Disabling prohibited content and identifying repeat offenders in service provider storage systems

US 9,614,850 B2
Filed: 11/15/2013
Issued: 04/04/2017
Est. Priority Date: 11/15/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented process performed in a computer of a shared storage system comprising computer storage, comprising:

receiving, by a processing device of the computer, objects over a computer network, each received object being associated with a user account to store the received object on the shared storage system;

storing, by the processing device, the received objects on the computer storage of the shared storage system, each received object being stored in a manner indicating the user account that stored the received object in the shared storage system;

marking, by the processing device, an object from among the objects stored on the shared storage system as containing prohibited content;

in response to the marking of an object as containing prohibited content, storing, by the processing device, incident data in an incident history record in the computer storage, the incident data indicating at least the user account that stored the marked object in the shared storage system;

processing, by the processing device, the incident history record for incident data associated with a selected user account;

modifying, by the processing device, an access privilege of the selected user account according to rules applied to at least the incident data in the incident history record associated with the selected user account as processed from the incident history record;

in response to a request to access an object from among the stored objects,determining, by the processing device, if content in the requested object is marked as containing prohibited content; and

in response to a determination that the content in the requested object is marked as containing prohibited content, limiting, by the processing device, access to the content from the requested object as stored in the shared storage system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Objects in a shared storage system can be marked as including prohibited content. Incidents that result in objects being so marked can be stored in an incident history associated with a user responsible for those objects. The incident history can be processed to identify repeat offenders and modify access privileges of those users. However, when objects are shared by one user with another user, prohibited content is blocked from being shared, while the remainder of the shared objects can be accessed by the other user. Functions that allow sharing of content are implemented so as prevent sharing of prohibited content with another user, while allowing other content to be shared. If a group of files or objects is shared, then the presence of prohibited content in one object in the group results in that prohibited content not being shared, but the remaining files or objects are still shared.

54 Citations

20 Claims

1. A computer-implemented process performed in a computer of a shared storage system comprising computer storage, comprising:
- receiving, by a processing device of the computer, objects over a computer network, each received object being associated with a user account to store the received object on the shared storage system;
  
  storing, by the processing device, the received objects on the computer storage of the shared storage system, each received object being stored in a manner indicating the user account that stored the received object in the shared storage system;
  
  marking, by the processing device, an object from among the objects stored on the shared storage system as containing prohibited content;
  
  in response to the marking of an object as containing prohibited content, storing, by the processing device, incident data in an incident history record in the computer storage, the incident data indicating at least the user account that stored the marked object in the shared storage system;
  
  processing, by the processing device, the incident history record for incident data associated with a selected user account;
  
  modifying, by the processing device, an access privilege of the selected user account according to rules applied to at least the incident data in the incident history record associated with the selected user account as processed from the incident history record;
  
  in response to a request to access an object from among the stored objects,determining, by the processing device, if content in the requested object is marked as containing prohibited content; and
  
  in response to a determination that the content in the requested object is marked as containing prohibited content, limiting, by the processing device, access to the content from the requested object as stored in the shared storage system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented process of claim 1, wherein modifying comprises terminating privileges of the user account to share objects with other user accounts.
  - 3. The computer-implemented process of claim 1, further comprising:
    - allowing a group of objects from a first user account to be shared with one or more second user accounts;
      
      determining if the group of objects includes an object that is marked as containing prohibited content;
      
      limiting access through the one or more second user accounts to the prohibited content in the object that is marked, while allowing access to other objects in the group of objects through the one or more second user accounts.
  - 4. The computer-implemented process of claim 1, wherein the object is a file and marking comprises maintaining an access control list for the file, wherein the access control list includes data indicating a file contains prohibited content.
  - 5. The computer-implemented process of claim 1, wherein the object is a file and limiting access to content in the object includes preventing access to a file stream containing the prohibited content.
  - 6. The computer-implemented process of claim 1, wherein the object is a file and limiting access to content in the object includes allowing access to a file stream containing metadata about the file.
  - 7. The computer-implemented process of claim 1, wherein the object is a file storing an image and limiting access to content in the file includes preventing access to a reduced image representative of the image stored in the file.
  - 8. The computer-implemented process of claim 1, further comprising:
    - allowing sharing from a first user account, with one or more second user accounts, the object that is marked as containing prohibited content;
      
      limiting access through the one or more second user accounts to the prohibited content in the object.
  - 9. The computer-implemented process of claim 1, further comprising:
    - displaying an indication that the object is marked as including prohibited content.

10. An article of manufacture comprising:
- computer storage, and computer program instructions stored on the computer storage, wherein the computer program instructions, when processed by a processing device of a computer of a shared storage system comprising computer storage, instruct the processing device to perform a process comprising;
  
  receiving objects over a computer network, each received object being associated with a user account to store the received object on the shared storage system;
  
  storing the received objects on the computer storage of the shared storage system, each received object being stored in a manner indicating the user account that stored the received object in the shared storage system;
  
  marking an object from among the objects stored on the shared storage system as containing prohibited content;
  
  in response to the marking of an object as containing prohibited content, storing incident data in an incident history record in the computer storage, the incident data indicating at least the user account that stored the marked object in the shared storage system;
  
  processing the incident history record for incident data associated with a selected user account;
  
  modifying an access privilege of the selected user account according to rules applied to at least the incident data in the incident history record associated with the selected user account as processed from the incident history record;
  
  in response to a request to access an object from among the stored objects,determining if content in the requested object is marked as containing prohibited content; and
  
  in response to a determination that the content in the requested object is marked as containing prohibited content, limiting access to the content from the requested object as stored in the shared storage system.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The article of manufacture of claim 10, wherein modifying comprises terminating privileges of the user account to share objects with other user accounts.
  - 12. The article of manufacture of claim 10, wherein the object is a file and limiting access to content in the object includes preventing access to a file stream containing the prohibited content.
  - 13. The article of manufacture of claim 10, wherein the process further comprises:
    - allowing the object that is marked as containing prohibited content from a first user account to be shared with one or more second user accounts;
      
      limiting access through the one or more second user accounts to the prohibited content in the object.
  - 14. The article of manufacture of claim 10, wherein the process further comprises:
    - displaying an indication that the object is marked as including prohibited content.

15. A computer storage system comprising:
- shared computer storage in which objects are stored containing content, the objects being received over a computer network from user computers, each received object being stored in a manner indicating a user account that stored the received object in the shared storage system;
  
  one or more processing devices, connected to the shared computer storage, programmed to;
  
  mark an object from among the objects stored on the shared computer storage as containing prohibited content;
  
  in response to marking an object as containing prohibited content, store incident data in an incident history record on the shared computer storage, the incident data indicating at least the user account that stored the marked object in the shared storage system;
  
  process the incident history record for incident data associated with a selected user account;
  
  modify an access privilege of the selected user account according to rules applied to at least the incident data in the incident history record associated with the selected user account as processed from the incident history record; and
  
  in response to a request to access an object from among the objects stored on the shared computer storage, and in further response to a determination that the content included in the requested object is marked as prohibited, limit access to the content included in the requested object from the shared computer storage.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer storage system of claim 15, the one or more processors being programmed to:
    - allow a group of objects from a first user account to be shared with one or more second user accounts;
      
      determining if the group of objects includes an object that is marked as containing prohibited content;
      
      limiting access by the one or more second user accounts to the prohibited content in the object that is marked, while allowing access through the one or more second user accounts to other objects in the group of objects.
  - 17. The computer storage system of claim 15, further comprising one or more server computers, including the one or more processors, and connected to a computer network, wherein a plurality of computers access the one or more server computers over the computer network to access objects stored on the storage.
  - 18. The computer storage system of claim 15, the one or more processors being programmed to cause an indication to be displayed that an object being accessed includes prohibited content.
  - 19. The computer storage system of claim 15, wherein to modify an access privilege, the the one or more processors are further programmed to terminate privileges of the user account to share objects with other user accounts.
  - 20. The computer storage system of claim 15, wherein the one or more processors are further programmed to:
    - allow sharing from a first user account, with one or more second user accounts, the object that is marked as containing prohibited content;
      
      limit access through the one or more second user accounts to the prohibited content in the shared object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Zacher, Ryan, Trevino, Jorge Pozas, Miranda-Steiner, Emmanuel, Shah, Dhaval, Shahine, Omar
Primary Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US14/082,044
Publication Number

US 20150143466A1
Time in Patent Office

1,236 Days
Field of Search

726 4
US Class Current
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 2221/2101   Auditing as a secondary aspect

H04L 2463/103   applying security measure f...

H04L 63/10   for controlling access to d...

Disabling prohibited content and identifying repeat offenders in service provider storage systems

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Disabling prohibited content and identifying repeat offenders in service provider storage systems

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links