SYSTEMS AND METHODS OF SECURE DATA EXCHANGE

US 20170041296A1
Filed: 12/19/2015
Published: 02/09/2017
Est. Priority Date: 08/05/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows each of a plurality of users through at least one corresponding client computing device to access the secure exchange server, wherein communications between the secure exchange server and each of the plurality of users is through a communications network, wherein the plurality of users comprises a user of a second business entity and at least one anonymous user;

storing, by the secure exchange server, data relating to a user login authentication for the user of a second business entity;

receiving computer data content from the user of the second business entity;

receiving from the user of the second business entity an indication of permission for the at least one anonymous user to access the computer data content through an anonymous information rights management (IRM) facility hosted by the intermediate business entity, wherein the anonymous IRM facility limits the retention of information about the at least one anonymous user, and wherein the indication of permission comprises at least one anonymous access condition;

receiving a request to access the computer data content by the at least one anonymous user; and

granting, by the secure exchange server, access to the computer data content, through the anonymous IRM facility, to the at least one anonymous user, wherein retention of information about the at least one anonymous user is limited and the access is granted based on the at least one anonymous access condition.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In embodiments of the present invention, improved secure exchange system features include a federated search facility, hybrid encryption management (adjustable encryption key management), anonymous IRM, disassembled storage of data as chunks rather than files, asynchronous notification process/integrated file upload and messaging, an identity facility, multi-factor authentication, dynamic access authorization, and various enhancements to a customizable exchange system.

711 Citations

28 Claims

1. A method comprising:
- establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows each of a plurality of users through at least one corresponding client computing device to access the secure exchange server, wherein communications between the secure exchange server and each of the plurality of users is through a communications network, wherein the plurality of users comprises a user of a second business entity and at least one anonymous user;
  
  storing, by the secure exchange server, data relating to a user login authentication for the user of a second business entity;
  
  receiving computer data content from the user of the second business entity;
  
  receiving from the user of the second business entity an indication of permission for the at least one anonymous user to access the computer data content through an anonymous information rights management (IRM) facility hosted by the intermediate business entity, wherein the anonymous IRM facility limits the retention of information about the at least one anonymous user, and wherein the indication of permission comprises at least one anonymous access condition;
  
  receiving a request to access the computer data content by the at least one anonymous user; and
  
  granting, by the secure exchange server, access to the computer data content, through the anonymous IRM facility, to the at least one anonymous user, wherein retention of information about the at least one anonymous user is limited and the access is granted based on the at least one anonymous access condition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the at least one anonymous access condition is that the at least one anonymous user is a user of a third business entity, wherein the third business entity is specified by the user of the second business entity in the indication of permission.
  - 3. The method of claim 2, wherein the user of the second business entity is provided access to information comprising the identity of the third business entity but not the identity of the at least one anonymous user.
  - 4. The method of claim 1, wherein the at least one anonymous access condition is that the at least one anonymous user is a user of a computer domain specified by the user of the second business entity in the indication of permission.
  - 5. The method of claim 1, wherein the at least one anonymous access condition is that the at least one anonymous user is a user of a geographic region specified by the user of the second business entity in the indication of permission.
  - 6. The method of claim 1, further comprising collecting metadata, by the anonymous IRM facility, relating to access of the computer data content.
  - 7. The method of claim 6, wherein the metadata is at least one of a domain from which the computer data content was accessed and a location from which the computer data content was accessed.
  - 8. The method of claim 6, wherein the metadata comprises data regarding where the computer data content was shared after the computer data content was accessed.
  - 9. The method of claim 6, wherein the metadata comprises data regarding when the computer data content was accessed.

10. A method, comprising:
- providing a federated search facility adapted to search for computer content on a plurality of disparate computer content storage facilities comprising a first content storage and a second content storage, wherein the federated search facility, the first content storage, and the second content storage are interconnected through the Internet;
  
  receiving, by the federated search facility, a computer content search request from a client computing device, wherein the user of the client computing device has access rights to secure computer content on at least one of the first content storage and the second content storage;
  
  executing, by the federated search facility, a first computer content search on the first content storage and a second computer content search on the second content storage, wherein executing the search includes using the access rights of the user on the at least one content storage to which the user has access rights;
  
  receiving a first computer content search result from the first content storage and a second computer content search result from the second content storage;
  
  consolidating the first computer content search result and the second computer content search result into a consolidated computer content search result; and
  
  providing, by the federated search facility, the consolidated computer content search result to the user through a graphical user interface that presents the consolidated computer content as a single computer content search result.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 11. The method of claim 10, further comprising providing a user authentication identifier required for the user to access computer content on the at least one of the first content storage and the second content storage to which the user has access rights, wherein the federated search facility provides the user authentication identifier to the content storage as part of the executing the content search.
  - 12. The method of claim 10, wherein the first content storage and the second content storage are managed by different business entities.
  - 13. The method of claim 10, wherein the first content storage and the second content storage are managed by the same business entity.
  - 14. The method of claim 10, wherein the first content storage and the second content storage are managed by an intermediate business entity that manages the federated search facility.
  - 15. The method of claim 10, wherein the first content storage and the second content storage are located at different geographic locations.
  - 16. The method of claim 10, wherein the plurality of disparate computer content storage facilities are managed by a plurality of business enterprise entities and the federated search facility is managed by an intermediate business entity that provides the federated search facility as a service to the plurality of disparate computer content storage facilities.
  - 17. The method of claim 10, wherein the computer content search request is a request for at least one computer content document.
  - 18. The method of claim 10, wherein the computer content search request is received in the form of a request for a search of a text string.
  - 19. The method of claim 10, wherein the first content storage and the second content storage maintain different local search facilities, wherein the step of executing a first computer content search on the first content storage and a second computer content search on the second content storage comprises a first search request to a first local search facility on the first content storage, and a second local search request to a second local search facility on the second content storage.
  - 20. The method of claim 10, wherein the plurality of disparate computer content storage facilities comprise a plurality of search engine indexes, including a first search engine index and a second search engine index, for collecting, parsing, and storing computer content to facilitate fast and accurate information retrieval, wherein the first content storage maintains the first search engine index and the second content storage maintains the second search engine index.
  - 21. The method of claim 10, wherein the graphical user interface is provided by the federated search facility.

22. A system, comprising:
- a server-based secure data exchange system for secure sharing of content between a first client device accessed by a user associated with a first organizational entity and a second client device accessed by a user associated with a second organizational entity, wherein the content has shared relevance with the first organizational entity and the second organizational entity, the secure data exchange system comprising a data management facility managed by a third organizational entity and adapted to provide permissioned control to a plurality of organizational entities for use of at least one of a plurality of data storage nodes, wherein the first organizational entity is granted permissioned control of a first data storage node by the third organizational entity for a content, wherein the content is shared between the first client device and the second client device through the first data storage node, wherein the data management facility manages secure data exchange of the content through the first data storage node;
  
  wherein the data management facility is distributed into a plurality of data management sites to enable management of the plurality of data storage nodes, wherein the plurality of data storage nodes are located at network locations separate from the data management facility and specified by the plurality of organizational entities, andwherein the server-based secure data exchange system includes at least one of;
  
  an authentication facility, an authorization facility, an encryption sharing facility, a process failure monitoring facility, a software deployment management facility, and a content replication facility.

23. A method comprising:
- establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows one or more users, including a user of a second business entity, through at least one client computing device to access the secure exchange server, wherein communications between the secure exchange server and each of the one or more users is through a communications network;
  
  providing, by the secure exchange server, an encryption management facility, wherein the encryption management facility is adapted to adjustably configure encryption services based on a selection criteria provided by the user of the second business entity for selection of at least one of;
  
  i. secure exchange server side encryption, wherein computer data content is transmitted from the second business entity to the secure exchange server to be encrypted by the secure exchange server, andii. business entity side encryption, wherein computer data content is transmitted from the second business entity to the secure exchange server as encrypted data that was encrypted by the second business entity before it was transmitted;
  
  receiving a selection criteria from the user of the second business entity, wherein the selection criteria establishes the selection of at least one of secure exchange server side encryption and business entity side encryption for a computer data content to be stored on the secure exchange server; and
  
  receiving computer data content from the user of the second business entity, wherein the computer data content is encrypted by the selected mode of encryption based on the received selection criteria.

24. A method comprising:
- establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows one or more users through at least one client computing device to access the secure exchange server, wherein communications between the secure exchange server and each of the one or more users is through a communications network, wherein the one or more users comprises a user of a second business entity;
  
  providing, by the secure exchange server, a data chunking facility adapted to receive and segment a computer data content transmitted from a client computing device of the one or more users, wherein the received computer data content is stored as a plurality of encrypted computer data content segments;
  
  receiving computer data content from the user of the second business entity, wherein the received computer data content is segmented and each computer data content segment is separately encrypted to form a plurality of encrypted computer data content segments; and
  
  storing, by the secure exchange server, the plurality of encrypted computer data content segments.

25. A method comprising:
- establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows one or more users through at least one client computing device to access the secure exchange server, wherein communications between the secure exchange server and each of the one or more users is through a communications network, wherein the one or more users comprises a user of a second business entity communicating with the secure exchange server through a second computing device;
  
  providing, by the secure exchange server, an asynchronous notification upload messaging facility adapted to;
  
  i. receive and process computer data content and a computer message transmitted together as a data message composite content from a client computing device of the one or more users, wherein the computer message comprises a data processing preference, andii. asynchronously communicate to the client computing device of the one or more users a processing notification related to the processing of the data message composite content;
  
  receiving a data message composite upload from the second computing device comprising computer data content and a computer message comprising a data processing preference;
  
  processing, by the secure exchange server, the received data message composite upload based on the data processing preference; and
  
  notifying, by the secure exchange server, the second computing device of a processing state of the received data message composite upload, wherein the notification is provided asynchronously to the processing of the data messaging composite upload.

26. A method, comprising:
- establishing, by a secure exchange server hosted by an intermediate business entity, a server-based secure data exchange facility adapted for secure sharing of computer data content between users of a plurality of organizational entities comprising at least a first user of a first organizational entity, the secure data exchange system comprising a data management facility adapted to provide permissioned control to the plurality of organizational entities for use of at least one data storage node of a plurality of data storage nodes, wherein the data management facility is distributed into a plurality of data management sites to enable management of the plurality of data storage nodes, wherein the at least one data storage node is located at a network location separate from the data management facility and specified by the plurality of organizational entities,wherein the first user maintains a plurality of computer identities for access to the computer data content; and
  
  providing, by the secure exchange server, an identity facility for user identity management within the server based data exchange facility, wherein the plurality of computer identities for the first user is maintained as a single federated identity across the plurality of data management sites for the sharing of computer data content on the at least one data storage node.

27. A system for providing secure computer content access through multifactor authentication on a mobile computing device, the system comprising:
- a multifactor authentication facility on a mobile computing device, the mobile computing device comprising a memory and a mobile device communication facility adapted to wirelessly interface with at least one external communication facility of a plurality of external communication facilities, wherein the at least one external communication facility is adapted to transmit a unique transmitter identifier that matches a stored unique transmitter identifier in the memory of the mobile computing device,wherein the multifactor authentication facility monitors for connectivity between the mobile device communication facility and the at least one external communication facility, and monitors for the transmission of the unique transmitter identifier, and if a communication connection is detected between the mobile device communication facility and the at least one external communication facility, and the transmitted unique transmitter identifier matches the stored unique transmitter identifier in the memory of the mobile computing device, then a digital content stored in the memory of the mobile computer device will be enabled for access if at least one additional authentication factor is provided, the at least one additional authentication factor selected from the group including;
  
  (i) a user identifier entered into the mobile computing device, (ii) a user password entered into the mobile computing device, (iii) use of a digital key stored in the memory of the mobile computing device, which is associated with access permission to the digital content, and (iv) a determination that the distance between the mobile device communication facility and the at least one external communication facility is within a predetermined range value.

28. A method comprising:
- establishing, by a secure exchange server hosted by an intermediate business entity, a user login data authentication procedure that allows each of a plurality of users, including a user of a second business entity and a user of a third business entity, through at least one corresponding client computing device, to access the secure exchange server, wherein communications between the secure exchange server and each of the plurality of users is through a communications network;
  
  storing, by the secure exchange server, data relating to a user login authentication for the user of a second business entity and data relating to a user login authentication for the user of the third business entity;
  
  receiving computer data content from the user of the third business entity;
  
  receiving from the user of the third business entity an indication of permission for the user of the second business entity to access the received computer data content;
  
  receiving a request to access the computer data content by the user of the second business entity;
  
  by the secure exchange server, determining a level of access authentication for access to the received computer data content for the user of the second business entity based on an event condition related to a current state of the client computing device of the user of the second business entity at the time of the access request; and
  
  by the secure exchange server, adjusting a level of access authentication based on the event condition, presenting the user of the second business entity the adjusted level of access authentication, and granting access to the received computer data content when the secure exchange server receives the adjusted level of access authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
IntraLinks Incorporated (SS&C Technologies Holdings Incorporated)
Original Assignee
IntraLinks Incorporated (SS&C Technologies Holdings Incorporated)
Inventors
Tadakamalla, Kiran Kumar, Mercer, Cole Parker, Darji, Salil J., Ford, Christopher Todd, Choudhary, Mayank, McCarthy, Kevin L., Miharia, Anupam, Giudice, John William, Wenzel, Peter, Tearnen, Paul, Cazalot, Clement, Gorin, Jonathan

Granted Patent

US 10,033,702 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/64   Protecting data integrity, ...

H04L 2463/082   applying multi-factor authe...

H04L 63/0421   Anonymous communication, i....

H04L 63/083   using passwords cryptograph...

H04L 63/102   Entity profiles

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

SYSTEMS AND METHODS OF SECURE DATA EXCHANGE

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

711 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS OF SECURE DATA EXCHANGE

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

711 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links