Security systems and methods for encoding and decoding digital content

US 10,552,636 B2
Filed: 05/21/2018
Issued: 02/04/2020
Est. Priority Date: 11/14/2011
Status: Active Grant

First Claim

Patent Images

1. A first user node to control digital content, the first user node comprising:

a processor, anda memory, coupled to the processor, storing code that is executable by the processor to cause the processor to;

receive a request to publish digital text content received at an input field in an electronic document, where the publishing request is associated with the first user node;

in response to the publishing request, determine whether to encrypt the input field text content in the electronic document;

receive instructions to replace, in the electronic document, the input field text content with an encrypted version of the input field text content based on an encryption policy defined by a controlling entity and prior to uploading the input field text content to web service, wherein the controlling entity includes a policy node that is separate from the first user node;

access the policy node;

obtain the encryption policy and an encryption key from the policy node;

encrypt the input field text content with the encryption key to generate encrypted input field text content;

tag the encrypted input field text content with a tag that includes an address of the policy node and an identifier of the encryption policy to allow the web service to extract the address of the policy node and the identifier of the encryption policy and obtain a decryption key to decrypt the encrypted input field text content; and

upload the encrypted input field text content and the tag to the web service.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods may be provided for masking data on public networks. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider'"'"'s website. A policy may be defined to control which users are permitted access to a key to decode the encoded content. The policy may defer to a third party policy node in determining key access. An account for a controlling entity, such as a guardian or employer, may be configured to control the encoding status of posts made by another. The controlling entity may control who has key access to decode posts made by the other account. The guardian account may be configured to have preemptive rights over posting decisions made by the minor.

52 Citations

40 Claims

1. A first user node to control digital content, the first user node comprising:
- a processor, anda memory, coupled to the processor, storing code that is executable by the processor to cause the processor to;
  
  receive a request to publish digital text content received at an input field in an electronic document, where the publishing request is associated with the first user node;
  
  in response to the publishing request, determine whether to encrypt the input field text content in the electronic document;
  
  receive instructions to replace, in the electronic document, the input field text content with an encrypted version of the input field text content based on an encryption policy defined by a controlling entity and prior to uploading the input field text content to web service, wherein the controlling entity includes a policy node that is separate from the first user node;
  
  access the policy node;
  
  obtain the encryption policy and an encryption key from the policy node;
  
  encrypt the input field text content with the encryption key to generate encrypted input field text content;
  
  tag the encrypted input field text content with a tag that includes an address of the policy node and an identifier of the encryption policy to allow the web service to extract the address of the policy node and the identifier of the encryption policy and obtain a decryption key to decrypt the encrypted input field text content; and
  
  upload the encrypted input field text content and the tag to the web service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The first user node to control digital content of claim 1 wherein to receive a request to publish digital content received at an input field in an electronic document further includes:
    - detecting a change event associated with the input field; and
      
      upon detection of the change event, request, from the policy node, the encryption policy to be associated with the input field text content.
  - 3. The first user node to control digital content of claim 1 wherein to determine whether to encrypt the input field text content in the electronic document is facilitated by a privacy agent executing on the first user node, the privacy agent transmitting, to the policy node, session information concerning the first user node and a unique identifier associated with the input field text content.
  - 4. The first user node to control digital content of claim 3 wherein the policy node includes executable code that when executed by the policy causes the policy node to respond to the session information and the unique identifier by:
    - generating the decryption key for decoding the encrypted version of the input field text content; and
      
      determining the policy for the input field text content, the policy defining conditions on which the input field text content is accessible to other viewing nodes.
  - 5. The first user node to control digital content of claim 1 wherein to replace, in the electronic document, the input field text content with an encrypted version of the input field text content further includes to:
    - access a document object model (DOM) tree associated with the electronic document to modify and replace instances of the input field text content with the encoded version of the input field text content; and
      
      directing a browser to draw the modified electronic document.
  - 6. The first user node to control digital content of claim 1 wherein the first user node is associated with a first user account.
  - 7. The first user node to control digital content of claim 6 wherein the controlling entity is one of the following:
    - an enterprise, organization, government entity, or guardian.
  - 8. The first user node to control digital content of claim 6 wherein the controlling entity is not the first user node, and the controlling entity is not a user operating the first user node.
  - 9. The first user node to control digital content of claim 8 wherein the encryption policy is configured such that publishing requests made by the first user'"'"'s account are encoded encrypted during a specified timeframe.
  - 10. The first user node to control digital content of claim 6 wherein the controlling entity defines the encryption policy associated with the input field text content in the electronic document, and the controlling entity is associated with an administrative account configured to have preemptive control over encrypting and decrypting decisions associated with input field text content input at external sites by the first user node.
  - 11. The first user node to control digital content of claim 10 wherein the encryption policy is configured to specify a least one group, having one or more users, that is permitted to access a decrypted version of the encoded input field text content.
  - 12. The first user node to control digital content of claim 11 wherein the existence of the controlling entity'"'"'s account and the control that it has over the first user'"'"'s account is undetectable by the one or more users in the group.
  - 13. The first user node to control digital content of claim 12 wherein the controlling entity'"'"'s account is configured to have the option to eject or suspend the first user'"'"'s account.
  - 14. The first user node to control digital content of claim 10 wherein the encryption policy is configured so that the first user'"'"'s account controls encryption and decryption decisions during a specified timeframe.
  - 15. The first user node to control digital content of claim 10 wherein:
    - the encryption policy is configured to allow the controlling entity to control the encryption status of the input field text content if the publishing request is received during working hours; and
      
      the encryption policy is configured to allow the first user'"'"'s account to control the encryption status of the input field text content if the publishing request is received during non-working hours.
  - 16. The first user node to control digital content of claim 6 wherein the controlling entity defines the encryption policy associated with the input field text content, the encryption policy is configured to define which users or group of users have access to the decryption key that facilitates decoding of the encoded version of the input field content.
  - 17. The first user node to control digital content of claim 6 wherein the first user account is associated with a minor and the controlling entity'"'"'s account is associated with a guardian of the minor.
  - 18. The first user node to control digital content of claim 1 wherein the controlling entity is configured to control encryption permissions associated with publishing requests made by accounts of a first domain, where the first user node'"'"'s account is associated with the first domain.
  - 19. The first user node to control digital content of claim 1 wherein the controlling entity has the ability to access analytics information associated with content published by the first user node.
  - 20. The first user node to control digital content of claim 1 wherein creation of the minor'"'"'s account spawns creation of the guardian'"'"'s account.

21. A non-transitory, computer readable program product comprising processor executable code stored therein and configured to cause a first node toreceive a request to publish digital text content received at an input field in an electronic document, where the publishing request is associated with the first user node;
- in response to the publishing request, determine whether to encrypt the input field text content in the electronic document;
  
  receive instructions to replace, in the electronic document, the input field text content with an encrypted version of the input field text content based on an encryption policy defined by a controlling entity and prior to uploading the input field text content to web service, wherein the controlling entity includes a policy node that is separate from the first user node;
  
  access the policy node;
  
  obtain the encryption policy and an encryption key from the policy node;
  
  encrypt the input field text content with the encryption key to generate encrypted input field text content;
  
  tag the encrypted input field text content with a tag that includes an address of the policy node and an identifier of the encryption policy to allow the web service to extract the address of the policy node and the identifier of the encryption policy and obtain a decryption key to decrypt the encrypted input field text content; and
  
  upload the encrypted input field text content and the tag to the web service.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 22. The non-transitory, computer readable program product of claim 21 wherein to receive a request to publish digital content received at an input field in an electronic document further includes:
    - detecting a change event associated with the input field; and
      
      upon detection of the change event, request, from the policy node, the encryption policy to be associated with the input field text content.
  - 23. The non-transitory, computer readable program product of claim 21 wherein to determine whether to encrypt the input field text content in the electronic document is facilitated by a privacy agent executing on the first user node, the privacy agent transmitting, to the policy node, session information concerning the first user node and a unique identifier associated with the input field text content.
  - 24. The non-transitory, computer readable program product of claim 23 wherein the policy node includes executable code that when executed by the policy causes the policy node to respond to the session information and the unique identifier by:
    - generating the decryption key for decoding the encrypted version of the input field text content; and
      
      determining the policy for the input field text content, the policy defining conditions on which the input field text content is accessible to other viewing nodes.
  - 25. The non-transitory, computer readable program product of claim 21 wherein to replace, in the electronic document, the input field text content with an encrypted version of the input field text content further includes to:
    - access a document object model (DOM) tree associated with the electronic document to modify and replace instances of the input field text content with the encoded version of the input field text content; and
      
      directing a browser to draw the modified electronic document.
  - 26. The non-transitory, computer readable program product of claim 21 wherein the first user node is associated with a first user account.
  - 27. The non-transitory, computer readable program product of claim 26 wherein the controlling entity is one of the following:
    - an enterprise, organization, government entity, or guardian.
  - 28. The non-transitory, computer readable program product of claim 26 wherein the controlling entity is not the first user node, and the controlling entity is not a user operating the first user node.
  - 29. The non-transitory, computer readable program product of claim 28 wherein the encryption policy is configured such that publishing requests made by the first user'"'"'s account are encoded encrypted during a specified timeframe.
  - 30. The non-transitory, computer readable program product of claim 26 wherein the controlling entity defines the encryption policy associated with the input field text content in the electronic document, and the controlling entity is associated with an administrative account configured to have preemptive control over encrypting and decrypting decisions associated with input field text content input at external sites by the first user node.
  - 31. The non-transitory, computer readable program product of claim 30 wherein the encryption policy is configured to specify a least one group, having one or more users, that is permitted to access a decrypted version of the encoded input field text content.
  - 32. The non-transitory, computer readable program product of claim 31 wherein the existence of the controlling entity'"'"'s account and the control that it has over the first user'"'"'s account is undetectable by the one or more users in the group.
  - 33. The non-transitory, computer readable program product of claim 32 wherein the controlling entity'"'"'s account is configured to have the option to eject or suspend the first user'"'"'s account.
  - 34. The non-transitory, computer readable program product of claim 30 wherein the encryption policy is configured so that the first user'"'"'s account controls encryption and decryption decisions during a specified timeframe.
  - 35. The non-transitory, computer readable program product of claim 30 wherein:
    - the encryption policy is configured to allow the controlling entity to control the encryption status of the input field text content if the publishing request is received during working hours; and
      
      the encryption policy is configured to allow the first user'"'"'s account to control the encryption status of the input field text content if the publishing request is received during non-working hours.
  - 36. The non-transitory, computer readable program product of claim 26 wherein the controlling entity defines the encryption policy associated with the input field text content, the encryption policy is configured to define which users or group of users have access to the decryption key that facilitates decoding of the encoded version of the input field content.
  - 37. The non-transitory, computer readable program product of claim 26 wherein the first user account is associated with a minor and the controlling entity'"'"'s account is associated with a guardian of the minor.
  - 38. The non-transitory, computer readable program product of claim 21 wherein the controlling entity is configured to control encryption permissions associated with publishing requests made by accounts of a first domain, where the first user node'"'"'s account is associated with the first domain.
  - 39. The non-transitory, computer readable program product of claim 21 wherein the controlling entity has the ability to access analytics information associated with content published by the first user node.
  - 40. The non-transitory, computer readable program product of claim 21 wherein creation of the minor'"'"'s account spawns creation of the guardian'"'"'s account.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ESW Holdings, Inc. (ESW Capital, LLC)
Original Assignee
ESW Holdings, Inc. (ESW Capital, LLC)
Inventors
Sprague, Steven, Sprague, Michael
Primary Examiner(s)
Zhao, Don G

Application Number

US15/985,026
Publication Number

US 20180268169A1
Time in Patent Office

624 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/60   Protecting data

G06F 21/602   Providing cryptographic fac...

G06F 21/6209   to a single file or object,...

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Security systems and methods for encoding and decoding digital content

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

52 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Security systems and methods for encoding and decoding digital content

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links