Policy enforcement in a secure data file delivery system

US 9,578,059 B2
Filed: 05/25/2012
Issued: 02/21/2017
Est. Priority Date: 03/31/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

in a secure interactive session between a client sender associated with an enterprise and a web server accessible to the client sender via a public internet, receiving data specifying one or more recipients, a subject and message data, and identifying one or more data files for inclusion in a package submitted for delivery to the specified one or more recipients;

evaluating at least one of the message data and the one or more data files for violation of a sender policy framework specified and configurable by a policy authority with which the client sender is associated;

detecting, based on the evaluating, that a violation of the sender policy framework has occurred in association with the package;

after detection of the violation, allowing the client sender to, during the secure interactive session, modify at least one of the message data and one or more data files and resubmit the package for delivery; and

effectuating delivery of the package at least in part by sending a notification message to each of the specified one or more recipients, the notification message containing a private universal resource locator (private URL), and the package being securely retrievable by the respective recipient via the private URL and not violative of the sender policy framework.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server interacts with a sender to form a package which can include one or more attached data files to be sent to one or more recipients, and the server applies a policy established by a policy authority of the sender to the package. Since the server both forms the package through interaction with the sender and applies the policy, violations of the policy by the package can be brought to the sender'"'"'s attention during an interactive session with the sender and before encryption of all or part of the package. As a result, the sender is educated regarding the policy of the sender'"'"'s policy authority, and the sender can modify the package immediately to comport with the policy. The server delivers the package to intended recipients by sending notification to each recipient and including package identification data, e.g., a URL by which the package can be retrieved.

17 Citations

22 Claims

1. A method comprising:
- in a secure interactive session between a client sender associated with an enterprise and a web server accessible to the client sender via a public internet, receiving data specifying one or more recipients, a subject and message data, and identifying one or more data files for inclusion in a package submitted for delivery to the specified one or more recipients;
  
  evaluating at least one of the message data and the one or more data files for violation of a sender policy framework specified and configurable by a policy authority with which the client sender is associated;
  
  detecting, based on the evaluating, that a violation of the sender policy framework has occurred in association with the package;
  
  after detection of the violation, allowing the client sender to, during the secure interactive session, modify at least one of the message data and one or more data files and resubmit the package for delivery; and
  
  effectuating delivery of the package at least in part by sending a notification message to each of the specified one or more recipients, the notification message containing a private universal resource locator (private URL), and the package being securely retrievable by the respective recipient via the private URL and not violative of the sender policy framework.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1,wherein the evaluating of at least one of the message data and the one or more data files for violation of the sender policy framework is performed prior to encryption of the package for secure delivery.
  - 3. The method of claim 1,wherein the evaluating includes evaluations of policy conditions and Boolean expressions that test package content against the sender policy framework.
  - 4. The method of claim 1,wherein the client sender is associated with the policy authority of a first enterprise and wherein a second client sender is associated with a policy authority of a second enterprise;
    - andwherein the evaluating of at least one of the message data and the one or more data files received from the client sender and from the second client sender, respectively, is for violation of policy rule sets specified by the policy authority of the respective associated first or second enterprise.
  - 5. The method of claim 1, further comprising:
    - delaying delivery of the submitted package, at least as to a particular one of the recipients, if the sender policy framework specifies a condition for administrator review that is met by data of the submitted package.
  - 6. The method of claim 1, further comprising:
    - saving or sending a copy of the submitted package if the sender policy framework specifies a condition that is met by data of the submitted package.
  - 7. The method of claim 1, further comprising:
    - in the secure interactive session, receiving sender specified authentication requirements for specified ones of the recipients.
  - 8. The method of claim 7, wherein the sender specified authentication requirements includes a sender-specified password that is required to retrieve the package.
  - 9. The method of claim 1,wherein the sender policy framework for a particular client sender specifies whether a secure transmission channel is required.
  - 10. The method of claim 1,wherein the sender policy framework for a particular client sender specifies recipient authentication requirements.
  - 11. The method of claim 1,wherein the evaluating at least one of the message data and the one or more data files includes evaluating only the message data, and wherein the client sender is only allowed to modify the message data.
  - 12. The method of claim 1,wherein the evaluating at least one of the message data and the one or more data files includes evaluating only the one or more data files, and wherein the client sender is only allowed to modify the one or more data files.
  - 13. The method of claim 1,wherein the evaluating includes evaluating, at a computing device remote from the client sender, the at least one of the message data and the one or more data files for violation of the sender policy framework.
  - 14. The method of claim 1,wherein each private URL uniquely identifies an intended recipient of the package.
  - 15. The method of claim 1, further comprising:
    - in response to detecting the violation, interrupting delivery of the package; and
      
      evaluating the modified at least one of the message data and the one or more data files for violation of the sender policy framework;
      
      determining, based on evaluating the modified at least one of the message data and the one or more data files, that the package is not violative of the sender policy framework, wherein the effectuating delivery includes after determining, based on evaluating the modified at least one of the message data and the one or more data files, that the package is not violative of the sender policy framework, effectuating delivery of the package.
  - 16. The method of claim 15,wherein interrupting delivery of the package includes blocking delivery of the package, the method further comprising:
    - after determining, based on evaluating the modified at least one of the message data and the one or more data files, that the package is not violative of the sender policy framework, unblocking the delivery of the package, wherein the unblocking the delivery occurs before the effectuating delivery of the package.

17. A non-transitory computer program product encoded in one or more media, the computer program product including codes executable on one or more processors of a service platform to cause the service platform to perform a method including:
- in a secure interactive session between a client sender associated with an enterprise and a web server accessible to the client sender via a public internet, receiving data specifying one or more recipients, a subject and message data, and identifying one or more data files for inclusion in a package submitted for delivery to the specified one or more recipients;
  
  evaluating at least one of the message data and the one or more data files for violation of a sender policy framework specified and configurable by a policy authority with which the client sender is associated;
  
  detecting, based on the evaluating, that a violation of the sender policy framework has occurred in association with the package;
  
  after detection of the violation, allowing the client sender to, during the secure interactive session, modify at least one of the message data and one or more data files and resubmit the package for delivery; and
  
  effectuating delivery of the package at least in part by sending a notification message to each of the specified one or more recipients, the notification message containing a private universal resource locator (private URL), and the package being securely retrievable by the respective recipient via the private URL and not violative of the sender policy framework.
- View Dependent Claims (18, 19)
- - 18. The non-transitory computer program product of claim 17,wherein the evaluating at least one of the message data and the one or more data files includes evaluating only the message data, and wherein the client sender is only allowed to modify the message data.
  - 19. The non-transitory computer program product of claim 17,wherein the evaluating at least one of the message data and the one or more data files includes evaluating only the one or more data files, and wherein the client sender is only allowed to modify the one or more data files.

20. A secure file transfer service platform comprising:
- a package manager implemented as code executable by at least one hardware processor of the service platform and accessible to at least some remote users thereof via a public network, the package manager providing human ones of the remote users with an interactive package creation user interface by which the human ones of the remote users may specify, as a package sender, one or more recipients, a subject and message data, and by which one or more data files may be specified for inclusion in the package for delivery to the specified one or more recipients;
  
  a policy manager implemented as code executable on one or more servers of the service platform to enforce, relative to packages interactively created by the package senders, information security policies established by policy authorities of an enterprise with which a particular package sender is associated, the policy manager supplying the package manager with indications of policy violations and thereby allowing the human ones of the remote users, in the course of an interactive package creation and submission session, to modify at least one of the message data and the one or more data files to correct policy violations in the package and resubmit the package for the delivery; and
  
  a delivery manager implemented as code executable on one or more servers of the service platform to facilitate delivery of submitted packages not violative of the information security policies established by a policy authority of an enterprise with which a particular package sender is associated, the delivery manager sending to each of the one or more recipients a notification message containing a private universal resource locator (private URL), and the package being securely retrievable by the respective recipient via the private URL and not violative of the sender policy framework.
- View Dependent Claims (21, 22)
- - 21. The secure file transfer service platform of claim 20, exposed to at least the remote users thereof as web server.
  - 22. The method of claim 20,wherein if a submitted package is violative of the information security policies established by the policy authority, the delivery manager blocks delivery of the submitted package.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Axway Incorporated (Axway Software SA)
Original Assignee
Axway Incorporated (Axway Software SA)
Inventors
Smith, Jeffrey C., Bandini, Jean-Christophe
Primary Examiner(s)
Schmidt, Kari

Application Number

US13/481,549
Publication Number

US 20130104185A1
Time in Patent Office

1,733 Days
Field of Search

726 1- 5, 726/11, 726/13, 726/14, 726/21, 726/22, 726/26, 713/151, 713/152, 713/154, 713/156, 713/188, 709/202, 709/206, 709/207, 709/223, 709/225, 709/229, 705/59
US Class Current

1/1
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/0227   Filtering policies mail mes...

H04L 63/083   using passwords cryptograph...

H04L 63/1408   by monitoring network traff...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04L 67/06   specially adapted for file ...

H04L 67/568   Storing data temporarily at...

H04L 67/62   Establishing a time schedul...

H04L 69/329   in the application layer [O...

Policy enforcement in a secure data file delivery system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Policy enforcement in a secure data file delivery system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links