SYSTEMS AND METHODS OF SECURE DATA EXCHANGE
First Claim
Patent Images
1. A method comprising:
- establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows each of a plurality of users through at least one corresponding client computing device to access the secure exchange server, wherein communications between the secure exchange server and each of the plurality of users is through a communications network, wherein the plurality of users comprises a user of a second business entity and at least one anonymous user;
storing, by the secure exchange server, data relating to a user login authentication for the user of a second business entity;
receiving computer data content from the user of the second business entity;
receiving from the user of the second business entity an indication of permission for the at least one anonymous user to access the computer data content through an anonymous information rights management (IRM) facility hosted by the intermediate business entity, wherein the anonymous IRM facility limits the retention of information about the at least one anonymous user, and wherein the indication of permission comprises at least one anonymous access condition;
receiving a request to access the computer data content by the at least one anonymous user; and
granting, by the secure exchange server, access to the computer data content, through the anonymous IRM facility, to the at least one anonymous user, wherein retention of information about the at least one anonymous user is limited and the access is granted based on the at least one anonymous access condition.
12 Assignments
0 Petitions
Accused Products
Abstract
In embodiments of the present invention, improved secure exchange system features include a federated search facility, hybrid encryption management (adjustable encryption key management), anonymous IRM, disassembled storage of data as chunks rather than files, asynchronous notification process/integrated file upload and messaging, an identity facility, multi-factor authentication, dynamic access authorization, and various enhancements to a customizable exchange system.
711 Citations
28 Claims
-
1. A method comprising:
-
establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows each of a plurality of users through at least one corresponding client computing device to access the secure exchange server, wherein communications between the secure exchange server and each of the plurality of users is through a communications network, wherein the plurality of users comprises a user of a second business entity and at least one anonymous user; storing, by the secure exchange server, data relating to a user login authentication for the user of a second business entity; receiving computer data content from the user of the second business entity; receiving from the user of the second business entity an indication of permission for the at least one anonymous user to access the computer data content through an anonymous information rights management (IRM) facility hosted by the intermediate business entity, wherein the anonymous IRM facility limits the retention of information about the at least one anonymous user, and wherein the indication of permission comprises at least one anonymous access condition; receiving a request to access the computer data content by the at least one anonymous user; and granting, by the secure exchange server, access to the computer data content, through the anonymous IRM facility, to the at least one anonymous user, wherein retention of information about the at least one anonymous user is limited and the access is granted based on the at least one anonymous access condition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method, comprising:
-
providing a federated search facility adapted to search for computer content on a plurality of disparate computer content storage facilities comprising a first content storage and a second content storage, wherein the federated search facility, the first content storage, and the second content storage are interconnected through the Internet; receiving, by the federated search facility, a computer content search request from a client computing device, wherein the user of the client computing device has access rights to secure computer content on at least one of the first content storage and the second content storage; executing, by the federated search facility, a first computer content search on the first content storage and a second computer content search on the second content storage, wherein executing the search includes using the access rights of the user on the at least one content storage to which the user has access rights; receiving a first computer content search result from the first content storage and a second computer content search result from the second content storage; consolidating the first computer content search result and the second computer content search result into a consolidated computer content search result; and providing, by the federated search facility, the consolidated computer content search result to the user through a graphical user interface that presents the consolidated computer content as a single computer content search result. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system, comprising:
-
a server-based secure data exchange system for secure sharing of content between a first client device accessed by a user associated with a first organizational entity and a second client device accessed by a user associated with a second organizational entity, wherein the content has shared relevance with the first organizational entity and the second organizational entity, the secure data exchange system comprising a data management facility managed by a third organizational entity and adapted to provide permissioned control to a plurality of organizational entities for use of at least one of a plurality of data storage nodes, wherein the first organizational entity is granted permissioned control of a first data storage node by the third organizational entity for a content, wherein the content is shared between the first client device and the second client device through the first data storage node, wherein the data management facility manages secure data exchange of the content through the first data storage node; wherein the data management facility is distributed into a plurality of data management sites to enable management of the plurality of data storage nodes, wherein the plurality of data storage nodes are located at network locations separate from the data management facility and specified by the plurality of organizational entities, and wherein the server-based secure data exchange system includes at least one of;
an authentication facility, an authorization facility, an encryption sharing facility, a process failure monitoring facility, a software deployment management facility, and a content replication facility.
-
-
23. A method comprising:
-
establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows one or more users, including a user of a second business entity, through at least one client computing device to access the secure exchange server, wherein communications between the secure exchange server and each of the one or more users is through a communications network; providing, by the secure exchange server, an encryption management facility, wherein the encryption management facility is adapted to adjustably configure encryption services based on a selection criteria provided by the user of the second business entity for selection of at least one of; i. secure exchange server side encryption, wherein computer data content is transmitted from the second business entity to the secure exchange server to be encrypted by the secure exchange server, and ii. business entity side encryption, wherein computer data content is transmitted from the second business entity to the secure exchange server as encrypted data that was encrypted by the second business entity before it was transmitted; receiving a selection criteria from the user of the second business entity, wherein the selection criteria establishes the selection of at least one of secure exchange server side encryption and business entity side encryption for a computer data content to be stored on the secure exchange server; and receiving computer data content from the user of the second business entity, wherein the computer data content is encrypted by the selected mode of encryption based on the received selection criteria.
-
-
24. A method comprising:
-
establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows one or more users through at least one client computing device to access the secure exchange server, wherein communications between the secure exchange server and each of the one or more users is through a communications network, wherein the one or more users comprises a user of a second business entity; providing, by the secure exchange server, a data chunking facility adapted to receive and segment a computer data content transmitted from a client computing device of the one or more users, wherein the received computer data content is stored as a plurality of encrypted computer data content segments; receiving computer data content from the user of the second business entity, wherein the received computer data content is segmented and each computer data content segment is separately encrypted to form a plurality of encrypted computer data content segments; and storing, by the secure exchange server, the plurality of encrypted computer data content segments.
-
-
25. A method comprising:
-
establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows one or more users through at least one client computing device to access the secure exchange server, wherein communications between the secure exchange server and each of the one or more users is through a communications network, wherein the one or more users comprises a user of a second business entity communicating with the secure exchange server through a second computing device; providing, by the secure exchange server, an asynchronous notification upload messaging facility adapted to; i. receive and process computer data content and a computer message transmitted together as a data message composite content from a client computing device of the one or more users, wherein the computer message comprises a data processing preference, and ii. asynchronously communicate to the client computing device of the one or more users a processing notification related to the processing of the data message composite content; receiving a data message composite upload from the second computing device comprising computer data content and a computer message comprising a data processing preference; processing, by the secure exchange server, the received data message composite upload based on the data processing preference; and notifying, by the secure exchange server, the second computing device of a processing state of the received data message composite upload, wherein the notification is provided asynchronously to the processing of the data messaging composite upload.
-
-
26. A method, comprising:
-
establishing, by a secure exchange server hosted by an intermediate business entity, a server-based secure data exchange facility adapted for secure sharing of computer data content between users of a plurality of organizational entities comprising at least a first user of a first organizational entity, the secure data exchange system comprising a data management facility adapted to provide permissioned control to the plurality of organizational entities for use of at least one data storage node of a plurality of data storage nodes, wherein the data management facility is distributed into a plurality of data management sites to enable management of the plurality of data storage nodes, wherein the at least one data storage node is located at a network location separate from the data management facility and specified by the plurality of organizational entities, wherein the first user maintains a plurality of computer identities for access to the computer data content; and providing, by the secure exchange server, an identity facility for user identity management within the server based data exchange facility, wherein the plurality of computer identities for the first user is maintained as a single federated identity across the plurality of data management sites for the sharing of computer data content on the at least one data storage node.
-
-
27. A system for providing secure computer content access through multifactor authentication on a mobile computing device, the system comprising:
-
a multifactor authentication facility on a mobile computing device, the mobile computing device comprising a memory and a mobile device communication facility adapted to wirelessly interface with at least one external communication facility of a plurality of external communication facilities, wherein the at least one external communication facility is adapted to transmit a unique transmitter identifier that matches a stored unique transmitter identifier in the memory of the mobile computing device, wherein the multifactor authentication facility monitors for connectivity between the mobile device communication facility and the at least one external communication facility, and monitors for the transmission of the unique transmitter identifier, and if a communication connection is detected between the mobile device communication facility and the at least one external communication facility, and the transmitted unique transmitter identifier matches the stored unique transmitter identifier in the memory of the mobile computing device, then a digital content stored in the memory of the mobile computer device will be enabled for access if at least one additional authentication factor is provided, the at least one additional authentication factor selected from the group including;
(i) a user identifier entered into the mobile computing device, (ii) a user password entered into the mobile computing device, (iii) use of a digital key stored in the memory of the mobile computing device, which is associated with access permission to the digital content, and (iv) a determination that the distance between the mobile device communication facility and the at least one external communication facility is within a predetermined range value.
-
-
28. A method comprising:
-
establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows each of a plurality of users, including a user of a second business entity and a user of a third business entity, through at least one corresponding client computing device, to access the secure exchange server, wherein communications between the secure exchange server and each of the plurality of users is through a communications network; storing, by the secure exchange server, data relating to a user login authentication for the user of a second business entity and data relating to a user login authentication for the user of the third business entity; receiving computer data content from the user of the third business entity; receiving from the user of the third business entity an indication of permission for the user of the second business entity to access the received computer data content; receiving a request to access the computer data content by the user of the second business entity; by the secure exchange server, determining a level of access authentication for access to the received computer data content for the user of the second business entity based on an event condition related to a current state of the client computing device of the user of the second business entity at the time of the access request; and by the secure exchange server, adjusting a level of access authentication based on the event condition, presenting the user of the second business entity the adjusted level of access authentication, and granting access to the received computer data content when the secure exchange server receives the adjusted level of access authentication.
-
Specification