Approach for managing access to data on client devices

US 9,813,453 B2
Filed: 12/02/2015
Issued: 11/07/2017
Est. Priority Date: 06/20/2012
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium for managing access to a particular electronic document, the computer-readable medium storing instructions which, when processed by one or more processors, causes:

a device management system receiving, from a client device a request to access a particular electronic document, user identification information, and device identification information;

determining, from the user identification information and device identification information that a user of the client device is a registered owner of the client device;

determining, from a plurality of policies, one or more policies that apply to the particular electronic document, wherein the one or more policies specify one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices;

in response to determining the one or more policies that specify the one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices;

determining, based on the user identification information, a status of the user of the client device from stored personnel information, anddetermining, based on the status of the user of the client device and the one or more policies that apply to the particular electronic document, whether the user of the client device is authorized to download the particular electronic document;

in response to determining that the user of the client device is authorized to download the particular electronic document;

determining one or more attributes of the client device to which the particular electronic document is to be downloaded,determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, whether the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document, andin response to determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, that the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document, then providing the particular electronic document to the client device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A device management system is configured to manage access to electronic documents on client devices using policies. The policies specify one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices for example, particular hardware and software configurations that are required at client devices before data is permitted to be downloaded to those client devices. The policies may also specify other requirements that must be satisfied before data is permitted to be downloaded to those client devices, for example, user authentication.

114 Citations

20 Claims

1. A non-transitory computer-readable medium for managing access to a particular electronic document, the computer-readable medium storing instructions which, when processed by one or more processors, causes:
- a device management system receiving, from a client device a request to access a particular electronic document, user identification information, and device identification information;
  
  determining, from the user identification information and device identification information that a user of the client device is a registered owner of the client device;
  
  determining, from a plurality of policies, one or more policies that apply to the particular electronic document, wherein the one or more policies specify one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices;
  
  in response to determining the one or more policies that specify the one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices;
  
  determining, based on the user identification information, a status of the user of the client device from stored personnel information, anddetermining, based on the status of the user of the client device and the one or more policies that apply to the particular electronic document, whether the user of the client device is authorized to download the particular electronic document;
  
  in response to determining that the user of the client device is authorized to download the particular electronic document;
  
  determining one or more attributes of the client device to which the particular electronic document is to be downloaded,determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, whether the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document, andin response to determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, that the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document, then providing the particular electronic document to the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer-readable medium of claim 1, wherein determining whether a user of the client device is authorized to download the particular electronic document includes:
    - obtaining user authentication data for the user of the client device, anddetermining, based upon the user authentication data, whether the user is authorized to download the particular electronic document.
  - 3. The non-transitory computer-readable medium of claim 1, wherein determining whether a user of the client device is authorized to download the particular electronic document includes:
    - determining an authorization level that corresponds to the user of the client device,determining, based upon the one or more policies that apply to the particular electronic document, one or more attributes of electronic documents that are permitted to be downloaded to client device, anddetermining, based upon the authorization level that corresponds to the user of the client device and the one or more attributes of electronic documents that are permitted to be downloaded to client device and one or more attributes of the particular electronic document, whether the user is authorized to download the particular electronic document to the client device.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the one or more processing restrictions to be enforced with respect to the particular electronic document at client devices include one or more of allowing only data of one or more specified formats to be downloaded to the particular client device, allowing only the display of the particular electronic document at the client device, not allowing a copy of the particular electronic document to be stored at the client device, allowing a copy of the particular electronic document to be stored at the client device in accordance with an authorization level, not allowing a copy of the particular electronic document to be forwarded from the client device to another device, allowing a copy of the particular electronic document to be forwarded from the client device to another device in accordance with an authorization level, or deleting the particular electronic device from the client device after display of the particular electronic document.
  - 5. The non-transitory computer-readable medium of claim 1, wherein determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, whether the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document includes determining whether the client device is currently configured to allow only the display of the particular electronic document at the client device, not allow a copy of the particular electronic document to be stored at the client device, allow a copy of the particular electronic document to be stored at the client device in accordance with an authorization level, not allow a copy of the particular electronic document to be forwarded from the client device to another device or allow a copy of the particular electronic document to be forwarded from the client device to another device in accordance with an authorization level.
  - 6. The non-transitory computer-readable medium of claim 1, wherein determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, whether the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document includes determining whether the current hardware and software configuration of the client device allows only the display of the particular electronic document at the client device, does not allow a copy of the particular electronic document to be stored at the client device, allows a copy of the particular electronic document to be stored at the client device in accordance with an authorization level, does not allow a copy of the particular electronic document to be forwarded from the client device to another device or allows a copy of the particular electronic document to be forwarded from the client device to another device in accordance with an authorization level.
  - 7. The non-transitory computer-readable medium of claim 1, wherein determining, from a plurality of policies, one or more policies that apply to the particular electronic document, is performed based on at least one or more of a file type of the particular electronic document or a logical group that corresponds to the particular electronic document.

8. An apparatus for managing access to a particular electronic document, the apparatus including a memory storing instructions which, when processed by one or more processors, cause:
- a device management system receiving, from a client device a request to access a particular electronic document, user identification information, and device identification information;
  
  determining, from the user identification information and device identification information that a user of the client device is a registered owner of the client device;
  
  determining, from a plurality of policies, one or more policies that apply to the particular electronic document, wherein the one or more policies specify one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices;
  
  in response to determining the one or more policies that specify the one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices;
  
  determining, based on the user identification information, a status of the user of the client device from stored personnel information, anddetermining, based on the status of the user of the client device and the one or more policies that apply to the particular electronic document, whether the user of the client device is authorized to download the particular electronic document;
  
  in response to determining that the user of the client device is authorized to download the particular electronic document;
  
  determining one or more attributes of the client device to which the particular electronic document is to be downloaded,determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, whether the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document, andin response to determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, that the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document, then providing the particular electronic document to the client device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein determining whether a user of the client device is authorized to download the particular electronic document includes:
    - obtaining user authentication data for the user of the client device, anddetermining, based upon the user authentication data, whether the user is authorized to download the particular electronic document.
  - 10. The apparatus of claim 8, wherein determining whether a user of the client device is authorized to download the particular electronic document includes:
    - determining an authorization level that corresponds to the user of the client device,determining, based upon the one or more policies that apply to the particular electronic document, one or more attributes of electronic documents that are permitted to be downloaded to client device, anddetermining, based upon the authorization level that corresponds to the user of the client device and the one or more attributes of electronic documents that are permitted to be downloaded to client device and one or more attributes of the particular electronic document, whether the user is authorized to download the particular electronic document to the client device.
  - 11. The apparatus of claim 8, wherein the one or more processing restrictions to be enforced with respect to the particular electronic document at client devices include one or more of allowing only data of one or more specified formats to be downloaded to the particular client device, allowing only the display of the particular electronic document at the client device, not allowing a copy of the particular electronic document to be stored at the client device, allowing a copy of the particular electronic document to be stored at the client device in accordance with an authorization level, not allowing a copy of the particular electronic document to be forwarded from the client device to another device, allowing a copy of the particular electronic document to be forwarded from the client device to another device in accordance with an authorization level, or deleting the particular electronic device from the client device after display of the particular electronic document.
  - 12. The apparatus of claim 8, wherein determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, whether the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document includes determining whether the client device is currently configured to allow only the display of the particular electronic document at the client device, not allow a copy of the particular electronic document to be stored at the client device, allow a copy of the particular electronic document to be stored at the client device in accordance with an authorization level, not allow a copy of the particular electronic document to be forwarded from the client device to another device or allow a copy of the particular electronic document to be forwarded from the client device to another device in accordance with an authorization level.
  - 13. The apparatus of claim 8, wherein determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, whether the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document includes determining whether the current hardware and software configuration of the client device allows only the display of the particular electronic document at the client device, does not allow a copy of the particular electronic document to be stored at the client device, allows a copy of the particular electronic document to be stored at the client device in accordance with an authorization level, does not allow a copy of the particular electronic document to be forwarded from the client device to another device or allows a copy of the particular electronic document to be forwarded from the client device to another device in accordance with an authorization level.
  - 14. The apparatus of claim 8, wherein determining, from a plurality of policies, one or more policies that apply to the particular electronic document, is performed based on at least one or more of a file type of the particular electronic document or a logical group that corresponds to the particular electronic document.

15. A computer-implemented method for managing access to a particular electronic document, the computer-implemented method comprising:
- a device management system receiving, from a client device a request to access a particular electronic document, user identification information, and device identification information;
  
  determining, from the user identification information and device identification information that a user of the client device is a registered owner of the client device;
  
  determining, from a plurality of policies, one or more policies that apply to the particular electronic document, wherein the one or more policies specify one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices;
  
  in response to determining the one or more policies that specify the one or more download and processing restrictions to be enforced with respect to the particular electronic document at client devices;
  
  determining, based on the user identification information, a status of the user of the client device from stored personnel information, anddetermining, based on the status of the user of the client device and the one or more policies that apply to the particular electronic document, whether the user of the client device is authorized to download the particular electronic document;
  
  in response to determining that the user of the client device is authorized to download the particular electronic document;
  
  determining one or more attributes of the client device to which the particular electronic document is to be downloaded,determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, whether the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document, andin response to determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, that the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document, then providing the particular electronic document to the client device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-implemented method of claim 15, wherein determining whether a user of the client device is authorized to download the particular electronic document includes:
    - determining an authorization level that corresponds to the user of the client device,determining, based upon the one or more policies that apply to the particular electronic document, one or more attributes of electronic documents that are permitted to be downloaded to client device, anddetermining, based upon the authorization level that corresponds to the user of the client device and the one or more attributes of electronic documents that are permitted to be downloaded to client device and one or more attributes of the particular electronic document, whether the user is authorized to download the particular electronic document to the client device.
  - 17. The computer-implemented method of claim 15, wherein the one or more processing restrictions to be enforced with respect to the particular electronic document at client devices include one or more of allowing only data of one or more specified formats to be downloaded to the particular client device, allowing only the display of the particular electronic document at the client device, not allowing a copy of the particular electronic document to be stored at the client device, allowing a copy of the particular electronic document to be stored at the client device in accordance with an authorization level, not allowing a copy of the particular electronic document to be forwarded from the client device to another device, allowing a copy of the particular electronic document to be forwarded from the client device to another device in accordance with an authorization level, or deleting the particular electronic device from the client device after display of the particular electronic document.
  - 18. The computer-implemented method of claim 15, wherein determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, whether the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document includes determining whether the client device is currently configured to allow only the display of the particular electronic document at the client device, not allow a copy of the particular electronic document to be stored at the client device, allow a copy of the particular electronic document to be stored at the client device in accordance with an authorization level, not allow a copy of the particular electronic document to be forwarded from the client device to another device or allow a copy of the particular electronic document to be forwarded from the client device to another device in accordance with an authorization level.
  - 19. The computer-implemented method of claim 15, wherein determining, based upon the one or more attributes of the client device to which the particular electronic document is to be downloaded, whether the client device is currently configured to enforce the one or more download and processing restrictions with respect to the particular electronic document includes determining whether the current hardware and software configuration of the client device allows only the display of the particular electronic document at the client device, does not allow a copy of the particular electronic document to be stored at the client device, allows a copy of the particular electronic document to be stored at the client device in accordance with an authorization level, does not allow a copy of the particular electronic document to be forwarded from the client device to another device or allows a copy of the particular electronic document to be forwarded from the client device to another device in accordance with an authorization level.
  - 20. The computer-implemented method of claim 15, wherein determining, from a plurality of policies, one or more policies that apply to the particular electronic document, is performed based on at least one or more of a file type of the particular electronic document or a logical group that corresponds to the particular electronic document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ricoh Company Limited
Original Assignee
Ricoh Company Limited
Inventors
Motoyama, Tetsuro
Primary Examiner(s)
GOODCHILD, WILLIAM J

Application Number

US14/957,262
Publication Number

US 20160088025A1
Time in Patent Office

706 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/30   Authentication, i.e. establ...

G06F 21/44   Program or device authentic...

G06F 21/60   Protecting data

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

H04W 12/06   Authentication

Approach for managing access to data on client devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

114 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Approach for managing access to data on client devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

114 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links