Environment-aware security tokens

US 9,590,971 B2
Filed: 08/15/2016
Issued: 03/07/2017
Est. Priority Date: 08/11/2014
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

storing a copy of an electronic file at a first storage location that is authenticated to be a part of a home network associated with the electronic file, wherein the electronic file includes a security token, and the security token is configured to;

authenticate an attempt to access the electronic file,restrict access to the electronic file upon determining the attempt to be originating from outside the home network, andallow access to the electronic file in accordance with a security policy upon determining the attempt to be originating from within the home network;

obtaining, at one or more computing devices communicably coupled to the home network, information about changes to the electronic file as a result of the attempt;

updating, by the one or more computing devices, another copy of the electronic file stored at a second storage location; and

storing, by the one or more computing devices on a storage device of a file system, data representing the attempt to access the electronic file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The technology described in this document can be embodied in a computer implemented method that includes receiving, at a processing device, information about one or more assets associated with a network of devices. The method also includes generating, for at least one of the assets, a security token that is based at least on a portion of the received information about the corresponding asset. The security token can be configured to identify a home network defined for the asset, and to restrict access to the corresponding asset upon detecting an occurrence of an unauthorized activity involving the asset. The method further includes storing, in a storage device, information about the security token and information linking the security token to the corresponding asset, and initiating integration of the security token with the corresponding asset.

62 Citations

View as Search Results

30 Claims

1. A computer implemented method comprising:
- storing a copy of an electronic file at a first storage location that is authenticated to be a part of a home network associated with the electronic file, wherein the electronic file includes a security token, and the security token is configured to;
  
  authenticate an attempt to access the electronic file,restrict access to the electronic file upon determining the attempt to be originating from outside the home network, andallow access to the electronic file in accordance with a security policy upon determining the attempt to be originating from within the home network;
  
  obtaining, at one or more computing devices communicably coupled to the home network, information about changes to the electronic file as a result of the attempt;
  
  updating, by the one or more computing devices, another copy of the electronic file stored at a second storage location; and
  
  storing, by the one or more computing devices on a storage device of a file system, data representing the attempt to access the electronic file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the first storage location is a part of a distributed storage system.
  - 3. The method of claim 1, wherein the first storage location is a part of a virtual machine of a cloud-based system.
  - 4. The method of claim 1, wherein the security token is configured to authenticate the attempt by determining that at least one of (i) a user-profile or (ii) a device profile associated with the attempt is associated with the home network.
  - 5. The method of claim 1, wherein information about the security policy is encoded into the security token, the security policy comprising information about access privileges associated with the electronic file.
  - 6. The method of claim 5, wherein the access privileges are specific to a user-profile or device-profile associated with the home network.
  - 7. The method of claim 1, wherein the security token comprises information about a global unit identifier (GUID) associated with the electronic file.
  - 8. The method of claim 1, wherein the security token comprises an object generated in accordance with Component Object Model (COM).
  - 9. The method of claim 1, wherein the security token is generated in accordance with one or more security policies associated with the corresponding asset.
  - 10. The method of claim 1, wherein the security token is configured to restrict access to the electronic file by deleting content of the electronic file upon determining the attempt to be originating from outside the home network.
  - 11. The method of claim 1, wherein the security token is configured to restrict access to the electronic file upon determining a dissociation of the electronic file from the home network.
  - 12. The method of claim 1, wherein the security token is included in a header portion of the electronic file or encapsulated with the electronic file in an executable file.
  - 13. The method of claim 1, wherein the electronic file comprises an electronic document, and the security token is embedded into a page description language of the document.
  - 14. The method of claim 1, wherein the copy at the second storage location is updated upon receiving an approval for the changes.

15. A system comprising:
- memory; and
  
  one or more processors configured to;
  
  store a copy of an electronic file at a first storage location authenticated to be a part of a home network associated with the electronic file, wherein the electronic file includes a security token configured to;
  
  authenticate an attempt to access the electronic file,restrict access to the electronic file upon determining the attempt to be originating from outside the home network, andallow access to the electronic file in accordance with a security policy upon determining the attempt to be originating from within the home network;
  
  obtain information about changes to the electronic file as a result of the attempt;
  
  update another copy of the electronic file stored at a second storage location; and
  
  storing on a storage device of a file system, data representing the attempt to access the electronic file,wherein the one or more processors are communicably coupled to the home network.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 16. The system of claim 15, wherein the first storage location is a part of a distributed storage system.
  - 17. The system of claim 15, wherein the first storage location is a part of a virtual machine of a cloud-based system.
  - 18. The system of claim 15, wherein the security token is configured to authenticate the attempt by determining that at least one of (i) a user-profile or (ii) a device profile associated with the attempt is associated with the home network.
  - 19. The system of claim 15, wherein information about the security policy is encoded into the security token, the security policy comprising information about access privileges associated with the electronic file.
  - 20. The system of claim 19, wherein the access privileges are specific to a user-profile or device-profile associated with the home network.
  - 21. The system of claim 15, wherein the security token comprises information about a global unit identifier (GUID) associated with the electronic file.
  - 22. The system of claim 15, wherein the security token comprises an object generated in accordance with Component Object Model (COM).
  - 23. The system of claim 15, wherein the security token is generated in accordance with one or more security policies associated with the corresponding asset.
  - 24. The system of claim 15, wherein the security token is configured to restrict access to the electronic file by deleting content of the electronic file upon determining the attempt to be originating from outside the home network.
  - 25. The system of claim 15, wherein the security token is configured to restrict access to the electronic file upon determining a dissociation of the electronic file from the home network.
  - 26. The system of claim 15, wherein the security token is included in a header portion of the electronic file or encapsulated with the electronic file in an executable file.
  - 27. The system of claim 15, wherein the electronic file comprises an electronic document, and the security token is embedded into a page description language of the document.
  - 28. The system of claim 15, wherein the copy at the second storage location is updated upon receiving an approval for the changes.

29. One or more machine-readable storage devices storing instructions that are executable by one or more processing devices to perform operations comprising:
- storing a copy of an electronic file at a first storage location authenticated to be a part of a home network associated with the electronic file, wherein the electronic file includes a security token configured to;
  
  authenticate an attempt to access the electronic file,restrict access to the electronic file upon determining the attempt to be originating from outside the home network, andallow access to the electronic file in accordance with a security policy upon determining the attempt to be originating from within the home network;
  
  obtaining information about changes to the electronic file as a result of the attempt;
  
  updating another copy of the electronic file stored at a second storage location; and
  
  storing on a storage device of a file system, data representing the attempt to access the electronic file,wherein the one or more processing devices are communicably coupled to the home network.
- View Dependent Claims (30)
- - 30. The one or more machine-readable storage devices of claim 29, wherein the first storage location is a part of a distributed storage system, or a part of a virtual machine of a cloud-based system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Document Dynamics, LLC
Original Assignee
Document Dynamics, LLC
Inventors
Caffary, Robert G. Jr.
Primary Examiner(s)
Schwartz, Darren B

Application Number

US15/236,649
Publication Number

US 20160352718A1
Time in Patent Office

204 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 2221/2143   Clearing memory, e.g. to pr...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0815   providing single-sign-on or...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04L 67/306   User profiles

H04L 9/006   involving public key infras...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

Environment-aware security tokens

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Environment-aware security tokens

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links