges permitting access to contents from the multiple software applications;
  
  d. by the first user using the first user device, selecting contents from the multiple accessed software applications, thereby defining a set of contents for transmission to both the second user and the third user;
  
  e. exporting the set of contents and transmitting the exported set of contents to a server; and
  
  at the server,f. combining only portions of the set of contents to which the access privileges of the second user permit access into a first compilation;
  
  g. combining only portions of the set of contents to which the access privileges of the third user permit access into a second compilation, wherein the first and second compilations include different portions of the set of contents;
  
  h. associating a digital signature identifying the first user with the first compilation;
  
  i. determining whether the second user has been authenticated by the authentication server via a second user device, and if so, causing transmission of only the first compilation to the second user device, the digital signature being verified at the second device; and
  
  j. determining whether the third user has been authenticated by the authentication server via a third user device, and if so, causing transmission of only the second compilation to the third user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein exporting the set of contents comprises converting at least a portion of a screen display into an image file.
  - 3. The method of claim 1, wherein exporting the set of contents comprises virtually printing contents of selected ones of the multiple software applications.
  - 4. The method of claim 1, further comprising integrating the exported set of contents into a multi-media case file prior to transmission to the server.
  - 5. The method of claim 1, further comprising annotating the exported set of contents prior to transmission to the server.
  - 6. The method of claim 1, wherein combining only portions of the set of contents to which the access privileges of the second user permit access into the first compilation comprises redacting the exported set of contents by excising therefrom, by the server, portions to which the second user does not have access privileges.
  - 7. The method of claim 1, wherein causing transmission of only the first compilation to the second user device comprises sending a message containing the first compilation to the second user device.
  - 8. The method of claim 1, wherein causing transmission of only the first compilation to the second user device comprises (i) storing the first compilation in a central repository, (ii) causing transmission of a link to the stored first compilation to the second user device, and (iii) upon execution of the link at the second user device, transmitting the stored first compilation to the second user device.
  - 9. The method of claim 1, wherein exporting the set of contents comprises associating metadata therewith, the metadata identifying at least one of the first user, the software applications from which the set of contents is selected, or a subject to which the set of contents pertains.
  - 10. The method of claim 9, wherein the software applications provide access to electronic medical records, the subject to which the set of contents pertains comprising a patient identifier.
  - 11. The method of claim 9, wherein combining only portions of the set of contents to which the access privileges of the second user permit access into the first compilation is performed based at least in part on the metadata.
  - 12. The method of claim 1, wherein combining only portions of the set of contents to which the access privileges of the second user permit access into the first compilation comprises consulting a database of user access privileges.
  - 13. The method of claim 1, wherein the software applications are executed on a remote hosting server, access to the software applications being provided by executing, on the first user device, a terminal emulator service displaying output from the software applications received via a network connection with the hosting server.
  - 14. The method of claim 1, wherein the first, second, and third users are authenticated via authentication devices associated with the first, second, and third user devices.
  - 15. The method of claim 14, wherein the authentication devices obtain data from the first, second, and third users, authenticating the first, second, and third users comprising transmitting the data to an authentication server, comparing the received data at the authentication server to stored data for each of the first, second, and third users and, upon detection of a match between the received and stored data, declaring the first, second, and third users authenticated.
  - 16. The method of claim 1, wherein selecting contents from the multiple accessed software applications comprises selecting display contents comprising multiple display portions containing data from different ones of the accessed software applications.
  - 17. The method of claim 1, wherein selecting contents from the multiple accessed software applications comprises selecting, among the accessed software applications, applications for transmission of their contents.
  - 18. The method of claim 1, further comprising, if the second user has not been authenticated by the authentication server via the second user device, facilitating authentication of the second user to the authentication server, and upon successful authentication of the second user, causing transmission of only the first compilation to the second user device.
  - 19. The method of claim 1, wherein the exported set of contents is static.
  - 20. The method of claim 1, wherein the exported set of contents is dynamic.
  - 21. The method of claim 20, wherein the exported set of contents comprises at least one of a selectable web link, an image sequence displayable as video, or audio content.

22. A client device providing access to multiple software applications and facilitating sharing of contents thereof with authorized users within a network-managed user group, the client device comprising:
- a network interface;
  
  a processor; and
  
  memory storing processor-executable instructions comprising;
  
  a. a user-authentication service which, when executed by the processor, establishes communications with an authentication server via the network interface to authenticate a user of the client device;
  
  b. access means which, when executed by the processor, provide access to multiple software applications;
  
  c. export means, responsive to selection by the user of contents from the software applications to define a set of contents, which, when executed by the processor, export the set of contents from the software applications and associate metadata therewith; and
  
  d. a secure messaging service, responsive to designation by the user of second and third recipient users, which, when executed by the processor, transmits the exported set of contents and associated metadata to a server for (i) determination, based at least in part on the metadata, whether the designated second and third recipient users have access privileges permitting access to at least a portion of the exported set of contents, (ii) combining only portions of the set of contents to which the access privileges of the second recipient user permit access into a first compilation, (iii) combining only portions of the set of contents to which the access privileges of the third recipient user permit access into a second compilation, wherein the first and second compilations include different portions of the set of contents, (iv) associating a digital signature identifying the user with the first compilation, (v) transmission of only the first compilation to a second recipient client device used by the second recipient user, the digital signature being verified at the second recipient client device, and (vi) transmission of only the second compilation to a third recipient client device used by the third recipient user.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The client device of claim 22, wherein the access means comprise at least one of (i) the software applications, or (ii) a terminal emulation service connected, via the network interface, with a remote hosting server executing the software applications, the terminal emulation service, when executed by the processor, causing display of output from the remotely executed applications on the client computer.
  - 24. The client device of claim 22, wherein the export means comprise at least one of a screen-sharing service and a virtual-printing service.
  - 25. The client device of claim 22, wherein the metadata identifies at least one of the user, the software applications from which the set of contents are selected, or a subject to which the set of contents pertains.
  - 26. The client device of claim 22, wherein the processor-executable instructions further comprise a case builder application facilitating integration of content from multiple sources into a single case file.
  - 27. The client device of claim 26, wherein the processor-executable instructions further comprise an auto-connection service which, when executed by the processor, automatically connects the client device to a mobile device belonging to the user authenticated at the client device.
  - 28. The client device of claim 27, wherein the processor-executable instructions further comprise an auto-binding service which, when executed by the processor and following connection of the client device to the mobile device, sends an identifier associated with the case file to the mobile device and causes the mobile device to tag data transmitted therefrom to the client device with the identifier.
  - 29. The client device of claim 26, further comprising an authentication device, authentication of the user being based, at least in part, on data obtained by the authentication device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imprivata Incorporated
Original Assignee
Imprivata Incorporated
Inventors
Gaudet, Edward J., Gage, John, Kashtan, David, Mafera, Jason, Rubinov, Eliot, Sengupta, Kuntal, Ting, David M. T., Vernest, Kyle, Galloway, Bryan, Gavin, Mae-Ellen
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Steinle, Andrew

Application Number

US14/063,839
Publication Number

US 20140123237A1
Time in Patent Office

1,152 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/41   where a single sign-on prov...

G06F 21/445   by mutual authentication, e...

G06F 21/60   Protecting data

G06F 21/604   Tools and structures for ma...

G06F 21/6245   Protecting personal data, e...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/205   involving negotiation or de...

H04L 67/06   specially adapted for file ...

Secure content sharing

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Secure content sharing

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links