Systems, methods, and apparatus for securing user documents

US 9,465,935 B2
Filed: 06/08/2011
Issued: 10/11/2016
Est. Priority Date: 06/11/2010
Status: Active Grant

First Claim

Patent Images

1. A system for securing documents comprising:

a) a server having at least one processor and at least one data storage device for storing documents;

b) at least one document provider connected to the server, the at least one document provider operable to provide at least one user document to the server for storage in the at least one data storage device, the at least one user document containing at least one object of security concern and being associated with a user profile of a user providing the document; and

c) at least one document consumer connected to the server, the at least one document consumer operable to receive the at least one user document containing the at least one object of security concern from the server;

d) wherein the at least one processor in the server is operable to;

i) determine whether to provide the at least one object of security concern to the at least one document consumer based on a first security setting associated with a user profile of a user receiving the document and a second security setting associated with the user profile of the user providing the document;

ii) if it is determined that the at least one object of security concern should be provided, provide the at least one user document with the at least one object of security concern to the at least one document consumer, andiii) if it is determined that the at least one object of security concern should not be provided, then;

(1) generate at least one replacement document containing the at least one user document without the at least one object of security concern and including an indication that the at least one object of security concern has been excluded, and(2) provide the at least one replacement document to the at least one document consumer;

e) wherein each user profile includes profile information about the user associated with that profile including information that is indicative of a level of access granted to each user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention is directed to systems, methods and apparatus for securing documents. The system comprises a server having a processor and a data storage device for storing documents, at least one document provider connected to the server, the at least one document provider operable to provide user documents to the server for storage in the data storage device, the user documents containing at least one object of security concern, and at least one document consumer connected to the server, the at least one document consumer operable to receive the user documents containing the at least one object of security concern from the server. The processor in the server is operable to determine whether to provide the at least one object of security concern to the at least one document consumer based on at least one security setting, and based on the decision either provide the documents with the at least one object of security concern or provide a replacement documents without the security of concern and an indication on each replacement document that that the at least one object of security concern has been excluded.

14 Citations

View as Search Results

24 Claims

1. A system for securing documents comprising:
- a) a server having at least one processor and at least one data storage device for storing documents;
  
  b) at least one document provider connected to the server, the at least one document provider operable to provide at least one user document to the server for storage in the at least one data storage device, the at least one user document containing at least one object of security concern and being associated with a user profile of a user providing the document; and
  
  c) at least one document consumer connected to the server, the at least one document consumer operable to receive the at least one user document containing the at least one object of security concern from the server;
  
  d) wherein the at least one processor in the server is operable to;
  
  i) determine whether to provide the at least one object of security concern to the at least one document consumer based on a first security setting associated with a user profile of a user receiving the document and a second security setting associated with the user profile of the user providing the document;
  
  ii) if it is determined that the at least one object of security concern should be provided, provide the at least one user document with the at least one object of security concern to the at least one document consumer, andiii) if it is determined that the at least one object of security concern should not be provided, then;
  
  (1) generate at least one replacement document containing the at least one user document without the at least one object of security concern and including an indication that the at least one object of security concern has been excluded, and(2) provide the at least one replacement document to the at least one document consumer;
  
  e) wherein each user profile includes profile information about the user associated with that profile including information that is indicative of a level of access granted to each user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The system according to claim 1, wherein the first security setting includes at least one centralized list managed by the server.
  - 3. The system according to claim 2, wherein the at least one centralized list comprises a black list indicative of a list of objects of security concern that should not be provided to the at least one document consumer.
  - 4. The system according to claim 2, wherein the at least one centralized list comprises a white list indicative of a list of objects of security concern that should be provided to the at least one document consumer.
  - 5. The system according to claim 2, wherein the at least one centralized list is applicable to all user documents provided by the at least one document provider.
  - 6. The system according to claim 2, wherein the server manages information relating to the centralized list based on intrinsic information obtained by the at least one processor from the at least one user document provided.
  - 7. The system according to claim 6, wherein the intrinsic information obtained by the at least one processor from the at least one user document comprises at least one of:
    - a) a source of the at least one user document;
      
      b) a type of the at least one user document;
      
      c) a type of the at least one object of security concern contained in the at least one user document; and
      
      d) when the at least one object of security concern contains at least one reference to another document, then information about the document that is referenced.
  - 8. The system according to claim 2, wherein the server centrally manages information relating to the centralized list based on location information indicative of the location to which the at least one user document is provided.
  - 9. The system according to claim 1, wherein the at least one processor in the server is further operable to provide a screening document containing information about the at least one object of security concern such that at least one user of the at least one document consumer is able to use that information to assess security risk associated with the object of security concern, and at least one option for the at least one user to provide preference information to the server indicative of whether to provide the object of security concern to the at least one document consumer.
  - 10. The system according to claim 9, wherein the at least one processor is further operable to:
    - a) associate the preference information provided by the at least one user to the server indicative of whether to provide the at least one object of security concern with the security setting of the at least one user profile receiving the document; and
      
      b) store the preference information in the at least one data storage device.
  - 11. The system according to claim 10, wherein the first security setting comprises at least one centralized list, and the at least one processor is further operable to:
    - a) modify the at least one centralized list for the at least one user based on the preference information provided by the at least one user in response to the screening document; and
      
      b) associate the modified centralized list with the security setting of the at least one user profile receiving the document.
  - 12. The system according to claim 9, wherein the information contained in the screening document comprises a non-executable rendering of the object of security concern.
  - 13. The system according to claim 12, wherein the non-executable rendering of the object of security concern comprises at least one of:
    - a) an image representation of the object of security concern;
      
      b) if the object of security concern comprises instructions executable by the at least one document consumer, then text of the instructions; and
      
      c) information about the user profile that is associated with the at least one user document containing the at least one object of security concern.
  - 14. The system according to claim 13, wherein the at least one processor is further operable to:
    - a) associate the scope of applicability provided by the at least one user with the user profile receiving the document; and
      
      b) store the scope of applicability in the at least one data storage device.
  - 15. The system according to claim 9, wherein the screening document further comprises at least one other option for the at least one user to indicate a scope of applicability of the information provided to the server, the scope of applicability being indicative of when the server should apply the information provided by the at least one user to determine whether to provide the object of security concern.
  - 16. The system according to claim 15, wherein the scope of applicability includes at least one of:
    - a) applicability for a current session;
      
      b) applicability for the at least one document consumer from that point on;
      
      c) applicability for a particular external domain referenced in the at least one user document;
      
      d) applicability for a particular document provider; and
      
      e) applicability for a particular type of object of security concern.
  - 17. The system according to claim 9, wherein the server centrally manages information relating to the centralized list based on extrinsic information provided by one or more users in response to one or more screening documents.
  - 18. The system according to claim 1, wherein the at least one object of security concern comprises at least one of:
    - a) instructions executable by the at least one document consumer in JavaScript language;
      
      b) instructions executable by the at least one document consumer to obtain information from an external domain.

19. A server for securing documents comprising:
- a) at least data storage device for storing a plurality of user documents, at least one of the user documents containing at least one object of security concern being associated with a user profile;
  
  b) at least one network device for connecting to at least one document provider and at least one document consumer, the at least one document provider operable to provide at least one of the user documents to the server, the at least one document consumer operable to receive at least one of the plurality of user documents from the server;
  
  c) at least one processor coupled to the at least one data storage device and the at least one network device, the at least one processor in the server is operable to;
  
  i) determine whether to provide the at least one object of security concern in the at least one of the user documents concern to the at least one document consumer based on a first security setting associated with a user profile of a user receiving the document and a second security setting associated with the user profile of the user providing the document;
  
  ii) if it is determined that the at least one object of security concern should be provided, then provide the at least one user document with the at least one object of security concern to the at least one document consumer, andiii) if it is determined that the at least one object of security concern should not be provided, then generate at least one replacement document containing the at least one user document without the at least one object of security concern and an indication that the at least one object of security concern has been excluded, and provide the at least one replacement document to the at least one document consumer;
  
  d) wherein each user profile includes profile information about the user associated with that profile including information that is indicative of a level of access granted to each user.

20. A method for securing documents at a server having at least one server processor and at least one data storage device comprising:
- a) receiving at least one document from at least one document provider containing at least one object of security concern;
  
  b) storing the at least one document in at least one data storage device;
  
  c) using the at least one server processor to determine whether to provide the at least one object of security concern to at least one document consumer based on a first security setting associated with a user profile of a user receiving the document and a second security setting associated with a user profile of a user providing the at least one document;
  
  d) if it is determined that the at least one object of security concern should be provided, then using the at least one server processor to provide the at least one document with the at least one object of security concern to the at least one document consumer; and
  
  e) if it is determined that the at least one object of security concern should not be provided, then using the at least one server processor to generate at least one replacement document containing the at least one document without the at least one object of security concern and further containing an indication that the at least one object of security concern has been excluded, and providing the at least one replacement document to the at least one document consumer;
  
  f) wherein each user profile includes profile information about the user associated with that profile including information that is indicative of a level of access granted to each user.
- View Dependent Claims (21, 22)
- - 21. The method according to claim 20, wherein the first security setting includes at least one centralized list managed by the server, the at least one centralized list comprising a black list indicative of a list of objects of security concern that should not be provided to the at least one document consumer.
  - 22. The method according to claim 20, wherein the first security setting includes at least one centralized list managed by the server, the at least one centralized list comprising a white list indicative of a list of objects of security concern that should be provided to the at least one document consumer.

23. A non-transitory computer readable medium comprising instructions executable by a processor to cause the processor to:
- a) receive at least one document containing at least one object of security concern from at least one document provider;
  
  b) store the at least one document in at least one storage device;
  
  c) determine whether to provide the at least one object of security concern to at least one document consumer based on a first security setting associated with a user profile of a user receiving the document and a second security setting associated with a user profile of a user providing the at least one document;
  
  d) if it is determined that the at least one object of security concern should be provided, then provide the at least one document with the at least one object of security concern to the at least one document consumer; and
  
  e) if it is determined that the at least one object of security concern should not be provided, then generate at least one replacement document containing the at least one document without the at least one object of security concern and an indication that the at least one object of security concern has been excluded, and provide the replacement document to the at least one document consumer;
  
  f) wherein each user profile includes profile information about the user associated with that profile including information that is indicative of a level of access granted to each user.

24. A system for securing documents comprising:
- a) a server having at least one processor and at least one data storage device for storing documents;
  
  b) at least one document provider connected to the server, the at least one document provider operable to provide at least one user document to the server for storage in the at least one data storage device, the at least one user document containing at least one object of security concern and being associated with a user profile of a user providing the document; and
  
  c) at least one document consumer connected to the server, the at least one document consumer operable to receive the at least one user document containing the at least one object of security concern from the server;
  
  d) wherein the at least one processor in the server is operable to;
  
  i) determine whether to provide the at least one object of security concern to the at least one document consumer based on a first security setting associated with a user profile of a user receiving the document and a second security setting associated with the user profile of the user providing the document;
  
  ii) if and only if it has previously been determined that the at least one object of security concern should be provided, provide the at least one user document with the at least one object of security concern to the at least one document consumer, andiii) if and only if it has previously been determined that the at least one object of security concern should not be provided, then;
  
  (1) generate at least one security concern indicator for indicating that the at least one object of security concern has been excluded from the at least one user document; and
  
  ,(2) provide the at least one user document to the at least one document consumer, wherein the at least one object of security concern has been replaced with the at least one security concern indicator;
  
  wherein each user profile includes profile information about the user associated with that profile including information that is indicative of a level of access granted to each user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
D2L Corporation
Original Assignee
D2L Corporation
Inventors
Cepuran, Brian John, McMillan, Daryl, Lockhart, David, Grabka, Dariusz
Primary Examiner(s)
Colin, Carl
Assistant Examiner(s)
Jamshidi, Ghodrat

Application Number

US13/156,045
Publication Number

US 20110307960A1
Time in Patent Office

1,952 Days
Field of Search

726/26
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2149   Restricted operating enviro...

H04L 63/101   Access control lists [ACL]

H04L 63/102   Entity profiles

H04L 63/145   the attack involving the pr...

Systems, methods, and apparatus for securing user documents

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, and apparatus for securing user documents

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links